| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Reveton Trojaner nicht vollständig entferntWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
10.12.2013, 22:48
| #31 |
 |  Reveton Trojaner nicht vollständig entfernt Schade, ESET hat nix gefunden: Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=1c4a34d5875aa94c85c291511afd5e97
# engine=16190
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-12-08 11:52:39
# local_time=2013-12-09 12:52:39 (+0100, Mitteleurop�ische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5892 16777213 88 94 1391542 26732516 0 0
# scanned=14106
# found=0
# cleaned=0
# scan_time=620
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=1c4a34d5875aa94c85c291511afd5e97
# engine=16220
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-12-10 09:38:27
# local_time=2013-12-10 10:38:27 (+0100, Mitteleurop�ische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5892 16777213 88 94 1559890 26900864 0 0
# scanned=199316
# found=0
# cleaned=0
# scan_time=5307
|
|
10.12.2013, 22:58
| #32 | |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Reveton Trojaner nicht vollständig entferntZitat:
 Oder noch Probleme offen?
__________________ |
|
10.12.2013, 23:05
| #33 |
| | Reveton Trojaner nicht vollständig entfernt Naja, Internet geht immer noch nicht, d.h. nur bestimmte Seiten. Gestern ging es ja vorübergehend. Ich komme z.B. nicht auf dieses Board. Nun sind nur die 4 Fehlermeldungen weg.
__________________ |
|
10.12.2013, 23:25
| #34 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Reveton Trojaner nicht vollständig entfernt Ich würde erstmal versuchen rauszufinden, ob das nur unter Windows so ist, oder auch mit anderen Betriebssystemen. So kann man sehen ob sich da ein Hardwareproblem abzeichnet oder der Fehler eher in der Konfig in Windows und/oder im Dateisystem ist. Lad dir mal sowas wie Knoppix oder Xubuntu herunter, brenn die iso Datei per Imagebrennfunktion auf eine CD und boote den Rechner davon. Teste dann mal ausgiebig die Internetverbindung unter Linux und berichte ob die Verbindung und das System dort normal schnell oder auch langsam ist.
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
11.12.2013, 20:55
| #35 |
| | Reveton Trojaner nicht vollständig entfernt Hallo cosinus, das kann ich ganz schnell beantworten. Beim ersten Mal hatte Combofix geholfen und alles lief normal. Nach Neustart war alles wieder beim Alten. Deswegen habe ich Combofix nochmal laufen lassen und siehe da, alles läuft perfekt. Das Internet ist schnell und ich erreiche jede Seite. Leider ist es auch diesmal wieder so, dass nach dem Neustart alle Probleme wieder da sind. Außerdem ist es immer noch so, dass der PC versucht ins Internet zu gehen. Malwarebytes bringt eine Meldung, dass Zugriff auf eine potentiell gefährliche Seite geblockt wurde. Hast du noch eine Idee oder muss ich das System neu installieren? Gruß Volker Das combofix log Combofix Logfile: Code:
ATTFilter ComboFix 13-12-10.01 - CADCAM 11.12.2013 0:17.2.4 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.49.1031.18.8191.6263 [GMT 1:00]
ausgef�hrt von:: c:\users\CADCAM\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Neuer Wiederherstellungspunkt wurde erstellt
.
.
(((((((((((((((((((((((((((((((((((( Weitere L�schungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\CADCAM\AppData\Local\Temp\_MEI27602\_ctypes.pyd
c:\users\CADCAM\AppData\Local\Temp\_MEI27602\_elementtree.pyd
c:\users\CADCAM\AppData\Local\Temp\_MEI27602\_hashlib.pyd
c:\users\CADCAM\AppData\Local\Temp\_MEI27602\_multiprocessing.pyd
c:\users\CADCAM\AppData\Local\Temp\_MEI27602\_socket.pyd
c:\users\CADCAM\AppData\Local\Temp\_MEI27602\_ssl.pyd
c:\users\CADCAM\AppData\Local\Temp\_MEI27602\msvcp100.dll
c:\users\CADCAM\AppData\Local\Temp\_MEI27602\msvcr100.dll
c:\users\CADCAM\AppData\Local\Temp\_MEI27602\pyexpat.pyd
c:\users\CADCAM\AppData\Local\Temp\_MEI27602\pysqlite2._sqlite.pyd
c:\users\CADCAM\AppData\Local\Temp\_MEI27602\python27.dll
c:\users\CADCAM\AppData\Local\Temp\_MEI27602\pythoncom27.dll
c:\users\CADCAM\AppData\Local\Temp\_MEI27602\PyWinTypes27.dll
c:\users\CADCAM\AppData\Local\Temp\_MEI27602\select.pyd
c:\users\CADCAM\AppData\Local\Temp\_MEI27602\unicodedata.pyd
c:\users\CADCAM\AppData\Local\Temp\_MEI27602\win32api.pyd
c:\users\CADCAM\AppData\Local\Temp\_MEI27602\win32com.shell.shell.pyd
c:\users\CADCAM\AppData\Local\Temp\_MEI27602\win32crypt.pyd
c:\users\CADCAM\AppData\Local\Temp\_MEI27602\win32event.pyd
c:\users\CADCAM\AppData\Local\Temp\_MEI27602\win32file.pyd
c:\users\CADCAM\AppData\Local\Temp\_MEI27602\win32inet.pyd
c:\users\CADCAM\AppData\Local\Temp\_MEI27602\win32pdh.pyd
c:\users\CADCAM\AppData\Local\Temp\_MEI27602\win32process.pyd
c:\users\CADCAM\AppData\Local\Temp\_MEI27602\win32profile.pyd
c:\users\CADCAM\AppData\Local\Temp\_MEI27602\win32security.pyd
c:\users\CADCAM\AppData\Local\Temp\_MEI27602\win32ts.pyd
c:\users\CADCAM\AppData\Local\Temp\_MEI27602\windows._cacheinvalidation.pyd
c:\users\CADCAM\AppData\Local\Temp\_MEI27602\wx._controls_.pyd
c:\users\CADCAM\AppData\Local\Temp\_MEI27602\wx._core_.pyd
c:\users\CADCAM\AppData\Local\Temp\_MEI27602\wx._gdi_.pyd
c:\users\CADCAM\AppData\Local\Temp\_MEI27602\wx._html2.pyd
c:\users\CADCAM\AppData\Local\Temp\_MEI27602\wx._misc_.pyd
c:\users\CADCAM\AppData\Local\Temp\_MEI27602\wx._windows_.pyd
c:\users\CADCAM\AppData\Local\Temp\_MEI27602\wx._wizard.pyd
c:\users\CADCAM\AppData\Local\Temp\_MEI27602\wxbase294u_net_vc90.dll
c:\users\CADCAM\AppData\Local\Temp\_MEI27602\wxbase294u_vc90.dll
c:\users\CADCAM\AppData\Local\Temp\_MEI27602\wxmsw294u_adv_vc90.dll
c:\users\CADCAM\AppData\Local\Temp\_MEI27602\wxmsw294u_core_vc90.dll
c:\users\CADCAM\AppData\Local\Temp\_MEI27602\wxmsw294u_html_vc90.dll
c:\users\CADCAM\AppData\Local\Temp\_MEI27602\wxmsw294u_webview_vc90.dll
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-11-10 bis 2013-12-10 ))))))))))))))))))))))))))))))
.
.
2013-12-10 23:22 . 2013-12-10 23:22 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2013-12-10 23:22 . 2013-12-10 23:22 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-12-10 19:37 . 2013-11-08 03:12 10285968 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{273F0D59-9BD9-4A6B-8D3C-002EAF6EBB60}\mpengine.dll
2013-12-09 22:55 . 2013-11-08 03:12 10285968 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-12-08 21:40 . 2013-12-08 21:48 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
2013-12-08 21:39 . 2013-12-08 22:29 89304 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2013-12-07 20:58 . 2013-12-07 20:58 -------- d-----w- c:\windows\ERUNT
2013-12-06 21:32 . 2013-10-20 20:07 965000 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C08725CB-6B1D-4660-818D-ACEA8F78EF66}\gapaengine.dll
2013-12-06 21:27 . 2013-12-10 00:24 -------- d-----w- C:\FRST
2013-12-06 21:08 . 2013-12-06 21:08 -------- d-----w- c:\windows\Migration
2013-12-06 20:06 . 2013-12-06 20:10 -------- d-----w- C:\AdwCleaner
2013-12-03 19:15 . 2013-12-03 19:15 -------- d-----w- c:\users\CADCAM\AppData\Roaming\Malwarebytes
2013-12-03 19:15 . 2013-12-03 19:15 -------- d-----w- c:\programdata\Malwarebytes
2013-12-03 19:15 . 2013-12-03 19:15 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-12-03 19:15 . 2013-04-04 13:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-12-03 19:15 . 2013-12-03 19:15 -------- d-----w- c:\users\CADCAM\AppData\Local\Programs
2013-12-01 21:56 . 2013-12-01 22:01 -------- d-----w- c:\windows\CD09642E061D4844BA37ED1480916404.TMP
2013-12-01 21:56 . 2013-12-01 21:56 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard
2013-12-01 15:40 . 2013-10-14 17:00 28368 ----a-w- c:\windows\system32\IEUDINIT.EXE
2013-11-24 20:37 . 2013-09-04 12:12 343040 ----a-w- c:\windows\system32\drivers\usbhub.sys
2013-11-24 20:37 . 2013-09-04 12:11 325120 ----a-w- c:\windows\system32\drivers\usbport.sys
2013-11-24 20:37 . 2013-09-04 12:11 99840 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2013-11-24 20:37 . 2013-09-04 12:11 52736 ----a-w- c:\windows\system32\drivers\usbehci.sys
2013-11-24 20:37 . 2013-09-04 12:11 30720 ----a-w- c:\windows\system32\drivers\usbuhci.sys
2013-11-24 20:37 . 2013-09-04 12:11 7808 ----a-w- c:\windows\system32\drivers\usbd.sys
2013-11-24 20:37 . 2013-09-04 12:11 25600 ----a-w- c:\windows\system32\drivers\usbohci.sys
2013-11-22 21:04 . 2013-04-17 07:02 1230336 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll
2013-11-22 21:04 . 2013-04-17 06:24 1424384 ----a-w- c:\windows\system32\WindowsCodecs.dll
2013-11-22 21:04 . 2013-10-12 02:30 830464 ----a-w- c:\windows\system32\nshwfp.dll
2013-11-22 21:04 . 2013-10-12 02:29 859648 ----a-w- c:\windows\system32\IKEEXT.DLL
2013-11-22 21:04 . 2013-10-12 02:29 324096 ----a-w- c:\windows\system32\FWPUCLNT.DLL
2013-11-22 21:04 . 2013-10-12 02:03 656896 ----a-w- c:\windows\SysWow64\nshwfp.dll
2013-11-22 21:04 . 2013-10-12 02:01 216576 ----a-w- c:\windows\SysWow64\FWPUCLNT.DLL
2013-11-17 00:46 . 2013-11-17 00:46 -------- d-----w- c:\users\CADCAM\AppData\Roaming\PDAppFlex
2013-11-17 00:46 . 2013-11-17 00:47 -------- d-----w- c:\programdata\regid.1986-12.com.adobe
2013-11-17 00:30 . 2013-11-17 00:30 -------- d-----w- c:\program files\Adobe
2013-11-17 00:28 . 2013-11-17 00:31 -------- d-----w- c:\program files\Common Files\Adobe
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-11-19 10:21 . 2010-01-15 14:03 267936 ------w- c:\windows\system32\MpSigStub.exe
2013-11-07 15:00 . 2011-08-07 18:10 82896128 ----a-w- c:\windows\system32\MRT.exe
2013-10-20 20:07 . 2011-08-14 19:42 965000 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2013-09-27 08:53 . 2013-09-27 08:53 248240 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2013-09-27 08:53 . 2010-10-24 19:25 134944 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2013-09-15 10:19 . 2013-09-15 10:19 9728 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-09-15 10:19 . 2013-09-15 10:19 9728 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-09-15 10:19 . 2013-09-15 10:19 604160 ----a-w- c:\windows\SysWow64\d3d10level9.dll
2013-09-15 10:19 . 2013-09-15 10:19 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-09-15 10:19 . 2013-09-15 10:19 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-09-15 10:19 . 2013-09-15 10:19 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-09-15 10:19 . 2013-09-15 10:19 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-09-15 10:19 . 2013-09-15 10:19 522752 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2013-09-15 10:19 . 2013-09-15 10:19 465920 ----a-w- c:\windows\system32\WMPhoto.dll
2013-09-15 10:19 . 2013-09-15 10:19 417792 ----a-w- c:\windows\SysWow64\WMPhoto.dll
2013-09-15 10:19 . 2013-09-15 10:19 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
2013-09-15 10:19 . 2013-09-15 10:19 4096 ---ha-w- c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-09-15 10:19 . 2013-09-15 10:19 3928064 ----a-w- c:\windows\system32\d2d1.dll
2013-09-15 10:19 . 2013-09-15 10:19 364544 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll
2013-09-15 10:19 . 2013-09-15 10:19 363008 ----a-w- c:\windows\system32\dxgi.dll
2013-09-15 10:19 . 2013-09-15 10:19 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-09-15 10:19 . 2013-09-15 10:19 3584 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-09-15 10:19 . 2013-09-15 10:19 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
2013-09-15 10:19 . 2013-09-15 10:19 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-09-15 10:19 . 2013-09-15 10:19 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2013-09-15 10:19 . 2013-09-15 10:19 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-09-15 10:19 . 2013-09-15 10:19 296960 ----a-w- c:\windows\system32\d3d10core.dll
2013-09-15 10:19 . 2013-09-15 10:19 2776576 ----a-w- c:\windows\system32\msmpeg2vdec.dll
2013-09-15 10:19 . 2013-09-15 10:19 2565120 ----a-w- c:\windows\system32\d3d10warp.dll
2013-09-15 10:19 . 2013-09-15 10:19 2560 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-09-15 10:19 . 2013-09-15 10:19 2560 ---ha-w- c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-09-15 10:19 . 2013-09-15 10:19 249856 ----a-w- c:\windows\SysWow64\d3d10_1core.dll
2013-09-15 10:19 . 2013-09-15 10:19 2284544 ----a-w- c:\windows\SysWow64\msmpeg2vdec.dll
2013-09-15 10:19 . 2013-09-15 10:19 220160 ----a-w- c:\windows\SysWow64\d3d10core.dll
2013-09-15 10:19 . 2013-09-15 10:19 207872 ----a-w- c:\windows\SysWow64\WindowsCodecsExt.dll
2013-09-15 10:19 . 2013-09-15 10:19 1682432 ----a-w- c:\windows\system32\XpsPrint.dll
2013-09-15 10:19 . 2013-09-15 10:19 161792 ----a-w- c:\windows\SysWow64\d3d10_1.dll
2013-09-15 10:19 . 2013-09-15 10:19 1175552 ----a-w- c:\windows\system32\FntCache.dll
2013-09-15 10:19 . 2013-09-15 10:19 1158144 ----a-w- c:\windows\SysWow64\XpsPrint.dll
2013-09-15 10:19 . 2013-09-15 10:19 1080832 ----a-w- c:\windows\SysWow64\d3d10.dll
2013-09-15 10:19 . 2013-09-15 10:19 10752 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-09-15 10:19 . 2013-09-15 10:19 10752 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-09-15 10:19 . 2013-09-15 10:19 1238528 ----a-w- c:\windows\system32\d3d10.dll
2013-09-15 10:19 . 2013-09-15 10:19 648192 ----a-w- c:\windows\system32\d3d10level9.dll
2013-09-15 10:19 . 2013-09-15 10:19 3419136 ----a-w- c:\windows\SysWow64\d2d1.dll
2013-09-15 10:19 . 2013-09-15 10:19 333312 ----a-w- c:\windows\system32\d3d10_1core.dll
2013-09-15 10:19 . 2013-09-15 10:19 293376 ----a-w- c:\windows\SysWow64\dxgi.dll
2013-09-15 10:19 . 2013-09-15 10:19 245248 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2013-09-15 10:19 . 2013-09-15 10:19 221184 ----a-w- c:\windows\system32\UIAnimation.dll
2013-09-15 10:19 . 2013-09-15 10:19 1988096 ----a-w- c:\windows\SysWow64\d3d10warp.dll
2013-09-15 10:19 . 2013-09-15 10:19 194560 ----a-w- c:\windows\system32\d3d10_1.dll
2013-09-15 10:19 . 2013-09-15 10:19 187392 ----a-w- c:\windows\SysWow64\UIAnimation.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Eintr�ge & legitime Standardeintr�ge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 130736 ----a-w- c:\users\CADCAM\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 130736 ----a-w- c:\users\CADCAM\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 130736 ----a-w- c:\users\CADCAM\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 130736 ----a-w- c:\users\CADCAM\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-02-28 1828136]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"GoogleDriveSync"="c:\program files (x86)\Google\Drive\googledrivesync.exe" [2013-09-25 20133824]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"TkBellExe"="c:\program files (x86)\Real\RealPlayer\update\realsched.exe" [2012-06-08 296056]
"CLMLServer"="c:\program files (x86)\CyberLink\Power2Go\CLMLSvc.exe" [2011-03-09 107816]
"RemoteControl10"="c:\program files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe" [2012-03-28 91432]
"BDRegion"="c:\program files (x86)\Cyberlink\Shared files\brs.exe" [2012-05-09 78312]
"Adobe Creative Cloud"="c:\program files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" [2013-11-05 2237328]
.
c:\users\CADCAM\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\CADCAM\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2013-5-25 27776968]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux5"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 CLKMSVC10_38F51D56;CyberLink Product - 2013/06/09 20:47;c:\program files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe;c:\program files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 MSICDSetup;MSICDSetup;e:\cdriver64.sys;e:\CDriver64.sys [x]
R3 OxPCIeSer;OxPCIeSer;c:\windows\system32\DRIVERS\OxPCIeSer.sys;c:\windows\SYSNATIVE\DRIVERS\OxPCIeSer.sys [x]
R3 OxPCIeSerMf;OxPCIeSerMf;c:\windows\system32\DRIVERS\OxPCIeMf.sys;c:\windows\SYSNATIVE\DRIVERS\OxPCIeMf.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
S2 Sentinel64;Sentinel64;c:\windows\System32\Drivers\Sentinel64.sys;c:\windows\SYSNATIVE\Drivers\Sentinel64.sys [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 NisSrv;Microsoft-Netzwerkinspektion;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
S3 RTL8167;Realtek 8167 NT-Treiber;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*Deregistered* - CLKMDRV10_38F51D56
.
Inhalt des "geplante Tasks" Ordners
.
2013-12-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-07-22 17:13]
.
2013-12-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-07-22 17:13]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ AccExtIco1]
@="{AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47}"
[HKEY_CLASSES_ROOT\CLSID\{AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47}]
2013-10-16 17:02 3358064 ----a-w- c:\program files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ AccExtIco2]
@="{853B7E05-C47D-4985-909A-D0DC5C6D7303}"
[HKEY_CLASSES_ROOT\CLSID\{853B7E05-C47D-4985-909A-D0DC5C6D7303}]
2013-10-16 17:02 3358064 ----a-w- c:\program files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ AccExtIco3]
@="{42D38F2E-98E9-4382-B546-E24E4D6D04BB}"
[HKEY_CLASSES_ROOT\CLSID\{42D38F2E-98E9-4382-B546-E24E4D6D04BB}]
2013-10-16 17:02 3358064 ----a-w- c:\program files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 164016 ----a-w- c:\users\CADCAM\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 164016 ----a-w- c:\users\CADCAM\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 164016 ----a-w- c:\users\CADCAM\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 164016 ----a-w- c:\users\CADCAM\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2013-09-25 15:37 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2013-09-25 15:37 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2013-09-25 15:37 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2013-09-25 15:37 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2013-09-25 15:37 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2013-09-25 15:37 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-04-14 7714336]
"Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2009-04-14 1833504]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-10-23 1266912]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2013-09-25 472984]
.
------- Zus�tzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.de/
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.0.1
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2013-12-11 00:28:09 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2013-12-10 23:28
ComboFix2.txt 2013-12-08 20:23
.
Vor Suchlauf: 14 Verzeichnis(se), 33.738.158.080 Bytes frei
Nach Suchlauf: 16 Verzeichnis(se), 33.742.479.360 Bytes frei
.
- - End Of File - - 85A2CB8E602FBB1D3C64567681C1CEBA
A36C5E4F47E84449FF07ED3517B43A31 [/CODE] |
|
11.12.2013, 23:12
| #36 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Reveton Trojaner nicht vollständig entfernt CF hat nur Sachen in TEMP gelöscht... FRST neu auf den Desktop runterladen Haken setzen bei additions.txt Auf Scan klicken Beide neuen Logs posten
__________________ --> Reveton Trojaner nicht vollständig entfernt |
|
11.12.2013, 23:31
| #37 |
| | Reveton Trojaner nicht vollständig entfernt Okay, hier kommt erstmal FRST vom Zustand des PCs nach combofix ohne Neustart (Internet funktioniert). Ich mach danach noch ein log, das dauert dann wieder etwas  FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-12-2013 Ran by CADCAM (administrator) on WENDELIN on 11-12-2013 23:25:27 Running from C:\Users\CADCAM\Desktop Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard Internet Explorer Version 11 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (SafeNet, Inc) C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Nero AG) C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe (RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe (CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (Nero AG) C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe (CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe (cyberlink) C:\Program Files (x86)\CyberLink\Shared files\brs.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\CEPServiceManager4\CEPServiceManager.exe () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [7714336 2009-04-14] (Realtek Semiconductor) HKLM\...\Run: [Skytel] - C:\Program Files\Realtek\Audio\HDA\SkyTel.exe [1833504 2009-04-14] (Realtek Semiconductor Corp.) HKLM\...\Run: [MSC] - C:\Program Files\Microsoft Security Client\msseces.exe [1266912 2013-10-23] (Microsoft Corporation) HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [472984 2013-09-25] (Adobe Systems Incorporated) HKCU\...\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] - C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe [1828136 2008-02-28] (Nero AG) HKCU\...\Run: [GoogleDriveSync] - C:\Program Files (x86)\Google\Drive\googledrivesync.exe [20133824 2013-09-25] (Google) HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files (x86)\Adobe\Reader 8.0\Reader\reader_sl.exe [39792 2008-01-11] (Adobe Systems Incorporated) HKLM-x32\...\Run: [TkBellExe] - C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe [296056 2012-06-08] (RealNetworks, Inc.) HKLM-x32\...\Run: [CLMLServer] - C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [107816 2011-03-09] (CyberLink) HKLM-x32\...\Run: [RemoteControl10] - C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.) HKLM-x32\...\Run: [BDRegion] - C:\Program Files (x86)\CyberLink\Shared files\brs.exe [78312 2012-05-09] (cyberlink) HKLM-x32\...\Run: [Adobe Creative Cloud] - C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2237328 2013-11-05] (Adobe Systems Incorporated) Startup: C:\Users\CADCAM\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> C:\Users\CADCAM\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x411194B52355CC01 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) BHO-x32: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) BHO-x32: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer) BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) Toolbar: HKCU - No Name - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No File Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 ==================== Services (Whitelisted) ================= S2 CLKMSVC10_38F51D56; C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [242664 2012-05-09] (CyberLink) R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation) R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2013-10-23] (Microsoft Corporation) R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [348376 2013-10-23] (Microsoft Corporation) R3 NMIndexingService; C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe [529704 2008-02-28] (Nero AG) R2 SentinelProtectionServer; C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe [1246496 2009-09-17] (SafeNet, Inc) ==================== Drivers (Whitelisted) ==================== R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation) R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [248240 2013-09-27] (Microsoft Corporation) R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [134944 2013-09-27] (Microsoft Corporation) S3 OxPCIeSer; C:\Windows\System32\DRIVERS\OxPCIeSer.sys [101672 2008-01-16] (OEM) S3 OxPCIeSerMf; C:\Windows\System32\DRIVERS\OxPCIeMf.sys [31016 2008-01-16] (OEM) S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [27520 2007-05-14] (Research In Motion Limited) R2 Sentinel64; C:\Windows\System32\Drivers\Sentinel64.sys [145448 2009-09-17] (SafeNet, Inc.) S3 catchme; \??\C:\ComboFix\catchme.sys [x] S3 MSICDSetup; \??\E:\CDriver64.sys [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-12-11 23:25 - 2013-12-11 23:25 - 00007733 _____ C:\Users\CADCAM\Desktop\FRST.txt 2013-12-11 22:54 - 2013-12-11 23:21 - 273372447 _____ C:\Users\CADCAM\Downloads\ava.14.10.13.mov 2013-12-11 21:40 - 2013-12-11 21:40 - 00025676 _____ C:\ComboFix.txt 2013-12-11 01:59 - 2013-12-11 02:03 - 376661969 _____ C:\Users\CADCAM\Downloads\andyvf_chastity.wmv 2013-12-11 01:39 - 2013-12-11 01:39 - 233197627 _____ C:\Users\CADCAM\Downloads\JeanettaJoy_XXC2.mp4 2013-12-10 01:24 - 2013-12-11 23:25 - 00000000 ____D C:\Users\CADCAM\Desktop\FRST-OlderVersion 2013-12-10 01:23 - 2013-12-10 01:23 - 00000626 _____ C:\Users\CADCAM\Desktop\JRT.txt 2013-12-09 00:30 - 2013-12-09 00:30 - 02347384 _____ (ESET) C:\Users\CADCAM\Desktop\esetsmartinstaller_enu.exe 2013-12-08 22:40 - 2013-12-08 22:48 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable) 2013-12-08 22:39 - 2013-12-08 23:29 - 00089304 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2013-12-08 22:39 - 2013-12-08 22:48 - 00000000 ____D C:\Users\CADCAM\Desktop\mbar 2013-12-08 22:35 - 2013-12-08 22:35 - 12582688 _____ (Malwarebytes Corp.) C:\Users\CADCAM\Desktop\mbar-1.07.0.1008.exe 2013-12-08 21:08 - 2011-06-26 07:45 - 00256000 _____ C:\Windows\PEV.exe 2013-12-08 21:08 - 2010-11-07 18:20 - 00208896 _____ C:\Windows\MBR.exe 2013-12-08 21:08 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe 2013-12-08 21:08 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe 2013-12-08 21:08 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe 2013-12-08 21:08 - 2000-08-31 01:00 - 00098816 _____ C:\Windows\sed.exe 2013-12-08 21:08 - 2000-08-31 01:00 - 00080412 _____ C:\Windows\grep.exe 2013-12-08 21:08 - 2000-08-31 01:00 - 00068096 _____ C:\Windows\zip.exe 2013-12-08 21:07 - 2013-12-11 21:40 - 00000000 ____D C:\Qoobox 2013-12-08 21:06 - 2013-12-08 21:21 - 00000000 ____D C:\Windows\erdnt 2013-12-08 20:59 - 2013-12-11 00:02 - 05153140 ____R (Swearware) C:\Users\CADCAM\Desktop\ComboFix.exe 2013-12-07 21:58 - 2013-12-07 21:58 - 00000000 ____D C:\Windows\ERUNT 2013-12-07 21:52 - 2013-12-07 21:52 - 01034531 _____ (Thisisu) C:\Users\CADCAM\Desktop\JRT.exe 2013-12-06 22:27 - 2013-12-11 23:25 - 00000000 ____D C:\FRST 2013-12-06 22:26 - 2013-12-11 23:25 - 01926944 _____ (Farbar) C:\Users\CADCAM\Desktop\FRST64.exe 2013-12-06 21:06 - 2013-12-06 21:10 - 00000000 ____D C:\AdwCleaner 2013-12-03 20:15 - 2013-12-03 20:15 - 00001118 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2013-12-03 20:15 - 2013-12-03 20:15 - 00000000 ____D C:\Users\CADCAM\AppData\Roaming\Malwarebytes 2013-12-03 20:15 - 2013-12-03 20:15 - 00000000 ____D C:\ProgramData\Malwarebytes 2013-12-03 20:15 - 2013-12-03 20:15 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware 2013-12-03 20:15 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2013-12-03 20:13 - 2013-12-02 13:08 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\CADCAM\Desktop\mbam-setup-1.75.0.1300.exe 2013-12-03 20:13 - 2013-12-02 13:06 - 01110034 _____ C:\Users\CADCAM\Desktop\adwcleaner.exe 2013-12-03 20:13 - 2013-12-02 13:05 - 00602112 _____ (OldTimer Tools) C:\Users\CADCAM\Desktop\OTL.exe 2013-12-01 22:56 - 2013-12-01 23:01 - 00000000 ____D C:\Windows\CD09642E061D4844BA37ED1480916404.TMP 2013-12-01 16:40 - 2013-10-14 18:00 - 00028368 _____ (Microsoft Corporation) C:\Windows\system32\IEUDINIT.EXE 2013-12-01 16:37 - 2013-12-01 16:37 - 23212032 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2013-12-01 16:37 - 2013-12-01 16:37 - 17142784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2013-12-01 16:37 - 2013-12-01 16:37 - 12995584 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2013-12-01 16:37 - 2013-12-01 16:37 - 11220992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2013-12-01 16:37 - 2013-12-01 16:37 - 05765120 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2013-12-01 16:37 - 2013-12-01 16:37 - 04240384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2013-12-01 16:37 - 2013-12-01 16:37 - 02764288 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2013-12-01 16:37 - 2013-12-01 16:37 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2013-12-01 16:37 - 2013-12-01 16:37 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2013-12-01 16:37 - 2013-12-01 16:37 - 02332160 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2013-12-01 16:37 - 2013-12-01 16:37 - 02166272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2013-12-01 16:37 - 2013-12-01 16:37 - 01993728 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2013-12-01 16:37 - 2013-12-01 16:37 - 01926656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2013-12-01 16:37 - 2013-12-01 16:37 - 01818112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2013-12-01 16:37 - 2013-12-01 16:37 - 01394176 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2013-12-01 16:37 - 2013-12-01 16:37 - 01228800 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2013-12-01 16:37 - 2013-12-01 16:37 - 01156608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2013-12-01 16:37 - 2013-12-01 16:37 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2013-12-01 16:37 - 2013-12-01 16:37 - 00942592 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll 2013-12-01 16:37 - 2013-12-01 16:37 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2013-12-01 16:37 - 2013-12-01 16:37 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2013-12-01 16:37 - 2013-12-01 16:37 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2013-12-01 16:37 - 2013-12-01 16:37 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2013-12-01 16:37 - 2013-12-01 16:37 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2013-12-01 16:37 - 2013-12-01 16:37 - 00645120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsIntl.dll 2013-12-01 16:37 - 2013-12-01 16:37 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2013-12-01 16:37 - 2013-12-01 16:37 - 00616104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat 2013-12-01 16:37 - 2013-12-01 16:37 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat 2013-12-01 16:37 - 2013-12-01 16:37 - 00610304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2013-12-01 16:37 - 2013-12-01 16:37 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2013-12-01 16:37 - 2013-12-01 16:37 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2013-12-01 16:37 - 2013-12-01 16:37 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2013-12-01 16:37 - 2013-12-01 16:37 - 00523776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2013-12-01 16:37 - 2013-12-01 16:37 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2013-12-01 16:37 - 2013-12-01 16:37 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2013-12-01 16:37 - 2013-12-01 16:37 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2013-12-01 16:37 - 2013-12-01 16:37 - 00413696 _____ (Microsoft Corporation) C:\Windows\system32\html.iec 2013-12-01 16:37 - 2013-12-01 16:37 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2013-12-01 16:37 - 2013-12-01 16:37 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec 2013-12-01 16:37 - 2013-12-01 16:37 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2013-12-01 16:37 - 2013-12-01 16:37 - 00263376 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2013-12-01 16:37 - 2013-12-01 16:37 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll 2013-12-01 16:37 - 2013-12-01 16:37 - 00244736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2013-12-01 16:37 - 2013-12-01 16:37 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll 2013-12-01 16:37 - 2013-12-01 16:37 - 00238288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2013-12-01 16:37 - 2013-12-01 16:37 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\url.dll 2013-12-01 16:37 - 2013-12-01 16:37 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll 2013-12-01 16:37 - 2013-12-01 16:37 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll 2013-12-01 16:37 - 2013-12-01 16:37 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2013-12-01 16:37 - 2013-12-01 16:37 - 00208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll 2013-12-01 16:37 - 2013-12-01 16:37 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2013-12-01 16:37 - 2013-12-01 16:37 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll 2013-12-01 16:37 - 2013-12-01 16:37 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll 2013-12-01 16:37 - 2013-12-01 16:37 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe 2013-12-01 16:37 - 2013-12-01 16:37 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2013-12-01 16:37 - 2013-12-01 16:37 - 00151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe 2013-12-01 16:37 - 2013-12-01 16:37 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll 2013-12-01 16:37 - 2013-12-01 16:37 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe 2013-12-01 16:37 - 2013-12-01 16:37 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe 2013-12-01 16:37 - 2013-12-01 16:37 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2013-12-01 16:37 - 2013-12-01 16:37 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll 2013-12-01 16:37 - 2013-12-01 16:37 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll 2013-12-01 16:37 - 2013-12-01 16:37 - 00127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll 2013-12-01 16:37 - 2013-12-01 16:37 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll 2013-12-01 16:37 - 2013-12-01 16:37 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2013-12-01 16:37 - 2013-12-01 16:37 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll 2013-12-01 16:37 - 2013-12-01 16:37 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2013-12-01 16:37 - 2013-12-01 16:37 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll 2013-12-01 16:37 - 2013-12-01 16:37 - 00101376 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll 2013-12-01 16:37 - 2013-12-01 16:37 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe 2013-12-01 16:37 - 2013-12-01 16:37 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll 2013-12-01 16:37 - 2013-12-01 16:37 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe 2013-12-01 16:37 - 2013-12-01 16:37 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2013-12-01 16:37 - 2013-12-01 16:37 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2013-12-01 16:37 - 2013-12-01 16:37 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll 2013-12-01 16:37 - 2013-12-01 16:37 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll 2013-12-01 16:37 - 2013-12-01 16:37 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx 2013-12-01 16:37 - 2013-12-01 16:37 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe 2013-12-01 16:37 - 2013-12-01 16:37 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe 2013-12-01 16:37 - 2013-12-01 16:37 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2013-12-01 16:37 - 2013-12-01 16:37 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll 2013-12-01 16:37 - 2013-12-01 16:37 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2013-12-01 16:37 - 2013-12-01 16:37 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx 2013-12-01 16:37 - 2013-12-01 16:37 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll 2013-12-01 16:37 - 2013-12-01 16:37 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2013-12-01 16:37 - 2013-12-01 16:37 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2013-12-01 16:37 - 2013-12-01 16:37 - 00056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll 2013-12-01 16:37 - 2013-12-01 16:37 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2013-12-01 16:37 - 2013-12-01 16:37 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll 2013-12-01 16:37 - 2013-12-01 16:37 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2013-12-01 16:37 - 2013-12-01 16:37 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll 2013-12-01 16:37 - 2013-12-01 16:37 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll 2013-12-01 16:37 - 2013-12-01 16:37 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2013-12-01 16:37 - 2013-12-01 16:37 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll 2013-12-01 16:37 - 2013-12-01 16:37 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll 2013-12-01 16:37 - 2013-12-01 16:37 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2013-12-01 16:37 - 2013-12-01 16:37 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2013-12-01 16:37 - 2013-12-01 16:37 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll 2013-12-01 16:37 - 2013-12-01 16:37 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2013-12-01 16:37 - 2013-12-01 16:37 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2013-12-01 16:37 - 2013-12-01 16:37 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2013-12-01 16:37 - 2013-12-01 16:37 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll 2013-12-01 16:37 - 2013-12-01 16:37 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll 2013-12-01 16:37 - 2013-12-01 16:37 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe 2013-12-01 16:37 - 2013-12-01 16:37 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe 2013-12-01 16:37 - 2013-12-01 16:37 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe 2013-12-01 16:37 - 2013-12-01 16:37 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe 2013-12-01 16:37 - 2013-12-01 16:37 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2013-12-01 16:35 - 2013-12-01 16:50 - 00023377 _____ C:\Windows\IE11_main.log 2013-11-24 21:37 - 2013-09-04 13:12 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys 2013-11-24 21:37 - 2013-09-04 13:11 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys 2013-11-24 21:37 - 2013-09-04 13:11 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys 2013-11-24 21:37 - 2013-09-04 13:11 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys 2013-11-24 21:37 - 2013-09-04 13:11 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys 2013-11-24 21:37 - 2013-09-04 13:11 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys 2013-11-24 21:37 - 2013-09-04 13:11 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys 2013-11-22 22:07 - 2013-10-05 21:25 - 01474048 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll 2013-11-22 22:07 - 2013-10-05 20:57 - 01168384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll 2013-11-22 22:07 - 2013-10-04 03:28 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\SmartcardCredentialProvider.dll 2013-11-22 22:07 - 2013-10-04 03:25 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\credui.dll 2013-11-22 22:07 - 2013-10-04 03:24 - 01930752 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll 2013-11-22 22:07 - 2013-10-04 02:58 - 00152576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SmartcardCredentialProvider.dll 2013-11-22 22:07 - 2013-10-04 02:56 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll 2013-11-22 22:07 - 2013-10-04 02:56 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credui.dll 2013-11-22 22:07 - 2013-10-03 03:23 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll 2013-11-22 22:07 - 2013-10-03 03:00 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll 2013-11-22 22:07 - 2013-09-28 02:09 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys 2013-11-22 22:07 - 2013-09-25 03:26 - 00154560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys 2013-11-22 22:07 - 2013-09-25 03:26 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys 2013-11-22 22:07 - 2013-09-25 03:23 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll 2013-11-22 22:07 - 2013-09-25 03:23 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll 2013-11-22 22:07 - 2013-09-25 03:23 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll 2013-11-22 22:07 - 2013-09-25 03:22 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2013-11-22 22:07 - 2013-09-25 03:21 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2013-11-22 22:07 - 2013-09-25 03:21 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll 2013-11-22 22:07 - 2013-09-25 02:58 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll 2013-11-22 22:07 - 2013-09-25 02:57 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2013-11-22 22:07 - 2013-09-25 02:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2013-11-22 22:07 - 2013-09-25 02:56 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll 2013-11-22 22:07 - 2013-09-25 02:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe 2013-11-22 22:07 - 2013-09-08 03:30 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys 2013-11-22 22:07 - 2013-09-08 03:27 - 00327168 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll 2013-11-22 22:07 - 2013-09-08 03:03 - 00231424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswsock.dll 2013-11-22 22:07 - 2013-08-29 03:17 - 05549504 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2013-11-22 22:07 - 2013-08-29 03:16 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll 2013-11-22 22:07 - 2013-08-29 03:16 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll 2013-11-22 22:07 - 2013-08-29 03:16 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll 2013-11-22 22:07 - 2013-08-29 03:13 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll 2013-11-22 22:07 - 2013-08-29 02:51 - 03969472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe 2013-11-22 22:07 - 2013-08-29 02:51 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe 2013-11-22 22:07 - 2013-08-29 02:50 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll 2013-11-22 22:07 - 2013-08-29 02:50 - 00619520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll 2013-11-22 22:07 - 2013-08-29 02:50 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll 2013-11-22 22:07 - 2013-08-29 02:48 - 00640512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll 2013-11-22 22:07 - 2013-08-29 01:49 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe 2013-11-22 22:07 - 2013-08-29 01:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll 2013-11-22 22:07 - 2013-08-29 01:49 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe 2013-11-22 22:07 - 2013-08-29 01:49 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe 2013-11-22 22:07 - 2013-08-28 02:21 - 03155968 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2013-11-22 22:07 - 2013-08-28 02:12 - 00461312 _____ (Microsoft Corporation) C:\Windows\system32\scavengeui.dll 2013-11-22 22:07 - 2013-08-01 13:09 - 00983488 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys 2013-11-22 22:07 - 2013-07-20 11:33 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll 2013-11-22 22:07 - 2013-07-20 11:33 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll 2013-11-22 22:07 - 2013-07-12 11:41 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbcir.sys 2013-11-22 22:07 - 2013-07-04 13:57 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll 2013-11-22 22:07 - 2013-07-04 13:50 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll 2013-11-22 22:07 - 2013-07-04 13:50 - 00102400 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll 2013-11-22 22:07 - 2013-07-04 13:18 - 00458712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys 2013-11-22 22:07 - 2013-07-04 12:57 - 00205824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll 2013-11-22 22:07 - 2013-07-04 12:51 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll 2013-11-22 22:07 - 2013-07-04 12:50 - 00530432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll 2013-11-22 22:07 - 2013-07-04 11:11 - 00140800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys 2013-11-22 22:07 - 2013-07-03 05:05 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidclass.sys 2013-11-22 22:07 - 2013-07-03 05:05 - 00032896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys 2013-11-22 22:07 - 2013-06-25 23:55 - 00785624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys 2013-11-22 22:07 - 2013-06-06 06:50 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll 2013-11-22 22:07 - 2013-06-06 06:49 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll 2013-11-22 22:07 - 2013-06-06 06:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll 2013-11-22 22:07 - 2013-06-06 06:47 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll 2013-11-22 22:07 - 2013-06-06 05:57 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll 2013-11-22 22:07 - 2013-06-06 05:51 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll 2013-11-22 22:07 - 2013-06-06 05:50 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll 2013-11-22 22:07 - 2013-06-06 04:30 - 00368128 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll 2013-11-22 22:07 - 2013-06-06 04:01 - 00295424 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll 2013-11-22 22:07 - 2013-06-06 04:01 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll 2013-11-22 22:07 - 2013-04-10 00:34 - 01247744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll 2013-11-22 22:07 - 2013-04-02 23:51 - 01643520 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll 2013-11-22 22:04 - 2013-10-12 03:30 - 00830464 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll 2013-11-22 22:04 - 2013-10-12 03:29 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL 2013-11-22 22:04 - 2013-10-12 03:29 - 00324096 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL 2013-11-22 22:04 - 2013-10-12 03:03 - 00656896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll 2013-11-22 22:04 - 2013-10-12 03:01 - 00216576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL 2013-11-22 22:04 - 2013-04-17 08:02 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll 2013-11-22 22:04 - 2013-04-17 07:24 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll 2013-11-17 18:50 - 2013-11-17 18:50 - 00000000 ____D C:\Users\CADCAM\Documents\Adobe 2013-11-17 01:47 - 2013-11-17 01:47 - 00003504 _____ C:\Windows\System32\Tasks\AdobeAAMUpdater-1.0-WENDELIN-CADCAM 2013-11-17 01:46 - 2013-11-17 01:47 - 00000000 ____D C:\ProgramData\regid.1986-12.com.adobe 2013-11-17 01:46 - 2013-11-17 01:46 - 00000000 ____D C:\Users\CADCAM\AppData\Roaming\PDAppFlex 2013-11-17 01:30 - 2013-11-17 01:30 - 00000000 ____D C:\Program Files\Adobe 2013-11-17 01:28 - 2013-11-17 01:31 - 00000000 ____D C:\Program Files\Common Files\Adobe 2013-11-17 01:17 - 2013-11-17 01:17 - 00001070 _____ C:\Users\Public\Desktop\Adobe Creative Cloud.lnk ==================== One Month Modified Files and Folders ======= 2013-12-11 23:25 - 2013-12-11 23:25 - 00007733 _____ C:\Users\CADCAM\Desktop\FRST.txt 2013-12-11 23:25 - 2013-12-10 01:24 - 00000000 ____D C:\Users\CADCAM\Desktop\FRST-OlderVersion 2013-12-11 23:25 - 2013-12-06 22:27 - 00000000 ____D C:\FRST 2013-12-11 23:25 - 2013-12-06 22:26 - 01926944 _____ (Farbar) C:\Users\CADCAM\Desktop\FRST64.exe 2013-12-11 23:24 - 2013-01-19 13:38 - 00000000 ____D C:\Users\CADCAM\AppData\Roaming\vlc 2013-12-11 23:21 - 2013-12-11 22:54 - 273372447 _____ C:\Users\CADCAM\Downloads\ava.14.10.13.mov 2013-12-11 22:58 - 2012-07-22 18:13 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2013-12-11 22:58 - 2012-07-22 18:13 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2013-12-11 21:46 - 2009-07-14 05:51 - 00092644 _____ C:\Windows\setupact.log 2013-12-11 21:40 - 2013-12-11 21:40 - 00025676 _____ C:\ComboFix.txt 2013-12-11 21:40 - 2013-12-08 21:07 - 00000000 ____D C:\Qoobox 2013-12-11 21:38 - 2009-07-14 03:34 - 00000215 _____ C:\Windows\system.ini 2013-12-11 20:31 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\NDF 2013-12-11 20:27 - 2009-07-14 05:45 - 00018672 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2013-12-11 20:27 - 2009-07-14 05:45 - 00018672 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2013-12-11 20:24 - 2010-01-14 16:02 - 01085285 _____ C:\Windows\WindowsUpdate.log 2013-12-11 20:22 - 2011-10-27 22:08 - 00000000 ____D C:\Users\CADCAM\AppData\Roaming\Dropbox 2013-12-11 20:21 - 2012-07-22 18:19 - 00000000 ___RD C:\Users\CADCAM\Google Drive 2013-12-11 20:21 - 2011-10-27 22:13 - 00000000 ___RD C:\Users\CADCAM\Dropbox 2013-12-11 20:20 - 2010-01-14 17:37 - 00000000 ____D C:\ProgramData\NVIDIA 2013-12-11 20:20 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2013-12-11 02:03 - 2013-12-11 01:59 - 376661969 _____ C:\Users\CADCAM\Downloads\andyvf_chastity.wmv 2013-12-11 02:00 - 2010-01-15 13:47 - 00000000 ____D C:\Users\CADCAM\AppData\Local\Adobe 2013-12-11 01:39 - 2013-12-11 01:39 - 233197627 _____ C:\Users\CADCAM\Downloads\JeanettaJoy_XXC2.mp4 2013-12-11 01:14 - 2012-04-06 03:29 - 00023552 _____ C:\Users\CADCAM\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2013-12-11 00:28 - 2009-07-14 18:58 - 00699432 _____ C:\Windows\system32\perfh007.dat 2013-12-11 00:28 - 2009-07-14 18:58 - 00149572 _____ C:\Windows\system32\perfc007.dat 2013-12-11 00:28 - 2009-07-14 06:13 - 01620684 _____ C:\Windows\system32\PerfStringBackup.INI 2013-12-11 00:23 - 2010-01-14 17:40 - 00135322 _____ C:\Windows\PFRO.log 2013-12-11 00:02 - 2013-12-08 20:59 - 05153140 ____R (Swearware) C:\Users\CADCAM\Desktop\ComboFix.exe 2013-12-10 19:26 - 2010-01-14 16:06 - 00000000 ___RD C:\Users\CADCAM\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 2013-12-10 01:23 - 2013-12-10 01:23 - 00000626 _____ C:\Users\CADCAM\Desktop\JRT.txt 2013-12-09 00:30 - 2013-12-09 00:30 - 02347384 _____ (ESET) C:\Users\CADCAM\Desktop\esetsmartinstaller_enu.exe 2013-12-08 23:29 - 2013-12-08 22:39 - 00089304 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2013-12-08 22:48 - 2013-12-08 22:40 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable) 2013-12-08 22:48 - 2013-12-08 22:39 - 00000000 ____D C:\Users\CADCAM\Desktop\mbar 2013-12-08 22:35 - 2013-12-08 22:35 - 12582688 _____ (Malwarebytes Corp.) C:\Users\CADCAM\Desktop\mbar-1.07.0.1008.exe 2013-12-08 21:23 - 2009-07-14 04:20 - 00000000 __RHD C:\Users\Default 2013-12-08 21:21 - 2013-12-08 21:06 - 00000000 ____D C:\Windows\erdnt 2013-12-07 21:58 - 2013-12-07 21:58 - 00000000 ____D C:\Windows\ERUNT 2013-12-07 21:52 - 2013-12-07 21:52 - 01034531 _____ (Thisisu) C:\Users\CADCAM\Desktop\JRT.exe 2013-12-06 22:17 - 2011-08-07 20:06 - 01586676 _____ C:\Windows\SysWOW64\PerfStringBackup.INI 2013-12-06 21:10 - 2013-12-06 21:06 - 00000000 ____D C:\AdwCleaner 2013-12-05 22:53 - 2012-07-22 18:13 - 00004106 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2013-12-05 22:53 - 2012-07-22 18:13 - 00003854 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2013-12-03 20:15 - 2013-12-03 20:15 - 00001118 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2013-12-03 20:15 - 2013-12-03 20:15 - 00000000 ____D C:\Users\CADCAM\AppData\Roaming\Malwarebytes 2013-12-03 20:15 - 2013-12-03 20:15 - 00000000 ____D C:\ProgramData\Malwarebytes 2013-12-03 20:15 - 2013-12-03 20:15 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware 2013-12-02 13:08 - 2013-12-03 20:13 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\CADCAM\Desktop\mbam-setup-1.75.0.1300.exe 2013-12-02 13:06 - 2013-12-03 20:13 - 01110034 _____ C:\Users\CADCAM\Desktop\adwcleaner.exe 2013-12-02 13:05 - 2013-12-03 20:13 - 00602112 _____ (OldTimer Tools) C:\Users\CADCAM\Desktop\OTL.exe 2013-12-02 00:08 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache 2013-12-01 23:01 - 2013-12-01 22:56 - 00000000 ____D C:\Windows\CD09642E061D4844BA37ED1480916404.TMP 2013-12-01 20:27 - 2012-05-23 20:48 - 00007640 _____ C:\Users\CADCAM\AppData\Local\Resmon.ResmonCfg 2013-12-01 16:53 - 2010-01-14 16:06 - 00001430 _____ C:\Users\CADCAM\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2013-12-01 16:51 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\PolicyDefinitions 2013-12-01 16:50 - 2013-12-01 16:35 - 00023377 _____ C:\Windows\IE11_main.log 2013-12-01 16:37 - 2013-12-01 16:37 - 23212032 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2013-12-01 16:37 - 2013-12-01 16:37 - 17142784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2013-12-01 16:37 - 2013-12-01 16:37 - 12995584 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2013-12-01 16:37 - 2013-12-01 16:37 - 11220992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2013-12-01 16:37 - 2013-12-01 16:37 - 05765120 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2013-12-01 16:37 - 2013-12-01 16:37 - 04240384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2013-12-01 16:37 - 2013-12-01 16:37 - 02764288 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2013-12-01 16:37 - 2013-12-01 16:37 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2013-12-01 16:37 - 2013-12-01 16:37 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2013-12-01 16:37 - 2013-12-01 16:37 - 02332160 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2013-12-01 16:37 - 2013-12-01 16:37 - 02166272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2013-12-01 16:37 - 2013-12-01 16:37 - 01993728 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2013-12-01 16:37 - 2013-12-01 16:37 - 01926656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2013-12-01 16:37 - 2013-12-01 16:37 - 01818112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2013-12-01 16:37 - 2013-12-01 16:37 - 01394176 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2013-12-01 16:37 - 2013-12-01 16:37 - 01228800 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2013-12-01 16:37 - 2013-12-01 16:37 - 01156608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2013-12-01 16:37 - 2013-12-01 16:37 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2013-12-01 16:37 - 2013-12-01 16:37 - 00942592 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll 2013-12-01 16:37 - 2013-12-01 16:37 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2013-12-01 16:37 - 2013-12-01 16:37 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2013-12-01 16:37 - 2013-12-01 16:37 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2013-12-01 16:37 - 2013-12-01 16:37 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2013-12-01 16:37 - 2013-12-01 16:37 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2013-12-01 16:37 - 2013-12-01 16:37 - 00645120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsIntl.dll 2013-12-01 16:37 - 2013-12-01 16:37 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2013-12-01 16:37 - 2013-12-01 16:37 - 00616104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat 2013-12-01 16:37 - 2013-12-01 16:37 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat 2013-12-01 16:37 - 2013-12-01 16:37 - 00610304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2013-12-01 16:37 - 2013-12-01 16:37 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2013-12-01 16:37 - 2013-12-01 16:37 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2013-12-01 16:37 - 2013-12-01 16:37 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2013-12-01 16:37 - 2013-12-01 16:37 - 00523776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2013-12-01 16:37 - 2013-12-01 16:37 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2013-12-01 16:37 - 2013-12-01 16:37 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2013-12-01 16:37 - 2013-12-01 16:37 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2013-12-01 16:37 - 2013-12-01 16:37 - 00413696 _____ (Microsoft Corporation) C:\Windows\system32\html.iec 2013-12-01 16:37 - 2013-12-01 16:37 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2013-12-01 16:37 - 2013-12-01 16:37 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec 2013-12-01 16:37 - 2013-12-01 16:37 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2013-12-01 16:37 - 2013-12-01 16:37 - 00263376 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2013-12-01 16:37 - 2013-12-01 16:37 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll 2013-12-01 16:37 - 2013-12-01 16:37 - 00244736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2013-12-01 16:37 - 2013-12-01 16:37 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll 2013-12-01 16:37 - 2013-12-01 16:37 - 00238288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2013-12-01 16:37 - 2013-12-01 16:37 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\url.dll 2013-12-01 16:37 - 2013-12-01 16:37 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll 2013-12-01 16:37 - 2013-12-01 16:37 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll 2013-12-01 16:37 - 2013-12-01 16:37 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2013-12-01 16:37 - 2013-12-01 16:37 - 00208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll 2013-12-01 16:37 - 2013-12-01 16:37 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2013-12-01 16:37 - 2013-12-01 16:37 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll 2013-12-01 16:37 - 2013-12-01 16:37 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll 2013-12-01 16:37 - 2013-12-01 16:37 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe 2013-12-01 16:37 - 2013-12-01 16:37 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2013-12-01 16:37 - 2013-12-01 16:37 - 00151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe 2013-12-01 16:37 - 2013-12-01 16:37 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll 2013-12-01 16:37 - 2013-12-01 16:37 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe 2013-12-01 16:37 - 2013-12-01 16:37 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe 2013-12-01 16:37 - 2013-12-01 16:37 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2013-12-01 16:37 - 2013-12-01 16:37 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll 2013-12-01 16:37 - 2013-12-01 16:37 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll 2013-12-01 16:37 - 2013-12-01 16:37 - 00127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll 2013-12-01 16:37 - 2013-12-01 16:37 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll 2013-12-01 16:37 - 2013-12-01 16:37 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2013-12-01 16:37 - 2013-12-01 16:37 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll 2013-12-01 16:37 - 2013-12-01 16:37 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2013-12-01 16:37 - 2013-12-01 16:37 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll 2013-12-01 16:37 - 2013-12-01 16:37 - 00101376 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll 2013-12-01 16:37 - 2013-12-01 16:37 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe 2013-12-01 16:37 - 2013-12-01 16:37 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll 2013-12-01 16:37 - 2013-12-01 16:37 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe 2013-12-01 16:37 - 2013-12-01 16:37 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2013-12-01 16:37 - 2013-12-01 16:37 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2013-12-01 16:37 - 2013-12-01 16:37 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll 2013-12-01 16:37 - 2013-12-01 16:37 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll 2013-12-01 16:37 - 2013-12-01 16:37 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx 2013-12-01 16:37 - 2013-12-01 16:37 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe 2013-12-01 16:37 - 2013-12-01 16:37 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe 2013-12-01 16:37 - 2013-12-01 16:37 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2013-12-01 16:37 - 2013-12-01 16:37 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll 2013-12-01 16:37 - 2013-12-01 16:37 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2013-12-01 16:37 - 2013-12-01 16:37 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx 2013-12-01 16:37 - 2013-12-01 16:37 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll 2013-12-01 16:37 - 2013-12-01 16:37 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2013-12-01 16:37 - 2013-12-01 16:37 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2013-12-01 16:37 - 2013-12-01 16:37 - 00056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll 2013-12-01 16:37 - 2013-12-01 16:37 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2013-12-01 16:37 - 2013-12-01 16:37 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll 2013-12-01 16:37 - 2013-12-01 16:37 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2013-12-01 16:37 - 2013-12-01 16:37 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll 2013-12-01 16:37 - 2013-12-01 16:37 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll 2013-12-01 16:37 - 2013-12-01 16:37 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2013-12-01 16:37 - 2013-12-01 16:37 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll 2013-12-01 16:37 - 2013-12-01 16:37 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll 2013-12-01 16:37 - 2013-12-01 16:37 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2013-12-01 16:37 - 2013-12-01 16:37 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2013-12-01 16:37 - 2013-12-01 16:37 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll 2013-12-01 16:37 - 2013-12-01 16:37 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2013-12-01 16:37 - 2013-12-01 16:37 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2013-12-01 16:37 - 2013-12-01 16:37 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2013-12-01 16:37 - 2013-12-01 16:37 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll 2013-12-01 16:37 - 2013-12-01 16:37 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll 2013-12-01 16:37 - 2013-12-01 16:37 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe 2013-12-01 16:37 - 2013-12-01 16:37 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe 2013-12-01 16:37 - 2013-12-01 16:37 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe 2013-12-01 16:37 - 2013-12-01 16:37 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe 2013-12-01 16:37 - 2013-12-01 16:37 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2013-11-23 23:28 - 2011-11-07 23:24 - 00000069 _____ C:\Windows\NeroDigital.ini 2013-11-22 22:26 - 2012-08-08 20:18 - 00000000 ____D C:\Program Files\Microsoft Silverlight 2013-11-22 22:26 - 2012-08-08 20:18 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight 2013-11-22 22:26 - 2009-07-14 05:45 - 04939000 _____ C:\Windows\system32\FNTCACHE.DAT 2013-11-22 22:20 - 2011-08-07 20:06 - 00001912 _____ C:\Windows\epplauncher.mif 2013-11-22 22:20 - 2011-08-07 20:05 - 00000000 ____D C:\Program Files\Microsoft Security Client 2013-11-22 22:20 - 2011-08-07 20:05 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client 2013-11-22 22:14 - 2013-09-15 11:32 - 00000000 ____D C:\Windows\system32\MRT 2013-11-19 11:21 - 2010-01-15 15:03 - 00267936 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe 2013-11-18 22:29 - 2010-01-15 13:47 - 00000000 ____D C:\Users\CADCAM\AppData\Roaming\Adobe 2013-11-17 18:50 - 2013-11-17 18:50 - 00000000 ____D C:\Users\CADCAM\Documents\Adobe 2013-11-17 11:20 - 2012-12-30 10:28 - 00000000 ____D C:\Users\CADCAM\.gimp-2.8 2013-11-17 01:47 - 2013-11-17 01:47 - 00003504 _____ C:\Windows\System32\Tasks\AdobeAAMUpdater-1.0-WENDELIN-CADCAM 2013-11-17 01:47 - 2013-11-17 01:46 - 00000000 ____D C:\ProgramData\regid.1986-12.com.adobe 2013-11-17 01:47 - 2012-12-30 22:35 - 00000000 ____D C:\Users\CADCAM\AppData\Roaming\NVIDIA 2013-11-17 01:46 - 2013-11-17 01:46 - 00000000 ____D C:\Users\CADCAM\AppData\Roaming\PDAppFlex 2013-11-17 01:35 - 2010-01-14 17:41 - 00058408 _____ C:\Users\CADCAM\AppData\Local\GDIPFONTCACHEV1.DAT 2013-11-17 01:31 - 2013-11-17 01:28 - 00000000 ____D C:\Program Files\Common Files\Adobe 2013-11-17 01:30 - 2013-11-17 01:30 - 00000000 ____D C:\Program Files\Adobe 2013-11-17 01:30 - 2010-01-15 13:47 - 00000000 ____D C:\ProgramData\Adobe 2013-11-17 01:29 - 2010-01-15 13:47 - 00000000 ____D C:\Program Files (x86)\Adobe 2013-11-17 01:17 - 2013-11-17 01:17 - 00001070 _____ C:\Users\Public\Desktop\Adobe Creative Cloud.lnk ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit testsigning: ==> Check for possible unsigned rootkit driver <===== ATTENTION! LastRegBack: 2013-12-10 18:44 ==================== End Of Log ============================ --- --- --- und Additions Code:
ATTFilter ==================== Memory info ===========================
Percentage of memory in use: 26%
Total physical RAM: 8191.18 MB
Available physical RAM: 6036.16 MB
Total Pagefile: 16380.54 MB
Available Pagefile: 14238 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB
==================== Drives ================================
Drive c: (HD_System) (Fixed) (Total:195.32 GB) (Free:34.56 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (HD_Backup) (Fixed) (Total:234.33 GB) (Free:1.23 GB) NTFS
Drive f: (HD2_1) (Fixed) (Total:100.01 GB) (Free:3.78 GB) NTFS
Drive g: (HD2_3) (Fixed) (Total:229.64 GB) (Free:2.93 GB) NTFS
Drive h: (HD2_2) (Fixed) (Total:100 GB) (Free:17.22 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 93B45C35)
Partition 1: (Active) - (Size=195 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=270 GB) - (Type=OF Extended)
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 8E530E68)
Partition 1: (Active) - (Size=100 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=100 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=266 GB) - (Type=OF Extended)
==================== End Of Log ============================
|
|
11.12.2013, 23:39
| #38 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Reveton Trojaner nicht vollständig entfernt additions.txt Log ist leider unvollständig... Edit: ich glaub FRST hat gerade nen Fehler...lad FRST morgen nochmal neu runter und erstell die Logs mit der neuen FRST-Version nochmal. Haken setzen bei additions.txt nicht vergessen. Zitat:
Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ Logfiles bitte immer in CODE-Tags posten Geändert von cosinus (11.12.2013 um 23:51 Uhr) |
|
12.12.2013, 00:08
| #39 |
| | Reveton Trojaner nicht vollständig entfernt ... habe das nochmnal gecheckt, das Addition.txt file war vollständig wie geposted Habe im "gecombofixten" Zustand TDSS laufen lassen. Leider nix gefunden: Code:
ATTFilter 00:01:41.0879 0x0dec TDSS rootkit removing tool 3.0.0.19 Nov 18 2013 09:27:50
00:01:48.0774 0x0dec ============================================================
00:01:48.0774 0x0dec Current date / time: 2013/12/12 00:01:48.0774
00:01:48.0774 0x0dec SystemInfo:
00:01:48.0774 0x0dec
00:01:48.0774 0x0dec OS Version: 6.1.7601 ServicePack: 1.0
00:01:48.0774 0x0dec Product type: Workstation
00:01:48.0774 0x0dec ComputerName: WENDELIN
00:01:48.0774 0x0dec UserName: CADCAM
00:01:48.0774 0x0dec Windows directory: C:\Windows
00:01:48.0774 0x0dec System windows directory: C:\Windows
00:01:48.0774 0x0dec Running under WOW64
00:01:48.0774 0x0dec Processor architecture: Intel x64
00:01:48.0774 0x0dec Number of processors: 4
00:01:48.0774 0x0dec Page size: 0x1000
00:01:48.0774 0x0dec Boot type: Normal boot
00:01:48.0774 0x0dec ============================================================
00:01:50.0303 0x0dec KLMD registered as C:\Windows\system32\drivers\18139138.sys
00:01:50.0506 0x0dec System UUID: {0EFB8E27-B414-FD90-6D77-460EEC5FB005}
00:01:51.0083 0x0dec Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
00:01:51.0099 0x0dec Drive \Device\Harddisk1\DR1 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
00:01:51.0114 0x0dec ============================================================
00:01:51.0114 0x0dec \Device\Harddisk0\DR0:
00:01:51.0114 0x0dec MBR partitions:
00:01:51.0114 0x0dec \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x186A3800
00:01:51.0145 0x0dec \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x186A631A, BlocksNum 0x1D4A99FE
00:01:51.0161 0x0dec \Device\Harddisk1\DR1:
00:01:51.0161 0x0dec MBR partitions:
00:01:51.0161 0x0dec \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xC804000
00:01:51.0161 0x0dec \Device\Harddisk1\DR1\Partition2: MBR, Type 0x7, StartLBA 0xC807300, BlocksNum 0xC7FF57E
00:01:51.0177 0x0dec \Device\Harddisk1\DR1\Partition3: MBR, Type 0x7, StartLBA 0x190068BD, BlocksNum 0x1CB4945B
00:01:51.0192 0x0dec ============================================================
00:01:51.0223 0x0dec C: <-> \Device\Harddisk0\DR0\Partition1
00:01:51.0255 0x0dec D: <-> \Device\Harddisk0\DR0\Partition2
00:01:51.0286 0x0dec F: <-> \Device\Harddisk1\DR1\Partition1
00:01:51.0333 0x0dec G: <-> \Device\Harddisk1\DR1\Partition3
00:01:51.0364 0x0dec H: <-> \Device\Harddisk1\DR1\Partition2
00:01:51.0364 0x0dec ============================================================
00:01:51.0364 0x0dec Initialize success
00:01:51.0364 0x0dec ============================================================
00:03:09.0489 0x04c0 ============================================================
00:03:09.0489 0x04c0 Scan started
00:03:09.0489 0x04c0 Mode: Manual; SigCheck; TDLFS;
00:03:09.0489 0x04c0 ============================================================
00:03:09.0489 0x04c0 KSN ping started
00:03:12.0203 0x04c0 KSN ping finished: true
00:03:12.0921 0x04c0 ================ Scan system memory ========================
00:03:12.0921 0x04c0 System memory - ok
00:03:12.0921 0x04c0 ================ Scan services =============================
00:03:13.0045 0x04c0 [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
00:03:13.0108 0x04c0 1394ohci - ok
00:03:13.0155 0x04c0 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI C:\Windows\system32\drivers\ACPI.sys
00:03:13.0170 0x04c0 ACPI - ok
00:03:13.0201 0x04c0 [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
00:03:13.0248 0x04c0 AcpiPmi - ok
00:03:13.0295 0x04c0 [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
00:03:13.0326 0x04c0 adp94xx - ok
00:03:13.0342 0x04c0 [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
00:03:13.0357 0x04c0 adpahci - ok
00:03:13.0357 0x04c0 [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
00:03:13.0373 0x04c0 adpu320 - ok
00:03:13.0404 0x04c0 [ 4B78B431F225FD8624C5655CB1DE7B61, 198A5AF2125C7C41F531A652D200C083A55A97DC541E3C0B5B253C7329949156 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
00:03:13.0513 0x04c0 AeLookupSvc - ok
00:03:13.0576 0x04c0 [ 79059559E89D06E8B80CE2944BE20228, 6E041D2FED2D0C3D8E16E56CB61D3245F9144EA92F5BDC9A4AA30598D1C8E6EE ] AFD C:\Windows\system32\drivers\afd.sys
00:03:13.0623 0x04c0 AFD - ok
00:03:13.0654 0x04c0 [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440 C:\Windows\system32\drivers\agp440.sys
00:03:13.0669 0x04c0 agp440 - ok
00:03:13.0685 0x04c0 [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG C:\Windows\System32\alg.exe
00:03:13.0716 0x04c0 ALG - ok
00:03:13.0747 0x04c0 [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide C:\Windows\system32\drivers\aliide.sys
00:03:13.0763 0x04c0 aliide - ok
00:03:13.0779 0x04c0 [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide C:\Windows\system32\drivers\amdide.sys
00:03:13.0794 0x04c0 amdide - ok
00:03:13.0825 0x04c0 [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
00:03:13.0857 0x04c0 AmdK8 - ok
00:03:13.0872 0x04c0 [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
00:03:13.0888 0x04c0 AmdPPM - ok
00:03:13.0919 0x04c0 [ D4121AE6D0C0E7E13AA221AA57EF2D49, 626F43C099BD197BE56648C367B711143C2BCCE96496BBDEF19F391D52FA01D0 ] amdsata C:\Windows\system32\drivers\amdsata.sys
00:03:13.0935 0x04c0 amdsata - ok
00:03:13.0966 0x04c0 [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
00:03:13.0981 0x04c0 amdsbs - ok
00:03:13.0997 0x04c0 [ 540DAF1CEA6094886D72126FD7C33048, 296578572A93F5B74E1AD443E000B79DC99D1CBD25082E02704800F886A3065F ] amdxata C:\Windows\system32\drivers\amdxata.sys
00:03:14.0013 0x04c0 amdxata - ok
00:03:14.0044 0x04c0 [ 89A69C3F2F319B43379399547526D952, 8ABDB4B8E106F96EBBA0D4D04C4F432296516E107E7BA5644ED2E50CF9BB491A ] AppID C:\Windows\system32\drivers\appid.sys
00:03:14.0091 0x04c0 AppID - ok
00:03:14.0106 0x04c0 [ 0BC381A15355A3982216F7172F545DE1, C33AF13CB218F7BF52E967452573DF2ADD20A95C6BF99229794FEF07C4BBE725 ] AppIDSvc C:\Windows\System32\appidsvc.dll
00:03:14.0153 0x04c0 AppIDSvc - ok
00:03:14.0184 0x04c0 [ 9D2A2369AB4B08A4905FE72DB104498F, D6FA1705018BABABFA2362E05691A0D6408D14DE7B76129B16D0A1DAD6378E58 ] Appinfo C:\Windows\System32\appinfo.dll
00:03:14.0200 0x04c0 Appinfo - ok
00:03:14.0247 0x04c0 [ 4ABA3E75A76195A3E38ED2766C962899, E2001ACD44DA270B8289DA362D26416676301773AB22616C211F31CF2E7869AA ] AppMgmt C:\Windows\System32\appmgmts.dll
00:03:14.0278 0x04c0 AppMgmt - ok
00:03:14.0325 0x04c0 [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc C:\Windows\system32\DRIVERS\arc.sys
00:03:14.0340 0x04c0 arc - ok
00:03:14.0371 0x04c0 [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
00:03:14.0387 0x04c0 arcsas - ok
00:03:14.0481 0x04c0 [ 9A262EDD17F8473B91B333D6B031A901, 05DFBD3A7D83FDE1D062EA719ACA9EC48CB7FD42D17DDD88B82E5D25469ADD23 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
00:03:14.0496 0x04c0 aspnet_state - ok
00:03:14.0527 0x04c0 [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
00:03:14.0590 0x04c0 AsyncMac - ok
00:03:14.0637 0x04c0 [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi C:\Windows\system32\drivers\atapi.sys
00:03:14.0637 0x04c0 atapi - ok
00:03:14.0699 0x04c0 [ E857EEE6B92AAA473EBB3465ADD8F7E7, 1C7E4737E649A025B3C4974A4F7D1353EAB85561FC8ED54E5C22A777E1A189B3 ] athr C:\Windows\system32\DRIVERS\athrx.sys
00:03:14.0808 0x04c0 athr - ok
00:03:14.0855 0x04c0 [ F23FEF6D569FCE88671949894A8BECF1, FCE7B156ED663471CF9A736915F00302E93B50FC647563D235313A37FCE8F0F6 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
00:03:14.0933 0x04c0 AudioEndpointBuilder - ok
00:03:14.0949 0x04c0 [ F23FEF6D569FCE88671949894A8BECF1, FCE7B156ED663471CF9A736915F00302E93B50FC647563D235313A37FCE8F0F6 ] AudioSrv C:\Windows\System32\Audiosrv.dll
00:03:14.0980 0x04c0 AudioSrv - ok
00:03:15.0027 0x04c0 [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV C:\Windows\System32\AxInstSV.dll
00:03:15.0073 0x04c0 AxInstSV - ok
00:03:15.0105 0x04c0 [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
00:03:15.0151 0x04c0 b06bdrv - ok
00:03:15.0167 0x04c0 [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
00:03:15.0198 0x04c0 b57nd60a - ok
00:03:15.0245 0x04c0 [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC C:\Windows\System32\bdesvc.dll
00:03:15.0261 0x04c0 BDESVC - ok
00:03:15.0276 0x04c0 [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep C:\Windows\system32\drivers\Beep.sys
00:03:15.0323 0x04c0 Beep - ok
00:03:15.0385 0x04c0 [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE C:\Windows\System32\bfe.dll
00:03:15.0417 0x04c0 BFE - ok
00:03:15.0479 0x04c0 [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS C:\Windows\system32\qmgr.dll
00:03:15.0541 0x04c0 BITS - ok
00:03:15.0557 0x04c0 [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
00:03:15.0573 0x04c0 blbdrive - ok
00:03:15.0604 0x04c0 [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
00:03:15.0635 0x04c0 bowser - ok
00:03:15.0666 0x04c0 [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
00:03:15.0713 0x04c0 BrFiltLo - ok
00:03:15.0729 0x04c0 [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
00:03:15.0744 0x04c0 BrFiltUp - ok
00:03:15.0791 0x04c0 [ 5C2F352A4E961D72518261257AAE204B, 9EE1001E1D46A414A7A86FE1DBBE232203E26F54D9EF43ED31ED8EACD4D09853 ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
00:03:15.0822 0x04c0 BridgeMP - ok
00:03:15.0853 0x04c0 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser C:\Windows\System32\browser.dll
00:03:15.0885 0x04c0 Browser - ok
00:03:15.0900 0x04c0 [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid C:\Windows\System32\Drivers\Brserid.sys
00:03:15.0931 0x04c0 Brserid - ok
00:03:15.0931 0x04c0 [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
00:03:15.0963 0x04c0 BrSerWdm - ok
00:03:15.0978 0x04c0 [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
00:03:16.0009 0x04c0 BrUsbMdm - ok
00:03:16.0025 0x04c0 [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
00:03:16.0041 0x04c0 BrUsbSer - ok
00:03:16.0056 0x04c0 [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
00:03:16.0072 0x04c0 BTHMODEM - ok
00:03:16.0103 0x04c0 [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv C:\Windows\system32\bthserv.dll
00:03:16.0150 0x04c0 bthserv - ok
00:03:16.0197 0x04c0 catchme - ok
00:03:16.0212 0x04c0 [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
00:03:16.0275 0x04c0 cdfs - ok
00:03:16.0337 0x04c0 [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
00:03:16.0368 0x04c0 cdrom - ok
00:03:16.0415 0x04c0 [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc C:\Windows\System32\certprop.dll
00:03:16.0462 0x04c0 CertPropSvc - ok
00:03:16.0477 0x04c0 [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass C:\Windows\system32\DRIVERS\circlass.sys
00:03:16.0493 0x04c0 circlass - ok
00:03:16.0524 0x04c0 [ FE1EC06F2253F691FE36217C592A0206, B9F122DB5E665ECDF29A5CB8BB6B531236F31A54A95769D6C5C1924C87FE70CE ] CLFS C:\Windows\system32\CLFS.sys
00:03:16.0540 0x04c0 CLFS - ok
00:03:16.0696 0x04c0 [ CB7140527636EE97CAD55C999FBCF636, BD41101B377193D7E7B3106B8B3CB426389844EF445650DDE375961B5C56F9EE ] CLKMSVC10_38F51D56 C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe
00:03:16.0727 0x04c0 CLKMSVC10_38F51D56 - ok
00:03:16.0774 0x04c0 [ D88040F816FDA31C3B466F0FA0918F29, 39D3630E623DA25B8444B6D3AAAB16B98E7E289C5619E19A85D47B74C71449F3 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
00:03:16.0789 0x04c0 clr_optimization_v2.0.50727_32 - ok
00:03:16.0836 0x04c0 [ D1CEEA2B47CB998321C579651CE3E4F8, 654013B8FD229A50017B08DEC6CA19C7DDA8CE0771260E057A92625201D539B1 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
00:03:16.0836 0x04c0 clr_optimization_v2.0.50727_64 - ok
00:03:16.0899 0x04c0 [ E87213F37A13E2B54391E40934F071D0, 7EB221127EFB5BF158FB03D18EFDA2C55FB6CE3D1A1FE69C01D70DBED02C87E5 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
00:03:16.0930 0x04c0 clr_optimization_v4.0.30319_32 - ok
00:03:16.0945 0x04c0 [ 4AEDAB50F83580D0B4D6CF78191F92AA, D113C47013B018B45161911B96E93AF96A2F3B34FA47061BF6E7A71FBA03194A ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
00:03:16.0961 0x04c0 clr_optimization_v4.0.30319_64 - ok
00:03:16.0992 0x04c0 [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
00:03:17.0023 0x04c0 CmBatt - ok
00:03:17.0039 0x04c0 [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide C:\Windows\system32\drivers\cmdide.sys
00:03:17.0055 0x04c0 cmdide - ok
00:03:17.0101 0x04c0 [ EBF28856F69CF094A902F884CF989706, AD6C9F0BC20AA49EEE5478DA0F856F0EA2B414B63208C5FFB03C9D7F5B59765F ] CNG C:\Windows\system32\Drivers\cng.sys
00:03:17.0148 0x04c0 CNG - ok
00:03:17.0164 0x04c0 [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
00:03:17.0179 0x04c0 Compbatt - ok
00:03:17.0195 0x04c0 [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
00:03:17.0242 0x04c0 CompositeBus - ok
00:03:17.0257 0x04c0 COMSysApp - ok
00:03:17.0257 0x04c0 [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
00:03:17.0273 0x04c0 crcdisk - ok
00:03:17.0335 0x04c0 [ 6B400F211BEE880A37A1ED0368776BF4, 2F27C6FA96A1C8CBDA467846DA57E63949A7EA37DB094B13397DDD30114295BD ] CryptSvc C:\Windows\system32\cryptsvc.dll
00:03:17.0367 0x04c0 CryptSvc - ok
00:03:17.0413 0x04c0 [ 54DA3DFD29ED9F1619B6F53F3CE55E49, 9177C6907A983296BF188892A894B668A09FFA058FD56B50FE12940D54B0FA5E ] CSC C:\Windows\system32\drivers\csc.sys
00:03:17.0460 0x04c0 CSC - ok
00:03:17.0507 0x04c0 [ 3AB183AB4D2C79DCF459CD2C1266B043, 72B0187EBA9DC74E61EC5CB3DC24058DDB768843E865801894AAEAA211610C56 ] CscService C:\Windows\System32\cscsvc.dll
00:03:17.0569 0x04c0 CscService - ok
00:03:17.0616 0x04c0 [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] DcomLaunch C:\Windows\system32\rpcss.dll
00:03:17.0663 0x04c0 DcomLaunch - ok
00:03:17.0710 0x04c0 [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc C:\Windows\System32\defragsvc.dll
00:03:17.0757 0x04c0 defragsvc - ok
00:03:17.0772 0x04c0 [ 9BB2EF44EAA163B29C4A4587887A0FE4, 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F ] DfsC C:\Windows\system32\Drivers\dfsc.sys
00:03:17.0819 0x04c0 DfsC - ok
00:03:17.0866 0x04c0 [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp C:\Windows\system32\dhcpcore.dll
00:03:17.0897 0x04c0 Dhcp - ok
00:03:17.0913 0x04c0 [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache C:\Windows\system32\drivers\discache.sys
00:03:17.0944 0x04c0 discache - ok
00:03:17.0975 0x04c0 [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk C:\Windows\system32\DRIVERS\disk.sys
00:03:17.0975 0x04c0 Disk - ok
00:03:18.0022 0x04c0 [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache C:\Windows\System32\dnsrslvr.dll
00:03:18.0053 0x04c0 Dnscache - ok
00:03:18.0115 0x04c0 [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc C:\Windows\System32\dot3svc.dll
00:03:18.0162 0x04c0 dot3svc - ok
00:03:18.0193 0x04c0 [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS C:\Windows\system32\dps.dll
00:03:18.0256 0x04c0 DPS - ok
00:03:18.0287 0x04c0 [ 9B19F34400D24DF84C858A421C205754, 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
00:03:18.0334 0x04c0 drmkaud - ok
00:03:18.0396 0x04c0 [ 88612F1CE3BF42256913BF6E61C70D52, 7CF190F83FA8F15C33008EB381D3E345CEF37CBC046227DED26B36799EF4D9A7 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
00:03:18.0427 0x04c0 DXGKrnl - ok
00:03:18.0459 0x04c0 [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost C:\Windows\System32\eapsvc.dll
00:03:18.0490 0x04c0 EapHost - ok
00:03:18.0615 0x04c0 [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
00:03:18.0739 0x04c0 ebdrv - ok
00:03:18.0771 0x04c0 [ 4D71227301DD8D09097B9E4CC6527E5A, 193D47ADCB722B581CC0F29B794AB3E455B6E9BEA367CE9A5216A09E055B7F1E ] EFS C:\Windows\System32\lsass.exe
00:03:18.0786 0x04c0 EFS - ok
00:03:18.0864 0x04c0 [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
00:03:18.0911 0x04c0 ehRecvr - ok
00:03:18.0942 0x04c0 [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched C:\Windows\ehome\ehsched.exe
00:03:18.0958 0x04c0 ehSched - ok
00:03:18.0989 0x04c0 [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
00:03:19.0020 0x04c0 elxstor - ok
00:03:19.0051 0x04c0 [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev C:\Windows\system32\drivers\errdev.sys
00:03:19.0067 0x04c0 ErrDev - ok
00:03:19.0114 0x04c0 [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem C:\Windows\system32\es.dll
00:03:19.0145 0x04c0 EventSystem - ok
00:03:19.0176 0x04c0 [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat C:\Windows\system32\drivers\exfat.sys
00:03:19.0207 0x04c0 exfat - ok
00:03:19.0223 0x04c0 [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat C:\Windows\system32\drivers\fastfat.sys
00:03:19.0270 0x04c0 fastfat - ok
00:03:19.0348 0x04c0 [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax C:\Windows\system32\fxssvc.exe
00:03:19.0410 0x04c0 Fax - ok
00:03:19.0426 0x04c0 [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc C:\Windows\system32\DRIVERS\fdc.sys
00:03:19.0441 0x04c0 fdc - ok
00:03:19.0473 0x04c0 [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost C:\Windows\system32\fdPHost.dll
00:03:19.0519 0x04c0 fdPHost - ok
00:03:19.0535 0x04c0 [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub C:\Windows\system32\fdrespub.dll
00:03:19.0582 0x04c0 FDResPub - ok
00:03:19.0597 0x04c0 [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
00:03:19.0597 0x04c0 FileInfo - ok
00:03:19.0613 0x04c0 [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
00:03:19.0660 0x04c0 Filetrace - ok
00:03:19.0675 0x04c0 [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
00:03:19.0691 0x04c0 flpydisk - ok
00:03:19.0753 0x04c0 [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
00:03:19.0769 0x04c0 FltMgr - ok
00:03:19.0831 0x04c0 [ C4C183E6551084039EC862DA1C945E3D, 0874A2ACDD24D64965AA9A76E9C818E216880AE4C9A2E07ED932EE404585CEE6 ] FontCache C:\Windows\system32\FntCache.dll
00:03:19.0894 0x04c0 FontCache - ok
00:03:19.0956 0x04c0 [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
00:03:19.0956 0x04c0 FontCache3.0.0.0 - ok
00:03:19.0972 0x04c0 [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
00:03:19.0987 0x04c0 FsDepends - ok
00:03:20.0019 0x04c0 [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
00:03:20.0019 0x04c0 Fs_Rec - ok
00:03:20.0065 0x04c0 [ 8F6322049018354F45F05A2FD2D4E5E0, 73BF0FB4EBD7887E992DDEBB79E906958D6678F8D1107E8C368F5A0514D80359 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
00:03:20.0081 0x04c0 fvevol - ok
00:03:20.0097 0x04c0 [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
00:03:20.0112 0x04c0 gagp30kx - ok
00:03:20.0175 0x04c0 [ 277BBC7E1AA1EE957F573A10ECA7EF3A, 2EE60B924E583E847CC24E78B401EF95C69DB777A5B74E1EC963E18D47B94D24 ] gpsvc C:\Windows\System32\gpsvc.dll
00:03:20.0237 0x04c0 gpsvc - ok
00:03:20.0331 0x04c0 [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
00:03:20.0346 0x04c0 gupdate - ok
00:03:20.0362 0x04c0 [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
00:03:20.0377 0x04c0 gupdatem - ok
00:03:20.0440 0x04c0 [ 5D4BC124FAAE6730AC002CDB67BF1A1C, 00294F4DC7D17F6DD2A22B9C3299BED40146BA45C972367154D20DB502472551 ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
00:03:20.0455 0x04c0 gusvc - ok
00:03:20.0471 0x04c0 [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
00:03:20.0502 0x04c0 hcw85cir - ok
00:03:20.0549 0x04c0 [ 975761C778E33CD22498059B91E7373A, 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
00:03:20.0580 0x04c0 HdAudAddService - ok
00:03:20.0611 0x04c0 [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
00:03:20.0627 0x04c0 HDAudBus - ok
00:03:20.0643 0x04c0 [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
00:03:20.0658 0x04c0 HidBatt - ok
00:03:20.0689 0x04c0 [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
00:03:20.0705 0x04c0 HidBth - ok
00:03:20.0721 0x04c0 [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
00:03:20.0736 0x04c0 HidIr - ok
00:03:20.0767 0x04c0 [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv C:\Windows\System32\hidserv.dll
00:03:20.0799 0x04c0 hidserv - ok
00:03:20.0845 0x04c0 [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb C:\Windows\system32\drivers\hidusb.sys
00:03:20.0861 0x04c0 HidUsb - ok
00:03:20.0892 0x04c0 [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc C:\Windows\system32\kmsvc.dll
00:03:20.0939 0x04c0 hkmsvc - ok
00:03:20.0970 0x04c0 [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
00:03:20.0986 0x04c0 HomeGroupListener - ok
00:03:21.0017 0x04c0 [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
00:03:21.0048 0x04c0 HomeGroupProvider - ok
00:03:21.0064 0x04c0 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
00:03:21.0079 0x04c0 HpSAMD - ok
00:03:21.0142 0x04c0 [ 0EA7DE1ACB728DD5A369FD742D6EEE28, 21C489412EB33A12B22290EB701C19BA57006E8702E76F730954F0784DDE9779 ] HTTP C:\Windows\system32\drivers\HTTP.sys
00:03:21.0220 0x04c0 HTTP - ok
00:03:21.0235 0x04c0 [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
00:03:21.0251 0x04c0 hwpolicy - ok
00:03:21.0282 0x04c0 [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
00:03:21.0298 0x04c0 i8042prt - ok
00:03:21.0313 0x04c0 [ AAAF44DB3BD0B9D1FB6969B23ECC8366, 805AA4A9464002D1AB3832E4106B2AAA1331F4281367E75956062AAE99699385 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
00:03:21.0345 0x04c0 iaStorV - ok
00:03:21.0438 0x04c0 [ 6F95324909B502E2651442C1548AB12F, FF1B104990FE186C6100ED229A45345FF695323AC778688EC11AA8F5A87B141E ] IDriverT C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
00:03:21.0454 0x04c0 IDriverT - detected UnsignedFile.Multi.Generic ( 1 )
00:03:24.0293 0x04c0 Detect skipped due to KSN trusted
00:03:24.0293 0x04c0 IDriverT - ok
00:03:24.0355 0x04c0 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD, 2B9512324DBA4A97F6AC34E8067EE08E3B6874CD60F6CB4209AFC22A34D2BE99 ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
00:03:24.0387 0x04c0 idsvc - ok
00:03:24.0418 0x04c0 IEEtwCollectorService - ok
00:03:24.0449 0x04c0 [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
00:03:24.0465 0x04c0 iirsp - ok
00:03:24.0511 0x04c0 [ 344789398EC3EE5A4E00C52B31847946, 3DA5F08E4B46F4E63456AA588D49E39A6A09A97D0509880C00F327623DB6122D ] IKEEXT C:\Windows\System32\ikeext.dll
00:03:24.0558 0x04c0 IKEEXT - ok
00:03:24.0652 0x04c0 [ 5E7092C34F6A5D28C5A3D5570B5622F9, F7A55B34A5E3078826B6441D3AE39F011C75A2430A526DE3411544A1C24F72F5 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
00:03:24.0699 0x04c0 IntcAzAudAddService - ok
00:03:24.0714 0x04c0 [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide C:\Windows\system32\drivers\intelide.sys
00:03:24.0730 0x04c0 intelide - ok
00:03:24.0761 0x04c0 [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
00:03:24.0761 0x04c0 intelppm - ok
00:03:24.0792 0x04c0 [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum C:\Windows\system32\ipbusenum.dll
00:03:24.0823 0x04c0 IPBusEnum - ok
00:03:24.0855 0x04c0 [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
00:03:24.0886 0x04c0 IpFilterDriver - ok
00:03:24.0933 0x04c0 [ 08C2957BB30058E663720C5606885653, E13EDF6701512E2A9977A531454932CA5023087CB50E1D2F416B8BCDD92B67BE ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
00:03:24.0995 0x04c0 iphlpsvc - ok
00:03:25.0011 0x04c0 [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
00:03:25.0042 0x04c0 IPMIDRV - ok
00:03:25.0057 0x04c0 [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT C:\Windows\system32\drivers\ipnat.sys
00:03:25.0104 0x04c0 IPNAT - ok
00:03:25.0120 0x04c0 [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM C:\Windows\system32\drivers\irenum.sys
00:03:25.0135 0x04c0 IRENUM - ok
00:03:25.0167 0x04c0 [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp C:\Windows\system32\drivers\isapnp.sys
00:03:25.0167 0x04c0 isapnp - ok
00:03:25.0198 0x04c0 [ D931D7309DEB2317035B07C9F9E6B0BD, 13AD84172ED8C6153F8A98499C01733B74E48464CE07D099508E38D409913ED3 ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
00:03:25.0213 0x04c0 iScsiPrt - ok
00:03:25.0245 0x04c0 [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
00:03:25.0260 0x04c0 kbdclass - ok
00:03:25.0291 0x04c0 [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
00:03:25.0307 0x04c0 kbdhid - ok
00:03:25.0307 0x04c0 [ 4D71227301DD8D09097B9E4CC6527E5A, 193D47ADCB722B581CC0F29B794AB3E455B6E9BEA367CE9A5216A09E055B7F1E ] KeyIso C:\Windows\system32\lsass.exe
00:03:25.0323 0x04c0 KeyIso - ok
00:03:25.0354 0x04c0 [ 8F489706472F7E9A06BAAA198703FA64, F020406690FB38EABD82D63B91D33039CC93ED52A5497AE12BAF475F22D0B08A ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
00:03:25.0369 0x04c0 KSecDD - ok
00:03:25.0369 0x04c0 [ 868A2CAAB12EFC7A021682BCA0EEC54C, 12C4925B5B3D6EA7B6410C01F33158C6EAB50CBD6AF445F8B04ED9899720C2DD ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
00:03:25.0385 0x04c0 KSecPkg - ok
00:03:25.0401 0x04c0 [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
00:03:25.0447 0x04c0 ksthunk - ok
00:03:25.0479 0x04c0 [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm C:\Windows\system32\msdtckrm.dll
00:03:25.0525 0x04c0 KtmRm - ok
00:03:25.0572 0x04c0 [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer C:\Windows\System32\srvsvc.dll
00:03:25.0619 0x04c0 LanmanServer - ok
00:03:25.0650 0x04c0 [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
00:03:25.0697 0x04c0 LanmanWorkstation - ok
00:03:25.0728 0x04c0 [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
00:03:25.0791 0x04c0 lltdio - ok
00:03:25.0837 0x04c0 [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc C:\Windows\System32\lltdsvc.dll
00:03:25.0884 0x04c0 lltdsvc - ok
00:03:25.0900 0x04c0 [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts C:\Windows\System32\lmhsvc.dll
00:03:25.0931 0x04c0 lmhosts - ok
00:03:25.0962 0x04c0 [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
00:03:25.0962 0x04c0 LSI_FC - ok
00:03:25.0978 0x04c0 [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
00:03:25.0993 0x04c0 LSI_SAS - ok
00:03:26.0009 0x04c0 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
00:03:26.0025 0x04c0 LSI_SAS2 - ok
00:03:26.0040 0x04c0 [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
00:03:26.0040 0x04c0 LSI_SCSI - ok
00:03:26.0071 0x04c0 [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv C:\Windows\system32\drivers\luafv.sys
00:03:26.0103 0x04c0 luafv - ok
00:03:26.0149 0x04c0 [ 0BB97D43299910CBFBA59C461B99B910, 27C22D9D9EE8A410D7396960DA93E9E260D4DCDD38DCE06E85E45C5E24C067DE ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
00:03:26.0165 0x04c0 MBAMProtector - ok
00:03:26.0227 0x04c0 [ 65085456FD9A74D7F1A999520C299ECB, EA564BC913EF1B8A4CAA9242FC70F525B68CF1F3CA462F63B0B7215B93FE8530 ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
00:03:26.0243 0x04c0 MBAMScheduler - ok
00:03:26.0274 0x04c0 [ E0D7732F2D2E24B2DB3F67B6750295B8, AA5CA86AF1ACEC900F60339016B3DC55472DB40ADB99186005A7ABE67B7D66FC ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
00:03:26.0290 0x04c0 MBAMService - ok
00:03:26.0337 0x04c0 [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
00:03:26.0352 0x04c0 Mcx2Svc - ok
00:03:26.0383 0x04c0 [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
00:03:26.0399 0x04c0 megasas - ok
00:03:26.0415 0x04c0 [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
00:03:26.0430 0x04c0 MegaSR - ok
00:03:26.0477 0x04c0 [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS C:\Windows\system32\mmcss.dll
00:03:26.0524 0x04c0 MMCSS - ok
00:03:26.0539 0x04c0 [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem C:\Windows\system32\drivers\modem.sys
00:03:26.0586 0x04c0 Modem - ok
00:03:26.0602 0x04c0 [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
00:03:26.0633 0x04c0 monitor - ok
00:03:26.0680 0x04c0 [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
00:03:26.0695 0x04c0 mouclass - ok
00:03:26.0711 0x04c0 [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
00:03:26.0727 0x04c0 mouhid - ok
00:03:26.0773 0x04c0 [ 32E7A3D591D671A6DF2DB515A5CBE0FA, 47CED0B9067AE8BF5EEF60B17ADEE5906BEDCC56E4CB460B7BFBC12BB9A69E63 ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
00:03:26.0789 0x04c0 mountmgr - ok
00:03:26.0851 0x04c0 [ C6B88D62F20AC646C6BD5C032EC2FAF9, 111A07939F3C5A46F0C51B9D6F5C1D8478099E32EFD88BC260467109ADD975F8 ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys
00:03:26.0883 0x04c0 MpFilter - ok
00:03:26.0898 0x04c0 [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio C:\Windows\system32\drivers\mpio.sys
00:03:26.0914 0x04c0 mpio - ok
00:03:26.0945 0x04c0 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
00:03:26.0976 0x04c0 mpsdrv - ok
00:03:27.0039 0x04c0 [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc C:\Windows\system32\mpssvc.dll
00:03:27.0117 0x04c0 MpsSvc - ok
00:03:27.0148 0x04c0 [ 1A4F75E63C9FB84B85DFFC6B63FD5404, 01AFA6DBB4CDE55FE4EA05BBE8F753A4266F8D072EA1EE01DB79F5126780C21F ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
00:03:27.0163 0x04c0 MRxDAV - ok
00:03:27.0179 0x04c0 [ A5D9106A73DC88564C825D317CAC68AC, 0457B2AEA4E05A91D0E43F317894A614434D8CEBE35020785387F307E231FBE4 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
00:03:27.0210 0x04c0 mrxsmb - ok
00:03:27.0241 0x04c0 [ D711B3C1D5F42C0C2415687BE09FC163, 9B3013AC60BD2D0FF52086658BA5FF486ADE15954A552D7DD590580E8BAE3EFF ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
00:03:27.0273 0x04c0 mrxsmb10 - ok
00:03:27.0319 0x04c0 [ 9423E9D355C8D303E76B8CFBD8A5C30C, 220B33F120C2DD937FE4D5664F4B581DC0ACF78D62EB56B7720888F67B9644CC ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
00:03:27.0335 0x04c0 mrxsmb20 - ok
00:03:27.0382 0x04c0 [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci C:\Windows\system32\drivers\msahci.sys
00:03:27.0397 0x04c0 msahci - ok
00:03:27.0413 0x04c0 [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm C:\Windows\system32\drivers\msdsm.sys
00:03:27.0429 0x04c0 msdsm - ok
00:03:27.0444 0x04c0 [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC C:\Windows\System32\msdtc.exe
00:03:27.0475 0x04c0 MSDTC - ok
00:03:27.0491 0x04c0 [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs C:\Windows\system32\drivers\Msfs.sys
00:03:27.0522 0x04c0 Msfs - ok
00:03:27.0538 0x04c0 [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
00:03:27.0569 0x04c0 mshidkmdf - ok
00:03:27.0585 0x04c0 MSICDSetup - ok
00:03:27.0616 0x04c0 [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
00:03:27.0631 0x04c0 msisadrv - ok
00:03:27.0663 0x04c0 [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
00:03:27.0694 0x04c0 MSiSCSI - ok
00:03:27.0709 0x04c0 msiserver - ok
00:03:27.0725 0x04c0 [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
00:03:27.0756 0x04c0 MSKSSRV - ok
00:03:27.0865 0x04c0 [ 7675E15D1B2180745E4DA4D26AAD7385, 729AA6C610F67028CFFFF64B772FFA1CAE7581D37F8909BDA423D52AF85C92C8 ] MsMpSvc C:\Program Files\Microsoft Security Client\MsMpEng.exe
00:03:27.0881 0x04c0 MsMpSvc - ok
00:03:27.0897 0x04c0 [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
00:03:27.0943 0x04c0 MSPCLOCK - ok
00:03:27.0959 0x04c0 [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
00:03:28.0006 0x04c0 MSPQM - ok
00:03:28.0037 0x04c0 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
00:03:28.0053 0x04c0 MsRPC - ok
00:03:28.0084 0x04c0 [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
00:03:28.0099 0x04c0 mssmbios - ok
00:03:28.0115 0x04c0 [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
00:03:28.0162 0x04c0 MSTEE - ok
00:03:28.0162 0x04c0 [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
00:03:28.0193 0x04c0 MTConfig - ok
00:03:28.0209 0x04c0 [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup C:\Windows\system32\Drivers\mup.sys
00:03:28.0224 0x04c0 Mup - ok
00:03:28.0271 0x04c0 [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent C:\Windows\system32\qagentRT.dll
00:03:28.0333 0x04c0 napagent - ok
00:03:28.0365 0x04c0 [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
00:03:28.0396 0x04c0 NativeWifiP - ok
00:03:28.0474 0x04c0 [ 760E38053BF56E501D562B70AD796B88, F856E81A975D44F8684A6F2466549CEEDFAEB3950191698555A93A1206E0A42D ] NDIS C:\Windows\system32\drivers\ndis.sys
00:03:28.0489 0x04c0 NDIS - ok
00:03:28.0521 0x04c0 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
00:03:28.0552 0x04c0 NdisCap - ok
00:03:28.0567 0x04c0 [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
00:03:28.0614 0x04c0 NdisTapi - ok
00:03:28.0645 0x04c0 [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
00:03:28.0677 0x04c0 Ndisuio - ok
00:03:28.0708 0x04c0 [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
00:03:28.0755 0x04c0 NdisWan - ok
00:03:28.0786 0x04c0 [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
00:03:28.0833 0x04c0 NDProxy - ok
00:03:28.0864 0x04c0 [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
00:03:28.0895 0x04c0 NetBIOS - ok
00:03:28.0942 0x04c0 [ 09594D1089C523423B32A4229263F068, 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
00:03:28.0989 0x04c0 NetBT - ok
00:03:28.0989 0x04c0 [ 4D71227301DD8D09097B9E4CC6527E5A, 193D47ADCB722B581CC0F29B794AB3E455B6E9BEA367CE9A5216A09E055B7F1E ] Netlogon C:\Windows\system32\lsass.exe
00:03:29.0004 0x04c0 Netlogon - ok
00:03:29.0035 0x04c0 [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman C:\Windows\System32\netman.dll
00:03:29.0082 0x04c0 Netman - ok
00:03:29.0129 0x04c0 [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
00:03:29.0145 0x04c0 NetMsmqActivator - ok
00:03:29.0176 0x04c0 [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
00:03:29.0207 0x04c0 NetPipeActivator - ok
00:03:29.0223 0x04c0 [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm C:\Windows\System32\netprofm.dll
00:03:29.0285 0x04c0 netprofm - ok
00:03:29.0285 0x04c0 [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
00:03:29.0301 0x04c0 NetTcpActivator - ok
00:03:29.0316 0x04c0 [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
00:03:29.0316 0x04c0 NetTcpPortSharing - ok
00:03:29.0363 0x04c0 [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
00:03:29.0379 0x04c0 nfrd960 - ok
00:03:29.0425 0x04c0 [ ACE8C64C57E4A711473C8BC10ADF692B, 53D8083CE78DB5527080B4570AC28ABAA262667744A319707AE0C46E46B297F9 ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys
00:03:29.0441 0x04c0 NisDrv - ok
00:03:29.0488 0x04c0 [ 6247E8B31ED0A9D6BC5A26276E49BEB3, 230C0C560492C454B9EB14B50EB4A78DC74FAB6B662449A0EA3114B3E671BFF3 ] NisSrv C:\Program Files\Microsoft Security Client\NisSrv.exe
00:03:29.0519 0x04c0 NisSrv - ok
00:03:29.0550 0x04c0 [ 8AD77806D336673F270DB31645267293, E23F324913554A23CD043DD27D4305AF62F48C0561A0FC7B7811E55B74B1BE79 ] NlaSvc C:\Windows\System32\nlasvc.dll
00:03:29.0581 0x04c0 NlaSvc - ok
00:03:29.0628 0x04c0 [ EBA1B4BF2E2375ABDADEDB649F283541, 8B27AE794678C55791F95F34E67E12BAD5BE753F812C49D6511BB657CF453B52 ] NMIndexingService C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe
00:03:29.0659 0x04c0 NMIndexingService - ok
00:03:29.0675 0x04c0 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs C:\Windows\system32\drivers\Npfs.sys
00:03:29.0706 0x04c0 Npfs - ok
00:03:29.0737 0x04c0 [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi C:\Windows\system32\nsisvc.dll
00:03:29.0769 0x04c0 nsi - ok
00:03:29.0800 0x04c0 [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
00:03:29.0847 0x04c0 nsiproxy - ok
00:03:29.0909 0x04c0 [ B98F8C6E31CD07B2E6F71F7F648E38C0, 2FEA100B80680FBBF644CB6763738804155DF1E94A6542CAE2B2786D770D554E ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
00:03:29.0956 0x04c0 Ntfs - ok
00:03:29.0971 0x04c0 [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null C:\Windows\system32\drivers\Null.sys
00:03:30.0018 0x04c0 Null - ok
00:03:30.0315 0x04c0 [ FCBA1C22727939E7CFF9EB08FE9692AB, 081FBF38EA17746C5CF2260AD32B62385D4A075476E30CBB9A2AA080F8AA0CA4 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
00:03:30.0549 0x04c0 nvlddmkm - ok
00:03:30.0595 0x04c0 [ 0A92CB65770442ED0DC44834632F66AD, 581327F07A68DBD5CC749214BE5F1211FC2CE41C7A4F0656B680AFB51A35ACE7 ] nvraid C:\Windows\system32\drivers\nvraid.sys
00:03:30.0611 0x04c0 nvraid - ok
00:03:30.0627 0x04c0 [ DAB0E87525C10052BF65F06152F37E4A, AD9BFF0D5FD3FFB95C758B478E1F6A9FE45E7B37AEC71EB5070D292FEAAEDF37 ] nvstor C:\Windows\system32\drivers\nvstor.sys
00:03:30.0642 0x04c0 nvstor - ok
00:03:30.0689 0x04c0 [ 10C232F6CFFD51D2332898AE7AE0FF23, 92E5452D8467852C22D702ACAFB5DBFD312A8F72A4353B8D0A9C18AEFCE4B2B2 ] nvsvc C:\Windows\system32\nvvsvc.exe
00:03:30.0751 0x04c0 nvsvc - ok
00:03:30.0845 0x04c0 [ 4789E020D2617046862D1790FC235FF6, FCFD56DF2CADA830E7B2D4B91D5A9D2FE783B1396CBA124000765168FA5B6574 ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
00:03:30.0876 0x04c0 nvUpdatusService - ok
00:03:30.0892 0x04c0 [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
00:03:30.0907 0x04c0 nv_agp - ok
00:03:30.0923 0x04c0 [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
00:03:30.0939 0x04c0 ohci1394 - ok
00:03:30.0970 0x04c0 [ 607A26E10AE99558C80C4B097AE57B48, 3F3504CA912A137AE4443EF688E728A8800B18D941E0EC11B2701E46E3571B89 ] OxPCIeSer C:\Windows\system32\DRIVERS\OxPCIeSer.sys
00:03:30.0985 0x04c0 OxPCIeSer - ok
00:03:31.0017 0x04c0 [ EB694E5C24EDBFF2943A5ADAB8391425, 58D7CA4AB98BA778A8FAF22470DF3C60C4C8AF935012D91B2438D8C8FB9E4BCF ] OxPCIeSerMf C:\Windows\system32\DRIVERS\OxPCIeMf.sys
00:03:31.0017 0x04c0 OxPCIeSerMf - ok
00:03:31.0048 0x04c0 [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
00:03:31.0095 0x04c0 p2pimsvc - ok
00:03:31.0126 0x04c0 [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc C:\Windows\system32\p2psvc.dll
00:03:31.0157 0x04c0 p2psvc - ok
00:03:31.0173 0x04c0 [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport C:\Windows\system32\DRIVERS\parport.sys
00:03:31.0188 0x04c0 Parport - ok
00:03:31.0219 0x04c0 [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr C:\Windows\system32\drivers\partmgr.sys
00:03:31.0235 0x04c0 partmgr - ok
00:03:31.0251 0x04c0 [ 3AEAA8B561E63452C655DC0584922257, 04C072969B58657602EB0C21CEDF24FCEE14E61B90A0F758F93925EF2C9FC32D ] PcaSvc C:\Windows\System32\pcasvc.dll
00:03:31.0282 0x04c0 PcaSvc - ok
00:03:31.0329 0x04c0 [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci C:\Windows\system32\drivers\pci.sys
00:03:31.0329 0x04c0 pci - ok
00:03:31.0375 0x04c0 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide C:\Windows\system32\drivers\pciide.sys
00:03:31.0391 0x04c0 pciide - ok
00:03:31.0407 0x04c0 [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
00:03:31.0422 0x04c0 pcmcia - ok
00:03:31.0438 0x04c0 [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw C:\Windows\system32\drivers\pcw.sys
00:03:31.0453 0x04c0 pcw - ok
00:03:31.0469 0x04c0 [ 68769C3356B3BE5D1C732C97B9A80D6E, FB2D61145980A2899D1B7729184C54070315B0E63C9A22400A76CCD39E00029C ] PEAUTH C:\Windows\system32\drivers\peauth.sys
00:03:31.0547 0x04c0 PEAUTH - ok
00:03:31.0625 0x04c0 [ B9B0A4299DD2D76A4243F75FD54DC680, BBF62E9628131FA396EB08D63B76D2D5FBDD61339E92B759125A066470D1C039 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
00:03:31.0687 0x04c0 PeerDistSvc - ok
00:03:31.0750 0x04c0 [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost C:\Windows\SysWow64\perfhost.exe
00:03:31.0781 0x04c0 PerfHost - ok
00:03:31.0859 0x04c0 [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla C:\Windows\system32\pla.dll
00:03:31.0953 0x04c0 pla - ok
00:03:31.0999 0x04c0 [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
00:03:32.0046 0x04c0 PlugPlay - ok
00:03:32.0077 0x04c0 [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
00:03:32.0093 0x04c0 PNRPAutoReg - ok
00:03:32.0124 0x04c0 [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
00:03:32.0140 0x04c0 PNRPsvc - ok
00:03:32.0187 0x04c0 [ 4F15D75ADF6156BF56ECED6D4A55C389, 2ADA3EA69A5D7EC2A4D2DD89178DB94EAFDDF95F07B0070D654D9F7A5C12A044 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
00:03:32.0249 0x04c0 PolicyAgent - ok
00:03:32.0280 0x04c0 [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power C:\Windows\system32\umpo.dll
00:03:32.0327 0x04c0 Power - ok
00:03:32.0358 0x04c0 [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
00:03:32.0405 0x04c0 PptpMiniport - ok
00:03:32.0436 0x04c0 [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor C:\Windows\system32\DRIVERS\processr.sys
00:03:32.0452 0x04c0 Processor - ok
00:03:32.0499 0x04c0 [ 53E83F1F6CF9D62F32801CF66D8352A8, 1225FED810BE8E0729EEAE5B340035CCBB9BACD3EF247834400F9B72D05ACE48 ] ProfSvc C:\Windows\system32\profsvc.dll
00:03:32.0545 0x04c0 ProfSvc - ok
00:03:32.0561 0x04c0 [ 4D71227301DD8D09097B9E4CC6527E5A, 193D47ADCB722B581CC0F29B794AB3E455B6E9BEA367CE9A5216A09E055B7F1E ] ProtectedStorage C:\Windows\system32\lsass.exe
00:03:32.0577 0x04c0 ProtectedStorage - ok
00:03:32.0623 0x04c0 [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched C:\Windows\system32\DRIVERS\pacer.sys
00:03:32.0670 0x04c0 Psched - ok
00:03:32.0717 0x04c0 [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
00:03:32.0779 0x04c0 ql2300 - ok
00:03:32.0795 0x04c0 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
00:03:32.0826 0x04c0 ql40xx - ok
00:03:32.0873 0x04c0 [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE C:\Windows\system32\qwave.dll
00:03:32.0904 0x04c0 QWAVE - ok
00:03:32.0920 0x04c0 [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
00:03:32.0951 0x04c0 QWAVEdrv - ok
00:03:32.0967 0x04c0 [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
00:03:32.0998 0x04c0 RasAcd - ok
00:03:33.0014 0x04c0 [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
00:03:33.0060 0x04c0 RasAgileVpn - ok
00:03:33.0076 0x04c0 [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto C:\Windows\System32\rasauto.dll
00:03:33.0123 0x04c0 RasAuto - ok
00:03:33.0154 0x04c0 [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
00:03:33.0185 0x04c0 Rasl2tp - ok
00:03:33.0232 0x04c0 [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan C:\Windows\System32\rasmans.dll
00:03:33.0279 0x04c0 RasMan - ok
00:03:33.0294 0x04c0 [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
00:03:33.0341 0x04c0 RasPppoe - ok
00:03:33.0372 0x04c0 [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
00:03:33.0419 0x04c0 RasSstp - ok
00:03:33.0450 0x04c0 [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
00:03:33.0513 0x04c0 rdbss - ok
00:03:33.0528 0x04c0 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
00:03:33.0528 0x04c0 rdpbus - ok
00:03:33.0544 0x04c0 [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
00:03:33.0591 0x04c0 RDPCDD - ok
00:03:33.0622 0x04c0 [ 1B6163C503398B23FF8B939C67747683, 339A5AA7970FF34FAAB213B655860C5B0DEC5F983A4A11A088017D849F320ACE ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
00:03:33.0638 0x04c0 RDPDR - ok
00:03:33.0653 0x04c0 [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
00:03:33.0700 0x04c0 RDPENCDD - ok
00:03:33.0716 0x04c0 [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
00:03:33.0747 0x04c0 RDPREFMP - ok
00:03:33.0778 0x04c0 [ E61608AA35E98999AF9AAEEEA6114B0A, F754CDE89DC96786D2A3C4D19EE2AEF1008E634E4DE3C0CBF927436DE90C04A6 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
00:03:33.0809 0x04c0 RDPWD - ok
00:03:33.0872 0x04c0 [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
00:03:33.0887 0x04c0 rdyboost - ok
00:03:33.0903 0x04c0 [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess C:\Windows\System32\mprdim.dll
00:03:33.0934 0x04c0 RemoteAccess - ok
00:03:33.0965 0x04c0 [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry C:\Windows\system32\regsvc.dll
00:03:34.0012 0x04c0 RemoteRegistry - ok
00:03:34.0059 0x04c0 [ 7B04C9843921AB1F695FB395422C5360, C9B02BE0384357FD242613C2A12029B45322AF9A795CD69F33500CA7530899A7 ] RimUsb C:\Windows\system32\Drivers\RimUsb_AMD64.sys
00:03:34.0074 0x04c0 RimUsb - ok
00:03:34.0106 0x04c0 [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
00:03:34.0152 0x04c0 RpcEptMapper - ok
00:03:34.0184 0x04c0 [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator C:\Windows\system32\locator.exe
00:03:34.0215 0x04c0 RpcLocator - ok
00:03:34.0262 0x04c0 [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] RpcSs C:\Windows\system32\rpcss.dll
00:03:34.0308 0x04c0 RpcSs - ok
00:03:34.0340 0x04c0 [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
00:03:34.0386 0x04c0 rspndr - ok
00:03:34.0433 0x04c0 [ BAEFEE35D27A5440D35092CE10267BEC, FB550D38C01E07B1170C52C1441874B56DD3BECB10CBE8E132EE3276A05C796E ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
00:03:34.0449 0x04c0 RTL8167 - ok
00:03:34.0480 0x04c0 [ E60C0A09F997826C7627B244195AB581, E8630ED74B38B98BF584E353D992C1311BC36AB7F20A1BB66C9CD65CE1E46F8D ] s3cap C:\Windows\system32\drivers\vms3cap.sys
00:03:34.0496 0x04c0 s3cap - ok
00:03:34.0511 0x04c0 [ 4D71227301DD8D09097B9E4CC6527E5A, 193D47ADCB722B581CC0F29B794AB3E455B6E9BEA367CE9A5216A09E055B7F1E ] SamSs C:\Windows\system32\lsass.exe
00:03:34.0527 0x04c0 SamSs - ok
00:03:34.0558 0x04c0 [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
00:03:34.0574 0x04c0 sbp2port - ok
00:03:34.0605 0x04c0 [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr C:\Windows\System32\SCardSvr.dll
00:03:34.0652 0x04c0 SCardSvr - ok
00:03:34.0683 0x04c0 [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
00:03:34.0730 0x04c0 scfilter - ok
00:03:34.0776 0x04c0 [ 262F6592C3299C005FD6BEC90FC4463A, 54095E37F0B6CC677A3E9BDD40F4647C713273D197DB341063AA7F342A60C4A7 ] Schedule C:\Windows\system32\schedsvc.dll
00:03:34.0839 0x04c0 Schedule - ok
00:03:34.0870 0x04c0 [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc C:\Windows\System32\certprop.dll
00:03:34.0901 0x04c0 SCPolicySvc - ok
00:03:34.0948 0x04c0 [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC C:\Windows\System32\SDRSVC.dll
00:03:34.0964 0x04c0 SDRSVC - ok
00:03:34.0995 0x04c0 [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv C:\Windows\system32\drivers\secdrv.sys
00:03:35.0042 0x04c0 secdrv - ok
00:03:35.0073 0x04c0 [ BC617A4E1B4FA8DF523A061739A0BD87, 10C4057F6B321EB5237FF619747B74F5401BC17D15A8C7060829E8204A2297F9 ] seclogon C:\Windows\system32\seclogon.dll
00:03:35.0104 0x04c0 seclogon - ok
00:03:35.0120 0x04c0 [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS C:\Windows\system32\sens.dll
00:03:35.0166 0x04c0 SENS - ok
00:03:35.0182 0x04c0 [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc C:\Windows\system32\sensrsvc.dll
00:03:35.0213 0x04c0 SensrSvc - ok
00:03:35.0260 0x04c0 [ 255476B54C82A89416EFDF09FD62F107, 000A6F7F15177A08ED4E22DB1C06F9FF0F8D324541A3E7AF7F35123D9CA4122D ] Sentinel64 C:\Windows\System32\Drivers\Sentinel64.sys
00:03:35.0775 0x04c0 Sentinel64 - ok
00:03:35.0853 0x04c0 [ D1A2BA8BF092DDF18F3D3DB1D5AC7803, EE1B349DD8D5C00B4E13F9F71BFDBA73A4870C6BC90F1845D2AEAD8EFEE02322 ] SentinelProtectionServer C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
00:03:35.0884 0x04c0 SentinelProtectionServer - ok
00:03:35.0915 0x04c0 [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
00:03:35.0915 0x04c0 Serenum - ok
00:03:35.0946 0x04c0 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial C:\Windows\system32\DRIVERS\serial.sys
00:03:35.0978 0x04c0 Serial - ok
00:03:35.0993 0x04c0 [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
00:03:35.0993 0x04c0 sermouse - ok
00:03:36.0040 0x04c0 [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv C:\Windows\system32\sessenv.dll
00:03:36.0071 0x04c0 SessionEnv - ok
00:03:36.0102 0x04c0 [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
00:03:36.0134 0x04c0 sffdisk - ok
00:03:36.0134 0x04c0 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
00:03:36.0149 0x04c0 sffp_mmc - ok
00:03:36.0165 0x04c0 [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
00:03:36.0180 0x04c0 sffp_sd - ok
00:03:36.0180 0x04c0 [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
00:03:36.0212 0x04c0 sfloppy - ok
00:03:36.0243 0x04c0 [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess C:\Windows\System32\ipnathlp.dll
00:03:36.0290 0x04c0 SharedAccess - ok
00:03:36.0336 0x04c0 [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
00:03:36.0414 0x04c0 ShellHWDetection - ok
00:03:36.0446 0x04c0 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
00:03:36.0446 0x04c0 SiSRaid2 - ok
00:03:36.0461 0x04c0 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
00:03:36.0477 0x04c0 SiSRaid4 - ok
00:03:36.0508 0x04c0 [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb C:\Windows\system32\DRIVERS\smb.sys
00:03:36.0555 0x04c0 Smb - ok
00:03:36.0586 0x04c0 [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
00:03:36.0602 0x04c0 SNMPTRAP - ok
00:03:36.0617 0x04c0 [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr C:\Windows\system32\drivers\spldr.sys
00:03:36.0633 0x04c0 spldr - ok
00:03:36.0680 0x04c0 [ 85DAA09A98C9286D4EA2BA8D0E644377, F9C324E2EF81193FE831C7EECC44A100CA06F82FA731BF555D9EA4D91DA13329 ] Spooler C:\Windows\System32\spoolsv.exe
00:03:36.0726 0x04c0 Spooler - ok
00:03:36.0851 0x04c0 [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc C:\Windows\system32\sppsvc.exe
00:03:37.0023 0x04c0 sppsvc - ok
00:03:37.0038 0x04c0 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify C:\Windows\system32\sppuinotify.dll
00:03:37.0085 0x04c0 sppuinotify - ok
00:03:37.0116 0x04c0 [ 441FBA48BFF01FDB9D5969EBC1838F0B, 306128F1AD489F87161A089D1BDC1542A4CB742D91A0C12A7CD1863FDB8932C0 ] srv C:\Windows\system32\DRIVERS\srv.sys
00:03:37.0148 0x04c0 srv - ok
00:03:37.0179 0x04c0 [ B4ADEBBF5E3677CCE9651E0F01F7CC28, 726DB2283113AB2A9681E8E9F61132303D6D86E9CD034C40EE4A8C9DB29E87F7 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
00:03:37.0226 0x04c0 srv2 - ok
00:03:37.0257 0x04c0 [ 27E461F0BE5BFF5FC737328F749538C3, AFA4704ED8FFC1A0BAB40DFB81D3AE3F3D933A3C9BF54DDAF39FF9AF3646D9E6 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
00:03:37.0272 0x04c0 srvnet - ok
00:03:37.0304 0x04c0 [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
00:03:37.0350 0x04c0 SSDPSRV - ok
00:03:37.0366 0x04c0 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc C:\Windows\system32\sstpsvc.dll
00:03:37.0397 0x04c0 SstpSvc - ok
00:03:37.0475 0x04c0 [ 5A19667A580B1CE886EAF968B9743F45, 0A9EBE4057A0A6EF4732623794C2416A6BD8B87356DA46652BD92762505F57C7 ] Stereo Service C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
00:03:37.0491 0x04c0 Stereo Service - ok
00:03:37.0522 0x04c0 [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
00:03:37.0538 0x04c0 stexstor - ok
00:03:37.0600 0x04c0 [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc C:\Windows\System32\wiaservc.dll
00:03:37.0647 0x04c0 stisvc - ok
00:03:37.0678 0x04c0 [ 7785DC213270D2FC066538DAF94087E7, F09CB2895241719CA5147B2EE9F7ECBD0303AFFB5CD896F06D4D29BAAAFC207B ] storflt C:\Windows\system32\drivers\vmstorfl.sys
00:03:37.0694 0x04c0 storflt - ok
00:03:37.0709 0x04c0 [ C40841817EF57D491F22EB103DA587CC, 5FAA2DE43BADC16A898C0C290C44C41E4411D919A95FE8C6FF45EA7A34495079 ] StorSvc C:\Windows\system32\storsvc.dll
00:03:37.0740 0x04c0 StorSvc - ok
00:03:37.0740 0x04c0 [ D34E4943D5AC096C8EDEEBFD80D76E23, 1DD7F6F97060B5F763A04ACA1F75E59DAB09EF824FD09B83FC3C192837D006DE ] storvsc C:\Windows\system32\drivers\storvsc.sys
00:03:37.0756 0x04c0 storvsc - ok
00:03:37.0772 0x04c0 [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum C:\Windows\system32\drivers\swenum.sys
00:03:37.0772 0x04c0 swenum - ok
00:03:37.0818 0x04c0 [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv C:\Windows\System32\swprv.dll
00:03:37.0881 0x04c0 swprv - ok
00:03:37.0959 0x04c0 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D, 3C13217548BE61F2BDB8BD41F77345CDDA1F97BF0AE17241C335B9807EB3DBB8 ] SysMain C:\Windows\system32\sysmain.dll
00:03:38.0052 0x04c0 SysMain - ok
00:03:38.0084 0x04c0 [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\Windows\System32\TabSvc.dll
00:03:38.0099 0x04c0 TabletInputService - ok
00:03:38.0115 0x04c0 [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv C:\Windows\System32\tapisrv.dll
00:03:38.0177 0x04c0 TapiSrv - ok
00:03:38.0193 0x04c0 [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS C:\Windows\System32\tbssvc.dll
00:03:38.0224 0x04c0 TBS - ok
00:03:38.0318 0x04c0 [ 40AF23633D197905F03AB5628C558C51, 644656A15236E964E4BE57B42225EAA5643C4CF1FFF6D306813A000716F9D72C ] Tcpip C:\Windows\system32\drivers\tcpip.sys
00:03:38.0364 0x04c0 Tcpip - ok
00:03:38.0427 0x04c0 [ 40AF23633D197905F03AB5628C558C51, 644656A15236E964E4BE57B42225EAA5643C4CF1FFF6D306813A000716F9D72C ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
00:03:38.0474 0x04c0 TCPIP6 - ok
00:03:38.0505 0x04c0 [ 1B16D0BD9841794A6E0CDE0CEF744ABC, 7EB8BA97339199EEE7F2B09DA2DA6279DA64A510D4598D42CF86415D67CD674C ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
00:03:38.0536 0x04c0 tcpipreg - ok
00:03:38.0567 0x04c0 [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
00:03:38.0598 0x04c0 TDPIPE - ok
00:03:38.0630 0x04c0 [ 51C5ECEB1CDEE2468A1748BE550CFBC8, 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
00:03:38.0661 0x04c0 TDTCP - ok
00:03:38.0676 0x04c0 [ DDAD5A7AB24D8B65F8D724F5C20FD806, B71F2967A4EE7395E4416C1526CB85368AEA988BDD1F2C9719C48B08FAFA9661 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
00:03:38.0723 0x04c0 tdx - ok
00:03:38.0754 0x04c0 [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD C:\Windows\system32\drivers\termdd.sys
00:03:38.0770 0x04c0 TermDD - ok
00:03:38.0801 0x04c0 [ 2E648163254233755035B46DD7B89123, 6FA0D07CE18A3A69D82EE49D875F141E39406E92C34EAC76AC4EB052E6EBCBCD ] TermService C:\Windows\System32\termsrv.dll
00:03:38.0848 0x04c0 TermService - ok
00:03:38.0879 0x04c0 [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes C:\Windows\system32\themeservice.dll
00:03:38.0895 0x04c0 Themes - ok
00:03:38.0910 0x04c0 [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER C:\Windows\system32\mmcss.dll
00:03:38.0942 0x04c0 THREADORDER - ok
00:03:38.0957 0x04c0 [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks C:\Windows\System32\trkwks.dll
00:03:39.0004 0x04c0 TrkWks - ok
00:03:39.0066 0x04c0 [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
00:03:39.0113 0x04c0 TrustedInstaller - ok
00:03:39.0144 0x04c0 [ 4CE278FC9671BA81A138D70823FCAA09, CBE501436696E32A3701B9F377B823AC36647B6626595F76CC63E2396AD7D300 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
00:03:39.0176 0x04c0 tssecsrv - ok
00:03:39.0222 0x04c0 [ D11C783E3EF9A3C52C0EBE83CC5000E9, A136C355D4C8945729163D15801364A614E23217B15F9313C85BA45BB71A74EB ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
00:03:39.0238 0x04c0 TsUsbFlt - ok
00:03:39.0285 0x04c0 [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
00:03:39.0332 0x04c0 tunnel - ok
00:03:39.0363 0x04c0 [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
00:03:39.0378 0x04c0 uagp35 - ok
00:03:39.0410 0x04c0 [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
00:03:39.0472 0x04c0 udfs - ok
00:03:39.0488 0x04c0 [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect C:\Windows\system32\UI0Detect.exe
00:03:39.0519 0x04c0 UI0Detect - ok
00:03:39.0534 0x04c0 [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
00:03:39.0550 0x04c0 uliagpkx - ok
00:03:39.0597 0x04c0 [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus C:\Windows\system32\drivers\umbus.sys
00:03:39.0612 0x04c0 umbus - ok
00:03:39.0628 0x04c0 [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
00:03:39.0644 0x04c0 UmPass - ok
00:03:39.0675 0x04c0 [ A293DCD756D04D8492A750D03B9A297C, 203600ED0B7F8BA4C6D6F4ED810F4DF5AB70928B06EC4131C5D8ADF628444ED1 ] UmRdpService C:\Windows\System32\umrdp.dll
00:03:39.0690 0x04c0 UmRdpService - ok
00:03:39.0722 0x04c0 [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost C:\Windows\System32\upnphost.dll
00:03:39.0768 0x04c0 upnphost - ok
00:03:39.0800 0x04c0 [ ACCEA6BC68D0C9A78EB97EE159028B4E, 132F7A543C1DA9456FBABA50552B37E3162ACA612A8567BB3FF0F7DA84231419 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
00:03:39.0800 0x04c0 usbccgp - ok
00:03:39.0846 0x04c0 [ 80B0F7D5CCF86CEB5D402EAAF61FEC31, 140C62116A425DEAD25FE8D82DE283BC92C482A9F643658D512F9F67061F28AD ] usbcir C:\Windows\system32\drivers\usbcir.sys
00:03:39.0878 0x04c0 usbcir - ok
00:03:39.0909 0x04c0 [ 311C1DD1088E55BEAE15954D17F50646, A663344ABD1414D570617F59CC00020640F31DB34265142EFCA8817328DB842A ] usbehci C:\Windows\system32\drivers\usbehci.sys
00:03:39.0940 0x04c0 usbehci - ok
00:03:39.0987 0x04c0 [ 280E90CBF4B2DDD169F0728CB44D726F, 2B39666C022A4F7338BDDB4CB0D7B4D0CC6B398298D29E38826F27FADF4C29DD ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
00:03:40.0018 0x04c0 usbhub - ok
00:03:40.0049 0x04c0 [ 9406D801042FAF859CF81B2C886413DC, D16536EC05260D7A2902314E1AA5E5F73533483B9967739C381FD41B6192B92F ] usbohci C:\Windows\system32\drivers\usbohci.sys
00:03:40.0065 0x04c0 usbohci - ok
00:03:40.0096 0x04c0 [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
00:03:40.0127 0x04c0 usbprint - ok
00:03:40.0158 0x04c0 [ FED648B01349A3C8395A5169DB5FB7D6, DC4D7594C24ADD076927B9347F1B50B91CF03A4ABDB284248D5711D9C19DEB96 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
00:03:40.0174 0x04c0 USBSTOR - ok
00:03:40.0205 0x04c0 [ A83D0EC9AE4C31704442099D40BA2471, A29D714FCDF10DF7A2A17D54B131AEFDA61AED988CF8B99C7B30728C50130DCE ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
00:03:40.0221 0x04c0 usbuhci - ok
00:03:40.0236 0x04c0 [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms C:\Windows\System32\uxsms.dll
00:03:40.0268 0x04c0 UxSms - ok
00:03:40.0283 0x04c0 [ 4D71227301DD8D09097B9E4CC6527E5A, 193D47ADCB722B581CC0F29B794AB3E455B6E9BEA367CE9A5216A09E055B7F1E ] VaultSvc C:\Windows\system32\lsass.exe
00:03:40.0283 0x04c0 VaultSvc - ok
00:03:40.0314 0x04c0 [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
00:03:40.0330 0x04c0 vdrvroot - ok
00:03:40.0377 0x04c0 [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds C:\Windows\System32\vds.exe
00:03:40.0455 0x04c0 vds - ok
00:03:40.0502 0x04c0 [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
00:03:40.0517 0x04c0 vga - ok
00:03:40.0533 0x04c0 [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave C:\Windows\System32\drivers\vga.sys
00:03:40.0564 0x04c0 VgaSave - ok
00:03:40.0595 0x04c0 [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
00:03:40.0611 0x04c0 vhdmp - ok
00:03:40.0658 0x04c0 [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide C:\Windows\system32\drivers\viaide.sys
00:03:40.0673 0x04c0 viaide - ok
00:03:40.0689 0x04c0 [ 86EA3E79AE350FEA5331A1303054005F, 7E7D6027EB41E591633C7383A5D29A3BA8ECFC08C177D2BCF741EE27686B1691 ] vmbus C:\Windows\system32\drivers\vmbus.sys
00:03:40.0704 0x04c0 vmbus - ok
00:03:40.0736 0x04c0 [ 7DE90B48F210D29649380545DB45A187, 09522F84285D62B961868DA98C40B82E746CA4D24A9780905673A2349D6B07F4 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
00:03:40.0751 0x04c0 VMBusHID - ok
00:03:40.0782 0x04c0 [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr C:\Windows\system32\drivers\volmgr.sys
00:03:40.0782 0x04c0 volmgr - ok
00:03:40.0829 0x04c0 [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
00:03:40.0845 0x04c0 volmgrx - ok
00:03:40.0892 0x04c0 [ 0D08D2F3B3FF84E433346669B5E0F639, 3D6716CEC95B8861A7CC5778E91F310528DC6BEE0E57A3C8757FC675154EBDEC ] volsnap C:\Windows\system32\drivers\volsnap.sys
00:03:40.0907 0x04c0 volsnap - ok
00:03:40.0938 0x04c0 [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
00:03:40.0970 0x04c0 vsmraid - ok
00:03:41.0048 0x04c0 [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS C:\Windows\system32\vssvc.exe
00:03:41.0126 0x04c0 VSS - ok
00:03:41.0157 0x04c0 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
00:03:41.0172 0x04c0 vwifibus - ok
00:03:41.0188 0x04c0 [ 6A3D66263414FF0D6FA754C646612F3F, 30F6BA594B0D3B94113064015A16D97811CD989DF1715CCE21CEAB9894C1B4FB ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
00:03:41.0204 0x04c0 vwififlt - ok
00:03:41.0235 0x04c0 [ 6A638FC4BFDDC4D9B186C28C91BD1A01, 5521F1DC515586777EC4837E0AEAA3E613CC178AF1074031C4D0D0C695A93168 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
00:03:41.0250 0x04c0 vwifimp - ok
00:03:41.0282 0x04c0 [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time C:\Windows\system32\w32time.dll
00:03:41.0344 0x04c0 W32Time - ok
00:03:41.0360 0x04c0 [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
00:03:41.0391 0x04c0 WacomPen - ok
00:03:41.0453 0x04c0 [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
00:03:41.0484 0x04c0 WANARP - ok
00:03:41.0500 0x04c0 [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
00:03:41.0531 0x04c0 Wanarpv6 - ok
00:03:41.0594 0x04c0 [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine C:\Windows\system32\wbengine.exe
00:03:41.0656 0x04c0 wbengine - ok
00:03:41.0687 0x04c0 [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
00:03:41.0718 0x04c0 WbioSrvc - ok
00:03:41.0750 0x04c0 [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc C:\Windows\System32\wcncsvc.dll
00:03:41.0765 0x04c0 wcncsvc - ok
00:03:41.0781 0x04c0 [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
00:03:41.0796 0x04c0 WcsPlugInService - ok
00:03:41.0812 0x04c0 [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd C:\Windows\system32\DRIVERS\wd.sys
00:03:41.0828 0x04c0 Wd - ok
00:03:41.0874 0x04c0 [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
00:03:41.0921 0x04c0 Wdf01000 - ok
00:03:41.0937 0x04c0 [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiServiceHost C:\Windows\system32\wdi.dll
00:03:42.0015 0x04c0 WdiServiceHost - ok
00:03:42.0015 0x04c0 [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiSystemHost C:\Windows\system32\wdi.dll
00:03:42.0030 0x04c0 WdiSystemHost - ok
00:03:42.0077 0x04c0 [ 0EB0E5D22B1760F2DBCE632F2DD7A54D, B8A4CC62F88768947FB0A161CF9564DB28FD9C1C037B5475DF192982DE035C22 ] WebClient C:\Windows\System32\webclnt.dll
00:03:42.0093 0x04c0 WebClient - ok
00:03:42.0124 0x04c0 [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc C:\Windows\system32\wecsvc.dll
00:03:42.0186 0x04c0 Wecsvc - ok
00:03:42.0202 0x04c0 [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport C:\Windows\System32\wercplsupport.dll
00:03:42.0233 0x04c0 wercplsupport - ok
00:03:42.0249 0x04c0 [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc C:\Windows\System32\WerSvc.dll
00:03:42.0296 0x04c0 WerSvc - ok
00:03:42.0342 0x04c0 [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
00:03:42.0374 0x04c0 WfpLwf - ok
00:03:42.0374 0x04c0 [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount C:\Windows\system32\drivers\wimmount.sys
00:03:42.0389 0x04c0 WIMMount - ok
00:03:42.0405 0x04c0 WinDefend - ok
00:03:42.0420 0x04c0 WinHttpAutoProxySvc - ok
00:03:42.0467 0x04c0 [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
00:03:42.0514 0x04c0 Winmgmt - ok
00:03:42.0592 0x04c0 [ BCB1310604AA415C4508708975B3931E, 9D943F086D454345153A0DD426B4432532A44FD87950386B186E1CAD2AC70565 ] WinRM C:\Windows\system32\WsmSvc.dll
00:03:42.0701 0x04c0 WinRM - ok
00:03:42.0764 0x04c0 [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc C:\Windows\System32\wlansvc.dll
00:03:42.0810 0x04c0 Wlansvc - ok
00:03:42.0842 0x04c0 [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
00:03:42.0873 0x04c0 WmiAcpi - ok
00:03:42.0904 0x04c0 [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
00:03:42.0920 0x04c0 wmiApSrv - ok
00:03:42.0951 0x04c0 WMPNetworkSvc - ok
00:03:42.0966 0x04c0 [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc C:\Windows\System32\wpcsvc.dll
00:03:42.0982 0x04c0 WPCSvc - ok
00:03:43.0013 0x04c0 [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
00:03:43.0029 0x04c0 WPDBusEnum - ok
00:03:43.0044 0x04c0 [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
00:03:43.0091 0x04c0 ws2ifsl - ok
00:03:43.0107 0x04c0 [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc C:\Windows\system32\wscsvc.dll
00:03:43.0138 0x04c0 wscsvc - ok
00:03:43.0138 0x04c0 WSearch - ok
00:03:43.0247 0x04c0 [ D9EF901DCA379CFE914E9FA13B73B4C4, 3BE9693B7B2AFEE23D72AF5DA211379724D752F0EC18ACB7D3DE3DDFC5AE0004 ] wuauserv C:\Windows\system32\wuaueng.dll
00:03:43.0325 0x04c0 wuauserv - ok
00:03:43.0356 0x04c0 [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
00:03:43.0372 0x04c0 WudfPf - ok
00:03:43.0403 0x04c0 [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
00:03:43.0434 0x04c0 WUDFRd - ok
00:03:43.0466 0x04c0 [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
00:03:43.0481 0x04c0 wudfsvc - ok
00:03:43.0528 0x04c0 [ FE90B750AB808FB9DD8FBB428B5FF83B, 3F8F592EC813BE292D305A87C5BA852F8BC3D7CE610612D9871F209A17326AA8 ] WwanSvc C:\Windows\System32\wwansvc.dll
00:03:43.0559 0x04c0 WwanSvc - ok
00:03:43.0590 0x04c0 ================ Scan global ===============================
00:03:43.0606 0x04c0 [ BA0CD8C393E8C9F83354106093832C7B, 18D8A4780A2BAA6CEF7FBBBDA0EF6BF2DADF146E1E578A618DD5859E8ADBF1A8 ] C:\Windows\system32\basesrv.dll
00:03:43.0637 0x04c0 [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll
00:03:43.0653 0x04c0 [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll
00:03:43.0684 0x04c0 [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\Windows\system32\sxssrv.dll
00:03:43.0715 0x04c0 [ 24ACB7E5BE595468E3B9AA488B9B4FCB, 63541E3432FCE953F266AE553E7A394978D6EE3DB52388D885F668CF42C5E7E2 ] C:\Windows\system32\services.exe
00:03:43.0731 0x04c0 [ Global ] - ok
00:03:43.0731 0x04c0 ================ Scan MBR ==================================
00:03:43.0731 0x04c0 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
00:03:44.0012 0x04c0 \Device\Harddisk0\DR0 - ok
00:03:44.0027 0x04c0 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk1\DR1
00:03:44.0214 0x04c0 \Device\Harddisk1\DR1 - ok
00:03:44.0214 0x04c0 ================ Scan VBR ==================================
00:03:44.0214 0x04c0 [ 516D286F25EFCC549B53A4C0B33EAB35 ] \Device\Harddisk0\DR0\Partition1
00:03:44.0214 0x04c0 \Device\Harddisk0\DR0\Partition1 - ok
00:03:44.0214 0x04c0 [ F3D99D0B154CA965B807B1F7EBCF46E0 ] \Device\Harddisk0\DR0\Partition2
00:03:44.0214 0x04c0 \Device\Harddisk0\DR0\Partition2 - ok
00:03:44.0214 0x04c0 [ 5982140A716379688CFAF46C8CA3434E ] \Device\Harddisk1\DR1\Partition1
00:03:44.0214 0x04c0 \Device\Harddisk1\DR1\Partition1 - ok
00:03:44.0230 0x04c0 [ FEEFB2630958C006BC1097213F75DB72 ] \Device\Harddisk1\DR1\Partition2
00:03:44.0246 0x04c0 \Device\Harddisk1\DR1\Partition2 - ok
00:03:44.0246 0x04c0 [ 3D8A3878E80AA8D37A15DF1C8C7044CB ] \Device\Harddisk1\DR1\Partition3
00:03:44.0246 0x04c0 \Device\Harddisk1\DR1\Partition3 - ok
00:03:44.0246 0x04c0 Waiting for KSN requests completion. In queue: 349
00:03:45.0260 0x04c0 Waiting for KSN requests completion. In queue: 38
00:03:46.0274 0x04c0 Waiting for KSN requests completion. In queue: 38
00:03:47.0288 0x04c0 AV detected via SS2: Microsoft Security Essentials, C:\Program Files\Microsoft Security Client\msseces.exe ( 4.4.304.0 ), 0x61000 ( enabled : updated )
00:03:47.0303 0x04c0 Win FW state via NFP2: enabled
00:03:50.0033 0x04c0 ============================================================
00:03:50.0033 0x04c0 Scan finished
00:03:50.0033 0x04c0 ============================================================
00:03:50.0033 0x0c50 Detected object count: 0
00:03:50.0033 0x0c50 Actual detected object count: 0
|
|
12.12.2013, 00:28
| #40 |
| | Reveton Trojaner nicht vollständig entfernt habe FRST64 neu runtergeladen, sieht aber nicht anders aus (glaube ich. Ich habe ja trotz meiner stattlichen Zahl von Post in diesem Forum keinerlei Ahnung  )FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-12-2013
Ran by CADCAM (administrator) on WENDELIN on 12-12-2013 00:12:52
Running from C:\Users\CADCAM\Desktop
Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(SafeNet, Inc) C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [7714336 2009-04-14] (Realtek Semiconductor)
HKLM\...\Run: [Skytel] - C:\Program Files\Realtek\Audio\HDA\SkyTel.exe [1833504 2009-04-14] (Realtek Semiconductor Corp.)
HKLM\...\Run: [MSC] - C:\Program Files\Microsoft Security Client\msseces.exe [1266912 2013-10-23] (Microsoft Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [472984 2013-09-25] (Adobe Systems Incorporated)
HKCU\...\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] - C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe [1828136 2008-02-28] (Nero AG)
HKCU\...\Run: [GoogleDriveSync] - C:\Program Files (x86)\Google\Drive\googledrivesync.exe [20133824 2013-09-25] (Google)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files (x86)\Adobe\Reader 8.0\Reader\reader_sl.exe [39792 2008-01-11] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [TkBellExe] - C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe [296056 2012-06-08] (RealNetworks, Inc.)
HKLM-x32\...\Run: [CLMLServer] - C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [107816 2011-03-09] (CyberLink)
HKLM-x32\...\Run: [RemoteControl10] - C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.)
HKLM-x32\...\Run: [BDRegion] - C:\Program Files (x86)\CyberLink\Shared files\brs.exe [78312 2012-05-09] (cyberlink)
HKLM-x32\...\Run: [Adobe Creative Cloud] - C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2237328 2013-11-05] (Adobe Systems Incorporated)
Startup: C:\Users\CADCAM\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\CADCAM\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x411194B52355CC01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO-x32: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO-x32: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - No Name - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No File
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
==================== Services (Whitelisted) =================
S2 CLKMSVC10_38F51D56; C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [242664 2012-05-09] (CyberLink)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2013-10-23] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [348376 2013-10-23] (Microsoft Corporation)
S3 NMIndexingService; C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe [529704 2008-02-28] (Nero AG)
R2 SentinelProtectionServer; C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe [1246496 2009-09-17] (SafeNet, Inc)
==================== Drivers (Whitelisted) ====================
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [248240 2013-09-27] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [134944 2013-09-27] (Microsoft Corporation)
S3 OxPCIeSer; C:\Windows\System32\DRIVERS\OxPCIeSer.sys [101672 2008-01-16] (OEM)
S3 OxPCIeSerMf; C:\Windows\System32\DRIVERS\OxPCIeMf.sys [31016 2008-01-16] (OEM)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [27520 2007-05-14] (Research In Motion Limited)
R2 Sentinel64; C:\Windows\System32\Drivers\Sentinel64.sys [145448 2009-09-17] (SafeNet, Inc.)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
S3 MSICDSetup; \??\E:\CDriver64.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-12-12 00:12 - 2013-12-12 00:13 - 00006668 _____ C:\Users\CADCAM\Desktop\FRST.txt
2013-12-12 00:12 - 2013-12-12 00:12 - 01926944 _____ (Farbar) C:\Users\CADCAM\Desktop\FRST64.exe
2013-12-12 00:11 - 2013-12-12 00:11 - 01926944 _____ (Farbar) C:\Users\CADCAM\Desktop\FRST64.exe.5oydmoz.partial
2013-12-12 00:01 - 2013-11-18 09:28 - 04121952 _____ (Kaspersky Lab ZAO) C:\Users\CADCAM\Desktop\TDSSKiller.exe
2013-12-11 23:55 - 2013-12-11 23:55 - 00028640 _____ C:\ComboFix.txt
2013-12-11 22:54 - 2013-12-11 23:21 - 273372447 _____ C:\Users\CADCAM\Downloads\ava.14.10.13.mov
2013-12-11 01:59 - 2013-12-11 02:03 - 376661969 _____ C:\Users\CADCAM\Downloads\andyvf_chastity.wmv
2013-12-11 01:39 - 2013-12-11 01:39 - 233197627 _____ C:\Users\CADCAM\Downloads\JeanettaJoy_XXC2.mp4
2013-12-10 01:23 - 2013-12-10 01:23 - 00000626 _____ C:\Users\CADCAM\Desktop\JRT.txt
2013-12-09 00:30 - 2013-12-09 00:30 - 02347384 _____ (ESET) C:\Users\CADCAM\Desktop\esetsmartinstaller_enu.exe
2013-12-08 22:40 - 2013-12-08 22:48 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-12-08 22:39 - 2013-12-08 23:29 - 00089304 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2013-12-08 22:39 - 2013-12-08 22:48 - 00000000 ____D C:\Users\CADCAM\Desktop\mbar
2013-12-08 22:35 - 2013-12-08 22:35 - 12582688 _____ (Malwarebytes Corp.) C:\Users\CADCAM\Desktop\mbar-1.07.0.1008.exe
2013-12-08 21:08 - 2011-06-26 07:45 - 00256000 _____ C:\Windows\PEV.exe
2013-12-08 21:08 - 2010-11-07 18:20 - 00208896 _____ C:\Windows\MBR.exe
2013-12-08 21:08 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-12-08 21:08 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-12-08 21:08 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-12-08 21:08 - 2000-08-31 01:00 - 00098816 _____ C:\Windows\sed.exe
2013-12-08 21:08 - 2000-08-31 01:00 - 00080412 _____ C:\Windows\grep.exe
2013-12-08 21:08 - 2000-08-31 01:00 - 00068096 _____ C:\Windows\zip.exe
2013-12-08 21:07 - 2013-12-11 23:55 - 00000000 ____D C:\Qoobox
2013-12-08 21:06 - 2013-12-08 21:21 - 00000000 ____D C:\Windows\erdnt
2013-12-08 20:59 - 2013-12-11 00:02 - 05153140 ____R (Swearware) C:\Users\CADCAM\Desktop\ComboFix.exe
2013-12-07 21:58 - 2013-12-07 21:58 - 00000000 ____D C:\Windows\ERUNT
2013-12-07 21:52 - 2013-12-07 21:52 - 01034531 _____ (Thisisu) C:\Users\CADCAM\Desktop\JRT.exe
2013-12-06 22:27 - 2013-12-11 23:25 - 00000000 ____D C:\FRST
2013-12-06 21:06 - 2013-12-06 21:10 - 00000000 ____D C:\AdwCleaner
2013-12-03 20:15 - 2013-12-03 20:15 - 00001118 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-12-03 20:15 - 2013-12-03 20:15 - 00000000 ____D C:\Users\CADCAM\AppData\Roaming\Malwarebytes
2013-12-03 20:15 - 2013-12-03 20:15 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-12-03 20:15 - 2013-12-03 20:15 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-12-03 20:15 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-12-03 20:13 - 2013-12-02 13:08 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\CADCAM\Desktop\mbam-setup-1.75.0.1300.exe
2013-12-03 20:13 - 2013-12-02 13:06 - 01110034 _____ C:\Users\CADCAM\Desktop\adwcleaner.exe
2013-12-03 20:13 - 2013-12-02 13:05 - 00602112 _____ (OldTimer Tools) C:\Users\CADCAM\Desktop\OTL.exe
2013-12-01 22:56 - 2013-12-01 23:01 - 00000000 ____D C:\Windows\CD09642E061D4844BA37ED1480916404.TMP
2013-12-01 16:40 - 2013-10-14 18:00 - 00028368 _____ (Microsoft Corporation) C:\Windows\system32\IEUDINIT.EXE
2013-12-01 16:37 - 2013-12-01 16:37 - 23212032 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-12-01 16:37 - 2013-12-01 16:37 - 17142784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-12-01 16:37 - 2013-12-01 16:37 - 12995584 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-12-01 16:37 - 2013-12-01 16:37 - 11220992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-12-01 16:37 - 2013-12-01 16:37 - 05765120 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-12-01 16:37 - 2013-12-01 16:37 - 04240384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-12-01 16:37 - 2013-12-01 16:37 - 02764288 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-12-01 16:37 - 2013-12-01 16:37 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-12-01 16:37 - 2013-12-01 16:37 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-12-01 16:37 - 2013-12-01 16:37 - 02332160 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-12-01 16:37 - 2013-12-01 16:37 - 02166272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-12-01 16:37 - 2013-12-01 16:37 - 01993728 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-12-01 16:37 - 2013-12-01 16:37 - 01926656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-12-01 16:37 - 2013-12-01 16:37 - 01818112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-12-01 16:37 - 2013-12-01 16:37 - 01394176 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-12-01 16:37 - 2013-12-01 16:37 - 01228800 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2013-12-01 16:37 - 2013-12-01 16:37 - 01156608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-12-01 16:37 - 2013-12-01 16:37 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2013-12-01 16:37 - 2013-12-01 16:37 - 00942592 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
2013-12-01 16:37 - 2013-12-01 16:37 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2013-12-01 16:37 - 2013-12-01 16:37 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2013-12-01 16:37 - 2013-12-01 16:37 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-12-01 16:37 - 2013-12-01 16:37 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2013-12-01 16:37 - 2013-12-01 16:37 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-12-01 16:37 - 2013-12-01 16:37 - 00645120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsIntl.dll
2013-12-01 16:37 - 2013-12-01 16:37 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-12-01 16:37 - 2013-12-01 16:37 - 00616104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2013-12-01 16:37 - 2013-12-01 16:37 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2013-12-01 16:37 - 2013-12-01 16:37 - 00610304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-12-01 16:37 - 2013-12-01 16:37 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-12-01 16:37 - 2013-12-01 16:37 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2013-12-01 16:37 - 2013-12-01 16:37 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-12-01 16:37 - 2013-12-01 16:37 - 00523776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-12-01 16:37 - 2013-12-01 16:37 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-12-01 16:37 - 2013-12-01 16:37 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2013-12-01 16:37 - 2013-12-01 16:37 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-12-01 16:37 - 2013-12-01 16:37 - 00413696 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2013-12-01 16:37 - 2013-12-01 16:37 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2013-12-01 16:37 - 2013-12-01 16:37 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2013-12-01 16:37 - 2013-12-01 16:37 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2013-12-01 16:37 - 2013-12-01 16:37 - 00263376 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2013-12-01 16:37 - 2013-12-01 16:37 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2013-12-01 16:37 - 2013-12-01 16:37 - 00244736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2013-12-01 16:37 - 2013-12-01 16:37 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2013-12-01 16:37 - 2013-12-01 16:37 - 00238288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2013-12-01 16:37 - 2013-12-01 16:37 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-12-01 16:37 - 2013-12-01 16:37 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2013-12-01 16:37 - 2013-12-01 16:37 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-12-01 16:37 - 2013-12-01 16:37 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-12-01 16:37 - 2013-12-01 16:37 - 00208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2013-12-01 16:37 - 2013-12-01 16:37 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2013-12-01 16:37 - 2013-12-01 16:37 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2013-12-01 16:37 - 2013-12-01 16:37 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2013-12-01 16:37 - 2013-12-01 16:37 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2013-12-01 16:37 - 2013-12-01 16:37 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2013-12-01 16:37 - 2013-12-01 16:37 - 00151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2013-12-01 16:37 - 2013-12-01 16:37 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2013-12-01 16:37 - 2013-12-01 16:37 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2013-12-01 16:37 - 2013-12-01 16:37 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2013-12-01 16:37 - 2013-12-01 16:37 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-12-01 16:37 - 2013-12-01 16:37 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2013-12-01 16:37 - 2013-12-01 16:37 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2013-12-01 16:37 - 2013-12-01 16:37 - 00127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2013-12-01 16:37 - 2013-12-01 16:37 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2013-12-01 16:37 - 2013-12-01 16:37 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-12-01 16:37 - 2013-12-01 16:37 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2013-12-01 16:37 - 2013-12-01 16:37 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2013-12-01 16:37 - 2013-12-01 16:37 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-12-01 16:37 - 2013-12-01 16:37 - 00101376 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2013-12-01 16:37 - 2013-12-01 16:37 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2013-12-01 16:37 - 2013-12-01 16:37 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-12-01 16:37 - 2013-12-01 16:37 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-12-01 16:37 - 2013-12-01 16:37 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-12-01 16:37 - 2013-12-01 16:37 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2013-12-01 16:37 - 2013-12-01 16:37 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2013-12-01 16:37 - 2013-12-01 16:37 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2013-12-01 16:37 - 2013-12-01 16:37 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2013-12-01 16:37 - 2013-12-01 16:37 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2013-12-01 16:37 - 2013-12-01 16:37 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-12-01 16:37 - 2013-12-01 16:37 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-12-01 16:37 - 2013-12-01 16:37 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2013-12-01 16:37 - 2013-12-01 16:37 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-12-01 16:37 - 2013-12-01 16:37 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2013-12-01 16:37 - 2013-12-01 16:37 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2013-12-01 16:37 - 2013-12-01 16:37 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2013-12-01 16:37 - 2013-12-01 16:37 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-12-01 16:37 - 2013-12-01 16:37 - 00056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2013-12-01 16:37 - 2013-12-01 16:37 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-12-01 16:37 - 2013-12-01 16:37 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2013-12-01 16:37 - 2013-12-01 16:37 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2013-12-01 16:37 - 2013-12-01 16:37 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2013-12-01 16:37 - 2013-12-01 16:37 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2013-12-01 16:37 - 2013-12-01 16:37 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2013-12-01 16:37 - 2013-12-01 16:37 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2013-12-01 16:37 - 2013-12-01 16:37 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2013-12-01 16:37 - 2013-12-01 16:37 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-12-01 16:37 - 2013-12-01 16:37 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2013-12-01 16:37 - 2013-12-01 16:37 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2013-12-01 16:37 - 2013-12-01 16:37 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2013-12-01 16:37 - 2013-12-01 16:37 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-12-01 16:37 - 2013-12-01 16:37 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-12-01 16:37 - 2013-12-01 16:37 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2013-12-01 16:37 - 2013-12-01 16:37 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2013-12-01 16:37 - 2013-12-01 16:37 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2013-12-01 16:37 - 2013-12-01 16:37 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2013-12-01 16:37 - 2013-12-01 16:37 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2013-12-01 16:37 - 2013-12-01 16:37 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2013-12-01 16:37 - 2013-12-01 16:37 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2013-12-01 16:35 - 2013-12-01 16:50 - 00023377 _____ C:\Windows\IE11_main.log
2013-11-24 21:37 - 2013-09-04 13:12 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2013-11-24 21:37 - 2013-09-04 13:11 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2013-11-24 21:37 - 2013-09-04 13:11 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2013-11-24 21:37 - 2013-09-04 13:11 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2013-11-24 21:37 - 2013-09-04 13:11 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2013-11-24 21:37 - 2013-09-04 13:11 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2013-11-24 21:37 - 2013-09-04 13:11 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2013-11-22 22:07 - 2013-10-05 21:25 - 01474048 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-11-22 22:07 - 2013-10-05 20:57 - 01168384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-11-22 22:07 - 2013-10-04 03:28 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\SmartcardCredentialProvider.dll
2013-11-22 22:07 - 2013-10-04 03:25 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\credui.dll
2013-11-22 22:07 - 2013-10-04 03:24 - 01930752 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2013-11-22 22:07 - 2013-10-04 02:58 - 00152576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SmartcardCredentialProvider.dll
2013-11-22 22:07 - 2013-10-04 02:56 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2013-11-22 22:07 - 2013-10-04 02:56 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credui.dll
2013-11-22 22:07 - 2013-10-03 03:23 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2013-11-22 22:07 - 2013-10-03 03:00 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2013-11-22 22:07 - 2013-09-28 02:09 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2013-11-22 22:07 - 2013-09-25 03:26 - 00154560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2013-11-22 22:07 - 2013-09-25 03:26 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2013-11-22 22:07 - 2013-09-25 03:23 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2013-11-22 22:07 - 2013-09-25 03:23 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2013-11-22 22:07 - 2013-09-25 03:23 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2013-11-22 22:07 - 2013-09-25 03:22 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2013-11-22 22:07 - 2013-09-25 03:21 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2013-11-22 22:07 - 2013-09-25 03:21 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2013-11-22 22:07 - 2013-09-25 02:58 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2013-11-22 22:07 - 2013-09-25 02:57 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2013-11-22 22:07 - 2013-09-25 02:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2013-11-22 22:07 - 2013-09-25 02:56 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2013-11-22 22:07 - 2013-09-25 02:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2013-11-22 22:07 - 2013-09-08 03:30 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-11-22 22:07 - 2013-09-08 03:27 - 00327168 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll
2013-11-22 22:07 - 2013-09-08 03:03 - 00231424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswsock.dll
2013-11-22 22:07 - 2013-08-29 03:17 - 05549504 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-11-22 22:07 - 2013-08-29 03:16 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-11-22 22:07 - 2013-08-29 03:16 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2013-11-22 22:07 - 2013-08-29 03:16 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2013-11-22 22:07 - 2013-08-29 03:13 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2013-11-22 22:07 - 2013-08-29 02:51 - 03969472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-11-22 22:07 - 2013-08-29 02:51 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-11-22 22:07 - 2013-08-29 02:50 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-11-22 22:07 - 2013-08-29 02:50 - 00619520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2013-11-22 22:07 - 2013-08-29 02:50 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-11-22 22:07 - 2013-08-29 02:48 - 00640512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2013-11-22 22:07 - 2013-08-29 01:49 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-11-22 22:07 - 2013-08-29 01:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-11-22 22:07 - 2013-08-29 01:49 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-11-22 22:07 - 2013-08-29 01:49 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-11-22 22:07 - 2013-08-28 02:21 - 03155968 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-11-22 22:07 - 2013-08-28 02:12 - 00461312 _____ (Microsoft Corporation) C:\Windows\system32\scavengeui.dll
2013-11-22 22:07 - 2013-08-01 13:09 - 00983488 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2013-11-22 22:07 - 2013-07-20 11:33 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2013-11-22 22:07 - 2013-07-20 11:33 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2013-11-22 22:07 - 2013-07-12 11:41 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbcir.sys
2013-11-22 22:07 - 2013-07-04 13:57 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2013-11-22 22:07 - 2013-07-04 13:50 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2013-11-22 22:07 - 2013-07-04 13:50 - 00102400 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2013-11-22 22:07 - 2013-07-04 13:18 - 00458712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2013-11-22 22:07 - 2013-07-04 12:57 - 00205824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
2013-11-22 22:07 - 2013-07-04 12:51 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll
2013-11-22 22:07 - 2013-07-04 12:50 - 00530432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll
2013-11-22 22:07 - 2013-07-04 11:11 - 00140800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2013-11-22 22:07 - 2013-07-03 05:05 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidclass.sys
2013-11-22 22:07 - 2013-07-03 05:05 - 00032896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys
2013-11-22 22:07 - 2013-06-25 23:55 - 00785624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys
2013-11-22 22:07 - 2013-06-06 06:50 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2013-11-22 22:07 - 2013-06-06 06:49 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2013-11-22 22:07 - 2013-06-06 06:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2013-11-22 22:07 - 2013-06-06 06:47 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2013-11-22 22:07 - 2013-06-06 05:57 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2013-11-22 22:07 - 2013-06-06 05:51 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2013-11-22 22:07 - 2013-06-06 05:50 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2013-11-22 22:07 - 2013-06-06 04:30 - 00368128 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2013-11-22 22:07 - 2013-06-06 04:01 - 00295424 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2013-11-22 22:07 - 2013-06-06 04:01 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2013-11-22 22:07 - 2013-04-10 00:34 - 01247744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2013-11-22 22:07 - 2013-04-02 23:51 - 01643520 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2013-11-22 22:04 - 2013-10-12 03:30 - 00830464 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll
2013-11-22 22:04 - 2013-10-12 03:29 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2013-11-22 22:04 - 2013-10-12 03:29 - 00324096 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
2013-11-22 22:04 - 2013-10-12 03:03 - 00656896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll
2013-11-22 22:04 - 2013-10-12 03:01 - 00216576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL
2013-11-22 22:04 - 2013-04-17 08:02 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2013-11-22 22:04 - 2013-04-17 07:24 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2013-11-17 18:50 - 2013-11-17 18:50 - 00000000 ____D C:\Users\CADCAM\Documents\Adobe
2013-11-17 01:47 - 2013-11-17 01:47 - 00003504 _____ C:\Windows\System32\Tasks\AdobeAAMUpdater-1.0-WENDELIN-CADCAM
2013-11-17 01:46 - 2013-11-17 01:47 - 00000000 ____D C:\ProgramData\regid.1986-12.com.adobe
2013-11-17 01:46 - 2013-11-17 01:46 - 00000000 ____D C:\Users\CADCAM\AppData\Roaming\PDAppFlex
2013-11-17 01:30 - 2013-11-17 01:30 - 00000000 ____D C:\Program Files\Adobe
2013-11-17 01:28 - 2013-11-17 01:31 - 00000000 ____D C:\Program Files\Common Files\Adobe
2013-11-17 01:17 - 2013-11-17 01:17 - 00001070 _____ C:\Users\Public\Desktop\Adobe Creative Cloud.lnk
==================== One Month Modified Files and Folders =======
2013-12-12 00:13 - 2013-12-12 00:12 - 00006668 _____ C:\Users\CADCAM\Desktop\FRST.txt
2013-12-12 00:12 - 2013-12-12 00:12 - 01926944 _____ (Farbar) C:\Users\CADCAM\Desktop\FRST64.exe
2013-12-12 00:11 - 2013-12-12 00:11 - 01926944 _____ (Farbar) C:\Users\CADCAM\Desktop\FRST64.exe.5oydmoz.partial
2013-12-11 23:59 - 2009-07-14 05:45 - 00018672 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-12-11 23:59 - 2009-07-14 05:45 - 00018672 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-12-11 23:58 - 2012-07-22 18:13 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-12-11 23:55 - 2013-12-11 23:55 - 00028640 _____ C:\ComboFix.txt
2013-12-11 23:55 - 2013-12-08 21:07 - 00000000 ____D C:\Qoobox
2013-12-11 23:55 - 2010-01-14 16:02 - 01135434 _____ C:\Windows\WindowsUpdate.log
2013-12-11 23:51 - 2012-07-22 18:13 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-12-11 23:51 - 2010-01-14 17:37 - 00000000 ____D C:\ProgramData\NVIDIA
2013-12-11 23:51 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-12-11 23:51 - 2009-07-14 05:51 - 00092756 _____ C:\Windows\setupact.log
2013-12-11 23:51 - 2009-07-14 03:34 - 00000215 _____ C:\Windows\system.ini
2013-12-11 23:50 - 2010-01-14 17:40 - 00136438 _____ C:\Windows\PFRO.log
2013-12-11 23:34 - 2012-07-22 18:19 - 00000000 ___RD C:\Users\CADCAM\Google Drive
2013-12-11 23:34 - 2011-10-27 22:13 - 00000000 ___RD C:\Users\CADCAM\Dropbox
2013-12-11 23:34 - 2011-10-27 22:08 - 00000000 ____D C:\Users\CADCAM\AppData\Roaming\Dropbox
2013-12-11 23:25 - 2013-12-06 22:27 - 00000000 ____D C:\FRST
2013-12-11 23:24 - 2013-01-19 13:38 - 00000000 ____D C:\Users\CADCAM\AppData\Roaming\vlc
2013-12-11 23:21 - 2013-12-11 22:54 - 273372447 _____ C:\Users\CADCAM\Downloads\ava.14.10.13.mov
2013-12-11 20:31 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\NDF
2013-12-11 02:03 - 2013-12-11 01:59 - 376661969 _____ C:\Users\CADCAM\Downloads\andyvf_chastity.wmv
2013-12-11 02:00 - 2010-01-15 13:47 - 00000000 ____D C:\Users\CADCAM\AppData\Local\Adobe
2013-12-11 01:39 - 2013-12-11 01:39 - 233197627 _____ C:\Users\CADCAM\Downloads\JeanettaJoy_XXC2.mp4
2013-12-11 01:14 - 2012-04-06 03:29 - 00023552 _____ C:\Users\CADCAM\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-12-11 00:28 - 2009-07-14 18:58 - 00699432 _____ C:\Windows\system32\perfh007.dat
2013-12-11 00:28 - 2009-07-14 18:58 - 00149572 _____ C:\Windows\system32\perfc007.dat
2013-12-11 00:28 - 2009-07-14 06:13 - 01620684 _____ C:\Windows\system32\PerfStringBackup.INI
2013-12-11 00:02 - 2013-12-08 20:59 - 05153140 ____R (Swearware) C:\Users\CADCAM\Desktop\ComboFix.exe
2013-12-10 19:26 - 2010-01-14 16:06 - 00000000 ___RD C:\Users\CADCAM\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-12-10 01:23 - 2013-12-10 01:23 - 00000626 _____ C:\Users\CADCAM\Desktop\JRT.txt
2013-12-09 00:30 - 2013-12-09 00:30 - 02347384 _____ (ESET) C:\Users\CADCAM\Desktop\esetsmartinstaller_enu.exe
2013-12-08 23:29 - 2013-12-08 22:39 - 00089304 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2013-12-08 22:48 - 2013-12-08 22:40 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-12-08 22:48 - 2013-12-08 22:39 - 00000000 ____D C:\Users\CADCAM\Desktop\mbar
2013-12-08 22:35 - 2013-12-08 22:35 - 12582688 _____ (Malwarebytes Corp.) C:\Users\CADCAM\Desktop\mbar-1.07.0.1008.exe
2013-12-08 21:23 - 2009-07-14 04:20 - 00000000 __RHD C:\Users\Default
2013-12-08 21:21 - 2013-12-08 21:06 - 00000000 ____D C:\Windows\erdnt
2013-12-07 21:58 - 2013-12-07 21:58 - 00000000 ____D C:\Windows\ERUNT
2013-12-07 21:52 - 2013-12-07 21:52 - 01034531 _____ (Thisisu) C:\Users\CADCAM\Desktop\JRT.exe
2013-12-06 22:17 - 2011-08-07 20:06 - 01586676 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2013-12-06 21:10 - 2013-12-06 21:06 - 00000000 ____D C:\AdwCleaner
2013-12-05 22:53 - 2012-07-22 18:13 - 00004106 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-12-05 22:53 - 2012-07-22 18:13 - 00003854 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-12-03 20:15 - 2013-12-03 20:15 - 00001118 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-12-03 20:15 - 2013-12-03 20:15 - 00000000 ____D C:\Users\CADCAM\AppData\Roaming\Malwarebytes
2013-12-03 20:15 - 2013-12-03 20:15 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-12-03 20:15 - 2013-12-03 20:15 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-12-02 13:08 - 2013-12-03 20:13 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\CADCAM\Desktop\mbam-setup-1.75.0.1300.exe
2013-12-02 13:06 - 2013-12-03 20:13 - 01110034 _____ C:\Users\CADCAM\Desktop\adwcleaner.exe
2013-12-02 13:05 - 2013-12-03 20:13 - 00602112 _____ (OldTimer Tools) C:\Users\CADCAM\Desktop\OTL.exe
2013-12-02 00:08 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache
2013-12-01 23:01 - 2013-12-01 22:56 - 00000000 ____D C:\Windows\CD09642E061D4844BA37ED1480916404.TMP
2013-12-01 20:27 - 2012-05-23 20:48 - 00007640 _____ C:\Users\CADCAM\AppData\Local\Resmon.ResmonCfg
2013-12-01 16:53 - 2010-01-14 16:06 - 00001430 _____ C:\Users\CADCAM\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-12-01 16:51 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2013-12-01 16:50 - 2013-12-01 16:35 - 00023377 _____ C:\Windows\IE11_main.log
2013-12-01 16:37 - 2013-12-01 16:37 - 23212032 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-12-01 16:37 - 2013-12-01 16:37 - 17142784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-12-01 16:37 - 2013-12-01 16:37 - 12995584 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-12-01 16:37 - 2013-12-01 16:37 - 11220992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-12-01 16:37 - 2013-12-01 16:37 - 05765120 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-12-01 16:37 - 2013-12-01 16:37 - 04240384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-12-01 16:37 - 2013-12-01 16:37 - 02764288 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-12-01 16:37 - 2013-12-01 16:37 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-12-01 16:37 - 2013-12-01 16:37 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-12-01 16:37 - 2013-12-01 16:37 - 02332160 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-12-01 16:37 - 2013-12-01 16:37 - 02166272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-12-01 16:37 - 2013-12-01 16:37 - 01993728 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-12-01 16:37 - 2013-12-01 16:37 - 01926656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-12-01 16:37 - 2013-12-01 16:37 - 01818112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-12-01 16:37 - 2013-12-01 16:37 - 01394176 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-12-01 16:37 - 2013-12-01 16:37 - 01228800 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2013-12-01 16:37 - 2013-12-01 16:37 - 01156608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-12-01 16:37 - 2013-12-01 16:37 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2013-12-01 16:37 - 2013-12-01 16:37 - 00942592 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
2013-12-01 16:37 - 2013-12-01 16:37 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2013-12-01 16:37 - 2013-12-01 16:37 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2013-12-01 16:37 - 2013-12-01 16:37 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-12-01 16:37 - 2013-12-01 16:37 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2013-12-01 16:37 - 2013-12-01 16:37 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-12-01 16:37 - 2013-12-01 16:37 - 00645120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsIntl.dll
2013-12-01 16:37 - 2013-12-01 16:37 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-12-01 16:37 - 2013-12-01 16:37 - 00616104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2013-12-01 16:37 - 2013-12-01 16:37 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2013-12-01 16:37 - 2013-12-01 16:37 - 00610304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-12-01 16:37 - 2013-12-01 16:37 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-12-01 16:37 - 2013-12-01 16:37 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2013-12-01 16:37 - 2013-12-01 16:37 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-12-01 16:37 - 2013-12-01 16:37 - 00523776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-12-01 16:37 - 2013-12-01 16:37 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-12-01 16:37 - 2013-12-01 16:37 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2013-12-01 16:37 - 2013-12-01 16:37 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-12-01 16:37 - 2013-12-01 16:37 - 00413696 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2013-12-01 16:37 - 2013-12-01 16:37 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2013-12-01 16:37 - 2013-12-01 16:37 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2013-12-01 16:37 - 2013-12-01 16:37 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2013-12-01 16:37 - 2013-12-01 16:37 - 00263376 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2013-12-01 16:37 - 2013-12-01 16:37 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2013-12-01 16:37 - 2013-12-01 16:37 - 00244736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2013-12-01 16:37 - 2013-12-01 16:37 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2013-12-01 16:37 - 2013-12-01 16:37 - 00238288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2013-12-01 16:37 - 2013-12-01 16:37 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-12-01 16:37 - 2013-12-01 16:37 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2013-12-01 16:37 - 2013-12-01 16:37 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-12-01 16:37 - 2013-12-01 16:37 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-12-01 16:37 - 2013-12-01 16:37 - 00208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2013-12-01 16:37 - 2013-12-01 16:37 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2013-12-01 16:37 - 2013-12-01 16:37 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2013-12-01 16:37 - 2013-12-01 16:37 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2013-12-01 16:37 - 2013-12-01 16:37 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2013-12-01 16:37 - 2013-12-01 16:37 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2013-12-01 16:37 - 2013-12-01 16:37 - 00151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2013-12-01 16:37 - 2013-12-01 16:37 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2013-12-01 16:37 - 2013-12-01 16:37 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2013-12-01 16:37 - 2013-12-01 16:37 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2013-12-01 16:37 - 2013-12-01 16:37 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-12-01 16:37 - 2013-12-01 16:37 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2013-12-01 16:37 - 2013-12-01 16:37 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2013-12-01 16:37 - 2013-12-01 16:37 - 00127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2013-12-01 16:37 - 2013-12-01 16:37 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2013-12-01 16:37 - 2013-12-01 16:37 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-12-01 16:37 - 2013-12-01 16:37 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2013-12-01 16:37 - 2013-12-01 16:37 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2013-12-01 16:37 - 2013-12-01 16:37 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-12-01 16:37 - 2013-12-01 16:37 - 00101376 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2013-12-01 16:37 - 2013-12-01 16:37 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2013-12-01 16:37 - 2013-12-01 16:37 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-12-01 16:37 - 2013-12-01 16:37 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-12-01 16:37 - 2013-12-01 16:37 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-12-01 16:37 - 2013-12-01 16:37 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2013-12-01 16:37 - 2013-12-01 16:37 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2013-12-01 16:37 - 2013-12-01 16:37 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2013-12-01 16:37 - 2013-12-01 16:37 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2013-12-01 16:37 - 2013-12-01 16:37 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2013-12-01 16:37 - 2013-12-01 16:37 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-12-01 16:37 - 2013-12-01 16:37 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-12-01 16:37 - 2013-12-01 16:37 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2013-12-01 16:37 - 2013-12-01 16:37 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-12-01 16:37 - 2013-12-01 16:37 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2013-12-01 16:37 - 2013-12-01 16:37 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2013-12-01 16:37 - 2013-12-01 16:37 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2013-12-01 16:37 - 2013-12-01 16:37 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-12-01 16:37 - 2013-12-01 16:37 - 00056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2013-12-01 16:37 - 2013-12-01 16:37 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-12-01 16:37 - 2013-12-01 16:37 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2013-12-01 16:37 - 2013-12-01 16:37 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2013-12-01 16:37 - 2013-12-01 16:37 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2013-12-01 16:37 - 2013-12-01 16:37 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2013-12-01 16:37 - 2013-12-01 16:37 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2013-12-01 16:37 - 2013-12-01 16:37 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2013-12-01 16:37 - 2013-12-01 16:37 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2013-12-01 16:37 - 2013-12-01 16:37 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-12-01 16:37 - 2013-12-01 16:37 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2013-12-01 16:37 - 2013-12-01 16:37 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2013-12-01 16:37 - 2013-12-01 16:37 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2013-12-01 16:37 - 2013-12-01 16:37 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-12-01 16:37 - 2013-12-01 16:37 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-12-01 16:37 - 2013-12-01 16:37 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2013-12-01 16:37 - 2013-12-01 16:37 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2013-12-01 16:37 - 2013-12-01 16:37 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2013-12-01 16:37 - 2013-12-01 16:37 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2013-12-01 16:37 - 2013-12-01 16:37 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2013-12-01 16:37 - 2013-12-01 16:37 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2013-12-01 16:37 - 2013-12-01 16:37 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2013-11-23 23:28 - 2011-11-07 23:24 - 00000069 _____ C:\Windows\NeroDigital.ini
2013-11-22 22:26 - 2012-08-08 20:18 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-11-22 22:26 - 2012-08-08 20:18 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-11-22 22:26 - 2009-07-14 05:45 - 04939000 _____ C:\Windows\system32\FNTCACHE.DAT
2013-11-22 22:20 - 2011-08-07 20:06 - 00001912 _____ C:\Windows\epplauncher.mif
2013-11-22 22:20 - 2011-08-07 20:05 - 00000000 ____D C:\Program Files\Microsoft Security Client
2013-11-22 22:20 - 2011-08-07 20:05 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2013-11-22 22:14 - 2013-09-15 11:32 - 00000000 ____D C:\Windows\system32\MRT
2013-11-19 11:21 - 2010-01-15 15:03 - 00267936 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2013-11-18 22:29 - 2010-01-15 13:47 - 00000000 ____D C:\Users\CADCAM\AppData\Roaming\Adobe
2013-11-18 09:28 - 2013-12-12 00:01 - 04121952 _____ (Kaspersky Lab ZAO) C:\Users\CADCAM\Desktop\TDSSKiller.exe
2013-11-17 18:50 - 2013-11-17 18:50 - 00000000 ____D C:\Users\CADCAM\Documents\Adobe
2013-11-17 11:20 - 2012-12-30 10:28 - 00000000 ____D C:\Users\CADCAM\.gimp-2.8
2013-11-17 01:47 - 2013-11-17 01:47 - 00003504 _____ C:\Windows\System32\Tasks\AdobeAAMUpdater-1.0-WENDELIN-CADCAM
2013-11-17 01:47 - 2013-11-17 01:46 - 00000000 ____D C:\ProgramData\regid.1986-12.com.adobe
2013-11-17 01:47 - 2012-12-30 22:35 - 00000000 ____D C:\Users\CADCAM\AppData\Roaming\NVIDIA
2013-11-17 01:46 - 2013-11-17 01:46 - 00000000 ____D C:\Users\CADCAM\AppData\Roaming\PDAppFlex
2013-11-17 01:35 - 2010-01-14 17:41 - 00058408 _____ C:\Users\CADCAM\AppData\Local\GDIPFONTCACHEV1.DAT
2013-11-17 01:31 - 2013-11-17 01:28 - 00000000 ____D C:\Program Files\Common Files\Adobe
2013-11-17 01:30 - 2013-11-17 01:30 - 00000000 ____D C:\Program Files\Adobe
2013-11-17 01:30 - 2010-01-15 13:47 - 00000000 ____D C:\ProgramData\Adobe
2013-11-17 01:29 - 2010-01-15 13:47 - 00000000 ____D C:\Program Files (x86)\Adobe
2013-11-17 01:17 - 2013-11-17 01:17 - 00001070 _____ C:\Users\Public\Desktop\Adobe Creative Cloud.lnk
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
testsigning: ==> Check for possible unsigned rootkit driver <===== ATTENTION!
LastRegBack: 2013-12-10 18:44
==================== End Of Log ============================
--- --- --- und Addition: Code:
ATTFilter ==================== Memory info ===========================
Percentage of memory in use: 21%
Total physical RAM: 8191.18 MB
Available physical RAM: 6443.1 MB
Total Pagefile: 16380.54 MB
Available Pagefile: 14634.41 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB
==================== Drives ================================
Drive c: (HD_System) (Fixed) (Total:195.32 GB) (Free:34.51 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (HD_Backup) (Fixed) (Total:234.33 GB) (Free:1.23 GB) NTFS
Drive f: (HD2_1) (Fixed) (Total:100.01 GB) (Free:3.78 GB) NTFS
Drive g: (HD2_3) (Fixed) (Total:229.64 GB) (Free:2.93 GB) NTFS
Drive h: (HD2_2) (Fixed) (Total:100 GB) (Free:17.22 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 93B45C35)
Partition 1: (Active) - (Size=195 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=270 GB) - (Type=OF Extended)
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 8E530E68)
Partition 1: (Active) - (Size=100 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=100 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=266 GB) - (Type=OF Extended)
==================== End Of Log ============================
na dann... |
|
12.12.2013, 00:31
| #41 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Reveton Trojaner nicht vollständig entfernt Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter start
testsigning: ==> Check for possible unsigned rootkit driver <===== ATTENTION!
end
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
__________________ Logfiles bitte immer in CODE-Tags posten |
|
12.12.2013, 00:51
| #42 |
| | Reveton Trojaner nicht vollständig entferntCode:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 11-12-2013
Ran by CADCAM at 2013-12-12 00:49:47 Run:2
Running from C:\Users\CADCAM\Desktop
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
start
testsigning: ==> Check for possible unsigned rootkit driver <===== ATTENTION!
end
*****************
Der Vorgang wurde erfolgreich beendet.
==== End of Fixlog ====
|
|
12.12.2013, 14:32
| #43 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Reveton Trojaner nicht vollständig entfernt Ok....TFC ausführen: TFC - Temp File Cleaner Lade dir  TFC (TempFileCleaner von Oldtimer) herunter und speichere es auf den Desktop.
Anschließend FRST nochmal probieren (neue Version) FRST neu auf den Desktop runterladen Haken setzen bei additions.txt Auf Scan klicken Beide neuen Logs posten
__________________ Logfiles bitte immer in CODE-Tags posten |
|
12.12.2013, 22:25
| #44 |
| | Reveton Trojaner nicht vollständig entfernt Okay, habe TFC ausgeführt. neues FRST64 geladen und ausgeführt. Hier die logs. FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-12-2013 02
Ran by CADCAM (administrator) on WENDELIN on 12-12-2013 22:05:43
Running from C:\Users\CADCAM\Desktop
Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(SafeNet, Inc) C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Nero AG) C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [7714336 2009-04-14] (Realtek Semiconductor)
HKLM\...\Run: [Skytel] - C:\Program Files\Realtek\Audio\HDA\SkyTel.exe [1833504 2009-04-14] (Realtek Semiconductor Corp.)
HKLM\...\Run: [MSC] - C:\Program Files\Microsoft Security Client\msseces.exe [1266912 2013-10-23] (Microsoft Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [472984 2013-09-25] (Adobe Systems Incorporated)
HKCU\...\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] - C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe [1828136 2008-02-28] (Nero AG)
HKCU\...\Run: [GoogleDriveSync] - "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files (x86)\Adobe\Reader 8.0\Reader\reader_sl.exe [39792 2008-01-11] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe Creative Cloud] - C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2237328 2013-11-05] (Adobe Systems Incorporated)
Startup: C:\Users\CADCAM\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\CADCAM\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x411194B52355CC01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO-x32: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO-x32: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - No Name - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No File
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
==================== Services (Whitelisted) =================
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2013-10-23] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [348376 2013-10-23] (Microsoft Corporation)
R3 NMIndexingService; C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe [529704 2008-02-28] (Nero AG)
R2 SentinelProtectionServer; C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe [1246496 2009-09-17] (SafeNet, Inc)
==================== Drivers (Whitelisted) ====================
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [248240 2013-09-27] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [134944 2013-09-27] (Microsoft Corporation)
S3 OxPCIeSer; C:\Windows\System32\DRIVERS\OxPCIeSer.sys [101672 2008-01-16] (OEM)
S3 OxPCIeSerMf; C:\Windows\System32\DRIVERS\OxPCIeMf.sys [31016 2008-01-16] (OEM)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [27520 2007-05-14] (Research In Motion Limited)
R2 Sentinel64; C:\Windows\System32\Drivers\Sentinel64.sys [145448 2009-09-17] (SafeNet, Inc.)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
S3 MSICDSetup; \??\E:\CDriver64.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-12-12 22:05 - 2013-12-12 22:05 - 00006410 _____ C:\Users\CADCAM\Desktop\FRST.txt
2013-12-12 22:04 - 2013-12-12 22:04 - 01927290 _____ (Farbar) C:\Users\CADCAM\Desktop\FRST64.exe
2013-12-12 22:00 - 2013-12-12 22:00 - 00448512 _____ (OldTimer Tools) C:\Users\CADCAM\Desktop\TFC.exe
2013-12-12 01:33 - 2013-12-12 01:33 - 00000032 _____ C:\ProgramData\Temp.log
2013-12-12 01:27 - 2013-12-12 01:27 - 00003124 _____ C:\Windows\System32\Tasks\{64C6D647-E5AD-4FDB-934B-9A8A5CE33F12}
2013-12-12 00:01 - 2013-11-18 09:28 - 04121952 _____ (Kaspersky Lab ZAO) C:\Users\CADCAM\Desktop\TDSSKiller.exe
2013-12-11 23:55 - 2013-12-11 23:55 - 00028640 _____ C:\ComboFix.txt
2013-12-11 22:54 - 2013-12-11 23:21 - 273372447 _____ C:\Users\CADCAM\Downloads\ava.14.10.13.mov
2013-12-11 01:59 - 2013-12-11 02:03 - 376661969 _____ C:\Users\CADCAM\Downloads\andyvf_chastity.wmv
2013-12-11 01:39 - 2013-12-11 01:39 - 233197627 _____ C:\Users\CADCAM\Downloads\JeanettaJoy_XXC2.mp4
2013-12-08 22:40 - 2013-12-08 22:48 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-12-08 22:39 - 2013-12-08 23:29 - 00089304 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2013-12-08 22:39 - 2013-12-08 22:48 - 00000000 ____D C:\Users\CADCAM\Desktop\mbar
2013-12-08 22:35 - 2013-12-08 22:35 - 12582688 _____ (Malwarebytes Corp.) C:\Users\CADCAM\Desktop\mbar-1.07.0.1008.exe
2013-12-08 21:08 - 2011-06-26 07:45 - 00256000 _____ C:\Windows\PEV.exe
2013-12-08 21:08 - 2010-11-07 18:20 - 00208896 _____ C:\Windows\MBR.exe
2013-12-08 21:08 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-12-08 21:08 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-12-08 21:08 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-12-08 21:08 - 2000-08-31 01:00 - 00098816 _____ C:\Windows\sed.exe
2013-12-08 21:08 - 2000-08-31 01:00 - 00080412 _____ C:\Windows\grep.exe
2013-12-08 21:08 - 2000-08-31 01:00 - 00068096 _____ C:\Windows\zip.exe
2013-12-08 21:07 - 2013-12-11 23:55 - 00000000 ____D C:\Qoobox
2013-12-08 21:06 - 2013-12-08 21:21 - 00000000 ____D C:\Windows\erdnt
2013-12-08 20:59 - 2013-12-11 00:02 - 05153140 ____R (Swearware) C:\Users\CADCAM\Desktop\ComboFix.exe
2013-12-07 21:58 - 2013-12-07 21:58 - 00000000 ____D C:\Windows\ERUNT
2013-12-07 21:52 - 2013-12-07 21:52 - 01034531 _____ (Thisisu) C:\Users\CADCAM\Desktop\JRT.exe
2013-12-06 22:27 - 2013-12-11 23:25 - 00000000 ____D C:\FRST
2013-12-06 21:06 - 2013-12-06 21:10 - 00000000 ____D C:\AdwCleaner
2013-12-03 20:15 - 2013-12-03 20:15 - 00001118 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-12-03 20:15 - 2013-12-03 20:15 - 00000000 ____D C:\Users\CADCAM\AppData\Roaming\Malwarebytes
2013-12-03 20:15 - 2013-12-03 20:15 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-12-03 20:15 - 2013-12-03 20:15 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-12-03 20:15 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-12-03 20:13 - 2013-12-02 13:06 - 01110034 _____ C:\Users\CADCAM\Desktop\adwcleaner.exe
2013-12-03 20:13 - 2013-12-02 13:05 - 00602112 _____ (OldTimer Tools) C:\Users\CADCAM\Desktop\OTL.exe
2013-12-01 16:40 - 2013-10-14 18:00 - 00028368 _____ (Microsoft Corporation) C:\Windows\system32\IEUDINIT.EXE
2013-12-01 16:37 - 2013-12-01 16:37 - 23212032 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-12-01 16:37 - 2013-12-01 16:37 - 17142784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-12-01 16:37 - 2013-12-01 16:37 - 12995584 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-12-01 16:37 - 2013-12-01 16:37 - 11220992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-12-01 16:37 - 2013-12-01 16:37 - 05765120 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-12-01 16:37 - 2013-12-01 16:37 - 04240384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-12-01 16:37 - 2013-12-01 16:37 - 02764288 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-12-01 16:37 - 2013-12-01 16:37 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-12-01 16:37 - 2013-12-01 16:37 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-12-01 16:37 - 2013-12-01 16:37 - 02332160 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-12-01 16:37 - 2013-12-01 16:37 - 02166272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-12-01 16:37 - 2013-12-01 16:37 - 01993728 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-12-01 16:37 - 2013-12-01 16:37 - 01926656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-12-01 16:37 - 2013-12-01 16:37 - 01818112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-12-01 16:37 - 2013-12-01 16:37 - 01394176 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-12-01 16:37 - 2013-12-01 16:37 - 01228800 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2013-12-01 16:37 - 2013-12-01 16:37 - 01156608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-12-01 16:37 - 2013-12-01 16:37 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2013-12-01 16:37 - 2013-12-01 16:37 - 00942592 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
2013-12-01 16:37 - 2013-12-01 16:37 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2013-12-01 16:37 - 2013-12-01 16:37 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2013-12-01 16:37 - 2013-12-01 16:37 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-12-01 16:37 - 2013-12-01 16:37 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2013-12-01 16:37 - 2013-12-01 16:37 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-12-01 16:37 - 2013-12-01 16:37 - 00645120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsIntl.dll
2013-12-01 16:37 - 2013-12-01 16:37 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-12-01 16:37 - 2013-12-01 16:37 - 00616104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2013-12-01 16:37 - 2013-12-01 16:37 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2013-12-01 16:37 - 2013-12-01 16:37 - 00610304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-12-01 16:37 - 2013-12-01 16:37 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-12-01 16:37 - 2013-12-01 16:37 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2013-12-01 16:37 - 2013-12-01 16:37 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-12-01 16:37 - 2013-12-01 16:37 - 00523776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-12-01 16:37 - 2013-12-01 16:37 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-12-01 16:37 - 2013-12-01 16:37 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2013-12-01 16:37 - 2013-12-01 16:37 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-12-01 16:37 - 2013-12-01 16:37 - 00413696 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2013-12-01 16:37 - 2013-12-01 16:37 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2013-12-01 16:37 - 2013-12-01 16:37 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2013-12-01 16:37 - 2013-12-01 16:37 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2013-12-01 16:37 - 2013-12-01 16:37 - 00263376 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2013-12-01 16:37 - 2013-12-01 16:37 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2013-12-01 16:37 - 2013-12-01 16:37 - 00244736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2013-12-01 16:37 - 2013-12-01 16:37 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2013-12-01 16:37 - 2013-12-01 16:37 - 00238288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2013-12-01 16:37 - 2013-12-01 16:37 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-12-01 16:37 - 2013-12-01 16:37 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2013-12-01 16:37 - 2013-12-01 16:37 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-12-01 16:37 - 2013-12-01 16:37 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-12-01 16:37 - 2013-12-01 16:37 - 00208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2013-12-01 16:37 - 2013-12-01 16:37 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2013-12-01 16:37 - 2013-12-01 16:37 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2013-12-01 16:37 - 2013-12-01 16:37 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2013-12-01 16:37 - 2013-12-01 16:37 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2013-12-01 16:37 - 2013-12-01 16:37 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2013-12-01 16:37 - 2013-12-01 16:37 - 00151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2013-12-01 16:37 - 2013-12-01 16:37 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2013-12-01 16:37 - 2013-12-01 16:37 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2013-12-01 16:37 - 2013-12-01 16:37 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2013-12-01 16:37 - 2013-12-01 16:37 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-12-01 16:37 - 2013-12-01 16:37 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2013-12-01 16:37 - 2013-12-01 16:37 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2013-12-01 16:37 - 2013-12-01 16:37 - 00127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2013-12-01 16:37 - 2013-12-01 16:37 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2013-12-01 16:37 - 2013-12-01 16:37 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-12-01 16:37 - 2013-12-01 16:37 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2013-12-01 16:37 - 2013-12-01 16:37 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2013-12-01 16:37 - 2013-12-01 16:37 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-12-01 16:37 - 2013-12-01 16:37 - 00101376 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2013-12-01 16:37 - 2013-12-01 16:37 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2013-12-01 16:37 - 2013-12-01 16:37 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-12-01 16:37 - 2013-12-01 16:37 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-12-01 16:37 - 2013-12-01 16:37 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-12-01 16:37 - 2013-12-01 16:37 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2013-12-01 16:37 - 2013-12-01 16:37 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2013-12-01 16:37 - 2013-12-01 16:37 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2013-12-01 16:37 - 2013-12-01 16:37 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2013-12-01 16:37 - 2013-12-01 16:37 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2013-12-01 16:37 - 2013-12-01 16:37 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-12-01 16:37 - 2013-12-01 16:37 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-12-01 16:37 - 2013-12-01 16:37 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2013-12-01 16:37 - 2013-12-01 16:37 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-12-01 16:37 - 2013-12-01 16:37 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2013-12-01 16:37 - 2013-12-01 16:37 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2013-12-01 16:37 - 2013-12-01 16:37 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2013-12-01 16:37 - 2013-12-01 16:37 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-12-01 16:37 - 2013-12-01 16:37 - 00056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2013-12-01 16:37 - 2013-12-01 16:37 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-12-01 16:37 - 2013-12-01 16:37 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2013-12-01 16:37 - 2013-12-01 16:37 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2013-12-01 16:37 - 2013-12-01 16:37 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2013-12-01 16:37 - 2013-12-01 16:37 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2013-12-01 16:37 - 2013-12-01 16:37 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2013-12-01 16:37 - 2013-12-01 16:37 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2013-12-01 16:37 - 2013-12-01 16:37 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2013-12-01 16:37 - 2013-12-01 16:37 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-12-01 16:37 - 2013-12-01 16:37 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2013-12-01 16:37 - 2013-12-01 16:37 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2013-12-01 16:37 - 2013-12-01 16:37 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2013-12-01 16:37 - 2013-12-01 16:37 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-12-01 16:37 - 2013-12-01 16:37 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-12-01 16:37 - 2013-12-01 16:37 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2013-12-01 16:37 - 2013-12-01 16:37 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2013-12-01 16:37 - 2013-12-01 16:37 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2013-12-01 16:37 - 2013-12-01 16:37 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2013-12-01 16:37 - 2013-12-01 16:37 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2013-12-01 16:37 - 2013-12-01 16:37 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2013-12-01 16:37 - 2013-12-01 16:37 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2013-12-01 16:35 - 2013-12-01 16:50 - 00023377 _____ C:\Windows\IE11_main.log
2013-11-24 21:37 - 2013-09-04 13:12 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2013-11-24 21:37 - 2013-09-04 13:11 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2013-11-24 21:37 - 2013-09-04 13:11 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2013-11-24 21:37 - 2013-09-04 13:11 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2013-11-24 21:37 - 2013-09-04 13:11 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2013-11-24 21:37 - 2013-09-04 13:11 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2013-11-24 21:37 - 2013-09-04 13:11 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2013-11-22 22:07 - 2013-10-05 21:25 - 01474048 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-11-22 22:07 - 2013-10-05 20:57 - 01168384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-11-22 22:07 - 2013-10-04 03:28 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\SmartcardCredentialProvider.dll
2013-11-22 22:07 - 2013-10-04 03:25 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\credui.dll
2013-11-22 22:07 - 2013-10-04 03:24 - 01930752 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2013-11-22 22:07 - 2013-10-04 02:58 - 00152576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SmartcardCredentialProvider.dll
2013-11-22 22:07 - 2013-10-04 02:56 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2013-11-22 22:07 - 2013-10-04 02:56 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credui.dll
2013-11-22 22:07 - 2013-10-03 03:23 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2013-11-22 22:07 - 2013-10-03 03:00 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2013-11-22 22:07 - 2013-09-28 02:09 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2013-11-22 22:07 - 2013-09-25 03:26 - 00154560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2013-11-22 22:07 - 2013-09-25 03:26 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2013-11-22 22:07 - 2013-09-25 03:23 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2013-11-22 22:07 - 2013-09-25 03:23 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2013-11-22 22:07 - 2013-09-25 03:23 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2013-11-22 22:07 - 2013-09-25 03:22 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2013-11-22 22:07 - 2013-09-25 03:21 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2013-11-22 22:07 - 2013-09-25 03:21 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2013-11-22 22:07 - 2013-09-25 02:58 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2013-11-22 22:07 - 2013-09-25 02:57 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2013-11-22 22:07 - 2013-09-25 02:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2013-11-22 22:07 - 2013-09-25 02:56 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2013-11-22 22:07 - 2013-09-25 02:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2013-11-22 22:07 - 2013-09-08 03:30 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-11-22 22:07 - 2013-09-08 03:27 - 00327168 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll
2013-11-22 22:07 - 2013-09-08 03:03 - 00231424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswsock.dll
2013-11-22 22:07 - 2013-08-29 03:17 - 05549504 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-11-22 22:07 - 2013-08-29 03:16 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-11-22 22:07 - 2013-08-29 03:16 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2013-11-22 22:07 - 2013-08-29 03:16 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2013-11-22 22:07 - 2013-08-29 03:13 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2013-11-22 22:07 - 2013-08-29 02:51 - 03969472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-11-22 22:07 - 2013-08-29 02:51 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-11-22 22:07 - 2013-08-29 02:50 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-11-22 22:07 - 2013-08-29 02:50 - 00619520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2013-11-22 22:07 - 2013-08-29 02:50 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-11-22 22:07 - 2013-08-29 02:48 - 00640512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2013-11-22 22:07 - 2013-08-29 01:49 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-11-22 22:07 - 2013-08-29 01:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-11-22 22:07 - 2013-08-29 01:49 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-11-22 22:07 - 2013-08-29 01:49 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-11-22 22:07 - 2013-08-28 02:21 - 03155968 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-11-22 22:07 - 2013-08-28 02:12 - 00461312 _____ (Microsoft Corporation) C:\Windows\system32\scavengeui.dll
2013-11-22 22:07 - 2013-08-01 13:09 - 00983488 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2013-11-22 22:07 - 2013-07-20 11:33 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2013-11-22 22:07 - 2013-07-20 11:33 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2013-11-22 22:07 - 2013-07-12 11:41 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbcir.sys
2013-11-22 22:07 - 2013-07-04 13:57 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2013-11-22 22:07 - 2013-07-04 13:50 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2013-11-22 22:07 - 2013-07-04 13:50 - 00102400 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2013-11-22 22:07 - 2013-07-04 13:18 - 00458712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2013-11-22 22:07 - 2013-07-04 12:57 - 00205824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
2013-11-22 22:07 - 2013-07-04 12:51 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll
2013-11-22 22:07 - 2013-07-04 12:50 - 00530432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll
2013-11-22 22:07 - 2013-07-04 11:11 - 00140800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2013-11-22 22:07 - 2013-07-03 05:05 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidclass.sys
2013-11-22 22:07 - 2013-07-03 05:05 - 00032896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys
2013-11-22 22:07 - 2013-06-25 23:55 - 00785624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys
2013-11-22 22:07 - 2013-06-06 06:50 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2013-11-22 22:07 - 2013-06-06 06:49 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2013-11-22 22:07 - 2013-06-06 06:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2013-11-22 22:07 - 2013-06-06 06:47 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2013-11-22 22:07 - 2013-06-06 05:57 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2013-11-22 22:07 - 2013-06-06 05:51 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2013-11-22 22:07 - 2013-06-06 05:50 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2013-11-22 22:07 - 2013-06-06 04:30 - 00368128 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2013-11-22 22:07 - 2013-06-06 04:01 - 00295424 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2013-11-22 22:07 - 2013-06-06 04:01 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2013-11-22 22:07 - 2013-04-10 00:34 - 01247744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2013-11-22 22:07 - 2013-04-02 23:51 - 01643520 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2013-11-22 22:04 - 2013-10-12 03:30 - 00830464 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll
2013-11-22 22:04 - 2013-10-12 03:29 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2013-11-22 22:04 - 2013-10-12 03:29 - 00324096 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
2013-11-22 22:04 - 2013-10-12 03:03 - 00656896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll
2013-11-22 22:04 - 2013-10-12 03:01 - 00216576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL
2013-11-22 22:04 - 2013-04-17 08:02 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2013-11-22 22:04 - 2013-04-17 07:24 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2013-11-17 18:50 - 2013-11-17 18:50 - 00000000 ____D C:\Users\CADCAM\Documents\Adobe
2013-11-17 01:47 - 2013-11-17 01:47 - 00003504 _____ C:\Windows\System32\Tasks\AdobeAAMUpdater-1.0-WENDELIN-CADCAM
2013-11-17 01:46 - 2013-11-17 01:47 - 00000000 ____D C:\ProgramData\regid.1986-12.com.adobe
2013-11-17 01:46 - 2013-11-17 01:46 - 00000000 ____D C:\Users\CADCAM\AppData\Roaming\PDAppFlex
2013-11-17 01:30 - 2013-11-17 01:30 - 00000000 ____D C:\Program Files\Adobe
2013-11-17 01:28 - 2013-11-17 01:31 - 00000000 ____D C:\Program Files\Common Files\Adobe
2013-11-17 01:17 - 2013-11-17 01:17 - 00001070 _____ C:\Users\Public\Desktop\Adobe Creative Cloud.lnk
==================== One Month Modified Files and Folders =======
2013-12-12 22:05 - 2013-12-12 22:05 - 00006410 _____ C:\Users\CADCAM\Desktop\FRST.txt
2013-12-12 22:04 - 2013-12-12 22:04 - 01927290 _____ (Farbar) C:\Users\CADCAM\Desktop\FRST64.exe
2013-12-12 22:01 - 2010-01-15 13:47 - 00000000 ____D C:\Users\CADCAM\AppData\Local\Adobe
2013-12-12 22:00 - 2013-12-12 22:00 - 00448512 _____ (OldTimer Tools) C:\Users\CADCAM\Desktop\TFC.exe
2013-12-12 21:58 - 2012-07-22 18:13 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-12-12 21:58 - 2009-07-14 05:45 - 00018672 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-12-12 21:58 - 2009-07-14 05:45 - 00018672 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-12-12 21:56 - 2010-01-14 16:02 - 01159233 _____ C:\Windows\WindowsUpdate.log
2013-12-12 21:52 - 2011-10-27 22:08 - 00000000 ____D C:\Users\CADCAM\AppData\Roaming\Dropbox
2013-12-12 21:51 - 2012-07-22 18:13 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-12-12 21:51 - 2011-10-27 22:13 - 00000000 ___RD C:\Users\CADCAM\Dropbox
2013-12-12 21:51 - 2010-01-14 17:37 - 00000000 ____D C:\ProgramData\NVIDIA
2013-12-12 21:51 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-12-12 21:51 - 2009-07-14 05:51 - 00092812 _____ C:\Windows\setupact.log
2013-12-12 01:37 - 2012-06-09 17:14 - 00000000 ____D C:\Windows\Lhsp
2013-12-12 01:36 - 2012-05-23 19:12 - 00000000 ____D C:\Program Files (x86)\XMedia Recode
2013-12-12 01:36 - 2011-08-07 17:21 - 00000000 ____D C:\Windows\system32\appmgmt
2013-12-12 01:35 - 2011-10-08 18:53 - 00000000 ____D C:\Users\CADCAM\AppData\Roaming\Real
2013-12-12 01:35 - 2011-10-08 18:53 - 00000000 ____D C:\Program Files (x86)\Real
2013-12-12 01:33 - 2013-12-12 01:33 - 00000032 _____ C:\ProgramData\Temp.log
2013-12-12 01:33 - 2013-06-09 18:56 - 00000000 ____D C:\ProgramData\CLSK
2013-12-12 01:33 - 2010-01-14 17:59 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-12-12 01:29 - 2012-07-22 18:13 - 00000000 ____D C:\Users\CADCAM\AppData\Local\Google
2013-12-12 01:29 - 2012-07-22 18:13 - 00000000 ____D C:\Program Files (x86)\Google
2013-12-12 01:27 - 2013-12-12 01:27 - 00003124 _____ C:\Windows\System32\Tasks\{64C6D647-E5AD-4FDB-934B-9A8A5CE33F12}
2013-12-12 01:27 - 2012-12-29 15:12 - 00000000 ____D C:\Program Files (x86)\DVDVideoSoft
2013-12-12 00:31 - 2013-01-19 13:38 - 00000000 ____D C:\Users\CADCAM\AppData\Roaming\vlc
2013-12-11 23:55 - 2013-12-11 23:55 - 00028640 _____ C:\ComboFix.txt
2013-12-11 23:55 - 2013-12-08 21:07 - 00000000 ____D C:\Qoobox
2013-12-11 23:51 - 2009-07-14 03:34 - 00000215 _____ C:\Windows\system.ini
2013-12-11 23:50 - 2010-01-14 17:40 - 00136438 _____ C:\Windows\PFRO.log
2013-12-11 23:34 - 2012-07-22 18:19 - 00000000 ___RD C:\Users\CADCAM\Google Drive
2013-12-11 23:25 - 2013-12-06 22:27 - 00000000 ____D C:\FRST
2013-12-11 23:21 - 2013-12-11 22:54 - 273372447 _____ C:\Users\CADCAM\Downloads\ava.14.10.13.mov
2013-12-11 20:31 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\NDF
2013-12-11 02:03 - 2013-12-11 01:59 - 376661969 _____ C:\Users\CADCAM\Downloads\andyvf_chastity.wmv
2013-12-11 01:39 - 2013-12-11 01:39 - 233197627 _____ C:\Users\CADCAM\Downloads\JeanettaJoy_XXC2.mp4
2013-12-11 01:14 - 2012-04-06 03:29 - 00023552 _____ C:\Users\CADCAM\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-12-11 00:28 - 2009-07-14 18:58 - 00699432 _____ C:\Windows\system32\perfh007.dat
2013-12-11 00:28 - 2009-07-14 18:58 - 00149572 _____ C:\Windows\system32\perfc007.dat
2013-12-11 00:28 - 2009-07-14 06:13 - 01620684 _____ C:\Windows\system32\PerfStringBackup.INI
2013-12-11 00:02 - 2013-12-08 20:59 - 05153140 ____R (Swearware) C:\Users\CADCAM\Desktop\ComboFix.exe
2013-12-10 19:26 - 2010-01-14 16:06 - 00000000 ___RD C:\Users\CADCAM\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-12-08 23:29 - 2013-12-08 22:39 - 00089304 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2013-12-08 22:48 - 2013-12-08 22:40 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-12-08 22:48 - 2013-12-08 22:39 - 00000000 ____D C:\Users\CADCAM\Desktop\mbar
2013-12-08 22:35 - 2013-12-08 22:35 - 12582688 _____ (Malwarebytes Corp.) C:\Users\CADCAM\Desktop\mbar-1.07.0.1008.exe
2013-12-08 21:23 - 2009-07-14 04:20 - 00000000 __RHD C:\Users\Default
2013-12-08 21:21 - 2013-12-08 21:06 - 00000000 ____D C:\Windows\erdnt
2013-12-07 21:58 - 2013-12-07 21:58 - 00000000 ____D C:\Windows\ERUNT
2013-12-07 21:52 - 2013-12-07 21:52 - 01034531 _____ (Thisisu) C:\Users\CADCAM\Desktop\JRT.exe
2013-12-06 22:17 - 2011-08-07 20:06 - 01586676 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2013-12-06 21:10 - 2013-12-06 21:06 - 00000000 ____D C:\AdwCleaner
2013-12-05 22:53 - 2012-07-22 18:13 - 00004106 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-12-05 22:53 - 2012-07-22 18:13 - 00003854 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-12-03 20:15 - 2013-12-03 20:15 - 00001118 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-12-03 20:15 - 2013-12-03 20:15 - 00000000 ____D C:\Users\CADCAM\AppData\Roaming\Malwarebytes
2013-12-03 20:15 - 2013-12-03 20:15 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-12-03 20:15 - 2013-12-03 20:15 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-12-02 13:06 - 2013-12-03 20:13 - 01110034 _____ C:\Users\CADCAM\Desktop\adwcleaner.exe
2013-12-02 13:05 - 2013-12-03 20:13 - 00602112 _____ (OldTimer Tools) C:\Users\CADCAM\Desktop\OTL.exe
2013-12-02 00:08 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache
2013-12-01 20:27 - 2012-05-23 20:48 - 00007640 _____ C:\Users\CADCAM\AppData\Local\Resmon.ResmonCfg
2013-12-01 16:53 - 2010-01-14 16:06 - 00001430 _____ C:\Users\CADCAM\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-12-01 16:51 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2013-12-01 16:50 - 2013-12-01 16:35 - 00023377 _____ C:\Windows\IE11_main.log
2013-12-01 16:37 - 2013-12-01 16:37 - 23212032 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-12-01 16:37 - 2013-12-01 16:37 - 17142784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-12-01 16:37 - 2013-12-01 16:37 - 12995584 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-12-01 16:37 - 2013-12-01 16:37 - 11220992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-12-01 16:37 - 2013-12-01 16:37 - 05765120 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-12-01 16:37 - 2013-12-01 16:37 - 04240384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-12-01 16:37 - 2013-12-01 16:37 - 02764288 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-12-01 16:37 - 2013-12-01 16:37 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-12-01 16:37 - 2013-12-01 16:37 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-12-01 16:37 - 2013-12-01 16:37 - 02332160 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-12-01 16:37 - 2013-12-01 16:37 - 02166272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-12-01 16:37 - 2013-12-01 16:37 - 01993728 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-12-01 16:37 - 2013-12-01 16:37 - 01926656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-12-01 16:37 - 2013-12-01 16:37 - 01818112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-12-01 16:37 - 2013-12-01 16:37 - 01394176 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-12-01 16:37 - 2013-12-01 16:37 - 01228800 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2013-12-01 16:37 - 2013-12-01 16:37 - 01156608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-12-01 16:37 - 2013-12-01 16:37 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2013-12-01 16:37 - 2013-12-01 16:37 - 00942592 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
2013-12-01 16:37 - 2013-12-01 16:37 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2013-12-01 16:37 - 2013-12-01 16:37 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2013-12-01 16:37 - 2013-12-01 16:37 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-12-01 16:37 - 2013-12-01 16:37 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2013-12-01 16:37 - 2013-12-01 16:37 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-12-01 16:37 - 2013-12-01 16:37 - 00645120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsIntl.dll
2013-12-01 16:37 - 2013-12-01 16:37 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-12-01 16:37 - 2013-12-01 16:37 - 00616104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2013-12-01 16:37 - 2013-12-01 16:37 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2013-12-01 16:37 - 2013-12-01 16:37 - 00610304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-12-01 16:37 - 2013-12-01 16:37 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-12-01 16:37 - 2013-12-01 16:37 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2013-12-01 16:37 - 2013-12-01 16:37 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-12-01 16:37 - 2013-12-01 16:37 - 00523776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-12-01 16:37 - 2013-12-01 16:37 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-12-01 16:37 - 2013-12-01 16:37 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2013-12-01 16:37 - 2013-12-01 16:37 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-12-01 16:37 - 2013-12-01 16:37 - 00413696 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2013-12-01 16:37 - 2013-12-01 16:37 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2013-12-01 16:37 - 2013-12-01 16:37 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2013-12-01 16:37 - 2013-12-01 16:37 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2013-12-01 16:37 - 2013-12-01 16:37 - 00263376 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2013-12-01 16:37 - 2013-12-01 16:37 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2013-12-01 16:37 - 2013-12-01 16:37 - 00244736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2013-12-01 16:37 - 2013-12-01 16:37 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2013-12-01 16:37 - 2013-12-01 16:37 - 00238288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2013-12-01 16:37 - 2013-12-01 16:37 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-12-01 16:37 - 2013-12-01 16:37 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2013-12-01 16:37 - 2013-12-01 16:37 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-12-01 16:37 - 2013-12-01 16:37 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-12-01 16:37 - 2013-12-01 16:37 - 00208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2013-12-01 16:37 - 2013-12-01 16:37 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2013-12-01 16:37 - 2013-12-01 16:37 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2013-12-01 16:37 - 2013-12-01 16:37 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2013-12-01 16:37 - 2013-12-01 16:37 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2013-12-01 16:37 - 2013-12-01 16:37 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2013-12-01 16:37 - 2013-12-01 16:37 - 00151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2013-12-01 16:37 - 2013-12-01 16:37 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2013-12-01 16:37 - 2013-12-01 16:37 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2013-12-01 16:37 - 2013-12-01 16:37 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2013-12-01 16:37 - 2013-12-01 16:37 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-12-01 16:37 - 2013-12-01 16:37 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2013-12-01 16:37 - 2013-12-01 16:37 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2013-12-01 16:37 - 2013-12-01 16:37 - 00127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2013-12-01 16:37 - 2013-12-01 16:37 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2013-12-01 16:37 - 2013-12-01 16:37 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-12-01 16:37 - 2013-12-01 16:37 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2013-12-01 16:37 - 2013-12-01 16:37 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2013-12-01 16:37 - 2013-12-01 16:37 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-12-01 16:37 - 2013-12-01 16:37 - 00101376 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2013-12-01 16:37 - 2013-12-01 16:37 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2013-12-01 16:37 - 2013-12-01 16:37 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-12-01 16:37 - 2013-12-01 16:37 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-12-01 16:37 - 2013-12-01 16:37 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-12-01 16:37 - 2013-12-01 16:37 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2013-12-01 16:37 - 2013-12-01 16:37 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2013-12-01 16:37 - 2013-12-01 16:37 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2013-12-01 16:37 - 2013-12-01 16:37 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2013-12-01 16:37 - 2013-12-01 16:37 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2013-12-01 16:37 - 2013-12-01 16:37 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-12-01 16:37 - 2013-12-01 16:37 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-12-01 16:37 - 2013-12-01 16:37 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2013-12-01 16:37 - 2013-12-01 16:37 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-12-01 16:37 - 2013-12-01 16:37 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2013-12-01 16:37 - 2013-12-01 16:37 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2013-12-01 16:37 - 2013-12-01 16:37 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2013-12-01 16:37 - 2013-12-01 16:37 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-12-01 16:37 - 2013-12-01 16:37 - 00056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2013-12-01 16:37 - 2013-12-01 16:37 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-12-01 16:37 - 2013-12-01 16:37 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2013-12-01 16:37 - 2013-12-01 16:37 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2013-12-01 16:37 - 2013-12-01 16:37 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2013-12-01 16:37 - 2013-12-01 16:37 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2013-12-01 16:37 - 2013-12-01 16:37 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2013-12-01 16:37 - 2013-12-01 16:37 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2013-12-01 16:37 - 2013-12-01 16:37 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2013-12-01 16:37 - 2013-12-01 16:37 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-12-01 16:37 - 2013-12-01 16:37 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2013-12-01 16:37 - 2013-12-01 16:37 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2013-12-01 16:37 - 2013-12-01 16:37 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2013-12-01 16:37 - 2013-12-01 16:37 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-12-01 16:37 - 2013-12-01 16:37 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-12-01 16:37 - 2013-12-01 16:37 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2013-12-01 16:37 - 2013-12-01 16:37 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2013-12-01 16:37 - 2013-12-01 16:37 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2013-12-01 16:37 - 2013-12-01 16:37 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2013-12-01 16:37 - 2013-12-01 16:37 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2013-12-01 16:37 - 2013-12-01 16:37 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2013-12-01 16:37 - 2013-12-01 16:37 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2013-11-23 23:28 - 2011-11-07 23:24 - 00000069 _____ C:\Windows\NeroDigital.ini
2013-11-22 22:26 - 2012-08-08 20:18 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-11-22 22:26 - 2012-08-08 20:18 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-11-22 22:26 - 2009-07-14 05:45 - 04939000 _____ C:\Windows\system32\FNTCACHE.DAT
2013-11-22 22:20 - 2011-08-07 20:06 - 00001912 _____ C:\Windows\epplauncher.mif
2013-11-22 22:20 - 2011-08-07 20:05 - 00000000 ____D C:\Program Files\Microsoft Security Client
2013-11-22 22:20 - 2011-08-07 20:05 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2013-11-22 22:14 - 2013-09-15 11:32 - 00000000 ____D C:\Windows\system32\MRT
2013-11-19 11:21 - 2010-01-15 15:03 - 00267936 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2013-11-18 22:29 - 2010-01-15 13:47 - 00000000 ____D C:\Users\CADCAM\AppData\Roaming\Adobe
2013-11-18 09:28 - 2013-12-12 00:01 - 04121952 _____ (Kaspersky Lab ZAO) C:\Users\CADCAM\Desktop\TDSSKiller.exe
2013-11-17 18:50 - 2013-11-17 18:50 - 00000000 ____D C:\Users\CADCAM\Documents\Adobe
2013-11-17 11:20 - 2012-12-30 10:28 - 00000000 ____D C:\Users\CADCAM\.gimp-2.8
2013-11-17 01:47 - 2013-11-17 01:47 - 00003504 _____ C:\Windows\System32\Tasks\AdobeAAMUpdater-1.0-WENDELIN-CADCAM
2013-11-17 01:47 - 2013-11-17 01:46 - 00000000 ____D C:\ProgramData\regid.1986-12.com.adobe
2013-11-17 01:47 - 2012-12-30 22:35 - 00000000 ____D C:\Users\CADCAM\AppData\Roaming\NVIDIA
2013-11-17 01:46 - 2013-11-17 01:46 - 00000000 ____D C:\Users\CADCAM\AppData\Roaming\PDAppFlex
2013-11-17 01:35 - 2010-01-14 17:41 - 00058408 _____ C:\Users\CADCAM\AppData\Local\GDIPFONTCACHEV1.DAT
2013-11-17 01:31 - 2013-11-17 01:28 - 00000000 ____D C:\Program Files\Common Files\Adobe
2013-11-17 01:30 - 2013-11-17 01:30 - 00000000 ____D C:\Program Files\Adobe
2013-11-17 01:30 - 2010-01-15 13:47 - 00000000 ____D C:\ProgramData\Adobe
2013-11-17 01:29 - 2010-01-15 13:47 - 00000000 ____D C:\Program Files (x86)\Adobe
2013-11-17 01:17 - 2013-11-17 01:17 - 00001070 _____ C:\Users\Public\Desktop\Adobe Creative Cloud.lnk
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-12-10 18:44
==================== End Of Log ============================
und Addition: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12-12-2013 02
Ran by CADCAM at 2013-12-12 22:06:13
Running from C:\Users\CADCAM\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
==================== Installed Programs ======================
Adobe Creative Cloud (x32 Version: 2.2.1.260)
Adobe Flash Player 11 ActiveX (x32 Version: 11.5.502.146)
Adobe Photoshop CC (x32 Version: 14.0)
Adobe Reader 8.1.2 - Deutsch (x32 Version: 8.1.2)
Camtasia Studio 7 (x32 Version: 7.0.1)
Dropbox (HKCU Version: 2.0.22)
Free Audio CD to MP3 Converter version 1.3.12.1228 (x32 Version: 1.3.12.1228)
Free DVD Video Converter version 2.0.5.508 (x32 Version: 2.0.5.508)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0)
Google Toolbar for Internet Explorer (x32 Version: 7.5.4601.54)
Google Update Helper (x32 Version: 1.3.22.3)
Malwarebytes Anti-Malware Version 1.75.0.1300 (x32 Version: 1.75.0.1300)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938)
Microsoft Antimalware Service DE-DE Language Pack (Version: 3.0.8402.2)
Microsoft Security Client (Version: 4.4.0304.0)
Microsoft Security Client DE-DE Language Pack (Version: 2.1.1116.0)
Microsoft Security Essentials (Version: 4.4.304.0)
Microsoft Silverlight (Version: 5.1.20913.0)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (x32 Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0)
Nero 8 Essentials (x32 Version: 8.3.99)
neroxml (x32 Version: 1.0.0)
NVIDIA 3D Vision Treiber 311.06 (Version: 311.06)
NVIDIA Grafiktreiber 311.06 (Version: 311.06)
NVIDIA Install Application (Version: 2.1002.108.688)
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.1106)
NVIDIA Systemsteuerung 311.06 (Version: 311.06)
NVIDIA Update 1.11.3 (Version: 1.11.3)
NVIDIA Update Components (Version: 1.11.3)
PDF Settings CC (x32 Version: 12.0)
Pixum Fotobuch (x32 Version: 5.0.1)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.5832)
VCRedistSetup (x32 Version: 1.0.0)
VLC media player 2.0.8 (x32 Version: 2.0.8)
Windows Essentials Media Codec Pack 4.0 [64-Bit] (x32 Version: 4.0)
Windows Movie Maker 2.6 (x32 Version: 2.6.4037.0)
WinRAR 4.01 (64-Bit) (Version: 4.01.0)
==================== Restore Points =========================
12-12-2013 00:28:45 Removed Google Drive
12-12-2013 00:30:15 Installiert Suite
==================== Hosts content: ==========================
2009-07-14 03:34 - 2013-12-11 23:51 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Scheduled Tasks (whitelisted) =============
Task: {06C9B9D7-FF21-4AC7-8167-B6F3A658E783} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-56278748-1824488600-3805507179-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {43EFC96A-6BD8-4740-952D-1E0A7833AA17} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-56278748-1824488600-3805507179-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {A9266E28-4F71-4998-AFB2-0AFBF41D519B} - System32\Tasks\Windows Codec Update Service => C:\Program Files (x86)\Essentials Codec Pack\WECPUpdate.exe [2012-02-03] (MediaCodec.Org)
Task: {CF61C7AA-5CCC-4FA5-A707-61CBDAFE3342} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-07-22] (Google Inc.)
Task: {E0754907-60BB-4572-95E3-089C12E5DCFD} - System32\Tasks\AdobeAAMUpdater-1.0-WENDELIN-CADCAM => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2013-09-25] (Adobe Systems Incorporated)
Task: {F78F32FE-ED51-42A6-BDD9-89B55A88EC9A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-07-22] (Google Inc.)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2013-10-16 18:02 - 2013-10-16 18:02 - 03358064 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll
2011-08-18 21:40 - 2011-05-28 21:05 - 00164864 _____ () C:\Program Files\WinRAR\rarext.dll
==================== Safe Mode (whitelisted) ===================
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (12/12/2013 00:11:35 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error: (12/12/2013 00:10:22 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error: (12/11/2013 11:59:13 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error: (12/11/2013 09:13:08 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error: (12/10/2013 10:42:19 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error: (12/10/2013 09:09:26 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error: (12/10/2013 09:08:55 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error: (12/10/2013 09:08:55 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error: (12/10/2013 06:46:15 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
System errors:
=============
Error: (12/12/2013 10:01:00 PM) (Source: Service Control Manager) (User: )
Description: Dienst "NVIDIA Stereoscopic 3D Driver Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (12/12/2013 09:53:23 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1069
Error: (12/12/2013 09:53:23 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:
%%1330
Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).
Error: (12/12/2013 01:36:13 AM) (Source: DCOM) (User: )
Description: C:\PROGRA~2\COMMON~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe -Embedding740{E9513610-F218-4DDA-B954-2C7E6BA7CABB}
Error: (12/11/2013 11:53:11 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1069
Error: (12/11/2013 11:53:11 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:
%%1330
Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).
Error: (12/11/2013 11:49:57 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
Error: (12/11/2013 11:49:24 PM) (Source: Application Popup) (User: )
Description: Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\ComboFix\catchme.sys nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.
Error: (12/11/2013 11:49:24 PM) (Source: Application Popup) (User: )
Description: Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\ComboFix\catchme.sys nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.
Error: (12/11/2013 11:47:34 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
Microsoft Office Sessions:
=========================
Error: (12/12/2013 00:11:35 AM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\CADCAM\Desktop\esetsmartinstaller_enu.exe
Error: (12/12/2013 00:10:22 AM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\CADCAM\Desktop\esetsmartinstaller_enu.exe
Error: (12/11/2013 11:59:13 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\CADCAM\Desktop\esetsmartinstaller_enu.exe
Error: (12/11/2013 09:13:08 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestc:\Users\CADCAM\Desktop\esetsmartinstaller_enu.exe
Error: (12/10/2013 10:42:19 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe
Error: (12/10/2013 09:09:26 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\CADCAM\Desktop\esetsmartinstaller_enu.exe
Error: (12/10/2013 09:08:55 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\CADCAM\Desktop\esetsmartinstaller_enu.exe
Error: (12/10/2013 09:08:55 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\CADCAM\Desktop\esetsmartinstaller_enu.exe
Error: (12/10/2013 06:46:15 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestc:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe
CodeIntegrity Errors:
===================================
Date: 2013-12-11 23:49:24.810
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2013-12-11 23:49:24.701
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2013-12-11 23:49:24.592
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2013-12-11 23:49:24.482
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2013-12-11 00:22:08.445
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2013-12-11 00:22:08.336
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2013-12-11 00:22:08.226
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2013-12-11 00:22:08.117
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2013-12-08 21:16:38.357
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2013-12-08 21:16:38.248
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
==================== Memory info ===========================
Percentage of memory in use: 22%
Total physical RAM: 8191.18 MB
Available physical RAM: 6377.45 MB
Total Pagefile: 16380.54 MB
Available Pagefile: 14498.57 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB
==================== Drives ================================
Drive c: (HD_System) (Fixed) (Total:195.32 GB) (Free:35.64 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (HD_Backup) (Fixed) (Total:234.33 GB) (Free:1.23 GB) NTFS
Drive f: (HD2_1) (Fixed) (Total:100.01 GB) (Free:3.78 GB) NTFS
Drive g: (HD2_3) (Fixed) (Total:229.64 GB) (Free:2.93 GB) NTFS
Drive h: (HD2_2) (Fixed) (Total:100 GB) (Free:17.22 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 93B45C35)
Partition 1: (Active) - (Size=195 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=270 GB) - (Type=OF Extended)
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 8E530E68)
Partition 1: (Active) - (Size=100 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=100 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=266 GB) - (Type=OF Extended)
==================== End Of Log ============================
|
|
13.12.2013, 14:57
| #45 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Reveton Trojaner nicht vollständig entfernt Sieht soweit ok aus  Wegen Cookies und anderer Dinge im Web: Um die Pest von vornherein zu blocken (also TrackingCookies, Werbebanner etc.) müsstest du dir mal sowas wie MVPS Hosts File anschauen => Blocking Unwanted Parasites with a Hosts File - sinnvollerweise solltest du alle 4 Wochen mal bei MVPS nachsehen, ob er eine neue Hosts Datei herausgebracht hat. Info: Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie ) Ansonsten gibt es noch gute Cookiemanager, Erweiterungen für den Firefox zB wäre da CookieCuller Wenn du aber damit leben kannst, dich bei jeder Browsersession überall neu einzuloggen (zB Facebook, Ebay, GMX, oder auch Trojaner-Board) dann stell den Browser einfach so ein, dass einfach alles beim Beenden des Browser inkl. Cookies gelöscht wird. Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu Reveton Trojaner nicht vollständig entfernt |
| aktuelle, antimalwarebytes, datei, dateien, dll, error, forum, gelöscht, hochfahren, infizierte, internetseite, internetverbindung, logfile, microsoft, modul, neustart, nicht mehr, ordner, passwort, programm, security, seite, seiten, system, trojaner, verbindung |
Linear-Darstellung
