| |
| |||||||
Log-Analyse und Auswertung: Finanzamt Trojaner rechtzeitig von Sophos geblockt?Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
07.09.2014, 18:59
| #1 |
| |  Finanzamt Trojaner rechtzeitig von Sophos geblockt? Hallo Trojaner-Experten, ich habe die sogenannte Finanzamt-E-Mail bekommen. Dort war die zip-Datei mit angehängt, die ich entpackt habe und (versucht) habe zu öffnen. Versucht deshalb, weil ich kein Word habe, sondern lediglich den Word-Viewer und Open Office und deshalb die Datei nicht zu öffnen war (Fehler: "Makros müssen aktiviert werden"). Kurz darauf kam von Sophos der Hinweis, dass ein Trojaner in die Quarantäne verschoben wurde. Jetzt würde ich gerne wissen, ob mein Computer tatsächlich dem Trojaner entgangen ist (immerhin habe ich schon alles durchgeführt) oder ob ich noch einmal Glück hatte. Leider finde ich in meinem Sophos keine weiteren Informationen mehr über den Trojaner - ich habe aber gemäß Anleitung sämtliche Files erstellt: Defogger: Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 19:15 on 07/09/2014 (Pippin)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-
FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 07-09-2014 01
Ran by Pippin (administrator) on PIP on 07-09-2014 19:25:34
Running from C:\Users\Pippin\Downloads
Platform: Windows 8 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 10
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe
() C:\Windows\System32\DptfParticipantProcessorService.exe
() C:\Windows\System32\DptfPolicyConfigTDPService.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(ASUS) C:\Program Files\ASUS\P4G\BatteryLife.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnWMI.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\AutoUpdate\ALMon.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(ASUSTeK) C:\Windows\SysWOW64\ACEngSvr.exe
(Dropbox, Inc.) C:\Users\Pippin\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavMain.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [DptfPolicyLpmServiceHelper] => C:\Windows\system32\DptfPolicyLpmServiceHelper.exe [21888 2012-07-30] ()
HKLM\...\Run: [ACMON] => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [107192 2012-08-24] (ASUS)
HKLM-x32\...\Run: [ASUSWebStorage] => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\AsusWSPanel.exe [3417984 2012-08-28] (ASUS Cloud Corporation)
HKLM-x32\...\Run: [Sophos AutoUpdate Monitor] => C:\Program Files (x86)\Sophos\AutoUpdate\almon.exe [900160 2012-07-06] (Sophos Limited)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-12-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [224128 2014-03-18] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-242285392-2585440693-653752246-1002\...\Policies\Explorer: [NoDrives] 0x00000000
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [247144 2012-10-08] (NVIDIA Corporation)
AppInit_DLLs: ,C:\PROGRA~2\Sophos\SOPHOS~1\SOPHOS~2.DLL => C:\Program Files (x86)\Sophos\Sophos Anti-Virus\sophos_detoured_x64.dll [218696 2014-07-29] (Sophos Limited)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [202600 2012-10-08] (NVIDIA Corporation)
AppInit_DLLs-x32: ,C:\PROGRA~2\Sophos\SOPHOS~1\SOPHOS~1.DLL => C:\Program Files (x86)\Sophos\Sophos Anti-Virus\sophos_detoured.dll [222280 2014-07-29] (Sophos Limited)
Startup: C:\Users\Pippin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Pippin\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: AsusWSShellExt_B -> {6D4133E5-0742-4ADC-8A8C-9303440F7190} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\ASUSWSShellExt64.dll (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: AsusWSShellExt_O -> {64174815-8D98-4CE6-8646-4C039977D808} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\ASUSWSShellExt64.dll (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: AsusWSShellExt_U -> {1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4D} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\ASUSWSShellExt64.dll (ASUS Cloud Corporation.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=ASU2JS
SearchScopes: HKLM-x32 - DefaultScope value is missing.
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre8\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre8\bin\jp2ssv.dll (Oracle Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog9 01 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [87616] (Sophos Limited)
Winsock: Catalog9 02 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [87616] (Sophos Limited)
Winsock: Catalog9 03 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [87616] (Sophos Limited)
Winsock: Catalog9 04 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [87616] (Sophos Limited)
Winsock: Catalog9 05 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [87616] (Sophos Limited)
Winsock: Catalog9 06 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [87616] (Sophos Limited)
Winsock: Catalog9 07 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [87616] (Sophos Limited)
Winsock: Catalog9 08 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [87616] (Sophos Limited)
Winsock: Catalog9 20 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [87616] (Sophos Limited)
Winsock: Catalog9-x64 01 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [127040] (Sophos Limited)
Winsock: Catalog9-x64 02 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [127040] (Sophos Limited)
Winsock: Catalog9-x64 03 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [127040] (Sophos Limited)
Winsock: Catalog9-x64 04 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [127040] (Sophos Limited)
Winsock: Catalog9-x64 05 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [127040] (Sophos Limited)
Winsock: Catalog9-x64 06 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [127040] (Sophos Limited)
Winsock: Catalog9-x64 07 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [127040] (Sophos Limited)
Winsock: Catalog9-x64 08 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [127040] (Sophos Limited)
Winsock: Catalog9-x64 20 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [127040] (Sophos Limited)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
FireFox:
========
FF ProfilePath: C:\Users\Pippin\AppData\Roaming\Mozilla\Firefox\Profiles\63282fnp.default
FF DefaultSearchEngine: Google
FF SelectedSearchEngine: Google
FF Homepage: https://www.google.de/
FF Keyword.URL: user_pref("keyword.URL", "");
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_125.dll ()
FF Plugin: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_125.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.5.2 -> C:\Program Files (x86)\Java\jre8\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.5.2 -> C:\Program Files (x86)\Java\jre8\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll (Nullsoft, Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\sweet-page.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Adblock Plus - C:\Users\Pippin\AppData\Roaming\Mozilla\Firefox\Profiles\63282fnp.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-02-23]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
Chrome:
=======
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 ASUS InstantOn; C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe [277120 2012-04-13] (ASUS)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2369720 2014-08-01] (Microsoft Corporation)
R2 DptfParticipantProcessorService; C:\Windows\system32\DptfParticipantProcessorService.exe [29056 2012-07-30] ()
R2 DptfPolicyConfigTDPService; C:\Windows\system32\DptfPolicyConfigTDPService.exe [30592 2012-07-30] ()
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [129856 2012-06-27] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
S3 KeyIso; C:\Windows\SysWOW64\keyiso.dll [43520 2012-07-26] (Microsoft Corporation)
S3 Netlogon; C:\Windows\SysWOW64\netlogon.dll [634368 2012-07-26] (Microsoft Corporation)
R2 SAVAdminService; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe [215848 2014-04-14] (Sophos Limited)
R2 SAVService; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe [139048 2014-04-14] (Sophos Limited)
R2 Sophos AutoUpdate Service; C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe [232512 2012-07-06] (Sophos Limited)
S3 StorSvc; C:\Windows\SysWOW64\storsvc.dll [18432 2012-07-26] (Microsoft Corporation)
R2 swi_service; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe [2869824 2012-11-12] (Sophos Limited)
S2 swi_update_64; C:\ProgramData\Sophos\Web Intelligence\swi_update_64.exe [1998400 2012-11-12] (Sophos Limited)
S4 TuneUp.Defrag; C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpDefragService.exe [607040 2013-02-22] (TuneUp Software)
S4 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe [1403200 2011-11-21] (TuneUp Software)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16056 2014-03-29] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R3 ATP; C:\Windows\System32\drivers\AsusTP.sys [61824 2012-10-31] (ASUS Corporation)
R3 DptfDevDram; C:\Windows\system32\DRIVERS\DptfDevDram.sys [107328 2012-07-13] (Intel Corporation)
R3 DptfDevFan; C:\Windows\system32\DRIVERS\DptfDevFan.sys [42816 2012-07-13] (Intel Corporation)
R3 DptfDevGen; C:\Windows\system32\DRIVERS\DptfDevGen.sys [64832 2012-07-13] (Intel Corporation)
R3 DptfDevPch; C:\Windows\system32\DRIVERS\DptfDevPch.sys [96064 2012-07-13] (Intel Corporation)
R3 DptfDevProc; C:\Windows\system32\DRIVERS\DptfDevProc.sys [228672 2012-07-13] (Intel Corporation)
R3 DptfManager; C:\Windows\system32\DRIVERS\DptfManager.sys [361792 2012-07-13] (Intel Corporation)
R3 kbfiltr; C:\Windows\System32\drivers\kbfiltr.sys [14992 2012-08-02] ( )
R1 SAVOnAccess; C:\Windows\System32\DRIVERS\savonaccess.sys [144672 2012-04-24] (Sophos Limited)
S4 SophosBootDriver; C:\Windows\system32\DRIVERS\SophosBootDriver.sys [25608 2011-08-25] (Sophos Plc)
S3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesDriver64.sys [11856 2010-02-24] (TuneUp Software)
U0 msahci; No ImagePath
U3 fxloapow; \??\C:\Users\Pippin\AppData\Local\Temp\fxloapow.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-09-07 19:24 - 2014-09-07 19:25 - 00009936 _____ () C:\Users\Pippin\Downloads\Addition.txt
2014-09-07 19:23 - 2014-09-07 19:25 - 00016775 _____ () C:\Users\Pippin\Downloads\FRST.txt
2014-09-07 19:23 - 2014-09-07 19:23 - 00380416 _____ () C:\Users\Pippin\Downloads\jyff14mu.exe
2014-09-07 19:22 - 2014-09-07 19:25 - 00000000 ____D () C:\FRST
2014-09-07 19:19 - 2014-09-07 19:19 - 02105344 _____ (Farbar) C:\Users\Pippin\Downloads\FRST64.exe
2014-09-07 19:15 - 2014-09-07 19:15 - 00000474 _____ () C:\Users\Pippin\Downloads\defogger_disable.log
2014-09-07 19:15 - 2014-09-07 19:15 - 00000000 _____ () C:\Users\Pippin\defogger_reenable
2014-09-07 19:13 - 2014-09-07 19:13 - 00050477 _____ () C:\Users\Pippin\Downloads\Defogger.exe
2014-09-04 20:07 - 2014-09-04 20:10 - 00000000 ____D () C:\Users\Pippin\Downloads\Steuerbericht09201417
2014-09-03 21:27 - 2014-09-03 21:27 - 00017309 _____ () C:\Users\Pippin\Desktop\Picknick.odt
2014-08-27 22:46 - 2014-08-23 08:47 - 04036096 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-20 22:22 - 2014-08-27 22:51 - 00449272 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-08-13 09:40 - 2014-07-16 00:51 - 00071168 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hdaudbus.sys
2014-08-13 09:36 - 2014-06-11 00:44 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-08-13 09:36 - 2014-06-11 00:43 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2014-08-13 09:33 - 2014-07-24 14:11 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-08-13 09:33 - 2014-07-24 14:10 - 02240000 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-08-13 09:33 - 2014-07-24 14:10 - 01407488 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-08-13 09:33 - 2014-07-24 14:10 - 00915968 _____ (Microsoft Corporation) C:\Windows\system32\uxtheme.dll
2014-08-13 09:33 - 2014-07-24 14:10 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\UXInit.dll
2014-08-13 09:33 - 2014-07-24 14:09 - 19279872 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-08-13 09:33 - 2014-07-24 14:09 - 15399936 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-08-13 09:33 - 2014-07-24 14:09 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-08-13 09:33 - 2014-07-24 14:09 - 02655232 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-08-13 09:33 - 2014-07-24 14:09 - 01508864 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-08-13 09:33 - 2014-07-24 14:09 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-08-13 09:33 - 2014-07-24 14:09 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-08-13 09:33 - 2014-07-24 14:09 - 00451584 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-08-13 09:33 - 2014-07-24 14:09 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-08-13 09:33 - 2014-07-24 14:09 - 00255488 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-08-13 09:33 - 2014-07-24 14:09 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-08-13 09:33 - 2014-07-24 14:09 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-08-13 09:33 - 2014-07-24 14:09 - 00097280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-08-13 09:33 - 2014-07-24 14:09 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-08-13 09:33 - 2014-07-24 14:09 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-08-13 09:33 - 2014-07-24 14:09 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-08-13 09:33 - 2014-07-24 12:52 - 01766400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-08-13 09:33 - 2014-07-24 12:52 - 01180672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-08-13 09:33 - 2014-07-24 12:52 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UXInit.dll
2014-08-13 09:33 - 2014-07-24 12:51 - 14371328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-08-13 09:33 - 2014-07-24 12:51 - 13757440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-08-13 09:33 - 2014-07-24 12:51 - 02861568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-08-13 09:33 - 2014-07-24 12:51 - 02054656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-08-13 09:33 - 2014-07-24 12:51 - 01440768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-08-13 09:33 - 2014-07-24 12:51 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-08-13 09:33 - 2014-07-24 12:51 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-08-13 09:33 - 2014-07-24 12:51 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-08-13 09:33 - 2014-07-24 12:51 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-08-13 09:33 - 2014-07-24 12:51 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-08-13 09:33 - 2014-07-24 12:51 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-08-13 09:33 - 2014-07-24 12:51 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-08-13 09:33 - 2014-07-24 12:51 - 00080384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-08-13 09:33 - 2014-07-24 12:51 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-08-13 09:33 - 2014-07-24 12:51 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-08-13 09:33 - 2014-07-24 12:51 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-08-13 09:33 - 2014-07-24 12:33 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-08-13 09:33 - 2014-07-24 12:29 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-08-13 09:33 - 2014-07-24 10:03 - 00534528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\uxtheme.dll
2014-08-13 09:33 - 2014-07-16 01:03 - 01300992 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-13 09:33 - 2014-07-12 04:36 - 01023488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-13 09:33 - 2014-06-13 03:57 - 01453400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-08-13 09:33 - 2014-06-13 03:55 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2014-08-13 09:31 - 2014-06-20 01:35 - 01312768 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2014-08-13 09:31 - 2014-06-20 00:24 - 00694272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2014-08-13 09:31 - 2014-06-05 19:56 - 00112984 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-08-13 09:31 - 2014-06-05 19:30 - 10116608 _____ (Microsoft Corporation) C:\Windows\system32\twinui.dll
2014-08-13 09:31 - 2014-06-05 19:29 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-08-13 09:31 - 2014-06-05 19:29 - 00393216 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2014-08-13 09:31 - 2014-06-05 19:28 - 02306560 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-08-13 09:31 - 2014-06-05 19:28 - 02146304 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll
2014-08-13 09:31 - 2014-06-05 15:12 - 08857600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll
2014-08-13 09:31 - 2014-06-05 15:11 - 02416128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-08-13 09:31 - 2014-06-05 15:11 - 00295424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2014-08-13 09:31 - 2014-06-05 15:10 - 02037760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-08-13 09:31 - 2014-06-05 15:10 - 00754176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\actxprxy.dll
2014-08-13 09:31 - 2014-05-29 06:04 - 00094552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2014-08-13 09:31 - 2014-05-08 03:34 - 00328024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Classpnp.sys
2014-08-13 09:31 - 2014-05-03 08:34 - 06974808 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-08-13 09:31 - 2014-05-03 08:33 - 01824808 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2014-08-13 09:31 - 2014-05-03 06:51 - 01408976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2014-08-13 09:31 - 2014-05-02 00:37 - 01023488 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2014-08-13 09:31 - 2014-04-30 00:32 - 00126464 _____ (Microsoft Corporation) C:\Windows\system32\Robocopy.exe
2014-08-13 09:31 - 2014-04-30 00:32 - 00106496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Robocopy.exe
2014-08-13 09:31 - 2014-04-24 01:51 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSShared.dll
2014-08-13 09:31 - 2014-04-24 01:51 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-08-13 09:31 - 2014-04-24 01:38 - 00693760 _____ (Microsoft Corporation) C:\Windows\system32\WSShared.dll
2014-08-13 09:31 - 2014-04-24 01:38 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-08-11 20:41 - 2014-09-04 21:53 - 00144038 _____ () C:\Users\Pippin\Desktop\FFT 2013_fertig.mcf
2014-08-11 20:41 - 2014-09-04 21:53 - 00000000 ____D () C:\Users\Pippin\Desktop\FFT 2013_fertig_mcf-Dateien
2014-08-11 20:41 - 2014-08-11 20:41 - 00143468 _____ () C:\Users\Pippin\Desktop\FFT 2013_fertig.mcf~
2014-08-10 21:15 - 2014-08-10 21:15 - 00002616 _____ () C:\Windows\PFRO.log
2014-08-09 21:36 - 2014-08-09 21:36 - 00001865 _____ () C:\Users\Pippin\Downloads\URLLink(22).acsm
2014-08-09 21:35 - 2014-08-09 21:35 - 00001797 _____ () C:\Users\Pippin\Downloads\URLLink(21).acsm
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-09-07 19:25 - 2014-09-07 19:24 - 00009936 _____ () C:\Users\Pippin\Downloads\Addition.txt
2014-09-07 19:25 - 2014-09-07 19:23 - 00016775 _____ () C:\Users\Pippin\Downloads\FRST.txt
2014-09-07 19:25 - 2014-09-07 19:22 - 00000000 ____D () C:\FRST
2014-09-07 19:23 - 2014-09-07 19:23 - 00380416 _____ () C:\Users\Pippin\Downloads\jyff14mu.exe
2014-09-07 19:19 - 2014-09-07 19:19 - 02105344 _____ (Farbar) C:\Users\Pippin\Downloads\FRST64.exe
2014-09-07 19:15 - 2014-09-07 19:15 - 00000474 _____ () C:\Users\Pippin\Downloads\defogger_disable.log
2014-09-07 19:15 - 2014-09-07 19:15 - 00000000 _____ () C:\Users\Pippin\defogger_reenable
2014-09-07 19:15 - 2013-02-20 07:06 - 00000000 ____D () C:\Users\Pippin
2014-09-07 19:14 - 2012-11-02 13:43 - 01883270 _____ () C:\Windows\WindowsUpdate.log
2014-09-07 19:13 - 2014-09-07 19:13 - 00050477 _____ () C:\Users\Pippin\Downloads\Defogger.exe
2014-09-07 19:13 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\AUInstallAgent
2014-09-07 19:12 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\system32\sru
2014-09-07 19:10 - 2013-09-02 19:47 - 00000000 ___RD () C:\Users\Pippin\Dropbox
2014-09-07 19:10 - 2013-09-02 19:43 - 00000000 ____D () C:\Users\Pippin\AppData\Roaming\Dropbox
2014-09-07 19:10 - 2013-02-20 07:10 - 00000507 _____ () C:\Users\Pippin\AppData\Roaming\sp_data.sys
2014-09-04 21:53 - 2014-08-11 20:41 - 00144038 _____ () C:\Users\Pippin\Desktop\FFT 2013_fertig.mcf
2014-09-04 21:53 - 2014-08-11 20:41 - 00000000 ____D () C:\Users\Pippin\Desktop\FFT 2013_fertig_mcf-Dateien
2014-09-04 21:53 - 2013-12-20 18:07 - 00000000 ____D () C:\ProgramData\tmp
2014-09-04 20:10 - 2014-09-04 20:07 - 00000000 ____D () C:\Users\Pippin\Downloads\Steuerbericht09201417
2014-09-03 21:48 - 2013-03-03 19:48 - 00000099 _____ () C:\Users\Public\LMDebug.log
2014-09-03 21:27 - 2014-09-03 21:27 - 00017309 _____ () C:\Users\Pippin\Desktop\Picknick.odt
2014-08-29 20:20 - 2013-10-23 22:00 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2014-08-27 23:00 - 2012-08-03 01:02 - 00760560 _____ () C:\Windows\system32\perfh007.dat
2014-08-27 23:00 - 2012-08-03 01:02 - 00158770 _____ () C:\Windows\system32\perfc007.dat
2014-08-27 23:00 - 2012-07-26 09:28 - 01745416 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-08-27 22:52 - 2012-07-26 09:22 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-08-27 22:51 - 2014-08-20 22:22 - 00449272 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-08-27 22:50 - 2012-07-26 07:26 - 00262144 ___SH () C:\Windows\system32\config\BBI
2014-08-27 22:49 - 2012-07-26 09:59 - 00000000 ____D () C:\Windows\CbsTemp
2014-08-27 22:21 - 2013-07-10 21:54 - 00000000 _____ () C:\Windows\system32\vireng.log
2014-08-27 22:14 - 2013-02-21 23:27 - 00000000 ____D () C:\Users\Pippin\AppData\Roaming\Skype
2014-08-23 08:47 - 2014-08-27 22:46 - 04036096 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-20 22:17 - 2012-07-26 10:12 - 00000000 ___RD () C:\Windows\ToastData
2014-08-20 22:17 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\WinStore
2014-08-14 20:25 - 2013-09-15 22:09 - 00000000 ____D () C:\Windows\system32\MRT
2014-08-14 20:22 - 2013-02-23 17:19 - 99218768 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-08-12 22:31 - 2013-09-02 19:47 - 00000984 _____ () C:\Users\Pippin\Desktop\Dropbox.lnk
2014-08-12 22:31 - 2013-09-02 19:44 - 00000000 ____D () C:\Users\Pippin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-08-12 22:28 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\LiveKernelReports
2014-08-11 20:41 - 2014-08-11 20:41 - 00143468 _____ () C:\Users\Pippin\Desktop\FFT 2013_fertig.mcf~
2014-08-10 21:15 - 2014-08-10 21:15 - 00002616 _____ () C:\Windows\PFRO.log
2014-08-10 21:15 - 2013-02-21 06:14 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-08-10 21:13 - 2012-07-26 10:12 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-08-10 21:13 - 2012-07-26 10:12 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-08-10 21:12 - 2012-07-26 11:45 - 00000000 ____D () C:\Program Files\Windows Journal
2014-08-09 21:36 - 2014-08-09 21:36 - 00001865 _____ () C:\Users\Pippin\Downloads\URLLink(22).acsm
2014-08-09 21:36 - 2014-01-13 22:54 - 00000000 ____D () C:\Users\Pippin\Documents\My Digital Editions
2014-08-09 21:35 - 2014-08-09 21:35 - 00001797 _____ () C:\Users\Pippin\Downloads\URLLink(21).acsm
Files to move or delete:
====================
C:\ProgramData\SetStretch.exe
Some content of TEMP:
====================
C:\Users\Pippin\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpezhkey.dll
C:\Users\Pippin\AppData\Local\Temp\SkypeSetup.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-08-27 22:22
==================== End Of Log ============================
--- --- --- Addition: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 07-09-2014 01
Ran by Pippin at 2014-09-07 19:25:59
Running from C:\Users\Pippin\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Sophos Anti-Virus (Enabled - Up to date) {6BABF8F7-3EB6-BD1D-9167-8C5ECA060A29}
AS: Sophos Anti-Virus (Enabled - Up to date) {D0CA1913-188C-B293-ABD7-B72CB1814094}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version: - )
Adobe Digital Editions 2.0 (HKLM-x32\...\Adobe Digital Editions 2.0) (Version: 2.0 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.125 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.08) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
ASUS Instant Connect (HKLM-x32\...\{89ECB85A-D933-4CEA-9116-5CBC9C2ED95B}) (Version: 1.2.8 - ASUS)
ASUS InstantOn (HKLM-x32\...\{749F674B-2674-47E8-879C-5626A06B2A91}) (Version: 3.0.2 - ASUS)
ASUS Live Update (HKLM-x32\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.1.8 - ASUS)
ASUS Power4Gear Hybrid (HKLM\...\{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}) (Version: 2.0.4 - ASUS)
ASUS Smart Gesture (HKLM-x32\...\{4D3286A6-F6AB-498A-82A4-E4F040529F3D}) (Version: 1.0.35 - ASUS)
ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 1.03.0004 - ASUS)
ASUS Tutor (HKLM-x32\...\{58172D66-2F69-4215-9AEC-ED8196023736}) (Version: 1.0.7 - ASUS)
ASUS USB Charger Plus (HKLM-x32\...\{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}) (Version: 2.1.4 - ASUS)
ASUS WebStorage Sync Agent (HKLM-x32\...\ASUS WebStorage) (Version: 1.1.9.120 - ASUS Cloud Corporation)
ASUSDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.4126.52 - CyberLink Corp.)
ASUSDVD (x32 Version: 10.0.4126.52 - CyberLink Corp.) Hidden
AsusVibe2.0 (HKLM-x32\...\Asus Vibe2.0) (Version: 2.0.12.309 - ASUSTEK)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0022 - ASUS)
calibre (HKLM-x32\...\{3091A8EB-386B-46D7-8E19-4139424261DD}) (Version: 1.24.0 - Kovid Goyal)
Canon G.726 WMP-Decoder (HKLM-x32\...\Canon G.726 WMP-Decoder) (Version: 1.1.0.4 - Canon Inc.)
CANON iMAGE GATEWAY Task for ZoomBrowser EX (HKLM-x32\...\CANON iMAGE GATEWAY Task) (Version: 1.5.0.3 - Canon Inc.)
Canon Internet Library for ZoomBrowser EX (HKLM-x32\...\Canon Internet Library for ZoomBrowser EX) (Version: 1.6.1.6 - Canon Inc.)
Canon MovieEdit Task for ZoomBrowser EX (HKLM-x32\...\MovieEditTask) (Version: 2.6.0.4 - Canon Inc.)
Canon RAW Image Task for ZoomBrowser EX (HKLM-x32\...\RAW Image Task) (Version: 0.9.3.9 - Canon Inc.)
Canon Utilities CameraWindow (HKLM-x32\...\CameraWindowLauncher) (Version: 7.1.0.2 - Canon Inc.)
Canon Utilities CameraWindow DC (HKLM-x32\...\CameraWindowDC) (Version: 7.1.0.7 - Canon Inc.)
Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX (HKLM-x32\...\CameraWindowDVC6) (Version: 6.4.2.16 - Canon Inc.)
Canon Utilities MyCamera (HKLM-x32\...\MyCamera) (Version: 6.4.0.5 - Canon Inc.)
Canon Utilities MyCamera DC (HKLM-x32\...\MyCameraDC) (Version: 7.0.1.8 - Canon Inc.)
Canon Utilities PhotoStitch (HKLM-x32\...\PhotoStitch) (Version: 3.1.21.45 - Canon Inc.)
Canon Utilities RemoteCapture Task for ZoomBrowser EX (HKLM-x32\...\RemoteCaptureTask) (Version: 1.7.1.9 - Canon Inc.)
Canon Utilities ZoomBrowser EX (HKLM-x32\...\ZoomBrowser EX) (Version: 6.1.0.20 - Canon Inc.)
Canon ZoomBrowser EX Memory Card Utility (HKLM-x32\...\ZoomBrowser EX Memory Card Utility) (Version: 1.1.0.8 - Canon Inc.)
Compatibility Pack für 2007 Office System (HKLM-x32\...\{90120000-0020-0407-0000-0000000FF1CE}) (Version: 12.0.6514.5001 - Microsoft Corporation)
D-Fend Reloaded 1.3.3 (deinstallieren) (HKLM-x32\...\D-Fend Reloaded) (Version: 1.3.3 - Alexander Herzog)
Dropbox (HKCU\...\Dropbox) (Version: 2.10.27 - Dropbox, Inc.)
ElsterFormular (HKLM-x32\...\ElsterFormular) (Version: 15.2.13992 - Landesfinanzdirektion Thüringen)
Intel(R) Dynamic Platform and Thermal Framework (HKLM-x32\...\FFD10ECE-F715-4a86-9BD8-F6F47DA5DA1C) (Version: 6.0.5.1080 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2828 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Intel® Trusted Connect Service Client (Version: 1.24.388.1 - Intel Corporation) Hidden
Java 7 Update 51 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417051FF}) (Version: 7.0.510 - Oracle)
Java 8 Update 5 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218005FF}) (Version: 8.0.50 - Oracle Corporation)
Java Auto Updater (x32 Version: 2.8.05.13 - Oracle, Inc.) Hidden
Kobo (HKLM-x32\...\Kobo) (Version: 3.5.0 - Kobo Inc.)
Mein CEWE FOTOBUCH (HKLM-x32\...\Mein CEWE FOTOBUCH) (Version: 5.1.2 - CEWE COLOR AG u Co. OHG)
Microsoft Office 365 - de-de (HKLM\...\O365HomePremRetail - de-de) (Version: 15.0.4641.1003 - Microsoft Corporation)
Microsoft Office Word Viewer 2003 (HKLM-x32\...\{90850407-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 31.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 31.0 (x86 de)) (Version: 31.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MyDriveConnect 3.3.0.1502 (HKLM-x32\...\MyDriveConnect) (Version: 3.3.0.1502 - TomTom)
NVIDIA Grafiktreiber 306.97 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 306.97 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.85.551 - NVIDIA Corporation) Hidden
NVIDIA Optimus 1.10.8 (Version: 1.10.8 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.12.0613 - NVIDIA Corporation) Hidden
NVIDIA PhysX System Software 9.12.0613 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.0613 - NVIDIA Corporation)
NVIDIA Systemsteuerung 306.97 (Version: 306.97 - NVIDIA Corporation) Hidden
NVIDIA Update 1.10.8 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.10.8 - NVIDIA Corporation)
NVIDIA Update Components (Version: 1.10.8 - NVIDIA Corporation) Hidden
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4641.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4641.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4641.1003 - Microsoft Corporation) Hidden
OpenOffice.org 3.4.1 (HKLM-x32\...\{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}) (Version: 3.41.9593 - Apache Software Foundation)
Qualcomm Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Qualcomm Atheros)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.3.730.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6699 - Realtek Semiconductor Corp.)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.8400.27023 - Realtek Semiconductor Corp.)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Skype™ 6.16 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.16.105 - Skype Technologies S.A.)
Sophos Anti-Virus (HKLM-x32\...\{9ACB414D-9347-40B6-A453-5EFB2DB59DFA}) (Version: 10.0.12 - Sophos Limited)
Sophos AutoUpdate (HKLM-x32\...\{15C418EB-7675-42be-B2B3-281952DA014D}) (Version: 2.7.4.317 - Sophos Limited)
Spellforce 2 Gold (HKLM-x32\...\{746F49C9-3789-4F8E-AF3A-3A4B42ACFAF8}) (Version: 1.00.0000 - JoWooD Productions Software AG)
SpellForce 2 Patch (x32 Version: 1.0.0 - JoWood) Hidden
TomTom HOME (HKLM-x32\...\{99072AB4-D795-44D5-9D65-E3C9F8322C97}) (Version: 2.9.6 - Ihr Firmenname)
TomTom HOME Visual Studio Merge Modules (HKLM-x32\...\{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}) (Version: 1.0.2 - TomTom International B.V.)
TuneUp Utilities (HKLM-x32\...\TuneUp Utilities) (Version: 9.0.6030.1 - TuneUp Software)
TuneUp Utilities (x32 Version: 9.0.6030.1 - TuneUp Software) Hidden
TuneUp Utilities Language Pack (de-DE) (x32 Version: 9.0.6030.1 - TuneUp Software) Hidden
Visual Studio C++ 10.0 Runtime (HKLM-x32\...\{4412F224-3849-4461-A3E9-DEEF8D252790}) (Version: 10.0.0 - TomTom International B.V.)
Winamp (HKLM-x32\...\Winamp) (Version: 5.63 - Nullsoft, Inc)
Winamp Erkennungs-Plug-in (HKCU\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)
Windows-Treiberpaket - ASUS (ATP) Mouse (10/29/2012 1.0.0.148) (HKLM\...\C01F56FBD9B141017E63E2A1A141E59934D4DC67) (Version: 10/29/2012 1.0.0.148 - ASUS)
WinRAR 5.01 (32-Bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
Zip Motion Block Video codec (Remove Only) (HKLM-x32\...\ZMBV) (Version: - DOSBox Team)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-242285392-2585440693-653752246-1002_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Pippin\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-242285392-2585440693-653752246-1002_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Pippin\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-242285392-2585440693-653752246-1002_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Pippin\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-242285392-2585440693-653752246-1002_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Pippin\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-242285392-2585440693-653752246-1002_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Pippin\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-242285392-2585440693-653752246-1002_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Pippin\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-242285392-2585440693-653752246-1002_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Pippin\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-242285392-2585440693-653752246-1002_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Pippin\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-242285392-2585440693-653752246-1002_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Pippin\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
==================== Restore Points =========================
15-06-2014 17:55:50 Geplanter Prüfpunkt
06-07-2014 18:19:04 Windows Update
17-07-2014 18:16:12 Geplanter Prüfpunkt
30-07-2014 20:08:01 Windows Update
13-08-2014 07:33:59 Windows Update
27-08-2014 20:46:14 Windows Update
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2012-07-26 07:26 - 2012-07-26 07:26 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {157FE703-085E-42B4-8226-FA60C8803A12} - System32\Tasks\ASUS Touchpad Launcher (x64) => C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLauncher.exe [2012-10-31] (AsusTek)
Task: {1AAFF332-5C62-4558-9991-DAA649C4C9C5} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {1C90A4CE-7715-40BF-AD27-57F85AD216EB} - System32\Tasks\AsusVibeSchedule => C:\Program Files (x86)\Asus\AsusVibe\AsusVibeLauncher.exe [2012-09-27] ()
Task: {23A5D8BE-9196-40EB-BD89-794398B2B073} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {38FD6AC5-0A95-4B51-9B6D-A81689FB8135} - System32\Tasks\Adobe Reader and Acrobat Manager => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-12-21] (Adobe Systems Incorporated)
Task: {4B4C7FC8-5693-4386-8779-AFBCACA13E74} - System32\Tasks\ASUS P4G => C:\Program Files\ASUS\P4G\BatteryLife.exe [2012-08-24] (ASUS)
Task: {8EBD91EF-B474-4FA7-9594-CDFEB186531C} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2014-08-14] (Microsoft Corporation)
Task: {A72208BF-7A49-4FB8-B684-252375F3443A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {B36BC086-5809-4F2D-9D71-F02DE2CAC57D} - System32\Tasks\Microsoft\Windows\Setup\Pre-staged GDR Notification => C:\Windows\system32\NotificationUI.exe [2014-01-31] (Microsoft Corporation)
Task: {B8512B0D-B80B-4958-AEB1-1DBDE3804D92} - System32\Tasks\ASUS USB Charger Plus => C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [2012-07-24] (ASUSTek Computer Inc.)
Task: {C6A88F2D-53D2-4805-9D69-443738A1847C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {D5327D3B-00E9-48D8-8987-C7E61DBF7AA8} - System32\Tasks\ASUS Live Update => C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [2012-07-25] (ASUSTeK Computer Inc.)
Task: {EBF06DEC-4228-4813-AC0C-62821AE4E330} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {F179B12B-EA30-43EB-9CF8-A460B65185BB} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-08-01] (Microsoft Corporation)
Task: {FEFF0835-7777-4C44-8F95-2A90E87027B8} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2014-08-29] (Microsoft Corporation)
==================== Loaded Modules (whitelisted) =============
2011-04-14 03:41 - 2011-04-14 03:41 - 00034304 _____ () C:\Windows\System32\ssb3ml6.dll
2011-04-14 03:40 - 2011-04-14 03:40 - 00968192 _____ () C:\Windows\system32\spool\DRIVERS\x64\3\ssb3mdu.dll
2012-09-07 06:41 - 2012-07-30 13:26 - 00029056 _____ () C:\Windows\system32\DptfParticipantProcessorService.exe
2012-09-07 06:41 - 2012-07-30 13:27 - 00030592 _____ () C:\Windows\system32\DptfPolicyConfigTDPService.exe
2014-03-19 22:46 - 2014-05-20 09:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2012-08-24 19:26 - 2012-08-24 19:26 - 00031360 _____ () C:\Program Files\ASUS\P4G\DevMng.dll
2012-09-07 06:39 - 2012-08-15 19:52 - 00094208 _____ () C:\Windows\system32\IccLibDll_x64.dll
2012-11-02 13:31 - 2012-06-25 12:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
2012-08-24 19:17 - 2012-08-24 19:17 - 00009216 _____ () C:\Program Files (x86)\ASUS\Splendid\GLCDdll.dll
2014-09-07 19:10 - 2014-09-07 19:10 - 00043008 _____ () c:\users\pippin\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpezhkey.dll
2013-08-23 21:01 - 2013-08-23 21:01 - 25100288 _____ () C:\Users\Pippin\AppData\Roaming\Dropbox\bin\libcef.dll
2014-07-31 20:30 - 2014-07-31 20:31 - 03800688 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
AlternateDataStreams: C:\ProgramData\Temp:48862C37
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SAVService => ""="service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SAVService => ""="service"
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: TomTomHOMEService => 2
MSCONFIG\Services: TuneUp.Defrag => 3
MSCONFIG\Services: TuneUp.UtilitiesSvc => 2
MSCONFIG\Services: UxTuneUp => 2
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (09/07/2014 07:20:01 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073415161
Error: (09/07/2014 07:10:20 PM) (Source: DptfPolicyLpmServiceHelper) (EventID: 1) (User: )
Description: DptfPolicyLpmServiceHelperWinMain: CreateSharedMemory() failed.
Error: (09/07/2014 07:10:20 PM) (Source: DptfPolicyLpmServiceHelper) (EventID: 1) (User: )
Description: DptfPolicyLpmServiceHelperCreateSharedMemory: CreateFileMapping() failed.Last error = [0x00000005]
Error: (09/04/2014 08:08:30 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073415161
Error: (09/04/2014 07:58:48 PM) (Source: DptfPolicyLpmServiceHelper) (EventID: 1) (User: )
Description: DptfPolicyLpmServiceHelperWinMain: CreateSharedMemory() failed.
Error: (09/04/2014 07:58:48 PM) (Source: DptfPolicyLpmServiceHelper) (EventID: 1) (User: )
Description: DptfPolicyLpmServiceHelperCreateSharedMemory: CreateFileMapping() failed.Last error = [0x00000005]
Error: (09/03/2014 08:40:19 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073415161
Error: (09/03/2014 08:30:40 PM) (Source: DptfPolicyLpmServiceHelper) (EventID: 1) (User: )
Description: DptfPolicyLpmServiceHelperWinMain: CreateSharedMemory() failed.
Error: (09/03/2014 08:30:40 PM) (Source: DptfPolicyLpmServiceHelper) (EventID: 1) (User: )
Description: DptfPolicyLpmServiceHelperCreateSharedMemory: CreateFileMapping() failed.Last error = [0x00000005]
Error: (09/01/2014 09:42:35 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073415161
System errors:
=============
Error: (08/09/2014 10:00:08 PM) (Source: DCOM) (EventID: 10010) (User: Pip)
Description: {46986115-84D6-459C-8F95-52DD653E532E}
Error: (08/09/2014 03:58:32 PM) (Source: DCOM) (EventID: 10005) (User: NT-AUTORITÄT)
Description: 1053defragsvcNicht verfügbar{D20A3293-3341-4AE8-9AAF-8E397CB63C34}
Error: (08/09/2014 03:58:32 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Laufwerke optimieren" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error: (08/09/2014 03:58:23 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Laufwerke optimieren erreicht.
Error: (08/09/2014 03:16:44 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Erkennung interaktiver Dienste" wurde mit folgendem Fehler beendet:
%%1
Error: (08/02/2014 07:13:54 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert und an den Remoteendpunkt gesendet. Dies kann dazu führen, dass die Verbindung beendet wird. Die schwerwiegende Warnung hat folgenden für das TLS-Protokoll definierten Code: 10. Der Windows-SChannel-Fehlerstatus lautet: 10.
Error: (08/02/2014 07:13:34 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert und an den Remoteendpunkt gesendet. Dies kann dazu führen, dass die Verbindung beendet wird. Die schwerwiegende Warnung hat folgenden für das TLS-Protokoll definierten Code: 10. Der Windows-SChannel-Fehlerstatus lautet: 10.
Error: (08/02/2014 07:13:14 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert und an den Remoteendpunkt gesendet. Dies kann dazu führen, dass die Verbindung beendet wird. Die schwerwiegende Warnung hat folgenden für das TLS-Protokoll definierten Code: 10. Der Windows-SChannel-Fehlerstatus lautet: 10.
Error: (08/02/2014 07:12:54 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert und an den Remoteendpunkt gesendet. Dies kann dazu führen, dass die Verbindung beendet wird. Die schwerwiegende Warnung hat folgenden für das TLS-Protokoll definierten Code: 10. Der Windows-SChannel-Fehlerstatus lautet: 10.
Error: (08/02/2014 07:12:33 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert und an den Remoteendpunkt gesendet. Dies kann dazu führen, dass die Verbindung beendet wird. Die schwerwiegende Warnung hat folgenden für das TLS-Protokoll definierten Code: 10. Der Windows-SChannel-Fehlerstatus lautet: 10.
Microsoft Office Sessions:
=========================
Error: (09/07/2014 07:20:01 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073415161
Error: (09/07/2014 07:10:20 PM) (Source: DptfPolicyLpmServiceHelper) (EventID: 1) (User: )
Description: DptfPolicyLpmServiceHelperWinMain: CreateSharedMemory() failed.
Error: (09/07/2014 07:10:20 PM) (Source: DptfPolicyLpmServiceHelper) (EventID: 1) (User: )
Description: DptfPolicyLpmServiceHelperCreateSharedMemory: CreateFileMapping() failed.Last error = [0x00000005]
Error: (09/04/2014 08:08:30 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073415161
Error: (09/04/2014 07:58:48 PM) (Source: DptfPolicyLpmServiceHelper) (EventID: 1) (User: )
Description: DptfPolicyLpmServiceHelperWinMain: CreateSharedMemory() failed.
Error: (09/04/2014 07:58:48 PM) (Source: DptfPolicyLpmServiceHelper) (EventID: 1) (User: )
Description: DptfPolicyLpmServiceHelperCreateSharedMemory: CreateFileMapping() failed.Last error = [0x00000005]
Error: (09/03/2014 08:40:19 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073415161
Error: (09/03/2014 08:30:40 PM) (Source: DptfPolicyLpmServiceHelper) (EventID: 1) (User: )
Description: DptfPolicyLpmServiceHelperWinMain: CreateSharedMemory() failed.
Error: (09/03/2014 08:30:40 PM) (Source: DptfPolicyLpmServiceHelper) (EventID: 1) (User: )
Description: DptfPolicyLpmServiceHelperCreateSharedMemory: CreateFileMapping() failed.Last error = [0x00000005]
Error: (09/01/2014 09:42:35 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073415161
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i3-3217U CPU @ 1.80GHz
Percentage of memory in use: 44%
Total physical RAM: 3981.52 MB
Available physical RAM: 2196.08 MB
Total Pagefile: 4685.52 MB
Available Pagefile: 2858.38 MB
Total Virtual: 8192 MB
Available Virtual: 8191.77 MB
==================== Drives ================================
Drive c: (OS) (Fixed) (Total:186.3 GB) (Free:112.87 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (DATA) (Fixed) (Total:258.44 GB) (Free:236.99 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: B19F8D36)
Partition: GPT Partition Type.
==================== End Of Log ============================
Code:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-09-07 19:42:52
Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\00000041 Hitachi_HTS545050A7E380 rev.GG2OA6C0 465,76GB
Running: jyff14mu.exe; Driver: C:\Users\Pippin\AppData\Local\Temp\fxloapow.sys
---- User code sections - GMER 2.1 ----
.text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[4888] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007fe234f177a 4 bytes [4F, 23, FE, 07]
.text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[4888] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007fe234f1782 4 bytes [4F, 23, FE, 07]
.text C:\Windows\system32\wbem\WmiApSrv.exe[4536] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007fe234f177a 4 bytes [4F, 23, FE, 07]
.text C:\Windows\system32\wbem\WmiApSrv.exe[4536] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007fe234f1782 4 bytes [4F, 23, FE, 07]
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[4388] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007fe1f121532 4 bytes [12, 1F, FE, 07]
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[4388] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007fe1f12153a 4 bytes [12, 1F, FE, 07]
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[4388] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007fe1f12165a 4 bytes [12, 1F, FE, 07]
.text C:\Windows\system32\nvvsvc.exe[328] C:\Windows\system32\MSIMG32.dll!GradientFill + 690 000007fe1f121532 4 bytes [12, 1F, FE, 07]
.text C:\Windows\system32\nvvsvc.exe[328] C:\Windows\system32\MSIMG32.dll!GradientFill + 698 000007fe1f12153a 4 bytes [12, 1F, FE, 07]
.text C:\Windows\system32\nvvsvc.exe[328] C:\Windows\system32\MSIMG32.dll!TransparentBlt + 246 000007fe1f12165a 4 bytes [12, 1F, FE, 07]
.text C:\Windows\system32\nvvsvc.exe[328] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007fe234f177a 4 bytes [4F, 23, FE, 07]
.text C:\Windows\system32\nvvsvc.exe[328] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007fe234f1782 4 bytes [4F, 23, FE, 07]
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3688] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007fe1f121532 4 bytes [12, 1F, FE, 07]
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3688] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007fe1f12153a 4 bytes [12, 1F, FE, 07]
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3688] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007fe1f12165a 4 bytes [12, 1F, FE, 07]
.text C:\Windows\system32\igfxpers.exe[4632] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007fe234f177a 4 bytes [4F, 23, FE, 07]
.text C:\Windows\system32\igfxpers.exe[4632] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007fe234f1782 4 bytes [4F, 23, FE, 07]
---- Threads - GMER 2.1 ----
Thread C:\Windows\system32\csrss.exe [3748:4668] fffff9600063a5e8
---- Processes - GMER 2.1 ----
Process C:\Users\Pippin\AppData\Roaming\Dropbox\bin\Dropbox.exe (*** suspicious ***) @ C:\Users\Pippin\AppData\Roaming\Dropbox\bin\Dropbox.exe [2828] (FILE NOT FOUND) 0000000000400000
Library C:\Users\Pippin\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll (*** suspicious ***) @ C:\Users\Pippin\AppData\Roaming\Dropbox\bin\Dropbox.exe [2828](2014-07-30 00:20:20) 0000000003bc0000
Library c:\users\pippin\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpezhkey.dll (*** suspicious ***) @ C:\Users\Pippin\AppData\Roaming\Dropbox\bin\Dropbox.exe [2828](2014-09-07 17:10:42) 0000000004790000
Library C:\Users\Pippin\AppData\Roaming\Dropbox\bin\libcef.dll (*** suspicious ***) @ C:\Users\Pippin\AppData\Roaming\Dropbox\bin\Dropbox.exe [2828](2013-08-23 19:01:44) 0000000068fa0000
Library C:\Users\Pippin\AppData\Roaming\Dropbox\bin\icudt.dll (*** suspicious ***) @ C:\Users\Pippin\AppData\Roaming\Dropbox\bin\Dropbox.exe [2828] (ICU Data DLL/The ICU Project)(2013-08-23 19:01:42) 000000006d2f0000
---- Disk sectors - GMER 2.1 ----
Disk \Device\Harddisk0\DR0 unknown MBR code
---- EOF - GMER 2.1 ----
Da das (zum Glück) mein erster Post hier ist, bin ich mir nicht ganz sicher, wie viel Informationen benötigt werden. Falls ich das falsch mache, dann entschuldigt das bitte. Vielen Dank schon einmal für die Hilfe. Geändert von Pip2 (07.09.2014 um 19:09 Uhr) |
|
07.09.2014, 20:39
| #2 |
| /// the machine /// TB-Ausbilder    | Finanzamt Trojaner rechtzeitig von Sophos geblockt? hi,
__________________Downloade dir bitte  Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ |
|
07.09.2014, 21:26
| #3 |
| | Finanzamt Trojaner rechtzeitig von Sophos geblockt? Hallo,
__________________vielen Dank für die schnelle Hilfe. Ich weiß nicht, ob das Zufall war, aber während des mbar-Scans hat auch mein Sophos ein Objekt in die Quarantäne geschoben. Kann sein, dass deswegen bei keinem der beiden ein Fund angezeigt wurde. Hier die Logs: Malwarebytes: Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.07.0.1012
www.malwarebytes.org
Database version: v2014.09.07.07
Windows 8 x64 NTFS
Internet Explorer 10.0.9200.17054
Pippin :: PIP [administrator]
07.09.2014 21:49:39
mbar-log-2014-09-07 (21-49-39).txt
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 340190
Time elapsed: 20 minute(s), 12 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
Physical Sectors Detected: 0
(No malicious items detected)
(end)
Code:
ATTFilter 22:19:33.0704 0x0ef8 TDSS rootkit removing tool 3.0.0.40 Jul 10 2014 12:37:58
22:19:33.0704 0x0ef8 UEFI system
22:19:36.0267 0x0ef8 ============================================================
22:19:36.0267 0x0ef8 Current date / time: 2014/09/07 22:19:36.0267
22:19:36.0267 0x0ef8 SystemInfo:
22:19:36.0267 0x0ef8
22:19:36.0267 0x0ef8 OS Version: 6.2.9200 ServicePack: 0.0
22:19:36.0267 0x0ef8 Product type: Workstation
22:19:36.0267 0x0ef8 ComputerName: PIP
22:19:36.0267 0x0ef8 UserName: Pippin
22:19:36.0267 0x0ef8 Windows directory: C:\Windows
22:19:36.0267 0x0ef8 System windows directory: C:\Windows
22:19:36.0267 0x0ef8 Running under WOW64
22:19:36.0267 0x0ef8 Processor architecture: Intel x64
22:19:36.0267 0x0ef8 Number of processors: 4
22:19:36.0267 0x0ef8 Page size: 0x1000
22:19:36.0267 0x0ef8 Boot type: Normal boot
22:19:36.0267 0x0ef8 ============================================================
22:19:36.0517 0x0ef8 System UUID: {40495AC8-2A7D-4EC2-D1F1-10FD9DEDB8FF}
22:19:37.0564 0x0ef8 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 ( 465.76 Gb ), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
22:19:37.0579 0x0ef8 ============================================================
22:19:37.0579 0x0ef8 \Device\Harddisk0\DR0:
22:19:37.0579 0x0ef8 GPT partitions:
22:19:37.0579 0x0ef8 \Device\Harddisk0\DR0\Partition1: GPT, TypeGUID: {C12A7328-F81F-11D2-BA4B-00A0C93EC93B}, UniqueGUID: {5A60FFF2-384A-4168-AD7B-7BA25C03C910}, Name: EFI system partition, StartLBA 0x800, BlocksNum 0x96000
22:19:37.0579 0x0ef8 \Device\Harddisk0\DR0\Partition2: GPT, TypeGUID: {DE94BBA4-06D1-4D40-A16A-BFD50179D6AC}, UniqueGUID: {5DA02B32-607A-4C63-88EF-00499BD6E05C}, Name: Basic data partition, StartLBA 0x96800, BlocksNum 0x12C000
22:19:37.0579 0x0ef8 \Device\Harddisk0\DR0\Partition3: GPT, TypeGUID: {E3C9E316-0B5C-4DB8-817D-F92DF00215AE}, UniqueGUID: {6C501A91-71A5-45D8-A9EE-2E2A1C427258}, Name: Microsoft reserved partition, StartLBA 0x1C2800, BlocksNum 0x40000
22:19:37.0579 0x0ef8 \Device\Harddisk0\DR0\Partition4: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {6E182189-B0E3-479A-AC74-8E69452D7C66}, Name: Basic data partition, StartLBA 0x202800, BlocksNum 0x1749C000
22:19:37.0579 0x0ef8 \Device\Harddisk0\DR0\Partition5: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {BE7E04AC-FB01-44FD-9571-E0B001652322}, Name: Basic data partition, StartLBA 0x1769E800, BlocksNum 0x204E2800
22:19:37.0579 0x0ef8 \Device\Harddisk0\DR0\Partition6: GPT, TypeGUID: {DE94BBA4-06D1-4D40-A16A-BFD50179D6AC}, UniqueGUID: {4D42C26D-2C85-4EBF-88EC-7A83A4814A61}, Name: Basic data partition, StartLBA 0x37B81000, BlocksNum 0x2805000
22:19:37.0579 0x0ef8 MBR partitions:
22:19:37.0579 0x0ef8 ============================================================
22:19:37.0579 0x0ef8 C: <-> \Device\Harddisk0\DR0\Partition4
22:19:37.0611 0x0ef8 D: <-> \Device\Harddisk0\DR0\Partition5
22:19:37.0611 0x0ef8 ============================================================
22:19:37.0611 0x0ef8 Initialize success
22:19:37.0626 0x0ef8 ============================================================
22:19:44.0763 0x0480 ============================================================
22:19:44.0763 0x0480 Scan started
22:19:44.0763 0x0480 Mode: Manual; SigCheck; TDLFS;
22:19:44.0763 0x0480 ============================================================
22:19:44.0763 0x0480 KSN ping started
22:19:47.0122 0x0480 KSN ping finished: true
22:19:48.0076 0x0480 ================ Scan system memory ========================
22:19:48.0076 0x0480 System memory - ok
22:19:48.0076 0x0480 ================ Scan services =============================
22:19:48.0216 0x0480 [ E890C46E4754F0DF51BAFCC8D2E07498, E620D03030F3B65442E0A5CB8B59016A6E8DB3BCA52741977B8897B34438E902 ] 1394ohci C:\Windows\System32\drivers\1394ohci.sys
22:19:48.0372 0x0480 1394ohci - ok
22:19:48.0404 0x0480 [ 4F18D4C7EA14F11A7211F60D553C03DB, 09AB6D2D8E9B7B6D6A97708551C0E4B34538947A15EA2A69C11764D7BC0BB7F6 ] 3ware C:\Windows\system32\drivers\3ware.sys
22:19:48.0451 0x0480 3ware - ok
22:19:48.0513 0x0480 [ 975AABEB243B800C23626D6B652C5A9C, FB02336F26AF10BA2A0D1B97C33CB1D78BB90CA51EF008A613A0274779798FAD ] ACPI C:\Windows\system32\drivers\ACPI.sys
22:19:48.0576 0x0480 ACPI - ok
22:19:48.0607 0x0480 [ DC968C37822117E576B933F34A2D130C, 4C94E00ADC242296D7CBBFC7346D5F9AE5FE1B0C616ECA3BDE10A7B34FD2040B ] acpiex C:\Windows\system32\Drivers\acpiex.sys
22:19:48.0654 0x0480 acpiex - ok
22:19:48.0669 0x0480 [ 0CA9F7C3A78227C21A0A7854E245CFB2, D54147C9C1EE2F0098B863B0852E027DB89D6FA67F6B7FD54F609D9715A11442 ] acpipagr C:\Windows\System32\drivers\acpipagr.sys
22:19:48.0732 0x0480 acpipagr - ok
22:19:48.0747 0x0480 [ 8EB8DA03B142D3DD1EB9ED8107A76C43, 24B9B24F9A5BDF3AAD13C4EE0638497D9CA4A100096C6EAE403E0215EA89C439 ] AcpiPmi C:\Windows\System32\drivers\acpipmi.sys
22:19:48.0794 0x0480 AcpiPmi - ok
22:19:48.0826 0x0480 [ CBCE725C5D86ABA7D2604E22951AA9B8, DE0440F0E943F057EBCD01DB4B1E12DBC241FBF03C42021306D322AB88FF8F21 ] acpitime C:\Windows\System32\drivers\acpitime.sys
22:19:48.0904 0x0480 acpitime - ok
22:19:48.0966 0x0480 [ B362181ED3771DC03B4141927C80F801, 69514E5177A0AEA89C27C2234712F9F82E8D8F99E1FD4273898C9324C6FF7472 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
22:19:49.0060 0x0480 AdobeARMservice - ok
22:19:49.0107 0x0480 [ 93C6388592B99925C1D1576E465BC80F, 4C48BE5471DA4788357D71E90DFEA20FE320C7AAE1F4C55AFBE2E46FEA5CF8FB ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
22:19:49.0185 0x0480 adp94xx - ok
22:19:49.0232 0x0480 [ D27763E0247292654E7F7D16444C7C72, 0314C713D31E2B34F215B52F804F014D876E6ED92DC656CC3E27920CCD36CF0E ] adpahci C:\Windows\system32\drivers\adpahci.sys
22:19:49.0294 0x0480 adpahci - ok
22:19:49.0310 0x0480 [ 67B90070FF48F794AF19F9FCF0080D75, 5D0D352606D58D2CA0814F38EF7B1774C030BE44353DF5910CBFAAF4FDE64ED6 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
22:19:49.0357 0x0480 adpu320 - ok
22:19:49.0404 0x0480 [ 974AE60BF5B90E31412D93596C968E5B, 092B59C2B67C4618E7B1800615D1DF7199482F60D0D27BD91763F7F8D7FC883F ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
22:19:49.0482 0x0480 AeLookupSvc - ok
22:19:49.0551 0x0480 [ FE7FB9612D354EB41DF4F0FF5D6FB259, 98D5BD9C1300195C49CB0717A831A06D99F7AE631D5EA065E10BFE7C2FA57A18 ] AFD C:\Windows\system32\drivers\afd.sys
22:19:49.0644 0x0480 AFD - ok
22:19:49.0754 0x0480 [ 98022774D9930ECBB292E70DB7601DF6, BE64A40B9BE997D73C0FC14D97E204C9D886EDA07EC4C9391A70CE477084E5F1 ] AgereSoftModem C:\Windows\system32\DRIVERS\agrsm64.sys
22:19:49.0863 0x0480 AgereSoftModem - ok
22:19:49.0894 0x0480 [ 01590377A5AB19E792528C628A2A68F9, F3A4B6CA4E8D4436E44E36D7F7EEF3DC861D1EE50D41F4273226C4ED95674B84 ] agp440 C:\Windows\system32\drivers\agp440.sys
22:19:49.0941 0x0480 agp440 - ok
22:19:49.0973 0x0480 [ 16F6F6B7903B913AB41AB848C8BB5658, 7304257048CB42E5274B3F6400F4A053A38E3B70A157662FE9D2B7C5979DE851 ] AiCharger C:\Windows\system32\DRIVERS\AiCharger.sys
22:19:50.0019 0x0480 AiCharger - ok
22:19:50.0051 0x0480 [ D1BE8E6E5B3AF23A4393AF1BF867977A, B3AE97D35A9304198715D76F6C3F0545AA176FDEBA6C2055782558B11DFA14EB ] ALG C:\Windows\System32\alg.exe
22:19:50.0129 0x0480 ALG - ok
22:19:50.0160 0x0480 [ 025E8C755BE293E50854D26D1BBE5133, 4373639689306A3D8FE0F862072711BAD5DBAA45E105CD3129586439A90EE070 ] AllUserInstallAgent C:\Windows\system32\AUInstallAgent.dll
22:19:50.0207 0x0480 AllUserInstallAgent - ok
22:19:50.0238 0x0480 [ 5A81054B824004B1ECC04F0034A1CDF9, 73A1986A4B346C425157216EBF16CC90EFFC642EDF6109E6364CF0552E3388FD ] AmdK8 C:\Windows\System32\drivers\amdk8.sys
22:19:50.0301 0x0480 AmdK8 - ok
22:19:50.0332 0x0480 [ B849D453E644FAB9BC8EF6DC8CA9C4C6, B803CDA478D3385937C44CBB05A0E65ABACEFEBA682975787C44E2904FB89D2D ] AmdPPM C:\Windows\System32\drivers\amdppm.sys
22:19:50.0410 0x0480 AmdPPM - ok
22:19:50.0441 0x0480 [ 35A0EB5AECB0FA3C41A2FB514A562304, 737783ABF348288471AC7051D4DC6CB336D686C94EC7B8938DCA74AFE9BECB1C ] amdsata C:\Windows\system32\drivers\amdsata.sys
22:19:50.0473 0x0480 amdsata - ok
22:19:50.0519 0x0480 [ 00452671904F5EE94B50BF0219C97164, 99F9B86D3DB3E10B014120A63CD43CBAAB22C8E38851090ABE37D89ABD61F7B6 ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
22:19:50.0566 0x0480 amdsbs - ok
22:19:50.0598 0x0480 [ EA3FFE53E92E59C87E3ECA9BEB20D9B7, DC0B8B798720F5F75F8AFD3383CF69194282AEEE84DCACB97382F4C86E1D3E49 ] amdxata C:\Windows\system32\drivers\amdxata.sys
22:19:50.0629 0x0480 amdxata - ok
22:19:50.0644 0x0480 [ 83B3682CE922FB0F415734B26D9D6233, 9102E8B410BB1AE426770896B6AB584D1F02830337FBB2DEC182F3F19832F35F ] AppID C:\Windows\system32\drivers\appid.sys
22:19:50.0738 0x0480 AppID - ok
22:19:50.0769 0x0480 [ CE2BEAD7F31816FF0AC490D048C969F9, 7D24C5A9E8F7C21CC6D8BF2CA29A8B79DDE7EEDE2F37D36B9071ECE1CF61371F ] AppIDSvc C:\Windows\System32\appidsvc.dll
22:19:50.0832 0x0480 AppIDSvc - ok
22:19:50.0879 0x0480 [ 4F750B7EFCB6520AE01E01D082D7D476, AD2A67D727A1D4DD0BBACC6B4BB432FA9A14D50D8BA292B95A4747CEC9F85728 ] Appinfo C:\Windows\System32\appinfo.dll
22:19:50.0926 0x0480 Appinfo - ok
22:19:50.0957 0x0480 [ E933401B392387F4BE34DE8BAF1722A7, 57CC6DE31E2C82D2B12509F0A5EC9EC70DD2EF6A1F31A66ADF62DC6AE0A67323 ] arc C:\Windows\system32\drivers\arc.sys
22:19:51.0004 0x0480 arc - ok
22:19:51.0035 0x0480 [ 07CA323EF2E8247A568AB0F3662AD644, 1224B41193F0E9B164732BA5BF707A13427C82C1D8C3EDC2AAE5C5C75454B9F6 ] arcsas C:\Windows\system32\drivers\arcsas.sys
22:19:51.0066 0x0480 arcsas - ok
22:19:51.0129 0x0480 [ FA713019412C061385F09BD373BF747A, 83ED108FEE95BA7CBE87C845154F97FCB4597F9D9BEC1F802B92D8994BD5931D ] ASLDRService C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
22:19:51.0316 0x0480 ASLDRService - ok
22:19:51.0332 0x0480 [ 4C016FD76ED5C05E84CA8CAB77993961, 025E7BE9FCEFD6A83F4471BBA0C11F1C11BD5047047D26626DA24EE9A419CDC4 ] ASMMAP64 C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys
22:19:51.0363 0x0480 ASMMAP64 - ok
22:19:51.0410 0x0480 [ 6A122B4F0E5293CACFA8A5F2CBA9B356, 9D69076B697BEE8742E32EBEF1802D829DEA6B1D93AF485D11CC89A08CA4D809 ] ASUS InstantOn C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe
22:19:51.0488 0x0480 ASUS InstantOn - ok
22:19:51.0504 0x0480 [ 74DBAEC35366C4EE7670428808715A6A, 3B3A7A81CD8038C4750560B94A9247C4409410780B312BA71EDF2E393DCA7474 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
22:19:51.0566 0x0480 AsyncMac - ok
22:19:51.0598 0x0480 [ A721FF570C2387E383BDDEA9632863C9, 45DD7787F44A2C742560FEB03AB66910C2F0002D95BB02C55EEDE973AA92AD24 ] atapi C:\Windows\system32\drivers\atapi.sys
22:19:51.0629 0x0480 atapi - ok
22:19:51.0863 0x0480 [ D55EBCD80CA519020338F75E420FDF3F, C78AEA2C30177121C61231D33512287767E899DB8B75B6A889D14A703485D5E4 ] athr C:\Windows\system32\DRIVERS\athw8x.sys
22:19:52.0191 0x0480 athr - ok
22:19:52.0238 0x0480 [ DBC598E47E7A382E60E2A4745D41FEF9, A810AC197CA456B0285E2CAE6986D38B31F4ADA32BEB47EC7A48A2B2196BA639 ] ATKGFNEXSrv C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
22:19:52.0363 0x0480 ATKGFNEXSrv - ok
22:19:52.0379 0x0480 [ 41CEAFFCF3550785E59E3EC9BEE8D97A, 89FE604088B65B82AA794E1DA8429033CD2F05FFB2D7EFAAC7B967C7A83D1B1E ] ATKWMIACPIIO C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys
22:19:52.0410 0x0480 ATKWMIACPIIO - ok
22:19:52.0426 0x0480 [ 437EB91CB20144375DDE145149778405, 5E76CDE2B3C852755F6E54AF774E9BECDF472103D83B815899333DE268536B98 ] ATP C:\Windows\System32\drivers\AsusTP.sys
22:19:52.0473 0x0480 ATP - ok
22:19:52.0520 0x0480 [ BCD7A47EF587DC00DD61D12D9C2D1E44, 95BC9AC8BA8A86DB5C7A6317002BD9872F193B401A0C58DF252DCF3D4A7541E2 ] AudioEndpointBuilder C:\Windows\System32\AudioEndpointBuilder.dll
22:19:52.0598 0x0480 AudioEndpointBuilder - ok
22:19:52.0676 0x0480 [ 599B3F685A263A114FFAF3BE29C49C75, 579E9561BA8537888E061E303F3F89E2E6F8B8DED74369C3767DB10B35CD45E8 ] Audiosrv C:\Windows\System32\Audiosrv.dll
22:19:52.0785 0x0480 Audiosrv - ok
22:19:52.0832 0x0480 [ 89491EF71D5EA011127832C588002853, 05620E4235956D8446FB9604F930738C8AA97E3A74C907E37F7CC08B8EDA0461 ] AxInstSV C:\Windows\System32\AxInstSV.dll
22:19:52.0879 0x0480 AxInstSV - ok
22:19:52.0957 0x0480 [ 87AB5BB072A3F128541D5B815F82FFDD, 186AF33D3DE90638C3E165CAC3DA17295E8A80CDB523F9BE4AF7D38CA6954905 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
22:19:53.0035 0x0480 b06bdrv - ok
22:19:53.0066 0x0480 [ 81703BC5D68DEDBB086C2368FBE7B334, CFD4A55C8045C482F8D410514F3211AEFA00097AB395F5A04BFE983ED6254F6B ] BasicDisplay C:\Windows\System32\drivers\BasicDisplay.sys
22:19:53.0129 0x0480 BasicDisplay - ok
22:19:53.0145 0x0480 [ 5EC68164E14D25675C98BBB5F09E8606, 1D7EDB21C87039FC5F39F46460AD852BC4EC6B179B1C205D189DD3C397343435 ] BasicRender C:\Windows\System32\drivers\BasicRender.sys
22:19:53.0191 0x0480 BasicRender - ok
22:19:53.0238 0x0480 [ 89143A7BA7850F5C7E61B43BB44B6418, 00BB781DF87D4FF1BAFD318AFE237296B4F5925023BA4486405EC0A384C88D8F ] BDESVC C:\Windows\System32\bdesvc.dll
22:19:53.0301 0x0480 BDESVC - ok
22:19:53.0332 0x0480 [ 9E7AEA59776D904607985AFFE7E5E183, C3DB745A9F4DA7CB9628A7913DD52B2444B14FEB9D588FF6558CF52CEB8955EB ] Beep C:\Windows\system32\drivers\Beep.sys
22:19:53.0395 0x0480 Beep - ok
22:19:53.0457 0x0480 [ 53AA55632B94622F2DC3695E86EF9363, 9B5BB8EDA48A37AE97BCD42D83B25A6D10AA6231EABE745DCCE6D60E19094A6F ] BFE C:\Windows\System32\bfe.dll
22:19:53.0566 0x0480 BFE - ok
22:19:53.0645 0x0480 [ D598C44A7072D3108D8D8102EC5E07F7, D7472E9BAAB7B6E1D30F4E153412E2A16EE5C08DE2BF8BFF4D65089825226FE0 ] BITS C:\Windows\System32\qmgr.dll
22:19:53.0770 0x0480 BITS - ok
22:19:53.0801 0x0480 [ B17AC10B47C7FCB44D22A1F06415840E, 990D6F629D93F4F913D218ACE5187A26DCB762BAFB2BB279CCE8CAF2755D85A5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
22:19:53.0863 0x0480 bowser - ok
22:19:53.0895 0x0480 [ 038FA1B55531E7020DB705B42FCCE373, 023E87E3204D64890D6FEA78E762E5BC5BD0A59325EBC264834727779EEEDBC5 ] BrokerInfrastructure C:\Windows\System32\bisrv.dll
22:19:53.0957 0x0480 BrokerInfrastructure - ok
22:19:54.0004 0x0480 [ 310068BDA80B1D55C36580FD8A873FAF, A75412FF1F483461F526E9A359DCEECA5E683441514464D5ED82D1A9740D583E ] Browser C:\Windows\System32\browser.dll
22:19:54.0066 0x0480 Browser - ok
22:19:54.0098 0x0480 [ 6695200F455E251F0BCC9CE4D0978D59, 4DB2F967E449581A9330EF43E794B45B93581564B20C5B991FC1EC665A640D69 ] BthAvrcpTg C:\Windows\System32\drivers\BthAvrcpTg.sys
22:19:54.0160 0x0480 BthAvrcpTg - ok
22:19:54.0192 0x0480 [ A8B20D852B07AE19A13B5D47EC4E4C3B, 86571C9E2BA15BB169CAB2D24C4D0598154C02FD173638CAFC685A7F6B09472D ] BthEnum C:\Windows\System32\drivers\BthEnum.sys
22:19:54.0254 0x0480 BthEnum - ok
22:19:54.0285 0x0480 [ 616EB8748C988AEE98D93DA141C3D3B4, 15A055B0496BDB29CBCF6EEBF112D4BA1C7A2FF39124728830D0FD1FD7A404CB ] BthHFEnum C:\Windows\System32\drivers\bthhfenum.sys
22:19:54.0363 0x0480 BthHFEnum - ok
22:19:54.0395 0x0480 [ DCB4EBD928A6FB368BE6CAE522412DE1, 9E1345F29467054689B9F48B5CCB567760D36610A4EA9AF41B829EAD60347269 ] bthhfhid C:\Windows\System32\drivers\BthHFHid.sys
22:19:54.0442 0x0480 bthhfhid - ok
22:19:54.0473 0x0480 [ 033916CE8784A848B9A3D686B7F66D97, B4D0514D59646CF6B70D4FA488CF95C38EA38CC5C509329CC8753E897C640AFA ] BTHMODEM C:\Windows\System32\drivers\bthmodem.sys
22:19:54.0551 0x0480 BTHMODEM - ok
22:19:54.0567 0x0480 [ 091BB978E9504D0AD14586929431A957, ACED02B879026A228E35F40847C210BC30A5AFC948FFE922DB21663E4A8DFF1D ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
22:19:54.0629 0x0480 BthPan - ok
22:19:54.0723 0x0480 [ 13795CAA34239D97A7211E7F9D96E012, C4F3402B063A7CFCE386D1AE9255975A199164BA9E7DCDB6129725213A0642B1 ] BTHPORT C:\Windows\System32\Drivers\BTHport.sys
22:19:54.0832 0x0480 BTHPORT - ok
22:19:54.0879 0x0480 [ A4387C3D271959313E2577DB7BE8BA7A, C71474802102102EBE04DF036EEB2F5FB3380BE288E3842F19F234EFAE977D70 ] bthserv C:\Windows\system32\bthserv.dll
22:19:54.0942 0x0480 bthserv - ok
22:19:54.0973 0x0480 [ 1F715957F5236D30B6020A19A4271F6A, C06B637C2C6919E2DE1055AE249AE3EAF7B4890799F22BF5757CC10CEF145043 ] BTHUSB C:\Windows\System32\Drivers\BTHUSB.sys
22:19:55.0020 0x0480 BTHUSB - ok
22:19:55.0051 0x0480 [ 990B1BABE6E81FB18E65A87EBEFB1772, 1820D4AC57E1D4B7FB5AA89C277B16910ED73712878D2B43FE542CE16DFE16C3 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
22:19:55.0113 0x0480 cdfs - ok
22:19:55.0145 0x0480 [ 339BFF85D788268752DA8C9644B188EE, C2279F1A39AED39865A5027D2FD087F8E82F3ED8C94BA4D922855B98E792AFC5 ] cdrom C:\Windows\System32\drivers\cdrom.sys
22:19:55.0192 0x0480 cdrom - ok
22:19:55.0238 0x0480 [ BAF8F0F55BC300E5F882E521F054E345, FB228DB18F2FA55D8BA35A7E6778EE5D2EB0C29D384F1A0A868F90AE706188D7 ] CertPropSvc C:\Windows\System32\certprop.dll
22:19:55.0317 0x0480 CertPropSvc - ok
22:19:55.0348 0x0480 [ F64B7D1A37CC1D5F421D5359EEC81E2E, 2B4879DD32B2C20B94847755E22B1BCBE2B567B3989C57A9BA2DD783307EFFDB ] circlass C:\Windows\System32\drivers\circlass.sys
22:19:55.0442 0x0480 circlass - ok
22:19:55.0488 0x0480 [ 9905168708DB68849B879B5548F68AB3, B7A495E57B9398704988DC472126CBC5B8D76761A34F51732FBF6CC88E3AB79A ] CLFS C:\Windows\system32\drivers\CLFS.sys
22:19:55.0567 0x0480 CLFS - ok
22:19:55.0785 0x0480 [ FE0CFEDA0CFC71F1FF0F77E85CA1FE1F, D067024F9110CEEF573152275DAB100943B59A36E58B342B5CC764FC3C917834 ] ClickToRunSvc C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe
22:19:56.0035 0x0480 ClickToRunSvc - ok
22:19:56.0082 0x0480 [ 2DC8538A2260647484A6C921CA837313, 094059DD66B0C50A1CAE288F920107B0B6AD1AA5758284E35B92C131EDEA30EA ] CmBatt C:\Windows\System32\drivers\CmBatt.sys
22:19:56.0129 0x0480 CmBatt - ok
22:19:56.0192 0x0480 [ DBF9E5346431557BF56F41E7F8EC0DC1, D5FA34C873DA9BE40301D53198355556506AB5145B78B14D0AA88570A0058589 ] CNG C:\Windows\system32\Drivers\cng.sys
22:19:56.0270 0x0480 CNG - ok
22:19:56.0317 0x0480 [ 0E5B1E9E7122EDAAF1F6CE047965CA92, 803E585B92D1E2E5B6BF67BE511E88DC2629A12407C3E30F7AEFB544D390A9B8 ] CompositeBus C:\Windows\System32\drivers\CompositeBus.sys
22:19:56.0410 0x0480 CompositeBus - ok
22:19:56.0426 0x0480 COMSysApp - ok
22:19:56.0442 0x0480 [ D9CB0782AF819548072AA45B70F8B22D, 04796F39ABB88759A534DE3D0C51F684BF2A8DE1F4028B657CCFDBDD39A6618C ] condrv C:\Windows\system32\drivers\condrv.sys
22:19:56.0504 0x0480 condrv - ok
22:19:56.0598 0x0480 [ 9F5AFC3EE57412798B1A559B620386A0, DD50CDCEC64EB83B86FA3720919620233E2E963B4067234AF5DB5472F8B388BA ] cphs C:\Windows\SysWow64\IntelCpHeciSvc.exe
22:19:56.0707 0x0480 cphs - ok
22:19:56.0739 0x0480 [ 5CE2742F063731EC10C1B2EE386A2C08, 309919BDDD4649AFB95A99DCF8AFC3BAE10F9BC1E2819C0794CFD0F80682C223 ] CryptSvc C:\Windows\system32\cryptsvc.dll
22:19:56.0801 0x0480 CryptSvc - ok
22:19:56.0832 0x0480 [ FAEF4C245BE832DB41B15DAAC336AFB7, 1F8C98AB0DF4327FCB01FE0356025488E19B48A45FFFA50576B49A8587FAC42B ] dam C:\Windows\system32\drivers\dam.sys
22:19:56.0879 0x0480 dam - ok
22:19:56.0957 0x0480 [ 1EC6E533C954BDDF2A37E7851A7E58FD, C25936A7465B6A2B3D05D2FCB09D91ACC07CFE038A5E968C99CFA9D9F2967DD4 ] DcomLaunch C:\Windows\system32\rpcss.dll
22:19:57.0067 0x0480 DcomLaunch - ok
22:19:57.0114 0x0480 [ C8650D1F61149AA546BDBC99172EBBC1, D9592ED1B6F23B6EC76A0B93635B6E38702311B0A6982F0F9DEC37FCDAF1288B ] defragsvc C:\Windows\System32\defragsvc.dll
22:19:57.0207 0x0480 defragsvc - ok
22:19:57.0239 0x0480 [ 5EAEF67AE2AF4D2DC664B649DB7B2E16, ADAC7FD6AC12B50F4998C5EB0BD770DD4B80A94C4CC1B9376AD77648E48D012D ] DeviceAssociationService C:\Windows\system32\das.dll
22:19:57.0332 0x0480 DeviceAssociationService - ok
22:19:57.0364 0x0480 [ 799BE46D45D486704CE0F37CA5385262, BB78DEE83B9DB613B1C083D55FAA458BE3E394AED80EB91B599185A7272F33B3 ] DeviceInstall C:\Windows\system32\umpnpmgr.dll
22:19:57.0426 0x0480 DeviceInstall - ok
22:19:57.0473 0x0480 [ 431141C6859990824D17F71C30A78728, 448B3DC20C8FDD5B66217E0E01DBCC4904F94BDA0826F109D139DDD2C2D7FBF2 ] Dfsc C:\Windows\system32\Drivers\dfsc.sys
22:19:57.0520 0x0480 Dfsc - ok
22:19:57.0567 0x0480 [ 9E0E72222264745ADEB0E5AC680B0ED6, 576AFC8741695396A3B8E9DBDD3703E9D70370437D09D162262E47A140D101B4 ] Dhcp C:\Windows\system32\dhcpcore.dll
22:19:57.0660 0x0480 Dhcp - ok
22:19:57.0692 0x0480 [ 3C736FAE17BA6F91BA37594AAB139CD0, 34304A194105B19E7ADD80108DC85C3B7AA9E942C84A7EF93C475CE1D9AE4615 ] discache C:\Windows\system32\drivers\discache.sys
22:19:57.0754 0x0480 discache - ok
22:19:57.0785 0x0480 [ AE3786294CC246A5403783E1B86A0168, 29A7B4B490CBB16DAEF5D67D0A58A2577CF3FEE8F889484DB867F6913D9D2A28 ] disk C:\Windows\system32\drivers\disk.sys
22:19:57.0832 0x0480 disk - ok
22:19:57.0848 0x0480 [ 82A7C72593793FE1EADA7A305BD1567A, 75F432E4C75AE9EFF553BD860B3B250853BDDA85C17DBD9B7242D74593506A86 ] dmvsc C:\Windows\System32\drivers\dmvsc.sys
22:19:57.0895 0x0480 dmvsc - ok
22:19:57.0926 0x0480 [ 066B9710B36AB550E01EEFCA52155968, DCA9F3F4856A6866D3F5A2EEE34E96A83F40198DB0B5AC6381A7568DE1F56FAB ] Dnscache C:\Windows\System32\dnsrslvr.dll
22:19:58.0004 0x0480 Dnscache - ok
22:19:58.0035 0x0480 [ 9949AD2ABA168A618D46C799D6CC898C, DFAC86A0AEE83C9EFE1BEE9EC15C8CAF1D619D55AF3ACC3986057A5AC985D06A ] dot3svc C:\Windows\System32\dot3svc.dll
22:19:58.0098 0x0480 dot3svc - ok
22:19:58.0129 0x0480 [ 109FC3F80BF4F4DC5A071058074F13C1, F30736F45BA1811D59E9CB1C172D8D1EA9F5A7D36DCFFBFC9E7E02448C1CF851 ] DPS C:\Windows\system32\dps.dll
22:19:58.0207 0x0480 DPS - ok
22:19:58.0239 0x0480 [ 0EB108FDBF4662E2666DAEDF79BBFED9, AEE54F582CC1E2CF382F95FBF93FA7BF96640DD230310CE8827ED211B6F53E1D ] DptfDevDram C:\Windows\system32\DRIVERS\DptfDevDram.sys
22:19:58.0270 0x0480 DptfDevDram - ok
22:19:58.0285 0x0480 [ 02262B2DD70E27D7C9F05D7F44135D28, F055261722729C6854193EC4EC887C39B69435AF42197005F8D060665EBFCAAD ] DptfDevFan C:\Windows\system32\DRIVERS\DptfDevFan.sys
22:19:58.0317 0x0480 DptfDevFan - ok
22:19:58.0332 0x0480 [ 1A251FC32063972B4EEDEC43637061ED, 1D5C62FF2BF9B811586C648AD5615FD09EAAAB0D1346493B2BBA0A904B7F7AEC ] DptfDevGen C:\Windows\system32\DRIVERS\DptfDevGen.sys
22:19:58.0364 0x0480 DptfDevGen - ok
22:19:58.0379 0x0480 [ 2986DF25D67710EB415BFDEB5EBDD486, 4378C70610B41F95714FAB9581C5AB840704FC0A6268E9394FA1B624CF108F1A ] DptfDevPch C:\Windows\system32\DRIVERS\DptfDevPch.sys
22:19:58.0426 0x0480 DptfDevPch - ok
22:19:58.0442 0x0480 [ 6C3A9CF2037ADDFDC3AB96B04797AE12, B339F0019B690F66C76D34AE1ECD8CA315C8BB820452B3A5824829C9379CF313 ] DptfDevProc C:\Windows\system32\DRIVERS\DptfDevProc.sys
22:19:58.0489 0x0480 DptfDevProc - ok
22:19:58.0535 0x0480 [ 593BFE1580F26864AFA2B3CDF3EEF71F, 71052F4DCCC5E1A78176599AB0A330FD3D0038C2C59DC0CC635DCF4FB3FB3630 ] DptfManager C:\Windows\system32\DRIVERS\DptfManager.sys
22:19:58.0598 0x0480 DptfManager - ok
22:19:58.0614 0x0480 [ 3EBB900BA3BC774CABEBE2BED3200B8C, FC8D5BEA88909F7932C3F55EEF1EB95F0BCC7FFCCA820A20BAC46B894FA26264 ] DptfParticipantProcessorService C:\Windows\system32\DptfParticipantProcessorService.exe
22:19:58.0645 0x0480 DptfParticipantProcessorService - ok
22:19:58.0660 0x0480 [ 15FB795C1683ACC47989875E0CC5ED0B, 6F5D36547F87FB7D593477A01EA82B8A4069CBDF61095643A627943F558288A3 ] DptfPolicyConfigTDPService C:\Windows\system32\DptfPolicyConfigTDPService.exe
22:19:58.0692 0x0480 DptfPolicyConfigTDPService - ok
22:19:58.0723 0x0480 [ 9C7C183F937951AE17C5B8B3259CF3FF, 8ED607139F15D08B4835ACF864421BA4C08C88FE90B9AAF707F5D8514D7731B1 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
22:19:58.0785 0x0480 drmkaud - ok
22:19:58.0817 0x0480 [ F87F4AAAF6664906248D11D5E579A53B, F283932F68ED93891EEF00C18724359AB7057E922A3CDC8BC6F33F84D2B0BEE5 ] DsmSvc C:\Windows\System32\DeviceSetupManager.dll
22:19:58.0879 0x0480 DsmSvc - ok
22:19:59.0004 0x0480 [ 2BB5627EB587FA995086C3D8C21B6D3F, 871E35BBE66180781324D38823B74263B660CF9254EE348A15421FAC5667F294 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
22:19:59.0145 0x0480 DXGKrnl - ok
22:19:59.0192 0x0480 [ 651FBD69A9713D623D456A240F96179C, 22A1F306B454EF9C84D25EF266F3ED0E1D896B1F5BE60170E79F37F2DBCA59F4 ] e1iexpress C:\Windows\system32\DRIVERS\e1i63x64.sys
22:19:59.0301 0x0480 e1iexpress - ok
22:19:59.0332 0x0480 [ 58BA473DD88F5FC1932282BA683AA03E, B8A4407D3006D91BE88F9C5389AC1CACC73BEBF6F66433A1E5EB8E58E8836C12 ] Eaphost C:\Windows\System32\eapsvc.dll
22:19:59.0395 0x0480 Eaphost - ok
22:19:59.0661 0x0480 [ 5AB97B3282D7D6114949D1EB5C8598E4, FB9449CC1CDC12C12AA0469BB6ACC770CB011250EDFD86E9600E754610608EFD ] ebdrv C:\Windows\system32\drivers\evbda.sys
22:19:59.0942 0x0480 ebdrv - ok
22:19:59.0973 0x0480 [ F1DA34D64F2BA200D28A7451804E2FEE, 8BDF328F18F1EB58AC0E383ABA7985BA69EA9622B262CD524E3390FDE824DEEB ] EFS C:\Windows\System32\lsass.exe
22:20:00.0036 0x0480 EFS - ok
22:20:00.0067 0x0480 [ 66D60BD9A4C05616ABECA2A901475098, 8111550DB03FFD72F1822F47B16F075DA92874B64F19342D7CF60B0EE648AFEF ] EhStorClass C:\Windows\system32\drivers\EhStorClass.sys
22:20:00.0114 0x0480 EhStorClass - ok
22:20:00.0145 0x0480 [ A61D0F543024E458C0FE32352E1978E2, BDE6BC140300EAF790F16466C28897CE0BD7D94DCED13FDE20AA4AACA0F6A4FD ] EhStorTcgDrv C:\Windows\system32\drivers\EhStorTcgDrv.sys
22:20:00.0192 0x0480 EhStorTcgDrv - ok
22:20:00.0207 0x0480 [ D790D058D67582DB9C84C2D33695FE6B, A5763D7F6D191EA4B290B3E92D842AC36FD46DF598472E70B46E45D8CCD2F912 ] ErrDev C:\Windows\System32\drivers\errdev.sys
22:20:00.0254 0x0480 ErrDev - ok
22:20:00.0332 0x0480 [ F9E01C2D9F8BC049E04CF5DC24A5F638, CB6CCB59C77D4A59DDA846608AABEF1DFEC24C8422712AB8D59E27C13D731D2E ] EventSystem C:\Windows\system32\es.dll
22:20:00.0426 0x0480 EventSystem - ok
22:20:00.0457 0x0480 [ 7A4D6FEB8C52B3FE855E4DCDF9107E03, 6B0146A4C9AD32DCDC2DEE8E8C5A29F687665458486449E0D37B151ED63B8ADC ] exfat C:\Windows\system32\drivers\exfat.sys
22:20:00.0536 0x0480 exfat - ok
22:20:00.0567 0x0480 [ 60996602A7111FD2D086E803F33E4282, E62A91C90F8542990BEA4E6A5D9DD3D070F4EB23B4C13414C5DA2B0219509749 ] fastfat C:\Windows\system32\drivers\fastfat.sys
22:20:00.0614 0x0480 fastfat - ok
22:20:00.0692 0x0480 [ F0E7F8382ED5E138B0DFA4CB5058BCFE, 6247C7B75F975F5AB080FFB9881EF58A6F360219F7AF2DE871F38E80CAF3B62C ] Fax C:\Windows\system32\fxssvc.exe
22:20:00.0786 0x0480 Fax - ok
22:20:00.0801 0x0480 [ 73B2D11DF0B6E03A0CB0323218ACB3E4, BA9256919BAA2E0760F6A658B557FDC389ACE8F9820D1A41FD995FC5613F5AA6 ] fdc C:\Windows\System32\drivers\fdc.sys
22:20:00.0848 0x0480 fdc - ok
22:20:00.0864 0x0480 [ 0828E3E7BD77C89149EAD3232BFD38DB, A6A296647A4EDBFF59124E3A9C0AB48759AA1738615ACFA5A454FF6BD3C31BA2 ] fdPHost C:\Windows\system32\fdPHost.dll
22:20:00.0926 0x0480 fdPHost - ok
22:20:00.0942 0x0480 [ 872506AAB591E8908DF4461475AF92DF, 772F2D08CB95775E438822B9EA005CBA92ED4071ADAB2C0101156A7D037D4704 ] FDResPub C:\Windows\system32\fdrespub.dll
22:20:01.0020 0x0480 FDResPub - ok
22:20:01.0051 0x0480 [ 0588950D93A426F97C7AAADB1A9B0458, ABCB3619BD58CAC438FC032495AE45A7B6FFDD4BD33C1B3D1BC7F9F13FCB727A ] fhsvc C:\Windows\system32\fhsvc.dll
22:20:01.0114 0x0480 fhsvc - ok
22:20:01.0145 0x0480 [ 88A9EBACD1058ABB237A6B4E96E7F397, 263D25D33B679EB01D97763701347C31B2F72E28CE2C7EC8013EA77756D98BE1 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
22:20:01.0192 0x0480 FileInfo - ok
22:20:01.0207 0x0480 [ 9E4EE3A0B00FF7D5F42A4AF9744CBA02, 1D7BFB00D74A28AC13ECBA1E0036D50EE79266AC02CEDB2632466BF9DD46F211 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
22:20:01.0270 0x0480 Filetrace - ok
22:20:01.0301 0x0480 [ B1D4C168FF7B8579E3745888658FFB1D, 1A5C13E902A0C788A8B995ADD2FBC3303005911C0AA3F3F4497D3016AA0EF583 ] flpydisk C:\Windows\System32\drivers\flpydisk.sys
22:20:01.0348 0x0480 flpydisk - ok
22:20:01.0395 0x0480 [ B33EC133AE4E6C1881D2302D93D2467D, 77E3A16257EA3698B3FCD947D004144E8D1EEE48EF5C82DF49B1B9B2B3C61DB2 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
22:20:01.0457 0x0480 FltMgr - ok
22:20:01.0567 0x0480 [ 0BCDC0FF11B984162B0CF0FF6E9E0146, D44A3CECBA36B7A64854E244FA6B5E65047896BF9983D20B431410FBBA36697A ] FontCache C:\Windows\system32\FntCache.dll
22:20:01.0739 0x0480 FontCache - ok
22:20:01.0817 0x0480 [ 0B56259F5611787222A04A8F254E51D4, F77AEC0ACBFAF9154E32223B84B613229DACCD953AEBC3E96C27570F9AB10FD0 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
22:20:01.0911 0x0480 FontCache3.0.0.0 - ok
22:20:01.0942 0x0480 [ A5F7873A39E4E9FAAAE59B7E9E36B705, 32036109F5A50E9F3BEF97C5B28AE8179B3A5E22517868A83CADE4671FF90DEC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
22:20:01.0973 0x0480 FsDepends - ok
22:20:01.0989 0x0480 [ A6DD7D491F587F4BC13FB972977DC8E8, B86F97F17F6F443EC16DEF67CCA4EF78AFE56078D2877838A982FECB19557C87 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
22:20:02.0036 0x0480 Fs_Rec - ok
22:20:02.0098 0x0480 [ C1646A95EAC515F60CDB2A7A8A013C1E, F559B83C02B17265EDE95DD497C1A94E402F07EC251FC47449F789907AFFED14 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
22:20:02.0161 0x0480 fvevol - ok
22:20:02.0192 0x0480 [ A969D92973DFA895E7776B4BFE36DBB2, 7528E6983ECC59291A7A386E4E459B19D1593ABDDFFD276E2F01B0EA21693E20 ] FxPPM C:\Windows\System32\drivers\fxppm.sys
22:20:02.0254 0x0480 FxPPM - ok
22:20:02.0286 0x0480 [ 52BC441E07A827EBAB70CDC7EAEDB28D, 8DECBD8E12EA52039742599CFBBF0D3B6610B57EF8D9DAEEEA33D202A478D286 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
22:20:02.0317 0x0480 gagp30kx - ok
22:20:02.0348 0x0480 [ 721F8EEF5E9747F32670DEFF7FB92541, E0A8EF70753E260C2C7D93D316B5EF9589DB086FDF829BDA2958C6A09CE471A6 ] gencounter C:\Windows\System32\drivers\vmgencounter.sys
22:20:02.0395 0x0480 gencounter - ok
22:20:02.0426 0x0480 [ FC2B8B06BDBD3B6457F5A3DA9AD2410E, 4BF196E1CAC94E9265EBEB68F41C3E29F0C709ECFF9420B5B1C9C82680D5D6A8 ] GPIOClx0101 C:\Windows\system32\Drivers\msgpioclx.sys
22:20:02.0473 0x0480 GPIOClx0101 - ok
22:20:02.0583 0x0480 [ 5358678C6370F2ADC5291849F6503262, 841633D7A936C3889690C67E189BAD4C6B294C196FFFE5B564FCECDFE46A9E52 ] gpsvc C:\Windows\System32\gpsvc.dll
22:20:02.0739 0x0480 gpsvc - ok
22:20:02.0801 0x0480 [ 630555943E5A3FE21010CE91EC7FC84F, 20D7247A4363EE9E851501D89A466564ADCAEC304DE42280E4E09AD8499436A9 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
22:20:02.0879 0x0480 HdAudAddService - ok
22:20:02.0911 0x0480 [ 58CC013EFA9893057160EDA018D8ADCE, BE8AA220CFBD90202C1B130DF349C3198E3447F3C2DC7BC5FC8816F57F78BA00 ] HDAudBus C:\Windows\System32\drivers\HDAudBus.sys
22:20:02.0973 0x0480 HDAudBus - ok
22:20:03.0004 0x0480 [ 3F76BBA53D65E85A7F53E7A71082082C, D1E18815BB19CD11007C4A66162C76F55D4FE6B09B34ED45969C7ECC29D394AD ] HidBatt C:\Windows\System32\drivers\HidBatt.sys
22:20:03.0051 0x0480 HidBatt - ok
22:20:03.0083 0x0480 [ 085F150D002B7F0153D3C06DDF33A143, 41847FD02608ECFE3A6B4B38CBDE8416B0EF17491868511FD704B0BCC280338E ] HidBth C:\Windows\System32\drivers\hidbth.sys
22:20:03.0145 0x0480 HidBth - ok
22:20:03.0161 0x0480 [ CC4A07E51D89575CAB6F4EB590D87CD4, DFB4EAF0923EF9FF6C42EDD1EA5E4025F243C9BE2D03D5423FE8A897DC01D657 ] hidi2c C:\Windows\System32\drivers\hidi2c.sys
22:20:03.0223 0x0480 hidi2c - ok
22:20:03.0270 0x0480 [ DC96F7DACB777CDEAEF9958A50BFDA06, 7CE79F32D5EE65C0178CFF56523825D3EE01095B2CE8C67634A6604A821A9086 ] HidIr C:\Windows\System32\drivers\hidir.sys
22:20:03.0348 0x0480 HidIr - ok
22:20:03.0364 0x0480 [ FAC37D7B3D6354A5A5E19A45B50B4008, 2962B552A1DA545DFDEF0886582E82596FE8A3A19AAF989B025AFDA84D16D4EC ] hidserv C:\Windows\system32\hidserv.dll
22:20:03.0426 0x0480 hidserv - ok
22:20:03.0442 0x0480 [ A9F2301B8D28BB4D887F5AEBB55ACB3A, 886B04224CA0A90B4FD0B9F8D243EED4FBA367D078FB1CAF99EE671FE1FCEC27 ] HIDSwitch C:\Windows\System32\drivers\AsHIDSwitch64.sys
22:20:03.0473 0x0480 HIDSwitch - ok
22:20:03.0504 0x0480 [ 012C354B4AB48E9A7A657DF39E3A2073, B15D0089CE509FF1CF73DFE095425C1C99FC3971622DCAAD9CAEB989A12A4FDB ] HidUsb C:\Windows\System32\drivers\hidusb.sys
22:20:03.0551 0x0480 HidUsb - ok
22:20:03.0598 0x0480 [ 43F884B61A24377567CD0FEB35236334, B3BA36B527C8D6D83DE2FBCD8D503B87FD2611BF15B07A7BC138DC8BAE6A50C1 ] hkmsvc C:\Windows\system32\kmsvc.dll
22:20:03.0661 0x0480 hkmsvc - ok
22:20:03.0692 0x0480 [ 33DFC14DFDCCFA7AA10E392F6A8EC1CF, E6967F3F465C6E903221BC0FCBAE7D05FD18C0BF110D929335F5935364B3C1BC ] HomeGroupListener C:\Windows\system32\ListSvc.dll
22:20:03.0770 0x0480 HomeGroupListener - ok
22:20:03.0817 0x0480 [ E0D9F6FE18FA7F53ADD29AF719CE2B7E, B965DCC72625188F3B896CB447B7696F22687266EAFC5AA270E2AD53DD9F324D ] HomeGroupProvider C:\Windows\system32\provsvc.dll
22:20:03.0895 0x0480 HomeGroupProvider - ok
22:20:03.0926 0x0480 [ 64DB7A8D97CA53DCCF93D0A1E08342CF, 02CAB7F28D3830C482683425C60044239C6F1562556688A274CA2C237C846E76 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
22:20:03.0973 0x0480 HpSAMD - ok
22:20:04.0051 0x0480 [ F4A91D985EB9D1D2717D538F3424603C, 454AD2FF3A7963B9835AEF300F6672F92D0CCF59593BA2CCC83F0EC1446BB659 ] HTTP C:\Windows\system32\drivers\HTTP.sys
22:20:04.0145 0x0480 HTTP - ok
22:20:04.0176 0x0480 [ 2A98301068801700906C06649860FE94, 664394A52326289DCA0828B0041A105653F4FEF3E3DCCC3787AAE0F6FDC73A14 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
22:20:04.0223 0x0480 hwpolicy - ok
22:20:04.0239 0x0480 [ DC76901D82097C9E297F20C287CB9A27, 01A412D0D8A65050BE4250A7C4B9F98A4C43FD891827761E0C830369A5F9F09C ] hyperkbd C:\Windows\System32\drivers\hyperkbd.sys
22:20:04.0301 0x0480 hyperkbd - ok
22:20:04.0333 0x0480 [ 716413AB3CA12DE0A7222D28C1C9352C, B82B586BD9DBD70DDA19A02504E8CB00DA53677703AB848B53387601C5BAD3D3 ] HyperVideo C:\Windows\system32\DRIVERS\HyperVideo.sys
22:20:04.0380 0x0480 HyperVideo - ok
22:20:04.0411 0x0480 [ C9E9CBF73AFFBFE3E801EFB516787BA3, 1A850D614BDA6AA4195CC657702BC6242BA51B90131717743182AA160F65E72C ] i8042prt C:\Windows\System32\drivers\i8042prt.sys
22:20:04.0473 0x0480 i8042prt - ok
22:20:04.0551 0x0480 [ 0FE66A51D81A25AACEAAE4C26308121D, C5553F7ABA74A8EB71A4ED0E8F2A6AA2892F871D164F2D4FADB035BE7D1A8C44 ] iaStorA C:\Windows\system32\drivers\iaStorA.sys
22:20:04.0630 0x0480 iaStorA - ok
22:20:04.0692 0x0480 [ 5E394EBD26FD68AA9300332C46BEDD62, 56A5DA7CE08C07B519E55D0A46AA9D10B640349808EFE02B3278267B75B5F603 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
22:20:04.0755 0x0480 iaStorV - ok
22:20:05.0364 0x0480 [ 11A31FC2481BFE69B0507ED8C80215F4, 8A1E90611F749E8F04B6D86E835E981CAC16D0841305CADB19E58682DA006698 ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
22:20:05.0989 0x0480 igfx - ok
22:20:06.0051 0x0480 [ 24847A06B84339FEEDE5CABF3D27D320, 7727B1DAD0D4A1D474FBBEFCEBDF36A1F07D1AA300869AE57A24ED91BF84B6B4 ] iirsp C:\Windows\system32\drivers\iirsp.sys
22:20:06.0083 0x0480 iirsp - ok
22:20:06.0176 0x0480 [ E455C83E029121270BED73CDAC381F37, 433D525C19DBF26FAC28853C606C872D973104842B0EF1B2BF2EAC85457E2953 ] IKEEXT C:\Windows\System32\ikeext.dll
22:20:06.0286 0x0480 IKEEXT - ok
22:20:06.0567 0x0480 [ 8524178B895E4BC04776B319DA3A70EC, A635EADF6E8BD985B730F2737E8DA36AC71E8FEB759787ECB24D955176622AD2 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
22:20:06.0911 0x0480 IntcAzAudAddService - ok
22:20:06.0973 0x0480 [ F5495B38BFB9149925F54F65AB40EFBF, 7CBB72C41E2343DACBFB967A39CA04788561EDECB289C41BC2D6A06B80882AC4 ] IntcDAud C:\Windows\system32\DRIVERS\IntcDAud.sys
22:20:07.0036 0x0480 IntcDAud - ok
22:20:07.0130 0x0480 [ C99F8E90DE4B8F0C7FE15BB1CBCD29DC, F791EE101EEF8B9F48102B6C63A89B78F7C0041C750C4F4C0D16D54B583B7B5C ] Intel(R) Capability Licensing Service Interface C:\Program Files\Intel\iCLS Client\HeciServer.exe
22:20:07.0208 0x0480 Intel(R) Capability Licensing Service Interface - ok
22:20:07.0302 0x0480 [ 9656F8E29F6C3161A3E99BCD3A472FF9, 30AD00B53CCB2E4121508729F3471D3C0568F1C32324C398382C97E8BC43ECF0 ] Intel(R) ME Service C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
22:20:07.0395 0x0480 Intel(R) ME Service - ok
22:20:07.0411 0x0480 [ 4F37726CF764CA18A8A84F85EF3A7F24, 6212B23917526E127CE641A11A58DA93651FFE70829C4079FE465DBDC81CF470 ] intelide C:\Windows\system32\drivers\intelide.sys
22:20:07.0458 0x0480 intelide - ok
22:20:07.0489 0x0480 [ E15CDF68DD73423F15D4AC404793AF0D, E2D0136AF68D1A73EB3A63C83284B4661222CB0A4AFACCF276CB57CBD4850287 ] intelppm C:\Windows\System32\drivers\intelppm.sys
22:20:07.0552 0x0480 intelppm - ok
22:20:07.0583 0x0480 [ 8FCA66234A0933D796BB780B7953BAB9, 7DD677F5EE09A8D7A75C9E475B5E6B3DCA49D1E846C7D160B839D7029B1C5B6D ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
22:20:07.0645 0x0480 IpFilterDriver - ok
22:20:07.0755 0x0480 [ C217B8D2E58C57A319B16125C3D4B69C, 905BB858E1782BD08FF080A4A604CE662440A15601B178FBD30269C306C04CCF ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
22:20:07.0848 0x0480 iphlpsvc - ok
22:20:07.0895 0x0480 [ A4071DA3AE419F9694BFCB267C7DB8D7, 392DEE1DA51606C29418A98D2861F115E9F67C688B4281C53E87BA73A98809FB ] IPMIDRV C:\Windows\System32\drivers\IPMIDrv.sys
22:20:07.0942 0x0480 IPMIDRV - ok
22:20:07.0989 0x0480 [ 3969B9C218DD3FAA9F4ED2FFC3651C02, 93447F124CC55FB17055126432194153E1BB8F0FD95A47608494B6834A5F7089 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
22:20:08.0067 0x0480 IPNAT - ok
22:20:08.0083 0x0480 [ 25CD7C4BB2863FFC2B0B311F0AEBF77C, 4099BAA2DB4ADB93B878D71E241B7D9EB7E0EE7ED0FE2450CCB9E4718B3726EB ] IRENUM C:\Windows\system32\drivers\irenum.sys
22:20:08.0130 0x0480 IRENUM - ok
22:20:08.0145 0x0480 [ D940C5BB9DC92E588533C19ABCC3D2C2, D1442854CEDE86F2C187A35851E74C873D34B772C60BC118FA1577F79C03364D ] isapnp C:\Windows\system32\drivers\isapnp.sys
22:20:08.0177 0x0480 isapnp - ok
22:20:08.0255 0x0480 [ E6530FD4F61B40F338BF4355A21B9A09, FE9BF039B9901BEC260A69F7C49ACFA9881AD470DCCBA70C7EC36F518DA71702 ] iScsiPrt C:\Windows\System32\drivers\msiscsi.sys
22:20:08.0317 0x0480 iScsiPrt - ok
22:20:08.0364 0x0480 [ 78ABBE558F57144047F10A0F50FE4B2F, 6BE608F7697D83FD6C7E6EA422AC5637933BDC96B1044C12DE9A419CE7D6F6CE ] jhi_service C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
22:20:08.0473 0x0480 jhi_service - ok
22:20:08.0520 0x0480 [ 8FBD94B69D6423E20ABCD59D86368B21, 218EF992095E365EC917413749856A64D55D8129D77098E24D670843233377F4 ] kbdclass C:\Windows\System32\drivers\kbdclass.sys
22:20:08.0552 0x0480 kbdclass - ok
22:20:08.0583 0x0480 [ E88C932ABDF8185A62C8F2FC7B051FB6, 67F9AF58237A11F0BF3D15AA5B32E5CE66B7AA039B999D938F7F6E63DCEA7A6E ] kbdhid C:\Windows\System32\drivers\kbdhid.sys
22:20:08.0630 0x0480 kbdhid - ok
22:20:08.0645 0x0480 [ A8080BEBCDB7A16495CE1205921DCAC5, D4B0EF97B75BF75934A0BEEE48CACD20E8F505600C3A07243DF7627680EE8552 ] kbfiltr C:\Windows\System32\drivers\kbfiltr.sys
22:20:08.0677 0x0480 kbfiltr - ok
22:20:08.0692 0x0480 [ FB6C185092E18011EF49989425C2AA87, 043524409E0A764201DD221C48B7DEEA0D161945EB37D4B88313BAB2299949DF ] kdnic C:\Windows\system32\DRIVERS\kdnic.sys
22:20:08.0739 0x0480 kdnic - ok
22:20:08.0755 0x0480 [ F1DA34D64F2BA200D28A7451804E2FEE, 8BDF328F18F1EB58AC0E383ABA7985BA69EA9622B262CD524E3390FDE824DEEB ] KeyIso C:\Windows\system32\lsass.exe
22:20:08.0802 0x0480 KeyIso - ok
22:20:08.0833 0x0480 [ 8B3EB6372436195B8EA8AE09A184BCE2, 9AFB7A9D6AEEBF5994C85B355155024768116E2D537C9FA169BC3F4594ECD35C ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
22:20:08.0895 0x0480 KSecDD - ok
22:20:08.0911 0x0480 [ 3DD9C86EA88E8B5A51904AD87E1F2E78, F9EC9A571212117C01934CD29057EB1B3FA095F670294244AF7D9387D3F6E555 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
22:20:08.0958 0x0480 KSecPkg - ok
22:20:08.0989 0x0480 [ 81492FEEBF2F26455B00EE8DBAE8A1B0, E33AA2DFB2D3BB30B02CDADA2EC290F86329DA3198327A653F39A843D86390B9 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
22:20:09.0036 0x0480 ksthunk - ok
22:20:09.0099 0x0480 [ 5825DBACEDC3812B5CF8D40B997BF210, 1C2997BCC707C1029B21876E093038CE3BBF6E6694B4CCF7EEDD47172ED9A541 ] KtmRm C:\Windows\system32\msdtckrm.dll
22:20:09.0177 0x0480 KtmRm - ok
22:20:09.0224 0x0480 [ 256EE31588257E8A555DBFAA13F1908E, B6817F632EDEA483E35BF26846DCDD4E95E860620959179B2A5D8AD7EEDDB126 ] LanmanServer C:\Windows\system32\srvsvc.dll
22:20:09.0302 0x0480 LanmanServer - ok
22:20:09.0333 0x0480 [ 16650912BE5A94B40E0B3B4C39652B56, 908C2C9367AE0AC9AECB5D91514BB33ACD746D99F19C1A8DD6A9550E9CAD9E00 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
22:20:09.0411 0x0480 LanmanWorkstation - ok
22:20:09.0458 0x0480 [ CEEFD29FC551F289810B0B9381B321DC, 900F206B487B2190D9363F28AA4BA0CD7DCFE1D005BE05A48AF74B1B81194691 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
22:20:09.0505 0x0480 lltdio - ok
22:20:09.0552 0x0480 [ BCF53485E0A94722CDE3C4A93CD8EB8C, D24E1066EB102245A89A5D17D608DB9DF6B71C99F1C77E070B95EFD17D268141 ] lltdsvc C:\Windows\System32\lltdsvc.dll
22:20:09.0614 0x0480 lltdsvc - ok
22:20:09.0645 0x0480 [ 5A2F7F1CBC2E631A497DAD16164E06D2, 35274FC6C386380B01B5E8F467E71A2C4E2FB2AD701554F9B1A9B036B0340142 ] lmhosts C:\Windows\System32\lmhsvc.dll
22:20:09.0692 0x0480 lmhosts - ok
22:20:09.0739 0x0480 [ 2C24DC448DBE8DB9BE1441B824C57E79, DA2257EEC964A47D03C2BB13317FD788E51D4685E2395B303ED7B2575FEF3B19 ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
22:20:10.0349 0x0480 LMS - ok
22:20:10.0380 0x0480 [ 022CDD12161B063D7852B1075BF3FFF2, E21267243AF2FC208D27E67827B1264A762C99AECEDB7AD2C48A04F421A6B2F0 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
22:20:10.0442 0x0480 LSI_SAS - ok
22:20:10.0458 0x0480 [ 07AD59D669B996F29F91817F0ECFA34F, 026F332F862D142BFFC9D169CCD17A35BFB6B301EEC72AA13E16369B3520919C ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
22:20:10.0505 0x0480 LSI_SAS2 - ok
22:20:10.0536 0x0480 [ 216FB796AA4E252ACCE93B1BCB80B5EC, 5B1E49B5F7B9C7A778198D27F8EE500FE35DC32D40B22A3D6ED67560BEB04212 ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
22:20:10.0583 0x0480 LSI_SCSI - ok
22:20:10.0599 0x0480 [ 5E80530AF37102488EE980B4A92AF99F, 364E18EAD9AC22F8A306B24C6C43E58224F6BE2744EFEAA2484696B8D9880851 ] LSI_SSS C:\Windows\system32\drivers\lsi_sss.sys
22:20:10.0661 0x0480 LSI_SSS - ok
22:20:10.0724 0x0480 [ 1DC9B701F8EB7D67774035AC9C3104F6, 77371267CDA605F78674BF8FA14B134B22299CD96EADA60A68762207595F0B46 ] LSM C:\Windows\System32\lsm.dll
22:20:10.0802 0x0480 LSM - ok
22:20:10.0833 0x0480 [ 2BDC5D711FA61307CE6190D47C956368, 6BCDC6CBB9783F1ABE8957BDA94AF977DFB2A310BB6D19085EFC8609C97FD180 ] luafv C:\Windows\system32\drivers\luafv.sys
22:20:10.0911 0x0480 luafv - ok
22:20:10.0942 0x0480 [ 9B0D829C3BE4E7472DB9DD2B79908E3C, ACED5806FFF39E84007B5A3DCB16315329DC53007F46B1BEEDC391CC659F7DD3 ] megasas C:\Windows\system32\drivers\megasas.sys
22:20:10.0974 0x0480 megasas - ok
22:20:11.0020 0x0480 [ ECC3F54C7AFC318271C4F0B4606D8DB0, FD1ACB18B8C912C7A57DABCD5460800DD0721A82E09C8D79C47B3392D61CBEA6 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
22:20:11.0083 0x0480 MegaSR - ok
22:20:11.0114 0x0480 [ 772A1DEEDFDBC244183B5C805D1B7D85, 7D821B8DF1F174E5414FFDEAB5207DB687740E9842F7203600AEBA086945AFC9 ] MEIx64 C:\Windows\System32\drivers\HECIx64.sys
22:20:11.0145 0x0480 MEIx64 - ok
22:20:11.0177 0x0480 [ EEE908BE7143FCA48CF0CB87214E2AB8, 4F9BD299F559DD36DBD93489CFAA753F236FBB70946E034D2E2260059AE20962 ] MMCSS C:\Windows\system32\mmcss.dll
22:20:11.0239 0x0480 MMCSS - ok
22:20:11.0271 0x0480 [ 780098AD5DA8A4822E2563984C85EF7B, 29312970774E944B5ED388316CF3D350DCABF721F9695737B0AC56BE878B0446 ] Modem C:\Windows\system32\drivers\modem.sys
22:20:11.0333 0x0480 Modem - ok
22:20:11.0364 0x0480 [ EA8EAD3F5B762F889CC7F3966625B48B, B701A42E5E08B7BC6601560446146803182E5DC631AB73E9408F19CB6432F121 ] monitor C:\Windows\System32\drivers\monitor.sys
22:20:11.0411 0x0480 monitor - ok
22:20:11.0427 0x0480 [ 618446B98C79776654340CE27C73485E, EFE7169FDD545933B5949DA2D09266971C0C3E6894E7BD8AFE29E41567C72B16 ] mouclass C:\Windows\System32\drivers\mouclass.sys
22:20:11.0474 0x0480 mouclass - ok
22:20:11.0505 0x0480 [ C0ADEBED913295803B579ED288936CBB, 58F71541166D1DA07C18FBD27458D55E3F8AD7291CB7496B3A2F01372A5B0CAE ] mouhid C:\Windows\System32\drivers\mouhid.sys
22:20:11.0552 0x0480 mouhid - ok
22:20:11.0583 0x0480 [ E7E9DBFDD3F25ED0C05B99AE9FA18BDE, 6D0204BA271FD3262DAE6E6BF9C12C0D49E3C9AF40EB1E072BD5CA5E2B8598D5 ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
22:20:11.0630 0x0480 mountmgr - ok
22:20:11.0677 0x0480 [ 4E9D8041D352A33332FD6F59A3A78B03, D4E6229B07EF9866993EEE4F6223DC7F1FF1108273FE14A3DC74E65C181DE56A ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
22:20:11.0755 0x0480 MozillaMaintenance - ok
22:20:11.0771 0x0480 [ 4CCBBD4944777CA100B9A6C2F149A46F, 7FC172FAF8266BFBBBBAD94FD67EA3C1872F5927DC3900A9A54DB2DFE34E7415 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
22:20:11.0833 0x0480 mpsdrv - ok
22:20:11.0911 0x0480 [ 9DE3341BD4E14BC5FADFCAD3019F2D0D, 37E0531EADABC6D4BCC496826651D4D14CF0D10156FF13C11BDE466084B44FF4 ] MpsSvc C:\Windows\system32\mpssvc.dll
22:20:12.0021 0x0480 MpsSvc - ok
22:20:12.0067 0x0480 [ 3D70147F55F1EC84EB9139ED7FFE48BC, 12429C2FDDDA13815F0E18F9009011AA5360955759A23A38175543F480CB92EF ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
22:20:12.0130 0x0480 MRxDAV - ok
22:20:12.0177 0x0480 [ 7A761AEE58658378BBA45D360F874CB0, 31972E63D93E07D92EF69571B7ED1E69B1358DCA5BEED62A9372F6411B4DFDB3 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
22:20:12.0255 0x0480 mrxsmb - ok
22:20:12.0286 0x0480 [ 06D5F2FA3C61E8EA91648EA8E9F99FD3, C665B7896501D42C73955F4EAF4FA3C6B2C9286957D6023C235AFBF9BFB761C6 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
22:20:12.0349 0x0480 mrxsmb10 - ok
22:20:12.0380 0x0480 [ 697B78CE3925E4FBFC544232A5E9E2EB, 2D03425513572F6098BAAF82C0EDB49EBAB88438971D349CA1917DA0BDB76334 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
22:20:12.0442 0x0480 mrxsmb20 - ok
22:20:12.0489 0x0480 [ 98487487D6B3797CA927E9D7B030AE13, 05840AF0DD2E3CB596DA768DBD0728B52210EC05B55AB5921E697AD8956938DD ] MsBridge C:\Windows\system32\DRIVERS\bridge.sys
22:20:12.0552 0x0480 MsBridge - ok
22:20:12.0567 0x0480 [ 4A07458EB4F17573BD39F22029A991C1, 74D7A1882EA4D19B8F090C2813489E5D3F759BF4AF2D88AE852EC6510C405B5E ] MSDTC C:\Windows\System32\msdtc.exe
22:20:12.0646 0x0480 MSDTC - ok
22:20:12.0661 0x0480 [ 3886F1F2A4D2900ABAA7E4486BEEE6A2, ECCA22985838A914EDC866C491DEB64B9FF5110EFA9BEE541F634AC5EC3081F9 ] Msfs C:\Windows\system32\drivers\Msfs.sys
22:20:12.0724 0x0480 Msfs - ok
22:20:12.0755 0x0480 [ C32A7A39B960A42BA9D4FBE47213CA03, 4DA48587138972DA5E95AEDBBBE73BA8CCADC8172C6654427ABEAC8047B27E95 ] msgpiowin32 C:\Windows\System32\drivers\msgpiowin32.sys
22:20:12.0802 0x0480 msgpiowin32 - ok
22:20:12.0833 0x0480 [ D3857A767B91A061B408CCAB02DA4F40, A4D780772086AD8717EE6DC2B6189F796939FB5E5AA08FD9D1984101998FBECF ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
22:20:12.0864 0x0480 mshidkmdf - ok
22:20:12.0880 0x0480 [ 839B48910FB1E887635C48F3EC11A05E, F8CFD99911500CC1B6A90C8E2A1697BD5A6E5776A62A62FE5B342FE204C936B1 ] mshidumdf C:\Windows\System32\drivers\mshidumdf.sys
22:20:12.0927 0x0480 mshidumdf - ok
22:20:12.0942 0x0480 [ 55C0DB741E3AB7463242B185B1C2997C, D2E2A5B48A64EA0EC2A6566C08E65A38D11CEA64BCA7B57793BA0D009E4D974A ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
22:20:12.0989 0x0480 msisadrv - ok
22:20:13.0036 0x0480 [ 216C6B035A4BA5560E1255BD8E5BB89F, A14E038604B9A5506DB145A4D9F51E2751AC825240D2744924F39C332B5DE00B ] MSiSCSI C:\Windows\system32\iscsiexe.dll
22:20:13.0083 0x0480 MSiSCSI - ok
22:20:13.0099 0x0480 msiserver - ok
22:20:13.0114 0x0480 [ 509809566E49F4411055864EA8D437CD, 70F37BF9C759E8BCA1C6AC8FB9805950925E1C648ED37E8561A0F7A407DFDC28 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
22:20:13.0161 0x0480 MSKSSRV - ok
22:20:13.0192 0x0480 [ 63145201D6458E4958E572E7D6FC2604, EDD4A8A3BBE94B983554B1117734E66A2647B867269C5F0567C47EDE6F3FACCB ] MsLldp C:\Windows\system32\DRIVERS\mslldp.sys
22:20:13.0239 0x0480 MsLldp - ok
22:20:13.0255 0x0480 [ 99D526E803DB6D7FF290FD98B6204641, 4AFAA3B1186621AEAD19E12D3DBE104DD8FCD5C106F9EC3ADA4AD1BC7093E61F ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
22:20:13.0302 0x0480 MSPCLOCK - ok
22:20:13.0317 0x0480 [ 06FA77C3E2A491ADCD704C5E73006269, 465A7EE5387E6C11398A554F73437278F5BF110356E7F49F315905C1F2459278 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
22:20:13.0364 0x0480 MSPQM - ok
22:20:13.0411 0x0480 [ E134EC4DE11CF78CB01432D180710D84, BB111F97AEEFDCA5866B157E9957599CD7A4952B5BCCA0B0BCA9EDFCD17E61FE ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
22:20:13.0474 0x0480 MsRPC - ok
22:20:13.0505 0x0480 [ B5AECF12F09DEE97C9FCAA5BA016CE1E, F5305C4CE6C93A3A3481BD13BE0C23FE26571E11029ACFFE75FB78913681FCFC ] mssmbios C:\Windows\System32\drivers\mssmbios.sys
22:20:13.0536 0x0480 mssmbios - ok
22:20:13.0567 0x0480 [ 72D66A05E0F99F2528F6C6204FD22AA1, B14D433BC5795F1DC4C672302285E665DC012693E75574F60664AAD8874DE562 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
22:20:13.0599 0x0480 MSTEE - ok
22:20:13.0614 0x0480 [ 8AAAE399FC255FA105D4158CBA289001, 2F55C02605B4A3406B289FF9D46C76260B9138E3DE96AFAEA0E0522E5A2A746C ] MTConfig C:\Windows\System32\drivers\MTConfig.sys
22:20:13.0677 0x0480 MTConfig - ok
22:20:13.0692 0x0480 [ 3BCB702F3E6CC622DCAFCAA45D7CDE0A, 00D33A4AB3E7C5F65F59C63F8E2FD27EF38D5484595F785D5632E9414E29352C ] Mup C:\Windows\system32\Drivers\mup.sys
22:20:13.0755 0x0480 Mup - ok
22:20:13.0771 0x0480 [ 3A1E095277BBD406CEA8EA6B76950664, 47838F307A6354E77C19A7B1F3F3E22726EF60403B611F358AD6FFE81D7214E7 ] mvumis C:\Windows\system32\drivers\mvumis.sys
22:20:13.0818 0x0480 mvumis - ok
22:20:13.0864 0x0480 [ 4B18840511D720BA118D3017E8165875, 724458A69269A5AE57E8DAB74FF3C198A79B6F7A9602BF38A70B4A40543ED167 ] napagent C:\Windows\system32\qagentRT.dll
22:20:13.0943 0x0480 napagent - ok
22:20:13.0989 0x0480 [ 43D7388A90A4C6EA346A4D6FF0377479, DFDCFA448B49C8A577056070AF516F08CD2E452706A3CF9173195ABA4256F35D ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
22:20:14.0083 0x0480 NativeWifiP - ok
22:20:14.0114 0x0480 [ 6A0C3996DA7DAE6D6939676D786EEEC4, 6E8A4C6234FD3040BC889E92016A4D5AC7BCAF5059521E50C733966163A546A0 ] NcaSvc C:\Windows\System32\ncasvc.dll
22:20:14.0177 0x0480 NcaSvc - ok
22:20:14.0193 0x0480 [ C982FE4CC91DECE2259F494FCEB4030F, 4C285407E6F9FBBA92180F4063AEFB736ED142D802F0151002F0CC20AB7BB4E5 ] NcdAutoSetup C:\Windows\System32\NcdAutoSetup.dll
22:20:14.0255 0x0480 NcdAutoSetup - ok
22:20:14.0349 0x0480 [ A10E176F3B2BF83EDE7B5C4658C93B66, 42F2FAEB4A29BBC6727D7E159D3E7E2E66D33785E5C98496EEB44D281601A23E ] NDIS C:\Windows\system32\drivers\ndis.sys
22:20:14.0458 0x0480 NDIS - ok
22:20:14.0489 0x0480 [ 39C8A1D9D46F5E83A016BCAB72455284, 80DBED610E0818C2C7122FBC5BC8C15BCE981538AE48DC48F464A86389AF3F68 ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
22:20:14.0568 0x0480 NdisCap - ok
22:20:14.0599 0x0480 [ 762941932B7E4C588E48A577BA9D6440, 71FA1870E398CB848D8294FEF6C60E0499CAB9A16EC3F487564C41072590E4F3 ] NdisImPlatform C:\Windows\system32\DRIVERS\NdisImPlatform.sys
22:20:14.0677 0x0480 NdisImPlatform - ok
22:20:14.0708 0x0480 [ 7A6F8A6D0E01432EBA294EF29CDD0FA7, D902AE15194A9F8A2198914FC76184FE7E2B589747275952A04A52853128FDB8 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
22:20:14.0771 0x0480 NdisTapi - ok
22:20:14.0802 0x0480 [ 79AB68BB3FFF974AD4F41FA559F4EC67, 1745EC6520B48E325C56D98A1F4DB9CE135FE3E097B3D66E6598791132CAD7BD ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
22:20:14.0880 0x0480 Ndisuio - ok
22:20:14.0911 0x0480 [ 62C7DBF4F9301F76CF87D4B9D8F57BF8, D51FEF198F74FDF583826E259E4736F51CD49908194104677889FD135EEC2EBC ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
22:20:15.0005 0x0480 NdisWan - ok
22:20:15.0021 0x0480 [ 62C7DBF4F9301F76CF87D4B9D8F57BF8, D51FEF198F74FDF583826E259E4736F51CD49908194104677889FD135EEC2EBC ] NDISWANLEGACY C:\Windows\system32\DRIVERS\ndiswan.sys
22:20:15.0068 0x0480 NDISWANLEGACY - ok
22:20:15.0114 0x0480 [ 3730942D7DB2F8BB5F84542B7FF6F650, 89C9D7D7305205BDB304CE6DA7D1A57EDE86A9D77429698802A39D75EB78CAAB ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
22:20:15.0177 0x0480 NDProxy - ok
22:20:15.0208 0x0480 [ D3F60A4345FCA9C1BE68AD7D0D6DE770, 214AF09F4B021C2F8655FBC8AC8C801E89CD9115CDE690FAEBDA69D63D660EDD ] Ndu C:\Windows\system32\drivers\Ndu.sys
22:20:15.0255 0x0480 Ndu - ok
22:20:15.0286 0x0480 [ 7C203A76394F9AE68F69EEE5F9612C4A, 2222654915913BDC9367A2075714906A10CF22C047A7494CD59CB71834ED1B62 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
22:20:15.0349 0x0480 NetBIOS - ok
22:20:15.0380 0x0480 [ 7CEC25C682D319D484630B3952C31A11, 025C46B367E0570E9E3F9DF1564C3E47B1524E9E9A180BBDF0E9C684838F5E42 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
22:20:15.0474 0x0480 NetBT - ok
22:20:15.0489 0x0480 [ F1DA34D64F2BA200D28A7451804E2FEE, 8BDF328F18F1EB58AC0E383ABA7985BA69EA9622B262CD524E3390FDE824DEEB ] Netlogon C:\Windows\system32\lsass.exe
22:20:15.0536 0x0480 Netlogon - ok
22:20:15.0568 0x0480 [ 89519D29CBEC2121CA65CC29C4D345E0, F3BA7BCAFEC8DD8B29837458D1B2B1DEE748AEAAAE0575FD3AAE65CFC72A04CD ] Netman C:\Windows\System32\netman.dll
22:20:15.0646 0x0480 Netman - ok
22:20:15.0693 0x0480 [ 79FA9393C67EBBF92A56923592CF7A7C, A8AB8A6346B97B68810CC632F425085BE9E63ACAED0F119A7BFD03F2DA4AA5F6 ] netprofm C:\Windows\System32\netprofmsvc.dll
22:20:15.0786 0x0480 netprofm - ok
22:20:15.0849 0x0480 [ 5243CFC2E7161C91C2B355240035B9E4, CFD77485A9D7BC47F3A9C53D73B2AE2D5D04B90ED38628F3124EA569F4DE969E ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
22:20:16.0068 0x0480 NetTcpPortSharing - ok
22:20:16.0599 0x0480 [ 57B9C04D673F236D41FAB03842C8640B, 898DCBBBF94875059CD328B0FC75BE36A4E3DD471C6E28BFAE064BCF84349518 ] NETwNs64 C:\Windows\system32\DRIVERS\NETwNs64.sys
22:20:17.0318 0x0480 NETwNs64 - ok
22:20:17.0365 0x0480 [ 12DD2800E4EEA37DC9AE256AD62423B4, 34740469EEA8740CBACD881CB232C9ABB9AB180DE5F45336BC6DBE154259F29B ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
22:20:17.0411 0x0480 nfrd960 - ok
22:20:17.0458 0x0480 [ 80ABCD4C2DE9FD832477303AE0CA3BE5, 98F3958E650CEB1006D92980503E1B176D2CA55D2A6742C1C27CDE829D137DA9 ] NlaSvc C:\Windows\System32\nlasvc.dll
22:20:17.0521 0x0480 NlaSvc - ok
22:20:17.0536 0x0480 [ 17E19A742FB30C002F8B43575451DBE1, 59D226A4A5B5281C399BE96C694915E38EEAF335D31F346B0C65D8F469D7C9C3 ] Npfs C:\Windows\system32\drivers\Npfs.sys
22:20:17.0615 0x0480 Npfs - ok
22:20:17.0630 0x0480 [ 8ED299C30792544264E558BEA79F0947, 8A03FDA9AADB79ECBCBCDC988B7D8CF0672689C9DF673A2ECFE0D2D88A9C6A6B ] npsvctrig C:\Windows\System32\drivers\npsvctrig.sys
22:20:17.0724 0x0480 npsvctrig - ok
22:20:17.0740 0x0480 [ 832B5FDF0B5577713FD7F2465FCD0ACE, 4A551CDBACED47DD781EC59F8B59A13D66EFD85DCF636BCFCBACFE5972A78E93 ] nsi C:\Windows\system32\nsisvc.dll
22:20:17.0802 0x0480 nsi - ok
22:20:17.0833 0x0480 [ 689B3B1E95C70ABF7AFF29F9406EF1E0, 8B62D8AE53E1B3218158FADC0075682AB06D18998CF5DE82C920A9CD91C0652F ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
22:20:17.0880 0x0480 nsiproxy - ok
22:20:18.0021 0x0480 [ 7BE3EDFFA3216F989A6BDCB14795DD08, 19A2D0120C46CA9BCFBC16DC3E65687ACDDCBA33B79128188652BA2AFAA2EE2F ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
22:20:18.0208 0x0480 Ntfs - ok
22:20:18.0255 0x0480 [ 4163ADE07DB51843AE31F65B94F5398D, 4349E7EF1EE1E71E1F436BA42F5B58871D82B987D513BA2D6E1CEB8A21BD1B20 ] Null C:\Windows\system32\drivers\Null.sys
22:20:18.0302 0x0480 Null - ok
22:20:19.0115 0x0480 [ 5104BAC2DA2A5BDD86AC6B0708B00F06, A02501514F8517CB5A6CFE4352A3D0F864153470015589428A6B14477E791514 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
22:20:20.0630 0x0480 nvlddmkm - ok
22:20:20.0693 0x0480 [ 918841B2454F4F2BD94479692079490B, 16667315DE4EB5543E176273362791B157223E775ED1CF285330CC8195E0F1BB ] nvpciflt C:\Windows\system32\DRIVERS\nvpciflt.sys
22:20:20.0724 0x0480 nvpciflt - ok
22:20:20.0771 0x0480 [ D6D34118263412D3AAA8348A9572B7F2, 66106A25BC5A4CA7697A23ED67CEDB5C0BF678EA70FD967A405D2DF76F4CA3A4 ] nvraid C:\Windows\system32\drivers\nvraid.sys
22:20:20.0849 0x0480 nvraid - ok
22:20:20.0865 0x0480 [ 27AFC428D1D32ABD04A86763A4EDDEA9, 0920866013A8C8CFEE00E6AECDD41736F5501C49837E2D785998734F087F6B98 ] nvstor C:\Windows\system32\drivers\nvstor.sys
22:20:20.0927 0x0480 nvstor - ok
22:20:21.0021 0x0480 [ DDFAFCE89A5C93D04712B86F94E9FCBA, 377303D4CAC9E3AD5B58894CF7AECDA4FCD3D721568BE8BACC0A897A0956919A ] nvsvc C:\Windows\system32\nvvsvc.exe
22:20:21.0130 0x0480 nvsvc - ok
22:20:21.0240 0x0480 [ CBF57D045F325D790D061B97F69E75D6, 18E38A1941F9B7B0A897BBA2A01B4EE15159C08105B5319EDD5D49AF067086FF ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
22:20:22.0724 0x0480 nvUpdatusService - ok
22:20:22.0771 0x0480 [ 051CFB5107BAAE510419BDC41F8C4036, 9990906F17A3886EF301D2AA6556263B52A1C0554C6BD18331AF44ECECAEE4B5 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
22:20:22.0834 0x0480 nv_agp - ok
22:20:22.0880 0x0480 [ 30B5F9FB0C35AE6B4A0851D24CE2EE8B, 0340E77E8EC2ADC21B8DDD9C9CC95B3F4BCAFD54618A333C72D7D9587D593B83 ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
22:20:23.0099 0x0480 ose - ok
22:20:23.0146 0x0480 [ AB76700D764A342D7475FB8F47CAB18C, ECDF705D3E69EF6E7044C98A462A7281D0E7D0D85769C0815555D934B0B69C8D ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
22:20:23.0255 0x0480 p2pimsvc - ok
22:20:23.0318 0x0480 [ 4319FD931DCD796435ECB5DB4A04FBA5, 20185B2F359EEC202B37019A4E4F5B914ADCF78B97AF0CBD91EECED2259FC6DE ] p2psvc C:\Windows\system32\p2psvc.dll
22:20:23.0427 0x0480 p2psvc - ok
22:20:23.0474 0x0480 [ 4563DAF8C6A740AD7F501E219BD10766, 7A1212DDAE2D66A9C2041262796904E36036CDC4C5B75C2F66B8DF9D89F7C25D ] Parport C:\Windows\System32\drivers\parport.sys
22:20:23.0552 0x0480 Parport - ok
22:20:23.0584 0x0480 [ D6ACCF9F2EEEEA711C14EFD976E573F3, 60D2A81832A8D24F91C3EF134440D5026354917F59462BACBCE7A01D84767D91 ] partmgr C:\Windows\system32\drivers\partmgr.sys
22:20:23.0631 0x0480 partmgr - ok
22:20:23.0677 0x0480 [ 19E41F140A6ADBD38943710DA7FF0E38, AF9FDBEB0E519B7EA034C76077E514FE27138204E9874F4DDEA0B1CB26A45BA0 ] PcaSvc C:\Windows\System32\pcasvc.dll
22:20:23.0771 0x0480 PcaSvc - ok
22:20:23.0818 0x0480 [ 4A003E8F718C1E6A2050CA98CD53E3E2, BCC3BE1EC3FA4967353371D85094D096940A7B5944A6FFCA31E8FBE83D92CC6C ] pci C:\Windows\system32\drivers\pci.sys
22:20:23.0865 0x0480 pci - ok
22:20:23.0896 0x0480 [ F9908D274D458220F91E89B54D78D837, 1E89ABFA6B375383E0297CEE5AF66E37F90E16DD21ABA5C91777A86CDF013B4D ] pciide C:\Windows\system32\drivers\pciide.sys
22:20:23.0943 0x0480 pciide - ok
22:20:23.0974 0x0480 [ 84D19CB6102627932DCB5DFDF89FE269, 2F9C47E076645B35877D9ACA77968EFFCDA8794D76265CD9A4AAA239C4B33C5F ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
22:20:24.0068 0x0480 pcmcia - ok
22:20:24.0084 0x0480 [ CEBBAD5391C2644560C55628A40BFD27, 8AAA6EBD8D89FC91AECCCF1452F53C5650A1A17027FF4E64D224371404CE4C8B ] pcw C:\Windows\system32\drivers\pcw.sys
22:20:24.0131 0x0480 pcw - ok
22:20:24.0162 0x0480 [ 0698DEDEAD6A00AD0D468C687D830FBF, B9DCA1A61F2EF80DB26380F390F2E9A17114D33129D61CF465B949B6A7916CAA ] pdc C:\Windows\system32\drivers\pdc.sys
22:20:24.0193 0x0480 pdc - ok
22:20:24.0271 0x0480 [ 61FE70659CD43E07F94DA4DC31DEC493, 3739B6670B440173FD81DE3D47B0B90FAF296802AD4F57C05BF5CF191BF16022 ] PEAUTH C:\Windows\system32\drivers\peauth.sys
22:20:24.0381 0x0480 PEAUTH - ok
22:20:24.0443 0x0480 [ EB88FA19F0EA05DD04BE9C5FFEEFFE1A, 459CF99D5243C4ACAA38C7B426ADC52F1044C759D06A925D475DF6213AEB85CD ] PerfHost C:\Windows\SysWow64\perfhost.exe
22:20:24.0552 0x0480 PerfHost - ok
22:20:24.0693 0x0480 [ 6E84BFF58F7643499277F29DFA2F8C8D, 401CCF137F35D9690C7B56B2BFEDB2DB72709EBE38626D787904B67640EF6F14 ] pla C:\Windows\system32\pla.dll
22:20:24.0896 0x0480 pla - ok
22:20:24.0927 0x0480 [ 799BE46D45D486704CE0F37CA5385262, BB78DEE83B9DB613B1C083D55FAA458BE3E394AED80EB91B599185A7272F33B3 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
22:20:24.0974 0x0480 PlugPlay - ok
22:20:25.0006 0x0480 [ 8E2414E818C26C4A9C70CB2B8567F04F, A16B22AE143BA070C562FBE5DEF32F7E228F50B302B66E46B46C44C0F50A4461 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
22:20:25.0068 0x0480 PNRPAutoReg - ok
22:20:25.0115 0x0480 [ AB76700D764A342D7475FB8F47CAB18C, ECDF705D3E69EF6E7044C98A462A7281D0E7D0D85769C0815555D934B0B69C8D ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
22:20:25.0177 0x0480 PNRPsvc - ok
22:20:25.0224 0x0480 [ 0108C8E5176D590F242701EF5A62CC26, 3A72F5D4402663B7445F6B3C55F01E83A619B6192F7D3CC2DE3C57F9F50D5A2D ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
22:20:25.0334 0x0480 PolicyAgent - ok
22:20:25.0365 0x0480 [ F1E067F56373F11EA4B785CAE823740A, 69BD30E64DA17595FF29C9C9FF9AD4F2F4BE29B688FBAC9DABB2FA9D13A47FF0 ] Power C:\Windows\system32\umpo.dll
22:20:25.0427 0x0480 Power - ok
22:20:25.0459 0x0480 [ 362D47E5B4D67270DE4B8606036F4ADD, 716E229C68D91AEA5B5629F60133D5CBDC0C95ABA54D9DC6264E923CAF4DC6C0 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
22:20:25.0521 0x0480 PptpMiniport - ok
22:20:25.0740 0x0480 [ C2D3B3D0060619D5E03E696BD56FF59F, 155954F16B6F9B51BA16F43F1AE6F977B1EC4DE77862C6F6C722293189BE0DD2 ] PrintNotify C:\Windows\system32\spool\DRIVERS\x64\3\PrintConfig.dll
22:20:26.0006 0x0480 PrintNotify - ok
22:20:26.0053 0x0480 [ DD979EB6A7212F60E4AFBE96EDC7AE6D, BC681D64C5B8F08FD4613D71111853FCD5B05E4BD127D2C6258BAED7627105BE ] Processor C:\Windows\System32\drivers\processr.sys
22:20:26.0146 0x0480 Processor - ok
22:20:26.0178 0x0480 [ 429E8502AD2227CF88F8840FC5BD590D, A186DA46C083580ACEDE9C7E3156865034302CD803140EEEC8E1DE16DA4BC99B ] ProfSvc C:\Windows\system32\profsvc.dll
22:20:26.0256 0x0480 ProfSvc - ok
22:20:26.0287 0x0480 [ EB8034147D4820CD31BFCB11A2A652DF, B10B5E16B7A05D2DB2D5D1945B6146DE15EEDE2C778772A59F104706B5145E46 ] Psched C:\Windows\system32\DRIVERS\pacer.sys
22:20:26.0381 0x0480 Psched - ok
22:20:26.0428 0x0480 [ 0AFBF333B6F87A2F598EAB379AF100B8, D11F3A4D7E4463B62E2DBDE5FC61425B1FDFB07DD1A19BC001D479CA1F554510 ] QWAVE C:\Windows\system32\qwave.dll
22:20:26.0521 0x0480 QWAVE - ok
22:20:26.0553 0x0480 [ 13D47BB0CCA2FC51BD15F8E85C6A078E, EA832A9511007C9E8599C3066E1FA66BE869E8A27886D9A9AC590BD4DFBD1A15 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
22:20:26.0615 0x0480 QWAVEdrv - ok
22:20:26.0646 0x0480 [ 873C60F8178100557740A832FCE10B5F, 400EF60CB2C98E2AFE122AF3D01CCE56A1548AF865345EE2194AB74DBCBF4C48 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
22:20:26.0709 0x0480 RasAcd - ok
22:20:26.0740 0x0480 [ 69B93F623B130976243ECA3D84CC99CA, F27617E651EADFAEE479619AAB01CDAA98111BA63E204D5C44A1256732CB0100 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
22:20:26.0803 0x0480 RasAgileVpn - ok
22:20:26.0849 0x0480 [ 005F6E54C4A2DA4EBF68FB0392CE8BB0, 2F3C90A04964D4D906238BD557D90F7AC05DF86FE9729C4378B39431F54DDAE3 ] RasAuto C:\Windows\System32\rasauto.dll
22:20:26.0943 0x0480 RasAuto - ok
22:20:26.0959 0x0480 [ A14D625C5AEE5FFE0F47D1A1D419FAAE, 1229B81C23340AD5B436B1FD227876EB41715CE6BD270BA367F18879D26B8F04 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
22:20:27.0037 0x0480 Rasl2tp - ok
22:20:27.0084 0x0480 [ C923C785A2DE0B396AD6D13ACAFF2DE9, 4F950DA776FBABEC7D546983D6F3018733F61268A4BF95C01D4836AD000BD073 ] RasMan C:\Windows\System32\rasmans.dll
22:20:27.0178 0x0480 RasMan - ok
22:20:27.0209 0x0480 [ 00695B9C2DB6111064499C529E90C042, 3CD4DF4D8001C2BBF52EEEB1F0D587209878BEAC339D268892477AD840D490F1 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
22:20:27.0287 0x0480 RasPppoe - ok
22:20:27.0303 0x0480 [ A7F24D8CD1956B0A1FDCB86CC5114DE4, 30489D235362DF62B105378597168B13F4BAC74A8EDDBDA25237E3C017B69FEE ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
22:20:27.0381 0x0480 RasSstp - ok
22:20:27.0428 0x0480 [ CA03D642ACE58E1BA54E4B383F91CD69, 39BB942603801CF11FBEA28E24F8C8D1EF2AF615D1FABF951683A015D6A6EF37 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
22:20:27.0521 0x0480 rdbss - ok
22:20:27.0568 0x0480 [ CA7DF5EC95D8DE0DD24BE7FF97369F68, 153E6F716CA935DBCACB8FF1BB8DE5F5551CE3D18878225470E45893CA69BDB8 ] rdpbus C:\Windows\System32\drivers\rdpbus.sys
22:20:27.0631 0x0480 rdpbus - ok
22:20:27.0662 0x0480 [ B2A3AD74FF2E2FFA73AF2567108231B3, DF8CEA6215F75C634D56F6B8AE11ECCEEB5F8CBC091AC3D6D9F7DE214B00A439 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
22:20:27.0740 0x0480 RDPDR - ok
22:20:27.0787 0x0480 [ 57F4787E4602A3FCA719C0A33137C6DA, D03AE59A184EB5D126F8EAB9D36EE406ABB8B9ED834F2D2496DDB1349FF56F89 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
22:20:27.0834 0x0480 RdpVideoMiniport - ok
22:20:27.0865 0x0480 [ B3CB0721E81E30419CE7D837EF4EA151, EC9410818661BF77E4A19694E3A3030E1D983B36F49C72E27F92A1424E0729C2 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
22:20:27.0943 0x0480 RDPWD - ok
22:20:27.0974 0x0480 [ 62C1F8A0685FE07E998AA296C4F697C4, C636AB2D0F139003A6AD7A12E9DC13EE4485A62F30DA59AF842FF02FE07442EE ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
22:20:28.0037 0x0480 rdyboost - ok
22:20:28.0068 0x0480 [ 3663CCF243EE0C04E9F6F91ED1737273, 31D06445996F99A7F6B32004D1BA63A21C61DE125373F860BA9A9DE5278E8293 ] RemoteAccess C:\Windows\System32\mprdim.dll
22:20:28.0162 0x0480 RemoteAccess - ok
22:20:28.0193 0x0480 [ E80DD61E52EDFFF9DA1ED7260A68855B, 97909F42AE35E28B8F98C01A1D8BAD80A949CDCA0C88FB4ACF0A655DC7C10E45 ] RemoteRegistry C:\Windows\system32\regsvc.dll
22:20:28.0303 0x0480 RemoteRegistry - ok
22:20:28.0350 0x0480 [ CCBFCABDFE2BC22F0645CEAADDB36004, 279EA9075079F91165027CEFD4FBC61A213CA602EE7DE106F7D2D243468706AA ] RFCOMM C:\Windows\System32\drivers\rfcomm.sys
22:20:28.0412 0x0480 RFCOMM - ok
22:20:28.0443 0x0480 [ 73F2E030B5C24E4E41401B5F0D59E6FD, FAA8B5E3159684E0836900C6EAF63857B445F7F180169B56D5790F097EDAA38B ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
22:20:28.0537 0x0480 RpcEptMapper - ok
22:20:28.0568 0x0480 [ 10B21284B3D964AB3DC45490E57D422E, 12D5E3A7785F21C99C5EAD14A88EB7A86A058E26C091991339356D99D196CC13 ] RpcLocator C:\Windows\system32\locator.exe
22:20:28.0631 0x0480 RpcLocator - ok
22:20:28.0709 0x0480 [ 1EC6E533C954BDDF2A37E7851A7E58FD, C25936A7465B6A2B3D05D2FCB09D91ACC07CFE038A5E968C99CFA9D9F2967DD4 ] RpcSs C:\Windows\system32\rpcss.dll
22:20:28.0803 0x0480 RpcSs - ok
22:20:28.0850 0x0480 [ 7B386B880EDAD12C5102B448E2A3127C, 9B7906AA6F043533B8665012445D63733C703DB77EAAEFB5985C32437A03D56F ] RSBASTOR C:\Windows\system32\DRIVERS\RtsBaStor.sys
22:20:28.0928 0x0480 RSBASTOR - ok
22:20:28.0959 0x0480 [ E04E770DD198B9399640717145E79EBF, 2F9BECB7E4B0A522C6370FD39CFD7DFD3FB5D0A779AECCED2EE855629FA3C952 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
22:20:29.0021 0x0480 rspndr - ok
22:20:29.0084 0x0480 [ 34DA0D14F5C3F1883A331AFB975AB434, BB5D580C1DCAE59CC1DB75C411A5A4DDF435931469E7EBFF5DFDADBFE07ADEBF ] RTL8168 C:\Windows\system32\DRIVERS\Rt630x64.sys
22:20:29.0209 0x0480 RTL8168 - ok
22:20:29.0240 0x0480 [ 752EC7DCD2F96871A3857EEE6AFE965A, 1D0640966B9147A06ED0E733711773E6B4AB8AC6D962D5B369ECB04170D18AD8 ] s3cap C:\Windows\System32\drivers\vms3cap.sys
22:20:29.0287 0x0480 s3cap - ok
22:20:29.0318 0x0480 [ F1DA34D64F2BA200D28A7451804E2FEE, 8BDF328F18F1EB58AC0E383ABA7985BA69EA9622B262CD524E3390FDE824DEEB ] SamSs C:\Windows\system32\lsass.exe
22:20:29.0365 0x0480 SamSs - ok
22:20:29.0428 0x0480 [ 987704F962C0C4FD00A6A46492F5F26A, 9967F9A8776047EA8222A16291234AC3D8FC3D3EA2998BC1E2F7D2E8FCD104E8 ] SAVAdminService C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe
22:20:29.0537 0x0480 SAVAdminService - ok
22:20:29.0553 0x0480 [ 2192AE4D310ADB821B38595150F5A384, 6302713E974BDEEECF047E7D7EF1B19F5D8937A728F6F19B14A77C025F42B43B ] SAVOnAccess C:\Windows\system32\DRIVERS\savonaccess.sys
22:20:29.0615 0x0480 SAVOnAccess - ok
22:20:29.0646 0x0480 [ 1B7CD145B1760EC6FA0D7F07FF44C612, CC62258627911EDFE9DA8611B59DB12EF5DB2B3CE38791CD81F8A8EAFE8F6A29 ] SAVService C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe
22:20:29.0740 0x0480 SAVService - ok
22:20:29.0771 0x0480 [ 9C7B28CE0D136DB226E24DB3BC817F92, E9DE55D6432ADD08EC75F99F2B5D2BD1F553F4EE55991B1767B1578351EE0BF2 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
22:20:29.0850 0x0480 sbp2port - ok
22:20:29.0881 0x0480 [ 14316954FCE79C9DE5A0AFF9D42C83AA, B60FB1FAC0299F9560761411711E86EDFA2F8D27B58230E2E4BB37736FAB2287 ] SCardSvr C:\Windows\System32\SCardSvr.dll
22:20:29.0975 0x0480 SCardSvr - ok
22:20:30.0006 0x0480 [ 5D7733A12756B267FCA021672B26BC9E, 01CE5B5F49914B9E099BD909A66296F3A40644AE47BA1D5EBFFB30CD33C70A4A ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
22:20:30.0068 0x0480 scfilter - ok
22:20:30.0178 0x0480 [ ED40ED9A65F3E79A8C43DD50C5FDADBF, 2323BFAB1BC3D661A376650B7AC14C7780C92BA575DA048F3C7611CDB3F7F04A ] Schedule C:\Windows\system32\schedsvc.dll
22:20:30.0334 0x0480 Schedule - ok
22:20:30.0365 0x0480 [ BAF8F0F55BC300E5F882E521F054E345, FB228DB18F2FA55D8BA35A7E6778EE5D2EB0C29D384F1A0A868F90AE706188D7 ] SCPolicySvc C:\Windows\System32\certprop.dll
22:20:30.0428 0x0480 SCPolicySvc - ok
22:20:30.0475 0x0480 [ F58B030A0664385C707B8C1C63682041, E46AADAA2CD687B9A4B564DC5B002493C8480542588E660BC3DF89EAF9DB0427 ] sdbus C:\Windows\System32\drivers\sdbus.sys
22:20:30.0537 0x0480 sdbus - ok
22:20:30.0584 0x0480 [ 92968277ED491E4B3DDA361E3952361E, 71C50853BB2126A34C7CD014EE44D4B8B39F589E2E8E8E8F4C982E07498E3899 ] SDRSVC C:\Windows\System32\SDRSVC.dll
22:20:30.0662 0x0480 SDRSVC - ok
22:20:30.0693 0x0480 [ BB107AA9980B0DA4E19A3A90C3BD4460, BCB4CF0FFF1FD57302557B68044A88C8EEAAE57C2FEAE8EAD1F410F960298B6D ] sdstor C:\Windows\System32\drivers\sdstor.sys
22:20:30.0740 0x0480 sdstor - ok
22:20:30.0772 0x0480 [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv C:\Windows\system32\drivers\secdrv.sys
22:20:30.0850 0x0480 secdrv - ok
22:20:30.0881 0x0480 [ CD282626738B6BC92B6E7CD0AAE95B63, 1A56567C781786C85C63E24E79186EE5C82D3EB2679061B21BA0571A3A6CB7F5 ] seclogon C:\Windows\system32\seclogon.dll
22:20:30.0943 0x0480 seclogon - ok
22:20:30.0959 0x0480 [ 9C51620998F0763039DFA6BF68E475ED, 9E496ADE7CE9A446BE8A2C2FC61B462D966778A94A4C147AABBD25C4821C2BCE ] SENS C:\Windows\System32\sens.dll
22:20:31.0022 0x0480 SENS - ok
22:20:31.0068 0x0480 [ 0D50B4B860DAB65241628D04CD33ACAE, 2AA897C3F9ED076AB9244A32745D18489B076F3ED28A35B868C472131C5B5B46 ] SensrSvc C:\Windows\system32\sensrsvc.dll
22:20:31.0147 0x0480 SensrSvc - ok
22:20:31.0162 0x0480 [ 87C46B239A7EEF30FDFDD5E9BD46130C, F36FB5B20AC58FBD31F7E636059D2D865B751E178E51A03B94ABE0BBD1AB1EC9 ] SerCx C:\Windows\system32\drivers\SerCx.sys
22:20:31.0240 0x0480 SerCx - ok
22:20:31.0256 0x0480 [ 7A1F9347C85FD55E39B8A76B3A25C5AD, 03AF3B23285278A38F4CBEAB7FD326A48FA1EC7F8D044C059CE5403C6D225639 ] Serenum C:\Windows\System32\drivers\serenum.sys
22:20:31.0303 0x0480 Serenum - ok
22:20:31.0334 0x0480 [ F640A0A218BBF857F1D04A15D7D939F6, 948C13886281FE7947E10FB7B34D5CCFE512FB632F1132B6062AC85149F79950 ] Serial C:\Windows\System32\drivers\serial.sys
22:20:31.0397 0x0480 Serial - ok
22:20:31.0412 0x0480 [ F1A5F56B2620B862CC28FF96A0A6DAAB, E5367212B2CADF3820D657CFC27CD961547E28DAB950C68E1380CF97FB68F3F4 ] sermouse C:\Windows\System32\drivers\sermouse.sys
22:20:31.0475 0x0480 sermouse - ok
22:20:31.0522 0x0480 [ CB60A60340788C8D6DE2A269D28086AB, 2D8948E59BB9B00E16D20E425F80E7B862957DBAC9A4D1484E5191FAF333B60D ] SessionEnv C:\Windows\system32\sessenv.dll
22:20:31.0615 0x0480 SessionEnv - ok
22:20:31.0647 0x0480 [ 7EE65419B29302C795714FF8073969A1, E28D89A5423E3A5062030EB2418E9435DD5D8B9D16570046E782D3FCFDA2E79A ] sfloppy C:\Windows\System32\drivers\sfloppy.sys
22:20:31.0709 0x0480 sfloppy - ok
22:20:31.0756 0x0480 [ 090AE16F79C8EAD04E6031F863DA85F3, 3F27BE46DF602B53940414A6E9FEB23B36CFFB8E9A7F41440C3315B8E27D0029 ] SharedAccess C:\Windows\System32\ipnathlp.dll
22:20:31.0865 0x0480 SharedAccess - ok
22:20:31.0928 0x0480 [ A77F3ABE13FCC698511E5DEC7ACEBD5F, 78A43FDA9F770FD8BA107605DB44BC71D8B89D7E75560DA783AA6356C1873C15 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
22:20:32.0053 0x0480 ShellHWDetection - ok
22:20:32.0100 0x0480 [ 2560721D6F16D5B611C36A3A9D28C1B2, 15C30404902654ABA5DB5367FC5BD31343B12A3FC22B4BC5A26B09016447B5ED ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
22:20:32.0147 0x0480 SiSRaid2 - ok
22:20:32.0178 0x0480 [ 3AA8FDE1DBF65BB8B88B053529554A0D, 8060D946344D043D336F4735363C23C37C91A6DB3F81E575C267B2EC2BECB0EC ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
22:20:32.0225 0x0480 SiSRaid4 - ok
22:20:32.0272 0x0480 [ 50D9949020E02B847CD48F1243FCB895, 5BDAD5E44DE5B412645142810C5FCE4B2D9685F928FF4A6B836A9DCE7725BD78 ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
22:20:33.0475 0x0480 SkypeUpdate - ok
22:20:33.0553 0x0480 [ E660156A4588A84305CB772FD2C0DB21, 9492EB6578D4A689945E1FC2440EFA77D461049CDB2D00A645969A71B7DA68E1 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
22:20:33.0615 0x0480 SNMPTRAP - ok
22:20:33.0662 0x0480 [ 8A12AB5DE877B8F97D5EE70E16A5C9B2, F9321B8EE9564E2D7E48EE77DB4122EEC2C7B1B2277CB0AA01258CDEED348199 ] Sophos AutoUpdate Service C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe
22:20:33.0756 0x0480 Sophos AutoUpdate Service - ok
22:20:33.0803 0x0480 [ 69FBE35A8165ADBC313AA7F64B868CA1, 33C1EDACC7D804091ADD1BFF3FE916DF065A1BF038F344EF2A11FE01DE749510 ] SophosBootDriver C:\Windows\system32\DRIVERS\SophosBootDriver.sys
22:20:33.0850 0x0480 SophosBootDriver - ok
22:20:33.0912 0x0480 [ 9110193D93960E38B8692E4519C75D72, 789381B4CCC056EE431E78E2339AC9802264A1CE4B378DDA9769649664C9A7A0 ] spaceport C:\Windows\system32\drivers\spaceport.sys
22:20:33.0990 0x0480 spaceport - ok
22:20:34.0022 0x0480 [ 3D8679C8DF52EB26EB7583A4E0A29202, DCD9B69299275857712AB200C014AE820C8A9F7E53C4A335A84518FBE4BB56BB ] SpbCx C:\Windows\system32\drivers\SpbCx.sys
22:20:34.0069 0x0480 SpbCx - ok
22:20:34.0131 0x0480 [ 3F215BF2D4D8D6756298B25B579772C2, 744192D1635E5D296BFD399E870B70592202CEAF95C31C2D2B226A868D33A3FD ] Spooler C:\Windows\System32\spoolsv.exe
22:20:34.0240 0x0480 Spooler - ok
22:20:34.0569 0x0480 [ 061A977C920FBE4BF71FF47C966DDDCA, 746516396B72E4ADB05D978C819CD45FE44EE194756F6DA50121D755439CA590 ] sppsvc C:\Windows\system32\sppsvc.exe
22:20:35.0037 0x0480 sppsvc - ok
22:20:35.0115 0x0480 [ 0F1FCD575A03ABDE13FCA9D0ADE4DDA6, 61EEB1349489CB85204F1B4E398BE24EDC01FB914120C9DD0487F8EE1EDA055E ] srv C:\Windows\system32\DRIVERS\srv.sys
22:20:35.0209 0x0480 srv - ok
22:20:35.0272 0x0480 [ 8504ADDE9C146C6295B16D13A0007560, 715E3752AE4A276FA8DAFA3B52B699C45D97E747CB25FE4AE307241D206319B7 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
22:20:35.0397 0x0480 srv2 - ok
22:20:35.0444 0x0480 [ BB0F9E19C5CE4DC765B263E2A5561DE1, F7DBC96E049625E4312D8F588FCF2B4AC6318C04D04758982FE9B51DABEC2DAE ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
22:20:35.0522 0x0480 srvnet - ok
22:20:35.0569 0x0480 [ 7A20882D76D4A78240A5AC9F2C2EBA21, ACA05211EE542999A118BBD2CD051038A7DC8C40C4B8971DC6514BA90E90EC61 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
22:20:35.0647 0x0480 SSDPSRV - ok
22:20:35.0678 0x0480 [ 0211AB46B73A2623B86C1CFCB30579AB, 7CC9BA2DF7B9EA6BB17EE342898EDD7F54703B93B6DED6A819E83A7EE9F938B4 ] SSPORT C:\Windows\system32\Drivers\SSPORT.sys
22:20:35.0725 0x0480 SSPORT - ok
22:20:35.0756 0x0480 [ D233B16999A8E626F6004BD7814C57EC, 5BBFE5DDF1269617ABD1BDBED85A79D99BB52EA29C2BB3A8F4A1827BFAA1A747 ] SstpSvc C:\Windows\system32\sstpsvc.dll
22:20:35.0834 0x0480 SstpSvc - ok
22:20:35.0866 0x0480 [ 4E85355B94CFCB67C135F6521A4895A7, AC4FC65C1E62A54B3834E7FE0A2B1ECC48A2AA563AE5BD508326EE68FFFBBEEE ] stexstor C:\Windows\system32\drivers\stexstor.sys
22:20:35.0912 0x0480 stexstor - ok
22:20:35.0979 0x0480 [ BAC8A721736AECC55A4F71523AEAB65F, B52E1303B13A961A5FC190829E55B6F28ACA409A6EEF44B358D1D210558FE1D8 ] stisvc C:\Windows\System32\wiaservc.dll
22:20:36.0057 0x0480 stisvc - ok
22:20:36.0104 0x0480 [ B240874B2CA0CD02E8CD11E140B14C57, 0FDBEE3DB644175A30065CAF020F375703ADC45A33221788C010F3111707FC25 ] storahci C:\Windows\system32\drivers\storahci.sys
22:20:36.0167 0x0480 storahci - ok
22:20:36.0182 0x0480 [ F74DBC95A57B1EE866D3732EB5F79BE2, E4FE9D5CD0A385ACB60D5D5E8D969F26C3A6BC0C08FF0838DBE9CA106229C8DE ] storflt C:\Windows\system32\DRIVERS\vmstorfl.sys
22:20:36.0245 0x0480 storflt - ok
22:20:36.0260 0x0480 [ 5337E138B49ED1F44CCBA4073BC35C20, 2B296973215E3865A56C46DC3D27F1460D96BC321558CE7A911B05B0E7BF397F ] StorSvc C:\Windows\system32\storsvc.dll
22:20:36.0323 0x0480 StorSvc - ok
22:20:36.0354 0x0480 [ 543CD3CC0E05B8D8815E0D4F040B6F59, 4B57C9534E94A0A67FC82DBD4FAECACA180BEC281FB477550A37C0A04777E09E ] storvsc C:\Windows\system32\drivers\storvsc.sys
22:20:36.0417 0x0480 storvsc - ok
22:20:36.0432 0x0480 [ 8BC1C1ED6EF9C985A3FAA6A72F41679A, 82CC77030D23013572B4A64A64B6156789F253BF56268B790093CE3D345410A0 ] svsvc C:\Windows\system32\svsvc.dll
22:20:36.0528 0x0480 svsvc - ok
22:20:36.0544 0x0480 [ 4AFD66AAE74FFB5986BC240744DC5FC9, 0C9347614E3FD3B4D3B29FA4A5DA23FF6EE4CD9A1FFC378B855B8DE61B2876CF ] swenum C:\Windows\System32\drivers\swenum.sys
22:20:36.0606 0x0480 swenum - ok
22:20:36.0809 0x0480 [ B3379659D773BFDD3B631F5FEE2FF2B3, AA53EE515BE2821CC30B35BFC18283627E7B8CEE4CDB2C33209B06AA75DA74A6 ] swi_service C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe
22:20:37.0762 0x0480 swi_service - ok
22:20:37.0997 0x0480 [ F6A5E474ED27BA7938A1D0CA19F7008B, ED82F6F67BAF823B979F078035981BBC4A44E81565284C52FCED2CFC3D94D358 ] swi_update_64 C:\ProgramData\Sophos\Web Intelligence\swi_update_64.exe
22:20:38.0263 0x0480 swi_update_64 - ok
22:20:38.0309 0x0480 [ 502F9488540051F3E6C39889ECFA76BB, 22ABD681BE4CF8A1F484C6363C1334B1EF7A6C074D837B0121DE1896887B84C6 ] swprv C:\Windows\System32\swprv.dll
22:20:38.0434 0x0480 swprv - ok
22:20:38.0528 0x0480 [ A06CB9269D29EE3D0F3F5630ABB660B8, 519A01FC7D9414B26CCBC23E7FB1CEAF1C91CD173B4F4A4025F8316B7460C584 ] SysMain C:\Windows\system32\sysmain.dll
22:20:38.0669 0x0480 SysMain - ok
22:20:38.0716 0x0480 [ 6FB88606C4A71E1BFAF97D63A676C673, D72F93A482E989ACA50F9647B7AD699A4656AEAACF377BB2B8CEBB094B748852 ] SystemEventsBroker C:\Windows\System32\SystemEventsBrokerServer.dll
22:20:38.0778 0x0480 SystemEventsBroker - ok
22:20:38.0809 0x0480 [ A6C06C45C44AD06C70AF8899AEC15BDC, AC2CCCDBA6B94BA85A6D41B47343193D175786D4ECF71AE9C7766ADD63A1273F ] TabletInputService C:\Windows\System32\TabSvc.dll
22:20:38.0888 0x0480 TabletInputService - ok
22:20:38.0934 0x0480 [ 88B7721AB551C4325036B25A34A2BF7B, 2817CC6294542524EC373A674535F913440736BEBE81233CA91D5ECD93620B02 ] TapiSrv C:\Windows\System32\tapisrv.dll
22:20:39.0028 0x0480 TapiSrv - ok
22:20:39.0185 0x0480 [ 0E0C16EE82E2F4EBC2FBCA24C8F00D9E, F8B2A0257442E00C5D7C5A15BBD84194D0F0C071424656CA4B8EC850B6898D10 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
22:20:39.0404 0x0480 Tcpip - ok
22:20:39.0529 0x0480 [ 0E0C16EE82E2F4EBC2FBCA24C8F00D9E, F8B2A0257442E00C5D7C5A15BBD84194D0F0C071424656CA4B8EC850B6898D10 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
22:20:39.0748 0x0480 TCPIP6 - ok
22:20:39.0794 0x0480 [ 8F2A13A5DF99D72FDDE87F502A66F989, 2228C62ACDB4CBBFDD2BE705E604E0B9A8AEA7146F65F2D8B9B2A2FB49ACFAE1 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
22:20:39.0857 0x0480 tcpipreg - ok
22:20:39.0904 0x0480 [ 73DC722CE5DF26D7638CE2446F2655C7, 9B8E6F6DEA5E0C2AEAC24A31897D2E73F86EF44F1C25FEF82D2C860353793817 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
22:20:39.0982 0x0480 tdx - ok
22:20:40.0013 0x0480 [ F7C8AB5D8AFFAA318D6A21093D139BF4, 0A35052EF7DC8615783A23897358D8C579BE694363615C9563FF629E7B719991 ] terminpt C:\Windows\System32\drivers\terminpt.sys
22:20:40.0076 0x0480 terminpt - ok
22:20:40.0138 0x0480 [ 541EE228D0DEF392F7B2DFD885DD021B, 594D6538FA4DB5EF4D130007D7C29051EC2EDCA39EBB119695B58E9CBB0EB728 ] TermService C:\Windows\System32\termsrv.dll
22:20:40.0294 0x0480 TermService - ok
22:20:40.0326 0x0480 [ 519A6F672FFF56B7D8EE8C730CEC8ECD, 2B36F10C0AE16A261DC0887B1050808BA1F0568F3879E4ABC3D370F08C3FADB7 ] Themes C:\Windows\system32\themeservice.dll
22:20:40.0404 0x0480 Themes - ok
22:20:40.0435 0x0480 [ EEE908BE7143FCA48CF0CB87214E2AB8, 4F9BD299F559DD36DBD93489CFAA753F236FBB70946E034D2E2260059AE20962 ] THREADORDER C:\Windows\system32\mmcss.dll
22:20:40.0482 0x0480 THREADORDER - ok
22:20:40.0513 0x0480 [ 4515B9E4140F04FB3907692DF89FCA87, F68EC56524BDA877646E987BE7414C1D622BD9FF05A5AEADCA39030FDC2B0115 ] TimeBroker C:\Windows\System32\TimeBrokerServer.dll
22:20:40.0576 0x0480 TimeBroker - ok
22:20:40.0623 0x0480 [ 9512B0ED87A530A786B4DDB97D22DB17, 79E9BBFCFDA31BE3CCEF5A76A65CBDAF3DDDFEAE6F9DC51079A64BE5DE48A2DB ] TomTomHOMEService C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
22:20:40.0826 0x0480 TomTomHOMEService - ok
22:20:40.0857 0x0480 [ E94F7A7B48C7638D1F3F8089344C97B7, 276CDE59614D563A52529BCC4BFC726E5F5BE131C9C4142558A644D79328C810 ] TPM C:\Windows\system32\drivers\tpm.sys
22:20:40.0920 0x0480 TPM - ok
22:20:40.0952 0x0480 [ 8C8CF3041B27E7657ADD0EE17F6DBFCA, A6846478B9E7B0A509E5A28C6C7B66ED39F0247F9AFF01E3C3CADC0DBEF3CA00 ] TrkWks C:\Windows\System32\trkwks.dll
22:20:41.0014 0x0480 TrkWks - ok
22:20:41.0092 0x0480 [ 8ABBB5CE0C62E0A6D28F32F44B7F865C, 4C78FE2A4A25A758D5191C4EDB2A6FE691FF82E7C16C0F146DC96DAD87D4F64E ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
22:20:41.0155 0x0480 TrustedInstaller - ok
22:20:41.0186 0x0480 [ 4E7C5FB10A50435523DE0CAA37DE2BD3, D6206DF61950F2541FB754E57C4D9EF9FA0CC1EDD6F6FA4E45F02B47958493F7 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
22:20:41.0249 0x0480 TsUsbFlt - ok
22:20:41.0264 0x0480 [ 16D684A820872EE54F6370703AC0B513, 795E20484358424CE9FA766937DD99413025A8AF967D03490392E8E02A382D0B ] TsUsbGD C:\Windows\System32\drivers\TsUsbGD.sys
22:20:41.0327 0x0480 TsUsbGD - ok
22:20:41.0405 0x0480 [ 41A3F69FBB7CA37A3FC5CD8EF424F199, E83A0E3AF39377C770DE2F2364E45C3F4B52AA2A6A14CC2C37DF7826227611E2 ] TuneUp.Defrag C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpDefragService.exe
22:20:41.0546 0x0480 TuneUp.Defrag - ok
22:20:41.0655 0x0480 [ EBA3ABFFDADA40A2B590ADEF1A24CA24, 4EB33A975C557DCC9AA818243F332E02A08350C8930D9B1B75B952DEE143D5B0 ] TuneUp.UtilitiesSvc C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe
22:20:41.0842 0x0480 TuneUp.UtilitiesSvc - ok
22:20:41.0858 0x0480 [ DCC94C51D27C7EC0DADECA8F64C94FCF, 90C978C2284C9BDE3EFA1124616D824E0C361C388293FA22DBC8C3B70C920574 ] TuneUpUtilitiesDrv C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesDriver64.sys
22:20:41.0905 0x0480 TuneUpUtilitiesDrv - ok
22:20:41.0952 0x0480 [ 78C9EE193AC2B4CBDBC48B620314D740, 41523E47D321BFF5778F5E453545B928C0A469C3BBA51578E74D6721D7DF9273 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
22:20:42.0030 0x0480 tunnel - ok
22:20:42.0046 0x0480 [ 6D4F67CA56ACA2085DFA2CD89EAFBC1A, AA7DA2207C0236F47859A4791F9D7301E7ADB50A59D831DC859ECC7CA70D3E1D ] uagp35 C:\Windows\system32\drivers\uagp35.sys
22:20:42.0108 0x0480 uagp35 - ok
22:20:42.0139 0x0480 [ 6FD6D03B7752C78712E5CFF29A305026, F09C5188AAFCF4C77B05BA1E604F9912782A9F1371F72F959288EBC2725407ED ] UASPStor C:\Windows\System32\drivers\uaspstor.sys
22:20:42.0186 0x0480 UASPStor - ok
22:20:42.0233 0x0480 [ 061BA3EE0D2BE17944990544008CF190, C9236D368EC2281B545E8C008BC2801F21A9716ED3D4DAEDB0751A5008346E81 ] UCX01000 C:\Windows\System32\drivers\ucx01000.sys
22:20:42.0296 0x0480 UCX01000 - ok
22:20:42.0342 0x0480 [ 25C50F4EDF70D0A831E0566BD181CCF2, F2F9E86FB5617C16077D2073EC0AA747F76F1EB5148BA110347A84F3C3569F83 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
22:20:42.0436 0x0480 udfs - ok
22:20:42.0468 0x0480 [ FB3475FEA1CCB0DAEA1EBE44D0E3BB7D, 16DE6E0894C356A58AF12BEC2FE9B188F147DD4B16CB2414DE600CE4127F929D ] UI0Detect C:\Windows\system32\UI0Detect.exe
22:20:42.0546 0x0480 UI0Detect - ok
22:20:42.0593 0x0480 [ 07FEBCDF24FABA0D47B635D85A0FFB7A, 452C04B14681EBCE8B1B25B75A1B7CC978722B7DDE54D624E17841B14ACCF65D ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
22:20:42.0639 0x0480 uliagpkx - ok
22:20:42.0655 0x0480 [ 02CEB3FE6152668A7BA420B93B664860, 613F27540FD1EFE2442E326F507DACD5A25691C8481937022B7E1104F3E6E9E2 ] umbus C:\Windows\System32\drivers\umbus.sys
22:20:42.0718 0x0480 umbus - ok
22:20:42.0749 0x0480 [ 991EE6B5FC41EAEF99C8AF5B92F2CA09, 30AAD7D18FF5962CEC7180359D148EED5A1BF193DDB2B34508897FC3EBA692C3 ] UmPass C:\Windows\System32\drivers\umpass.sys
22:20:42.0796 0x0480 UmPass - ok
22:20:42.0843 0x0480 [ 43FEFB040A0CC30F795FBF544169594D, F2A730C0F7C883321C378D4564120A40428D7F8E393F02C8D6A08934795A35C7 ] UmRdpService C:\Windows\System32\umrdp.dll
22:20:42.0921 0x0480 UmRdpService - ok
22:20:43.0030 0x0480 [ E1A119AD21F5AFE22EB516C549306D3D, 48769D5E7A78B7A2C00F1F6798AC133CF3E0B2C76F71D3719BD741DDD8F2D229 ] UNS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
22:20:43.0124 0x0480 UNS - ok
22:20:43.0186 0x0480 [ 14D22C411854AA2560AFC94CD2D5E61F, BB376734733671C02319E6DB1800D41212694446FD65465498C92D4ECBFE7458 ] upnphost C:\Windows\System32\upnphost.dll
22:20:43.0327 0x0480 upnphost - ok
22:20:43.0374 0x0480 [ C976C4306F9AE133D6BBD47FDFC3BF92, 820413D92D6A89055A7F26523BF5CC4B668610C4A06E8B0D163FBF929B1DFA9A ] usbccgp C:\Windows\System32\drivers\usbccgp.sys
22:20:43.0436 0x0480 usbccgp - ok
22:20:43.0452 0x0480 [ 427B6DB8C05A5A977E8C3525370A2595, C67222CA9123AE12D953995326B3B582C146CEA89594B7209DB0B1F628A0118D ] usbcir C:\Windows\System32\drivers\usbcir.sys
22:20:43.0514 0x0480 usbcir - ok
22:20:43.0561 0x0480 [ B24FDEB1B18496F1B463782235AA3AF1, 3F5036F36987C8007D03DAFC3EC30615515BE96D9A1DF879BCD4EB0E66CD50B1 ] usbehci C:\Windows\System32\drivers\usbehci.sys
22:20:43.0608 0x0480 usbehci - ok
22:20:43.0671 0x0480 [ F8C2A832DF9403F5EA8080CBDBDA95FB, 50E9455465672BC13EB945BEC132D2F30BA2EB25C68928D2B4C256F2DB292A83 ] usbhub C:\Windows\System32\drivers\usbhub.sys
22:20:43.0780 0x0480 usbhub - ok
22:20:43.0827 0x0480 [ E5F7328B1D29BCE791862CD3C0DD382A, E520D75CA6E4EDB06F576D97FB6B7CFD46A3EF3A3AC881537DE3BB8C862FE8C3 ] USBHUB3 C:\Windows\System32\drivers\UsbHub3.sys
22:20:43.0921 0x0480 USBHUB3 - ok
22:20:43.0952 0x0480 [ 325F6179009B5A7F6118951A5BA422AB, 756CB2893530485E8C3ACFF5A40F4C6EB446E72B2296E8772058E407A5E066DE ] usbohci C:\Windows\System32\drivers\usbohci.sys
22:20:44.0014 0x0480 usbohci - ok
22:20:44.0046 0x0480 [ 9FDBA6982582A6F2354144980F641E7B, 054A65412CB22C5BE970FD3A266E140110D869B614B9F9894628D553CE82C991 ] usbprint C:\Windows\System32\drivers\usbprint.sys
22:20:44.0124 0x0480 usbprint - ok
22:20:44.0124 0x0480 [ AD91D1BBE5D3CF4501887DC1C09384FD, ED9E27CD1D52401087427EC20E389FBE2497193483C2E53E8DE5D70DACF5D928 ] usbscan C:\Windows\System32\drivers\usbscan.sys
22:20:44.0186 0x0480 usbscan - ok
22:20:44.0233 0x0480 [ BFC7FE4AAEB61317A921871B4085EF4B, CBC3FBAEAD6C82A437CC87A97007EF807C64053AB8FA5C3233C2A0CF6FC8D019 ] USBSTOR C:\Windows\System32\drivers\USBSTOR.SYS
22:20:44.0296 0x0480 USBSTOR - ok
22:20:44.0311 0x0480 [ 1ABF657259DB57F7E5558E4DF1357C0C, 34EAF5DEA3293CFA96BA81B036305FD90ABAE05B9CB73D4F54FB236448C1978C ] usbuhci C:\Windows\System32\drivers\usbuhci.sys
22:20:44.0374 0x0480 usbuhci - ok
22:20:44.0421 0x0480 [ 9EF7C01D3ACCBC243B5CB1A95865B2FF, 367A7640B4992E68EB3E1BBD78D3014742F4CC4056750E389048C653251DAD33 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
22:20:44.0499 0x0480 usbvideo - ok
22:20:44.0530 0x0480 [ 8DC398D7B8E02C929A2096E74A170970, 87B3CE84D05F50C33935B28F0AFF1CB15DAA4530768BA1FB25C311609CD4B0A5 ] USBXHCI C:\Windows\System32\drivers\USBXHCI.SYS
22:20:44.0608 0x0480 USBXHCI - ok
22:20:44.0639 0x0480 [ 9AD9560606A3049CE492E3A06FB12716, D154976648BC3F6B3E3B8E055ECF18C6BE93359B3F679D9BFC5430E4746CB52E ] usb_rndisx C:\Windows\system32\DRIVERS\usb8023x.sys
22:20:44.0686 0x0480 usb_rndisx - ok
22:20:44.0718 0x0480 [ 9AC0C072FD7EDE138842BEF7DA73B0E6, AD4E053B47111FFDF9CEE8AD183A8833E04879DB78592E59F2AF74545BD59EB7 ] UxTuneUp C:\Windows\System32\uxtuneup.dll
22:20:44.0780 0x0480 UxTuneUp - ok
22:20:44.0796 0x0480 [ F1DA34D64F2BA200D28A7451804E2FEE, 8BDF328F18F1EB58AC0E383ABA7985BA69EA9622B262CD524E3390FDE824DEEB ] VaultSvc C:\Windows\system32\lsass.exe
22:20:44.0843 0x0480 VaultSvc - ok
22:20:44.0858 0x0480 [ BACECBFF9C97F7627A60B0E0F1FE7EE8, DC82F767D066B93A48A090DC7146EBCCDC54B43C6CD9DF29A160E09E3A531DC8 ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
22:20:44.0905 0x0480 vdrvroot - ok
22:20:44.0968 0x0480 [ 1B4488988E5E7512E6C5CD1255E9E973, B82C26E767A8895CFFD76C11D07D5C945C38E1BD32CC27D20A6C0FA7F6064FC5 ] vds C:\Windows\System32\vds.exe
22:20:45.0077 0x0480 vds - ok
22:20:45.0108 0x0480 [ 74FA2D4368DE6F6CE14393EDF1F342BE, C5CE4164B2C3D583A7FB8687ADEADCDB08D36A5AB1965E5FC6949AEED15881C8 ] VerifierExt C:\Windows\system32\drivers\VerifierExt.sys
22:20:45.0171 0x0480 VerifierExt - ok
22:20:45.0218 0x0480 [ 500BE6B2E49883720D0AE8BB859ED7A3, 4606B02A3E8123510676E554635EB5ECF9DC5F2B83928710C8563787C52CC102 ] vhdmp C:\Windows\System32\drivers\vhdmp.sys
22:20:45.0311 0x0480 vhdmp - ok
22:20:45.0343 0x0480 [ F5B4A14B00E89250C50982AC762DDD1D, 581CD97DD42E74A82F06BFB827DFC82618B4A8667ACA7E93C628BB0D056CE8F0 ] viaide C:\Windows\system32\drivers\viaide.sys
22:20:45.0390 0x0480 viaide - ok
22:20:45.0421 0x0480 [ 78DB50F7329F6D1311658DABFFFC8BE0, 8CB0C831608033C4BC1D2DA7FAA7D429333A3654E76A989F7AF85BFC5F086BE9 ] vmbus C:\Windows\system32\drivers\vmbus.sys
22:20:45.0483 0x0480 vmbus - ok
22:20:45.0499 0x0480 [ ECFEE2F2BA3932C7880D1A8F67D68F91, 57DCD55A518A9FBDEF72B511C643B1062C3F7BD339F4B0FC19E9D84C615B968D ] VMBusHID C:\Windows\System32\drivers\VMBusHID.sys
22:20:45.0561 0x0480 VMBusHID - ok
22:20:45.0608 0x0480 [ B8FF4248103E6EA47B9D85C55673ABA3, 4337FA0F0FB5C45BFC42FF17DFAA5DCA394C74BA8283851504AD79F47B69CB0D ] vmicheartbeat C:\Windows\System32\ICSvc.dll
22:20:45.0686 0x0480 vmicheartbeat - ok
22:20:45.0718 0x0480 [ B8FF4248103E6EA47B9D85C55673ABA3, 4337FA0F0FB5C45BFC42FF17DFAA5DCA394C74BA8283851504AD79F47B69CB0D ] vmickvpexchange C:\Windows\System32\ICSvc.dll
22:20:45.0780 0x0480 vmickvpexchange - ok
22:20:45.0796 0x0480 [ B8FF4248103E6EA47B9D85C55673ABA3, 4337FA0F0FB5C45BFC42FF17DFAA5DCA394C74BA8283851504AD79F47B69CB0D ] vmicrdv C:\Windows\System32\ICSvc.dll
22:20:45.0858 0x0480 vmicrdv - ok
22:20:45.0890 0x0480 [ B8FF4248103E6EA47B9D85C55673ABA3, 4337FA0F0FB5C45BFC42FF17DFAA5DCA394C74BA8283851504AD79F47B69CB0D ] vmicshutdown C:\Windows\System32\ICSvc.dll
22:20:45.0952 0x0480 vmicshutdown - ok
22:20:45.0968 0x0480 [ B8FF4248103E6EA47B9D85C55673ABA3, 4337FA0F0FB5C45BFC42FF17DFAA5DCA394C74BA8283851504AD79F47B69CB0D ] vmictimesync C:\Windows\System32\ICSvc.dll
22:20:46.0030 0x0480 vmictimesync - ok
22:20:46.0061 0x0480 [ B8FF4248103E6EA47B9D85C55673ABA3, 4337FA0F0FB5C45BFC42FF17DFAA5DCA394C74BA8283851504AD79F47B69CB0D ] vmicvss C:\Windows\System32\ICSvc.dll
22:20:46.0124 0x0480 vmicvss - ok
22:20:46.0155 0x0480 [ CB60FAAED8B49B812EBBF77EB87D9B18, ADA7C68D4C4981555ED48981E8B7ACBEEF5C39F902EB98782FC3DFF495FE0C33 ] volmgr C:\Windows\system32\drivers\volmgr.sys
22:20:46.0186 0x0480 volmgr - ok
22:20:46.0218 0x0480 [ A74101DA9809251BCD0E5A26BAE0F824, 15A3A7CC31A13C5882812C344D0937A8A4503D12DB07B9F7F2A8191B739CDBF7 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
22:20:46.0296 0x0480 volmgrx - ok
22:20:46.0327 0x0480 [ 78A5BBA3819FFFC62FFEC3E2220D102D, A95797B97D576374C2CDA8A09E6C51A89BADE428AAA89D5093579C85062E5874 ] volsnap C:\Windows\system32\drivers\volsnap.sys
22:20:46.0390 0x0480 volsnap - ok
22:20:46.0405 0x0480 [ A8DA1C1B52ECEA3726DEBED4FF1B700D, 75C024EC3858DF24FB82FE105BDD1E37900D53EFE9D72F42CDDFFD0742525586 ] vpci C:\Windows\System32\drivers\vpci.sys
22:20:46.0483 0x0480 vpci - ok
22:20:46.0515 0x0480 [ 38A60CD9C009C55C6D3B5586F8E6A353, 7F7E2AE39F1A0A5245650911E310E0948BC22A18262A16FA76B44A042D66312D ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
22:20:46.0577 0x0480 vsmraid - ok
22:20:46.0686 0x0480 [ D0C69E44BC1E1D4AD290FD84104623D8, 4C86760EA4BD2A64FFD42D89284EC3E5048CB2F0F6F3B80D017B41C0D2456A90 ] VSS C:\Windows\system32\vssvc.exe
22:20:46.0858 0x0480 VSS - ok
22:20:46.0905 0x0480 [ A0F6FE0FC2F647C22BBFD6BD4249DBCC, AC2F3C70EDCA0AFBB2606267DFE6D3E8E7B0772140153BAD6B0A9EDE6A1D2F29 ] VSTXRAID C:\Windows\system32\drivers\vstxraid.sys
22:20:46.0968 0x0480 VSTXRAID - ok
22:20:47.0015 0x0480 [ 62460A45435A26A334907E3F2EA45611, FEF86E05117CC0AAB8211CA1542776EB620BD4699BD590D91F16621ED35B9824 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
22:20:47.0061 0x0480 vwifibus - ok
22:20:47.0093 0x0480 [ 095E943D27025E4D588AF0A72CC2318F, 3CE406A202F93EF8C4BC7317621A672670D734C69166393CA7256D5E5E667041 ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
22:20:47.0140 0x0480 vwififlt - ok
22:20:47.0155 0x0480 [ 73FA1A41A97A5C34ADC03B3577FF1A86, CBA4BC0DA837C163587BBB4BF2AC1549C72440307C984D3CDF8995023718136C ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
22:20:47.0202 0x0480 vwifimp - ok
22:20:47.0249 0x0480 [ F690B6EEAA94576727B24376D7ED3601, A61EE96024C8FC4058481DFB1E7F0AD746565368672FA3B6BA8F9E23D0F47E4C ] W32Time C:\Windows\system32\w32time.dll
22:20:47.0343 0x0480 W32Time - ok
22:20:47.0374 0x0480 [ 6B806E893714019969E2B50D7EF6A4D9, 38FE2B01082DC4C2A0C11A292016A727F48C3DF1293DC3A0216B2254A452263F ] WacomPen C:\Windows\System32\drivers\wacompen.sys
22:20:47.0452 0x0480 WacomPen - ok
22:20:47.0483 0x0480 [ 61F6972FF9AC9A8D0B4D62076DC30051, 5A028036461534CA53CB2D6C1D720783D408A9F17FD77AB1ECDD75FBAD9F2381 ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys
22:20:47.0546 0x0480 Wanarp - ok
22:20:47.0562 0x0480 [ 61F6972FF9AC9A8D0B4D62076DC30051, 5A028036461534CA53CB2D6C1D720783D408A9F17FD77AB1ECDD75FBAD9F2381 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
22:20:47.0593 0x0480 Wanarpv6 - ok
22:20:47.0718 0x0480 [ 42DF22F8C448E7CD219F6D63743505E2, 063F4280C7BD20CE1360436B76A17DFE17FF611F75337A47373D098CC6C263BF ] wbengine C:\Windows\system32\wbengine.exe
22:20:47.0874 0x0480 wbengine - ok
22:20:47.0921 0x0480 [ 31D37B2F6069C631EF0557D322924812, 6E18A1060F3C8F4BF220E286C44327866A8F9109E74928AA2D8C2DA9C452038B ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
22:20:47.0999 0x0480 WbioSrvc - ok
22:20:48.0062 0x0480 [ AF1349386D4C6786EF4E34FACEF15042, 6B33778409BC54C1955B92508ADDEBAFD629141961B71C94A91DC4CFE8391A13 ] Wcmsvc C:\Windows\System32\wcmsvc.dll
22:20:48.0108 0x0480 Wcmsvc - ok
22:20:48.0171 0x0480 [ 5B5FEAB51172F5513C2CF7B39CFA6A01, 4FDAC5168E00D44781C6F5D98ECD4977A12663C5CE6FFDFF9DBC89A28D6212D8 ] wcncsvc C:\Windows\System32\wcncsvc.dll
22:20:48.0296 0x0480 wcncsvc - ok
22:20:48.0327 0x0480 [ E19556D414332E2BEBA1F368229006B4, AB3454EC85D7B6E62D44C4510C1547AE7F736558588E54B0E265F7B3A5810E15 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
22:20:48.0390 0x0480 WcsPlugInService - ok
22:20:48.0421 0x0480 [ B3A4D918DAB90505B6BC7B70632913CB, ECC19DCD7902C29D0682C70B9546CF8B82477A32147EE30EB6750D8499605B46 ] Wd C:\Windows\system32\drivers\wd.sys
22:20:48.0468 0x0480 Wd - ok
22:20:48.0499 0x0480 [ 3772FF85F0098686B0DCD77076AE0786, 8B0221F6003C53856676FFD9CDCFF43DF29B410AB2F340C10BB858F0E6EC14CE ] WdBoot C:\Windows\system32\drivers\WdBoot.sys
22:20:48.0562 0x0480 WdBoot - ok
22:20:48.0624 0x0480 [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
22:20:48.0733 0x0480 Wdf01000 - ok
22:20:48.0765 0x0480 [ AB6F7DE8BFBF61A42F8764D9A621BD8B, DEFDC9FDC0B234403EE1339105B8D12B486D77B3BA01A703339B5DB8B95FA4D8 ] WdFilter C:\Windows\system32\drivers\WdFilter.sys
22:20:48.0858 0x0480 WdFilter - ok
22:20:48.0905 0x0480 [ 240FC332484572227CD1DF82407F33E5, 5210549EC519DD3BCA6BBC995F01E1E3E0988580797E4BD1433F429E0CB30412 ] WdiServiceHost C:\Windows\system32\wdi.dll
22:20:48.0983 0x0480 WdiServiceHost - ok
22:20:48.0983 0x0480 [ 240FC332484572227CD1DF82407F33E5, 5210549EC519DD3BCA6BBC995F01E1E3E0988580797E4BD1433F429E0CB30412 ] WdiSystemHost C:\Windows\system32\wdi.dll
22:20:49.0062 0x0480 WdiSystemHost - ok
22:20:49.0093 0x0480 [ 9B1384CE8E681D2D77BB3524B8E86311, BDEF9D0A79A7C26A88088A306F91632F300E587736CDD2C64717EC54DD6E89FF ] WebClient C:\Windows\System32\webclnt.dll
22:20:49.0202 0x0480 WebClient - ok
22:20:49.0233 0x0480 [ 35FD720943D4FCD75C3275BF062FF140, 9D8345E6DE1AE23F93AD0B52D27D1CCFD69EF7EE50654F92CA999BEC4570A773 ] Wecsvc C:\Windows\system32\wecsvc.dll
22:20:49.0374 0x0480 Wecsvc - ok
22:20:49.0390 0x0480 [ 4D2612E3C462B68F499D840B1133263E, 4DDAEB4480AEC31A8184838588E0D3DFA31CE6D2FA6E906926860C75F52DC7B7 ] wercplsupport C:\Windows\System32\wercplsupport.dll
22:20:49.0515 0x0480 wercplsupport - ok
22:20:49.0562 0x0480 [ 5F70EBFC1F75B487DE79501E3CCBDB54, 2FCA57BF60A43B03BB42FBF22BBFC19AD2266FBBD818494AD114125E6E433321 ] WerSvc C:\Windows\System32\WerSvc.dll
22:20:49.0609 0x0480 WerSvc - ok
22:20:49.0640 0x0480 [ 44BB9C31E6242C4BD1CE7C2B440C2533, E603BB001028918B687818E930340008C752679B133037367A8A8E41DA559FFE ] WFPLWFS C:\Windows\system32\DRIVERS\wfplwfs.sys
22:20:49.0687 0x0480 WFPLWFS - ok
22:20:49.0734 0x0480 [ 60E0C220593DA4F7C289CB909D2DBAE0, 057CA7727F748600CC155043081AB9E3244763CF4913F317D13226A515F6FDB6 ] WiaRpc C:\Windows\System32\wiarpc.dll
22:20:49.0812 0x0480 WiaRpc - ok
22:20:49.0843 0x0480 [ A3C7624A42A3447EF5EDD1ED37FE4E60, BD8BDF0A571873FA8277878AF7AED11196CFF1B4DF1EA6BA13BD4887D7B63B94 ] WIMMount C:\Windows\system32\drivers\wimmount.sys
22:20:49.0890 0x0480 WIMMount - ok
22:20:49.0921 0x0480 WinDefend - ok
22:20:49.0999 0x0480 [ 7911470B6018059A880469A63B65700A, 4B6131491A028FBCA54AC261112D183EFD42E98160545C8E8DFBDA01C87B3FB5 ] WinHttpAutoProxySvc C:\Windows\system32\winhttp.dll
22:20:50.0109 0x0480 WinHttpAutoProxySvc - ok
22:20:50.0171 0x0480 [ 3D6B518B71C75C8FA4115A33615C107A, ED7A266013D29D3B1A462464735C3632BEA121D1B32553907AEAA0B00595C3DF ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
22:20:50.0249 0x0480 Winmgmt - ok
22:20:50.0452 0x0480 [ 8E212A627F33F6FC3B5F3BB47212F66E, 9BBFE26ABFA14F346FE3711D13D959523EEA23608A33C16F3D750D66CA511911 ] WinRM C:\Windows\system32\WsmSvc.dll
22:20:50.0796 0x0480 WinRM - ok
22:20:50.0827 0x0480 [ BB20956C424531003F7FA6CD36F11D5D, 2C55F1C7553A527A7C4C34E730BE943269AE23928731C64D3DC945E07AE1771E ] WinUsb C:\Windows\system32\DRIVERS\WinUSB.sys
22:20:50.0905 0x0480 WinUsb - ok
22:20:51.0030 0x0480 [ 6351724B8FA0255C2DBD970297F00B93, A02F274479F9F32E30C75A5BD991B008B3CCB47D380D5870563EF918DAC5730E ] WlanSvc C:\Windows\System32\wlansvc.dll
22:20:51.0202 0x0480 WlanSvc - ok
22:20:51.0343 0x0480 [ B330CE47FB74A6BE9A3FFFF4B3F64D9B, B76226808406D8B38DE2D3A8CCE633BB507022C8BAAA6C3DAD34204CC6CE1284 ] wlidsvc C:\Windows\system32\wlidsvc.dll
22:20:51.0546 0x0480 wlidsvc - ok
22:20:51.0593 0x0480 [ E2A596CACFC6504306CDB7B593B90084, DF89CF57249553CE922C841F18B99A213185FA1099C053B9BB8C0F6E5BC3FEC0 ] WmiAcpi C:\Windows\System32\drivers\wmiacpi.sys
22:20:51.0624 0x0480 WmiAcpi - ok
22:20:51.0671 0x0480 [ D113499052C5E541906B727779F0F959, 05FB51086C0A0CE3812A7E6098C5A454ECCFE8553669CFA715153564F2226DB0 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
22:20:51.0765 0x0480 wmiApSrv - ok
22:20:51.0796 0x0480 WMPNetworkSvc - ok
22:20:51.0843 0x0480 [ C6FF953D5D6F2EAE3B8883474D5076B3, 001CBB7FBC30209C892869258E5ABD3F0932886E156ECB10DCA599F6D32648BE ] wpcfltr C:\Windows\system32\DRIVERS\wpcfltr.sys
22:20:51.0905 0x0480 wpcfltr - ok
22:20:51.0952 0x0480 [ A6ED163169876BFD2437E872FE2F1509, C13E8676800EEEF690F51C4DEA660B36C8734AE2CCAAC48054E10D74B98949B8 ] WPCSvc C:\Windows\System32\wpcsvc.dll
22:20:52.0015 0x0480 WPCSvc - ok
22:20:52.0062 0x0480 [ 3013658A4D327854BEEC4A08D9655194, C4CF5AA6A47CC55E7037B0BFE20AE0A6442ADDC5DEB89D6861C98C61851FA821 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
22:20:52.0124 0x0480 WPDBusEnum - ok
22:20:52.0140 0x0480 [ 0346CAFC181C91C6E2330332EB332ED6, D46F44C339399CAAE13CD71C53A169E95065208E07E5420DE00A4509D6CB056F ] WpdUpFltr C:\Windows\system32\drivers\WpdUpFltr.sys
22:20:52.0218 0x0480 WpdUpFltr - ok
22:20:52.0234 0x0480 [ BC8B5CB336E63BB25EAD1CE8EDD34B81, A42759956EDCCC6D0688240AA4F833FB9CA132D42D2D901CDCBB24DCE1788C1D ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
22:20:52.0312 0x0480 ws2ifsl - ok
22:20:52.0343 0x0480 [ 012CFE7F0F95266F554EE3B91EE2128A, 866312F6BF7369BE686F1BA9F01311C99E95E268C6E63BE37C841F54F5AA0DB8 ] wscsvc C:\Windows\System32\wscsvc.dll
22:20:52.0406 0x0480 wscsvc - ok
22:20:52.0421 0x0480 WSearch - ok
22:20:52.0609 0x0480 [ D4D04839F3DFAF09D94BAB1016F7A297, 944A41D251F522EE87189C1D01CF7EEE2C70BF4353BA4005C44F03DB485F843F ] WSService C:\Windows\System32\WSService.dll
22:20:52.0859 0x0480 WSService - ok
22:20:53.0093 0x0480 [ F2463B2E9818D242B4F72B237E9BD545, 3ACD98FB3BD8E12E6A66390CF0ED88050AB90A5B888C1E55914D362E03A1EB93 ] wuauserv C:\Windows\system32\wuaueng.dll
22:20:53.0390 0x0480 wuauserv - ok
22:20:53.0437 0x0480 [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
22:20:53.0499 0x0480 WudfPf - ok
22:20:53.0531 0x0480 [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd C:\Windows\System32\drivers\WUDFRd.sys
22:20:53.0624 0x0480 WUDFRd - ok
22:20:53.0671 0x0480 [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
22:20:53.0749 0x0480 wudfsvc - ok
22:20:53.0765 0x0480 [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFWpdFs C:\Windows\system32\DRIVERS\WUDFRd.sys
22:20:53.0827 0x0480 WUDFWpdFs - ok
22:20:53.0843 0x0480 [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFWpdMtp C:\Windows\system32\DRIVERS\WUDFRd.sys
22:20:53.0906 0x0480 WUDFWpdMtp - ok
22:20:53.0952 0x0480 [ 6D9E07436B6646EC8F7EFFD39B6BA288, 82C1CEA93ECEF17D221AD0F87C5BD96F3FD8143841C16BD9608BD4D58D90B8E0 ] WwanSvc C:\Windows\System32\wwansvc.dll
22:20:54.0062 0x0480 WwanSvc - ok
22:20:54.0077 0x0480 ================ Scan global ===============================
22:20:54.0140 0x0480 [ DDC1AFBF9DDF880CE9BD3896114D8DED, E2406231EA4D2689A5EDFA9BD1A1BC064359D8D23B37F113A18B5EAE3E2D4050 ] C:\Windows\system32\basesrv.dll
22:20:54.0187 0x0480 [ E9343076AE704D20BB0D01F3AF3EFFEF, FF2CE4146945976F9480690505CECD3C7C719BAF0F633E6192C8272C75EF295D ] C:\Windows\system32\winsrv.dll
22:20:54.0265 0x0480 [ BD7C6949984D19AAA609896B675E7357, 5B46538B27BC70F5A3805AA63F6AACDC780C7168468FB535F2D35CF26B9DEE06 ] C:\Windows\system32\sxssrv.dll
22:20:54.0327 0x0480 [ 8F226143046435C75C033B0C52E90FFE, 54FA316485B57D7B8104FE621F5F40DEC35E3D57C3DF46B5F7EACF57445FE7CA ] C:\Windows\system32\services.exe
22:20:54.0359 0x0480 [ Global ] - ok
22:20:54.0359 0x0480 ================ Scan MBR ==================================
22:20:54.0374 0x0480 [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk0\DR0
22:20:54.0452 0x0480 \Device\Harddisk0\DR0 - ok
22:20:54.0452 0x0480 ================ Scan VBR ==================================
22:20:54.0468 0x0480 [ 3F21C2B0DF11EF1B4FFE2485190A194E ] \Device\Harddisk0\DR0\Partition1
22:20:54.0499 0x0480 \Device\Harddisk0\DR0\Partition1 - ok
22:20:54.0515 0x0480 [ F344480E5EA24526200E7E1602077340 ] \Device\Harddisk0\DR0\Partition2
22:20:54.0531 0x0480 \Device\Harddisk0\DR0\Partition2 - ok
22:20:54.0546 0x0480 [ 66FAA80B9274EE79831AFC0B93D4E7DB ] \Device\Harddisk0\DR0\Partition3
22:20:54.0546 0x0480 \Device\Harddisk0\DR0\Partition3 - ok
22:20:54.0562 0x0480 [ 51C8C4AF820FDD6D6A9DC364EC4E6BCF ] \Device\Harddisk0\DR0\Partition4
22:20:54.0578 0x0480 \Device\Harddisk0\DR0\Partition4 - ok
22:20:54.0593 0x0480 [ F11EED538662A443401D6D1CF44970E6 ] \Device\Harddisk0\DR0\Partition5
22:20:54.0624 0x0480 \Device\Harddisk0\DR0\Partition5 - ok
22:20:54.0656 0x0480 [ F34F79BEE88A0E6EA331225D9951F738 ] \Device\Harddisk0\DR0\Partition6
22:20:54.0671 0x0480 \Device\Harddisk0\DR0\Partition6 - ok
22:20:54.0671 0x0480 ================ Scan generic autorun ======================
22:20:54.0718 0x0480 [ 7442B612841A842A9517EBB7F5FA9893, 87BB58112310072B9BC44974AB2373181CED7A6A1D538585D327A6367D612CC0 ] C:\Windows\system32\igfxtray.exe
22:20:54.0765 0x0480 IgfxTray - ok
22:20:54.0812 0x0480 [ 7BCAA84DEB3037859716F2B7BE6EBDBE, 36795AB6DFC983D4104E5B13FEF38400FE5CEE4E2E20C75E4D7456F5E9D3C259 ] C:\Windows\system32\hkcmd.exe
22:20:54.0874 0x0480 HotKeysCmds - ok
22:20:54.0890 0x0480 [ 247C63697DAA7D49AD75F598AC9B4C91, 37548A05E61B8F2596633F1987606A1C140BC6650ABCCD5CB613BE6F4BE70E23 ] C:\Windows\system32\DptfPolicyLpmServiceHelper.exe
22:20:54.0921 0x0480 DptfPolicyLpmServiceHelper - ok
22:20:54.0984 0x0480 [ B7BCA8A30CE13A283CDBDECEF5616C39, C734A8C3633653E0C903E7F14F574DEED763613F9E6A5CE7862D547CAE9AEDDB ] C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
22:20:55.0281 0x0480 ACMON - ok
22:20:55.0531 0x0480 [ FF3ADE2620DD221C3E011DC614EA71EF, 572A0D40E30A1F8B2121B5B4AE9B46301CEF0E370318EAF1F8FC7916DE7470F2 ] C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\AsusWSPanel.exe
22:20:56.0124 0x0480 ASUSWebStorage - ok
22:20:56.0234 0x0480 [ 0751C82143C6DFCFE01A2C479DCC461B, 3BADD551BD0FDB9FBCF65BEE77A49881FB0BD0CF06702E1573F8C30702A02913 ] C:\Program Files (x86)\Sophos\AutoUpdate\almon.exe
22:20:56.0374 0x0480 Sophos AutoUpdate Monitor - ok
22:20:56.0499 0x0480 [ 048EA4B978851788E9F5E8E4F081DF7A, EB62719AC0DCC18FF056F2CD84438BF14B61E38F0619617C81961C6257BDFCEC ] C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
22:20:56.0624 0x0480 Adobe ARM - ok
22:20:56.0687 0x0480 [ F7AD0BD4A944A97C13B196215981346C, 9CDE2D90E5BD7AF1387F8DBB9463FDE402955581CC0613AF50DFE8AF94D5FA5C ] C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
22:20:56.0874 0x0480 SunJavaUpdateSched - ok
22:20:56.0874 0x0480 Waiting for KSN requests completion. In queue: 225
22:20:57.0890 0x0480 Waiting for KSN requests completion. In queue: 225
22:20:58.0906 0x0480 Waiting for KSN requests completion. In queue: 225
22:20:59.0937 0x0480 AV detected via SS2: Windows Defender, C:\Program Files\Windows Defender\MSASCui.exe ( 4.5.218.0 ), 0x60100 ( disabled : updated )
22:20:59.0937 0x0480 AV detected via SS2: Sophos Anti-Virus, C:\Program Files (x86)\Sophos\Sophos Anti-Virus\WSCClient.exe ( 10.0.12.0 ), 0x51000 ( enabled : updated )
22:20:59.0953 0x0480 Win FW state via NFP2: enabled
22:21:02.0375 0x0480 ============================================================
22:21:02.0375 0x0480 Scan finished
22:21:02.0375 0x0480 ============================================================
22:21:02.0390 0x0c48 Detected object count: 0
22:21:02.0390 0x0c48 Actual detected object count: 0
22:21:06.0879 0x1018 Deinitialize success
|
|
08.09.2014, 18:25
| #4 |
| /// the machine /// TB-Ausbilder | Finanzamt Trojaner rechtzeitig von Sophos geblockt? und was wurde in Quarantäne geschoben?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
08.09.2014, 19:32
| #5 |
| | Finanzamt Trojaner rechtzeitig von Sophos geblockt? Hallo Schrauber, leider löscht bzw. eliminiert mein Sophos direkt alle Trojaner. Es war ein Trojaner mit der ID 2.2, mehr habe ich leider nicht gesehen, weil das immer nur relativ kurz als Information aufpoppt. Die betroffene Datei war im Papierkorb, den Teil vom Pfad habe ich identifiziert. Gibt es eine Möglichkeit bei Sophos die Informationen über die gelöschten Objekte herauszufinden? |
|
08.09.2014, 20:57
| #6 |
| | Finanzamt Trojaner rechtzeitig von Sophos geblockt? Edit: Sophos hat wieder angeschlagen - hier sind die Daten: Typ: Virus/ Spyware Name: Troj/DocDI-D Verzeichnis: C:\$Recycle.Bin\S-1-5-21-242285392-2585440693-653752246-1002$RH4MZA0.doc Verfügbare Maßnahme: keine Maßnahmen (Bereinigung nicht komplett abgeschlossen, manuelle Maßnahme erforderlich) Einen Screenshot habe ich angehängt - zur Verdeutlichung. Was mich beunruhigt: zum einen wird dieses Mal nicht automatisch gelöscht und zum anderen ist mein Abfalleimer ist leer, das habe ich gemacht, sobald ich gemerkt habe, dass ich etwas geöffnet habe, von dem ich besser die Finger hätte lassen sollen |
|
09.09.2014, 20:33
| #7 |
| /// the machine /// TB-Ausbilder | Finanzamt Trojaner rechtzeitig von Sophos geblockt? hi, Scan mit Combofix
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
10.09.2014, 19:08
| #8 |
| | Finanzamt Trojaner rechtzeitig von Sophos geblockt? Hallo Schrauber, hier ist der Log: Code:
ATTFilter ComboFix 14-09-11.01 - Pippin 10.09.2014 19:54:44.1.4 - x64
Microsoft Windows 8 6.2.9200.0.1252.49.1031.18.3982.2489 [GMT 2:00]
ausgeführt von:: c:\users\Pippin\Desktop\ComboFix.exe
AV: Sophos Anti-Virus *Disabled/Updated* {6BABF8F7-3EB6-BD1D-9167-8C5ECA060A29}
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Sophos Anti-Virus *Disabled/Updated* {D0CA1913-188C-B293-ABD7-B72CB1814094}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Neuer Wiederherstellungspunkt wurde erstellt
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\SetStretch.exe
c:\users\Pippin\AppData\Local\Microsoft\Windows\Temporary Internet Files\{14843B06-A1FC-4CE1-AEF6-D4DA9C42523B}.xps
c:\windows\tmp
c:\windows\tmp\dd_vcredistMSI5A0A.txt
c:\windows\tmp\dd_vcredistUI5A0A.txt
c:\windows\tmp\fonts\fontdb
c:\windows\tmp\qtsingleapp-koboex-7d5-7-lockfile
.
.
((((((((((((((((((((((( Dateien erstellt von 2014-08-10 bis 2014-09-10 ))))))))))))))))))))))))))))))
.
.
2014-09-10 17:59 . 2014-09-10 17:59 -------- d-----w- c:\users\Pippin\AppData\Local\temp
2014-09-10 17:59 . 2014-09-10 17:59 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-09-10 17:59 . 2014-09-10 17:59 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2014-09-07 19:49 . 2014-09-07 19:49 -------- d-----w- c:\programdata\Malwarebytes
2014-09-07 19:49 . 2014-09-07 20:10 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
2014-09-07 19:49 . 2014-09-07 19:49 128728 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-09-07 19:48 . 2014-09-07 19:48 92888 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-09-07 17:22 . 2014-09-07 17:26 -------- d-----w- C:\FRST
2014-08-27 20:46 . 2014-08-23 06:47 4036096 ----a-w- c:\windows\system32\win32k.sys
2014-08-14 20:28 . 2014-08-14 20:28 189128 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\OFFICE15\LICLUA.EXE
2014-08-13 07:40 . 2014-07-15 22:51 71168 ----a-w- c:\windows\system32\drivers\hdaudbus.sys
2014-08-13 07:36 . 2014-06-10 22:44 35480 ----a-w- c:\windows\system32\TsWpfWrp.exe
2014-08-13 07:36 . 2014-06-10 22:43 35480 ----a-w- c:\windows\SysWow64\TsWpfWrp.exe
2014-08-13 07:31 . 2014-05-03 06:34 6974808 ----a-w- c:\windows\system32\ntoskrnl.exe
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-09-10 17:44 . 2013-02-20 05:10 507 ----a-w- c:\users\Pippin\AppData\Roaming\sp_data.sys
2014-09-09 19:11 . 2012-07-26 08:13 23256 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2014-08-29 18:16 . 2013-10-23 20:12 590536 ----a-w- c:\programdata\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe
2014-08-14 18:22 . 2013-02-23 15:19 99218768 ----a-w- c:\windows\system32\MRT.exe
2014-08-02 00:15 . 2013-02-24 15:00 704480 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-08-02 00:15 . 2013-02-24 15:00 105440 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-07-29 10:00 . 2013-02-21 04:46 36648 ----a-w- c:\windows\system32\SophosBootTasks.exe
2014-06-17 23:27 . 2014-07-30 20:07 1440256 ----a-w- c:\windows\SysWow64\osk.exe
2014-06-17 23:24 . 2014-07-30 20:07 1557504 ----a-w- c:\windows\system32\osk.exe
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 131480 ----a-w- c:\users\Pippin\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 131480 ----a-w- c:\users\Pippin\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 131480 ----a-w- c:\users\Pippin\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ASUSWebStorage"="c:\program files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\AsusWSPanel.exe" [2012-08-28 3417984]
"Sophos AutoUpdate Monitor"="c:\program files (x86)\Sophos\AutoUpdate\almon.exe" [2012-07-06 900160]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-12-21 959904]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2014-03-17 224128]
.
c:\users\Pippin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Pippin\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2014-7-30 36414496]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableCursorSuppression"= 1 (0x1)
"ConsentPromptBehaviorUser"= 3 (0x3)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SAVService]
@="service"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"RemoteControl10"="c:\program files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SophosAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 swi_update_64;Sophos Web Intelligence Update;c:\programdata\Sophos\Web Intelligence\swi_update_64.exe;c:\programdata\Sophos\Web Intelligence\swi_update_64.exe [x]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesDriver64.sys;c:\program files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesDriver64.sys [x]
R3 WUDFWpdMtp;WUDFWpdMtp;c:\windows\system32\DRIVERS\WUDFRd.sys;c:\windows\SYSNATIVE\DRIVERS\WUDFRd.sys [x]
R4 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R4 SophosBootDriver;SophosBootDriver;c:\windows\system32\DRIVERS\SophosBootDriver.sys;c:\windows\SYSNATIVE\DRIVERS\SophosBootDriver.sys [x]
R4 TomTomHOMEService;TomTomHOMEService;c:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe;c:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe [x]
R4 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe;c:\program files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe [x]
S0 iaStorA;iaStorA;c:\windows\System32\drivers\iaStorA.sys;c:\windows\SYSNATIVE\drivers\iaStorA.sys [x]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvpciflt.sys [x]
S1 ATKWMIACPIIO;ATKWMIACPI Driver;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [x]
S1 SAVOnAccess;SAVOnAccess;c:\windows\system32\DRIVERS\savonaccess.sys;c:\windows\SYSNATIVE\DRIVERS\savonaccess.sys [x]
S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [x]
S2 ASUS InstantOn;ASUS InstantOn Service;c:\program files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe;c:\program files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe [x]
S2 ClickToRunSvc;Microsoft Office-Klick-und-Los-Dienst;c:\program files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe;c:\program files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [x]
S2 DptfParticipantProcessorService;Intel(R) Dynamic Platform & Thermal Framework Processor Participant Service Application;c:\windows\system32\DptfParticipantProcessorService.exe;c:\windows\SYSNATIVE\DptfParticipantProcessorService.exe [x]
S2 DptfPolicyConfigTDPService;Intel(R) Dynamic Platform & Thermal Framework Config TDP Service Application;c:\windows\system32\DptfPolicyConfigTDPService.exe;c:\windows\SYSNATIVE\DptfPolicyConfigTDPService.exe [x]
S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 Intel(R) ME Service;Intel(R) ME Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [x]
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x]
S2 SAVAdminService;Sophos Anti-Virus Statusreporter;c:\program files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe;c:\program files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe [x]
S2 SAVService;Sophos Anti-Virus;c:\program files (x86)\Sophos\Sophos Anti-Virus\SavService.exe;c:\program files (x86)\Sophos\Sophos Anti-Virus\SavService.exe [x]
S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys;c:\windows\SYSNATIVE\Drivers\SSPORT.sys [x]
S2 swi_service;Sophos Web Intelligence Service;c:\program files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe;c:\program files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S3 AiCharger;ASUS Charger Driver;c:\windows\system32\DRIVERS\AiCharger.sys;c:\windows\SYSNATIVE\DRIVERS\AiCharger.sys [x]
S3 ATP;ASUS PS/2 Port Input Device;c:\windows\System32\drivers\AsusTP.sys;c:\windows\SYSNATIVE\drivers\AsusTP.sys [x]
S3 DptfDevDram;DptfDevDram;c:\windows\system32\DRIVERS\DptfDevDram.sys;c:\windows\SYSNATIVE\DRIVERS\DptfDevDram.sys [x]
S3 DptfDevFan;DptfDevFan;c:\windows\system32\DRIVERS\DptfDevFan.sys;c:\windows\SYSNATIVE\DRIVERS\DptfDevFan.sys [x]
S3 DptfDevGen;DptfDevGen;c:\windows\system32\DRIVERS\DptfDevGen.sys;c:\windows\SYSNATIVE\DRIVERS\DptfDevGen.sys [x]
S3 DptfDevPch;DptfDevPch;c:\windows\system32\DRIVERS\DptfDevPch.sys;c:\windows\SYSNATIVE\DRIVERS\DptfDevPch.sys [x]
S3 DptfDevProc;DptfDevProc;c:\windows\system32\DRIVERS\DptfDevProc.sys;c:\windows\SYSNATIVE\DRIVERS\DptfDevProc.sys [x]
S3 DptfManager;DptfManager;c:\windows\system32\DRIVERS\DptfManager.sys;c:\windows\SYSNATIVE\DRIVERS\DptfManager.sys [x]
S3 HIDSwitch;ASUS Wireless Radio Control;c:\windows\System32\drivers\AsHIDSwitch64.sys;c:\windows\SYSNATIVE\drivers\AsHIDSwitch64.sys [x]
S3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 RSBASTOR;Realtek PCIE CardReader Driver - BA;c:\windows\system32\DRIVERS\RtsBaStor.sys;c:\windows\SYSNATIVE\DRIVERS\RtsBaStor.sys [x]
S3 RTL8168;Realtek 8168 NT Driver;c:\windows\system32\DRIVERS\Rt630x64.sys;c:\windows\SYSNATIVE\DRIVERS\Rt630x64.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{A6EADE66-0000-0000-484E-7E8A45000000}]
2013-12-21 06:04 215416 ----a-w- c:\program files (x86)\Adobe\Reader 11.0\Esl\AiodLite.dll
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2014-08-29 18:18 2335960 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2014-08-29 18:18 2335960 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2014-08-29 18:18 2335960 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]
@="{6D4133E5-0742-4ADC-8A8C-9303440F7190}"
[HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}]
2012-03-13 09:23 1500672 ----a-w- c:\program files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]
@="{64174815-8D98-4CE6-8646-4C039977D808}"
[HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}]
2012-03-13 09:23 1500672 ----a-w- c:\program files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_U]
@="{1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4D}"
[HKEY_CLASSES_ROOT\CLSID\{1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4D}]
2012-03-13 09:23 1500672 ----a-w- c:\program files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 164760 ----a-w- c:\users\Pippin\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 164760 ----a-w- c:\users\Pippin\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 164760 ----a-w- c:\users\Pippin\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 164760 ----a-w- c:\users\Pippin\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-08-16 170304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-08-16 398656]
"DptfPolicyLpmServiceHelper"="c:\windows\system32\DptfPolicyLpmServiceHelper.exe" [2012-07-30 21888]
"ACMON"="c:\program files (x86)\ASUS\Splendid\ACMON.exe" [2012-08-24 107192]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
mDefault_Search_URL = hxxp://www.google.com
mDefault_Page_URL = hxxp://www.google.com
mStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearch Page = hxxp://www.google.com
IE: E&xport to Microsoft Excel - c:\program files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\program files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
LSP: c:\programdata\Sophos\Web Intelligence\swi_ifslsp.dll
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Pippin\AppData\Roaming\Mozilla\Firefox\Profiles\63282fnp.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxps://www.google.de/
FF - prefs.js: keyword.URL -
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
Toolbar-Locked - (no file)
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
@SACL=(02 0000)
.
Zeit der Fertigstellung: 2014-09-10 20:02:43
ComboFix-quarantined-files.txt 2014-09-10 18:02
.
Vor Suchlauf: 15 Verzeichnis(se), 126.904.721.408 Bytes frei
Nach Suchlauf: 18 Verzeichnis(se), 126.862.594.048 Bytes frei
.
- - End Of File - - A8B2962E9FEF2BB76F9224551DF3362B
Allerdings hatte ich danach ein Problem, dass der Computer nicht mehr so ganz ruhig lief - Programme hingen. Neustart war auch nicht ohne Probleme möglich, ich habe nur durch gewaltsames Herunterfahren (langes Drücken der Austaste) wieder etwas machen können. Dann lief aber alles wieder. Trojaner ist immer noch in der Quarantäne bei Sophos - Maßnahmen wie eliminieren sind leider nicht möglich. Grüße Geändert von Pip2 (10.09.2014 um 19:17 Uhr) |
|
11.09.2014, 11:22
| #9 |
| /// the machine /// TB-Ausbilder | Finanzamt Trojaner rechtzeitig von Sophos geblockt? Downloade Dir bitte  Malwarebytes Anti-Malware
Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
11.09.2014, 18:05
| #10 |
| | Finanzamt Trojaner rechtzeitig von Sophos geblockt? Hallo Schrauber, scheinbar finde ich hier jeden Tag etwas neues  Beim Schan mit Malware hat mein Sophos übrigens noch Sophos ein Adware/PUA mit dem Namen NirCMD entdeckt. Bei diesem habe ich aber immerhin die Maßnahmen bereinigen/ zulassen zur Verfügung --> Soll ich bereinigen klicken? Hier sind noch die Logs: MBAM: Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: 11.09.2014 Suchlauf-Zeit: 17:58:20 Logdatei: mbam.txt Administrator: Ja Version: 2.00.2.1012 Malware Datenbank: v2014.09.11.05 Rootkit Datenbank: v2014.09.10.02 Lizenz: Testversion Malware Schutz: Aktiviert Bösartiger Webseiten Schutz: Aktiviert Self-protection: Deaktiviert Betriebssystem: Windows 8 CPU: x64 Dateisystem: NTFS Benutzer: Pippin Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 353246 Verstrichene Zeit: 17 Min, 47 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Deaktiviert Heuristics: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registrierungsschlüssel: 0 (No malicious items detected) Registrierungswerte: 0 (No malicious items detected) Registrierungsdaten: 1 PUP.Optional.Qone8, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {33BB0A4E-99AF-4226-BDF6-49120163DE86}, Gut: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}), Schlecht: ({33BB0A4E-99AF-4226-BDF6-49120163DE86}),Ersetzt,[4819eb013645a78f7b579564f70dc040] Ordner: 0 (No malicious items detected) Dateien: 3 PUP.Optional.OpenCandy, C:\Users\Pippin\Downloads\winamp563_full_emusic-7plus_de-de.exe, In Quarantäne, [6bf63cb03a4184b23000d54a867f0bf5], PUP.Optional.Firseria, C:\Users\Pippin\Downloads\Microsoft%20Office%202010.exe, In Quarantäne, [de83a745adce87afb2e20b159b6aa25e], PUP.Optional.SweetPage.A, C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\sweet-page.xml, In Quarantäne, [352c5894b9c20a2c51e4e871f410dc24], Physische Sektoren: 0 (No malicious items detected) (end) Code:
ATTFilter # AdwCleaner v3.309 - Bericht erstellt am 11/09/2014 um 18:34:29
# Aktualisiert 02/09/2014 von Xplode
# Betriebssystem : Windows 8 (64 bits)
# Benutzername : Pippin - PIP
# Gestartet von : C:\Users\Pippin\Desktop\adwcleaner_3.309.exe
# Option : Löschen
***** [ Dienste ] *****
Dienst Gelöscht : DptfParticipantProcessorService
Dienst Gelöscht : DptfPolicyConfigTDPService
***** [ Dateien / Ordner ] *****
Datei Gelöscht : C:\Windows\System32\DptfParticipantProcessorService.exe
Datei Gelöscht : C:\Windows\System32\DptfPolicyConfigTDPService.exe
***** [ Tasks ] *****
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\AdvancedSystemProtector_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\AdvancedSystemProtector_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\updateJumpFlip_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\updateJumpFlip_RASMANCS
Schlüssel Gelöscht : HKCU\Software\OCS
***** [ Browser ] *****
-\\ Internet Explorer v10.0.9200.16537
-\\ Mozilla Firefox v31.0 (x86 de)
[ Datei : C:\Users\Pippin\AppData\Roaming\Mozilla\Firefox\Profiles\63282fnp.default\prefs.js ]
*************************
AdwCleaner[R0].txt - [6143 octets] - [15/01/2014 23:06:36]
AdwCleaner[R1].txt - [1589 octets] - [11/09/2014 18:33:17]
AdwCleaner[S0].txt - [4007 octets] - [15/01/2014 23:08:22]
AdwCleaner[S1].txt - [1464 octets] - [11/09/2014 18:34:29]
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1524 octets] ##########
Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 8 x64
Ran by Pippin on 11.09.2014 at 18:40:40,23
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
~~~ Files
~~~ Folders
~~~ FireFox
Emptied folder: C:\Users\Pippin\AppData\Roaming\mozilla\firefox\profiles\63282fnp.default\minidumps [18 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 11.09.2014 at 18:47:38,46
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 10-09-2014 Ran by Pippin (administrator) on PIP on 11-09-2014 18:54:51 Running from C:\Users\Pippin\Desktop Platform: Windows 8 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 10 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe (ASUS) C:\Program Files\ASUS\P4G\BatteryLife.exe (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe (ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe (Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe (ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnWMI.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe (Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe (Sophos Limited) C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe (Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (ASUSTeK) C:\Windows\SysWOW64\ACEngSvr.exe (Sophos Limited) C:\Program Files (x86)\Sophos\AutoUpdate\ALMon.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe (Dropbox, Inc.) C:\Users\Pippin\AppData\Roaming\Dropbox\bin\Dropbox.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe (Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavMain.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [DptfPolicyLpmServiceHelper] => C:\Windows\system32\DptfPolicyLpmServiceHelper.exe [21888 2012-07-30] () HKLM\...\Run: [ACMON] => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [107192 2012-08-24] (ASUS) HKLM-x32\...\Run: [ASUSWebStorage] => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\AsusWSPanel.exe [3417984 2012-08-28] (ASUS Cloud Corporation) HKLM-x32\...\Run: [Sophos AutoUpdate Monitor] => C:\Program Files (x86)\Sophos\AutoUpdate\almon.exe [900160 2012-07-06] (Sophos Limited) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-12-21] (Adobe Systems Incorporated) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [224128 2014-03-18] (Oracle Corporation) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) Startup: C:\Users\Pippin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> C:\Users\Pippin\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) ShellIconOverlayIdentifiers: AsusWSShellExt_B -> {6D4133E5-0742-4ADC-8A8C-9303440F7190} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\ASUSWSShellExt64.dll (ASUS Cloud Corporation.) ShellIconOverlayIdentifiers: AsusWSShellExt_O -> {64174815-8D98-4CE6-8646-4C039977D808} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\ASUSWSShellExt64.dll (ASUS Cloud Corporation.) ShellIconOverlayIdentifiers: AsusWSShellExt_U -> {1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4D} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\ASUSWSShellExt64.dll (ASUS Cloud Corporation.) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation) BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre8\bin\ssv.dll (Oracle Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre8\bin\jp2ssv.dll (Oracle Corporation) Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Winsock: Catalog9 01 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [87616] (Sophos Limited) Winsock: Catalog9 02 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [87616] (Sophos Limited) Winsock: Catalog9 03 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [87616] (Sophos Limited) Winsock: Catalog9 04 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [87616] (Sophos Limited) Winsock: Catalog9 05 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [87616] (Sophos Limited) Winsock: Catalog9 06 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [87616] (Sophos Limited) Winsock: Catalog9 07 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [87616] (Sophos Limited) Winsock: Catalog9 08 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [87616] (Sophos Limited) Winsock: Catalog9 20 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [87616] (Sophos Limited) Winsock: Catalog9-x64 01 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [127040] (Sophos Limited) Winsock: Catalog9-x64 02 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [127040] (Sophos Limited) Winsock: Catalog9-x64 03 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [127040] (Sophos Limited) Winsock: Catalog9-x64 04 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [127040] (Sophos Limited) Winsock: Catalog9-x64 05 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [127040] (Sophos Limited) Winsock: Catalog9-x64 06 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [127040] (Sophos Limited) Winsock: Catalog9-x64 07 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [127040] (Sophos Limited) Winsock: Catalog9-x64 08 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [127040] (Sophos Limited) Winsock: Catalog9-x64 20 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [127040] (Sophos Limited) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 FireFox: ======== FF ProfilePath: C:\Users\Pippin\AppData\Roaming\Mozilla\Firefox\Profiles\63282fnp.default FF DefaultSearchEngine: Google FF SelectedSearchEngine: Google FF Homepage: https://www.google.de/ FF Keyword.URL: user_pref("keyword.URL", ""); FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_125.dll () FF Plugin: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_125.dll () FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF Plugin-x32: @java.com/DTPlugin,version=11.5.2 -> C:\Program Files (x86)\Java\jre8\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.5.2 -> C:\Program Files (x86)\Java\jre8\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll (Nullsoft, Inc.) FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: Adblock Plus - C:\Users\Pippin\AppData\Roaming\Mozilla\Firefox\Profiles\63282fnp.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-02-23] FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK Chrome: ======= ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 ASUS InstantOn; C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe [277120 2012-04-13] (ASUS) R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2369720 2014-08-01] (Microsoft Corporation) R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [129856 2012-06-27] (Intel Corporation) R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation) S3 KeyIso; C:\Windows\SysWOW64\keyiso.dll [43520 2012-07-26] (Microsoft Corporation) R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation) S3 Netlogon; C:\Windows\SysWOW64\netlogon.dll [634368 2012-07-26] (Microsoft Corporation) R2 SAVAdminService; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe [215848 2014-04-14] (Sophos Limited) R2 SAVService; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe [139048 2014-04-14] (Sophos Limited) R2 Sophos AutoUpdate Service; C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe [232512 2012-07-06] (Sophos Limited) S3 StorSvc; C:\Windows\SysWOW64\storsvc.dll [18432 2012-07-26] (Microsoft Corporation) R2 swi_service; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe [2869824 2012-11-12] (Sophos Limited) S2 swi_update_64; C:\ProgramData\Sophos\Web Intelligence\swi_update_64.exe [1998400 2012-11-12] (Sophos Limited) S4 TuneUp.Defrag; C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpDefragService.exe [607040 2013-02-22] (TuneUp Software) S4 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe [1403200 2011-11-21] (TuneUp Software) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16056 2014-03-29] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) U5 AppMgmt; C:\Windows\system32\svchost.exe [29696 2012-09-20] (Microsoft Corporation) R3 ATP; C:\Windows\System32\drivers\AsusTP.sys [61824 2012-10-31] (ASUS Corporation) R3 DptfDevDram; C:\Windows\system32\DRIVERS\DptfDevDram.sys [107328 2012-07-13] (Intel Corporation) R3 DptfDevFan; C:\Windows\system32\DRIVERS\DptfDevFan.sys [42816 2012-07-13] (Intel Corporation) R3 DptfDevGen; C:\Windows\system32\DRIVERS\DptfDevGen.sys [64832 2012-07-13] (Intel Corporation) R3 DptfDevPch; C:\Windows\system32\DRIVERS\DptfDevPch.sys [96064 2012-07-13] (Intel Corporation) R3 DptfDevProc; C:\Windows\system32\DRIVERS\DptfDevProc.sys [228672 2012-07-13] (Intel Corporation) R3 DptfManager; C:\Windows\system32\DRIVERS\DptfManager.sys [361792 2012-07-13] (Intel Corporation) R3 kbfiltr; C:\Windows\System32\drivers\kbfiltr.sys [14992 2012-08-02] ( ) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-09-11] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2014-05-12] (Malwarebytes Corporation) R1 SAVOnAccess; C:\Windows\System32\DRIVERS\savonaccess.sys [144672 2012-04-24] (Sophos Limited) S4 SophosBootDriver; C:\Windows\system32\DRIVERS\SophosBootDriver.sys [25608 2011-08-25] (Sophos Plc) S3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesDriver64.sys [11856 2010-02-24] (TuneUp Software) S3 catchme; \??\C:\ComboFix\catchme.sys [X] U0 msahci; No ImagePath ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-09-11 18:54 - 2014-09-11 18:54 - 00016327 _____ () C:\Users\Pippin\Desktop\FRST.txt 2014-09-11 18:54 - 2014-09-11 18:54 - 00000000 ____D () C:\Users\Pippin\Desktop\FRST-OlderVersion 2014-09-11 18:47 - 2014-09-11 18:47 - 00000746 _____ () C:\Users\Pippin\Desktop\JRT.txt 2014-09-11 18:40 - 2014-09-11 18:40 - 00000000 ____D () C:\Windows\ERUNT 2014-09-11 18:39 - 2014-09-11 18:39 - 01016261 _____ (Thisisu) C:\Users\Pippin\Desktop\JRT.exe 2014-09-11 18:31 - 2014-09-11 18:31 - 01370483 _____ () C:\Users\Pippin\Desktop\adwcleaner_3.309.exe 2014-09-11 18:30 - 2014-09-11 18:31 - 01370483 _____ () C:\Users\Pippin\Downloads\adwcleaner_3.309.exe 2014-09-11 18:29 - 2014-09-11 18:29 - 00001783 _____ () C:\Users\Pippin\Desktop\mbam.txt 2014-09-11 17:56 - 2014-09-11 17:56 - 00001104 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-09-11 17:56 - 2014-09-11 17:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-09-11 17:55 - 2014-09-11 17:55 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-09-11 17:55 - 2014-05-12 07:26 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-09-11 17:55 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-09-11 17:53 - 2014-09-11 17:53 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Pippin\Downloads\mbam-setup-2.0.2.1012.exe 2014-09-10 21:18 - 2014-08-16 11:34 - 01407488 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-09-10 21:18 - 2014-08-16 11:34 - 00915968 _____ (Microsoft Corporation) C:\Windows\system32\uxtheme.dll 2014-09-10 21:18 - 2014-08-16 11:34 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-09-10 21:18 - 2014-08-16 11:33 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-09-10 21:18 - 2014-08-16 11:33 - 00097280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-09-10 21:18 - 2014-08-16 11:32 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-09-10 21:18 - 2014-08-16 11:32 - 02655232 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-09-10 21:18 - 2014-08-16 11:32 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2014-09-10 21:18 - 2014-08-16 11:32 - 00451584 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-09-10 21:18 - 2014-08-16 11:32 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-09-10 21:18 - 2014-08-16 11:32 - 00255488 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2014-09-10 21:18 - 2014-08-16 09:37 - 01180672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-09-10 21:18 - 2014-08-16 09:36 - 02861568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-09-10 21:18 - 2014-08-16 09:36 - 02055168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-09-10 21:18 - 2014-08-16 09:36 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2014-09-10 21:18 - 2014-08-16 09:36 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-09-10 21:18 - 2014-08-16 09:36 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2014-09-10 21:18 - 2014-08-16 09:36 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2014-09-10 21:18 - 2014-08-16 09:36 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2014-09-10 21:18 - 2014-08-16 09:36 - 00080384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2014-09-10 21:18 - 2014-08-16 09:35 - 01440768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-09-10 21:18 - 2014-03-07 02:47 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2014-09-10 21:18 - 2013-05-16 00:37 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UXInit.dll 2014-09-10 21:18 - 2013-05-16 00:35 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\UXInit.dll 2014-09-10 21:18 - 2013-05-14 15:14 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-09-10 21:18 - 2013-05-14 11:23 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-09-10 21:18 - 2013-02-21 12:29 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll 2014-09-10 21:18 - 2013-02-21 12:29 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2014-09-10 21:18 - 2013-02-21 12:29 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2014-09-10 21:18 - 2013-02-21 12:14 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll 2014-09-10 21:18 - 2013-02-19 11:53 - 00534528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\uxtheme.dll 2014-09-10 21:18 - 2012-11-08 06:20 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-09-10 21:18 - 2012-11-08 06:20 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-09-10 21:18 - 2012-07-26 05:06 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-09-10 21:17 - 2014-08-16 11:34 - 02239488 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-09-10 21:17 - 2014-08-16 11:33 - 19280384 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-09-10 21:17 - 2014-08-16 11:32 - 15399424 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-09-10 21:17 - 2014-08-16 11:32 - 01508864 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-09-10 21:17 - 2014-08-16 09:37 - 01766400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-09-10 21:17 - 2014-08-16 09:36 - 14369280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-09-10 21:17 - 2014-08-16 09:36 - 13757440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-09-10 21:17 - 2013-02-21 12:29 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-09-10 21:17 - 2013-02-21 12:14 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-09-10 21:12 - 2014-08-01 01:40 - 01287680 _____ (Microsoft Corporation) C:\Windows\system32\schedsvc.dll 2014-09-10 21:11 - 2014-07-24 05:33 - 00875688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr120_clr0400.dll 2014-09-10 21:11 - 2014-07-24 05:33 - 00869544 _____ (Microsoft Corporation) C:\Windows\system32\msvcr120_clr0400.dll 2014-09-10 21:11 - 2014-06-05 03:12 - 00678600 _____ (Microsoft Corporation) C:\Windows\system32\msvcp120_clr0400.dll 2014-09-10 21:11 - 2014-06-04 01:12 - 00536776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp120_clr0400.dll 2014-09-10 21:10 - 2014-08-28 13:34 - 00059400 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe 2014-09-10 21:10 - 2014-08-28 08:05 - 00630272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll 2014-09-10 21:10 - 2014-08-28 08:05 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll 2014-09-10 21:10 - 2014-08-28 08:05 - 00086528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll 2014-09-10 21:10 - 2014-08-28 08:05 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe 2014-09-10 21:10 - 2014-08-28 08:02 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe 2014-09-10 21:10 - 2014-08-28 08:01 - 03285504 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll 2014-09-10 21:10 - 2014-08-28 08:01 - 01623552 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll 2014-09-10 21:10 - 2014-08-28 08:01 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll 2014-09-10 21:10 - 2014-08-28 08:01 - 00253440 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll 2014-09-10 21:10 - 2014-08-28 08:01 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\storewuauth.dll 2014-09-10 21:10 - 2014-08-28 08:01 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll 2014-09-10 21:10 - 2014-08-28 08:01 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll 2014-09-10 21:10 - 2014-08-28 08:01 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\wuaext.dll 2014-09-10 21:10 - 2014-08-09 10:30 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe 2014-09-10 21:10 - 2014-08-09 10:29 - 00144896 _____ (Microsoft Corporation) C:\Windows\system32\tssdisai.dll 2014-09-10 20:02 - 2014-09-10 20:02 - 00018218 _____ () C:\ComboFix.txt 2014-09-10 19:52 - 2014-09-10 20:02 - 00000000 ____D () C:\Qoobox 2014-09-10 19:52 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe 2014-09-10 19:52 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe 2014-09-10 19:52 - 2009-04-20 06:56 - 00060416 _____ () C:\Windows\NIRCMD.exe 2014-09-10 19:52 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe 2014-09-10 19:52 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe 2014-09-10 19:52 - 2000-08-31 02:00 - 00212480 _____ (SteelWerX) C:\Windows\SWXCACLS.exe 2014-09-10 19:52 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe 2014-09-10 19:52 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe 2014-09-10 19:52 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe 2014-09-10 19:51 - 2014-09-10 20:00 - 00000000 ____D () C:\Windows\erdnt 2014-09-10 19:48 - 2014-09-10 19:48 - 05576769 ____R (Swearware) C:\Users\Pippin\Desktop\ComboFix.exe 2014-09-10 19:47 - 2014-09-10 19:48 - 05576769 _____ (Swearware) C:\Users\Pippin\Downloads\ComboFix.exe 2014-09-07 22:16 - 2014-09-07 22:17 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\Pippin\Desktop\tdsskiller.exe 2014-09-07 21:49 - 2014-09-11 18:36 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-09-07 21:49 - 2014-09-11 17:55 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-09-07 21:49 - 2014-09-07 22:10 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable) 2014-09-07 21:48 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-09-07 21:47 - 2014-09-07 22:09 - 00000000 ____D () C:\Users\Pippin\Desktop\mbar 2014-09-07 21:45 - 2014-09-07 21:45 - 14349744 _____ (Malwarebytes Corp.) C:\Users\Pippin\Desktop\mbar-1.07.0.1012.exe 2014-09-07 19:42 - 2014-09-07 19:42 - 00006678 _____ () C:\Users\Pippin\Desktop\gmer.txt 2014-09-07 19:24 - 2014-09-07 19:26 - 00026716 _____ () C:\Users\Pippin\Downloads\Addition.txt 2014-09-07 19:23 - 2014-09-07 19:26 - 00033010 _____ () C:\Users\Pippin\Downloads\FRST.txt 2014-09-07 19:23 - 2014-09-07 19:23 - 00380416 _____ () C:\Users\Pippin\Downloads\jyff14mu.exe 2014-09-07 19:22 - 2014-09-11 18:55 - 00000000 ____D () C:\FRST 2014-09-07 19:19 - 2014-09-11 18:54 - 02105856 _____ (Farbar) C:\Users\Pippin\Desktop\FRST64.exe 2014-09-07 19:15 - 2014-09-07 19:15 - 00000474 _____ () C:\Users\Pippin\Downloads\defogger_disable.log 2014-09-07 19:15 - 2014-09-07 19:15 - 00000000 _____ () C:\Users\Pippin\defogger_reenable 2014-09-07 19:13 - 2014-09-07 19:13 - 00050477 _____ () C:\Users\Pippin\Downloads\Defogger.exe 2014-09-04 20:07 - 2014-09-07 20:19 - 00000000 ____D () C:\Users\Pippin\Downloads\Steuerbericht09201417 2014-09-03 21:27 - 2014-09-08 22:00 - 00227763 _____ () C:\Users\Pippin\Desktop\Picknick.odt 2014-08-27 22:46 - 2014-08-23 08:47 - 04036096 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2014-08-20 22:22 - 2014-08-27 22:51 - 00449272 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-08-13 09:40 - 2014-07-16 00:51 - 00071168 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hdaudbus.sys 2014-08-13 09:36 - 2014-06-11 00:44 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe 2014-08-13 09:36 - 2014-06-11 00:43 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe 2014-08-13 09:33 - 2014-07-16 01:03 - 01300992 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll 2014-08-13 09:33 - 2014-07-12 04:36 - 01023488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll 2014-08-13 09:33 - 2014-06-13 03:57 - 01453400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys 2014-08-13 09:33 - 2014-06-13 03:55 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll 2014-08-13 09:31 - 2014-06-20 01:35 - 01312768 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll 2014-08-13 09:31 - 2014-06-20 00:24 - 00694272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll 2014-08-13 09:31 - 2014-06-05 19:56 - 00112984 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe 2014-08-13 09:31 - 2014-06-05 19:30 - 10116608 _____ (Microsoft Corporation) C:\Windows\system32\twinui.dll 2014-08-13 09:31 - 2014-06-05 19:29 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll 2014-08-13 09:31 - 2014-06-05 19:29 - 00393216 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll 2014-08-13 09:31 - 2014-06-05 19:28 - 02306560 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll 2014-08-13 09:31 - 2014-06-05 19:28 - 02146304 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll 2014-08-13 09:31 - 2014-06-05 15:12 - 08857600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll 2014-08-13 09:31 - 2014-06-05 15:11 - 02416128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll 2014-08-13 09:31 - 2014-06-05 15:11 - 00295424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll 2014-08-13 09:31 - 2014-06-05 15:10 - 02037760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll 2014-08-13 09:31 - 2014-06-05 15:10 - 00754176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\actxprxy.dll 2014-08-13 09:31 - 2014-05-29 06:04 - 00094552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys 2014-08-13 09:31 - 2014-05-08 03:34 - 00328024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Classpnp.sys 2014-08-13 09:31 - 2014-05-03 08:34 - 06974808 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2014-08-13 09:31 - 2014-05-03 08:33 - 01824808 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll 2014-08-13 09:31 - 2014-05-03 06:51 - 01408976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll 2014-08-13 09:31 - 2014-05-02 00:37 - 01023488 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll 2014-08-13 09:31 - 2014-04-30 00:32 - 00126464 _____ (Microsoft Corporation) C:\Windows\system32\Robocopy.exe 2014-08-13 09:31 - 2014-04-30 00:32 - 00106496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Robocopy.exe 2014-08-13 09:31 - 2014-04-24 01:51 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSShared.dll 2014-08-13 09:31 - 2014-04-24 01:51 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll 2014-08-13 09:31 - 2014-04-24 01:38 - 00693760 _____ (Microsoft Corporation) C:\Windows\system32\WSShared.dll 2014-08-13 09:31 - 2014-04-24 01:38 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-09-11 18:55 - 2014-09-11 18:54 - 00016327 _____ () C:\Users\Pippin\Desktop\FRST.txt 2014-09-11 18:55 - 2014-09-07 19:22 - 00000000 ____D () C:\FRST 2014-09-11 18:54 - 2014-09-11 18:54 - 00000000 ____D () C:\Users\Pippin\Desktop\FRST-OlderVersion 2014-09-11 18:54 - 2014-09-07 19:19 - 02105856 _____ (Farbar) C:\Users\Pippin\Desktop\FRST64.exe 2014-09-11 18:47 - 2014-09-11 18:47 - 00000746 _____ () C:\Users\Pippin\Desktop\JRT.txt 2014-09-11 18:47 - 2012-11-02 13:43 - 01251961 _____ () C:\Windows\WindowsUpdate.log 2014-09-11 18:40 - 2014-09-11 18:40 - 00000000 ____D () C:\Windows\ERUNT 2014-09-11 18:39 - 2014-09-11 18:39 - 01016261 _____ (Thisisu) C:\Users\Pippin\Desktop\JRT.exe 2014-09-11 18:37 - 2013-09-02 19:47 - 00000000 ___RD () C:\Users\Pippin\Dropbox 2014-09-11 18:37 - 2013-09-02 19:43 - 00000000 ____D () C:\Users\Pippin\AppData\Roaming\Dropbox 2014-09-11 18:36 - 2014-09-07 21:49 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-09-11 18:36 - 2013-02-20 07:10 - 00000507 _____ () C:\Users\Pippin\AppData\Roaming\sp_data.sys 2014-09-11 18:36 - 2012-07-26 09:22 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-09-11 18:35 - 2014-08-10 21:15 - 00005160 _____ () C:\Windows\PFRO.log 2014-09-11 18:34 - 2014-01-15 23:06 - 00000000 ____D () C:\AdwCleaner 2014-09-11 18:31 - 2014-09-11 18:31 - 01370483 _____ () C:\Users\Pippin\Desktop\adwcleaner_3.309.exe 2014-09-11 18:31 - 2014-09-11 18:30 - 01370483 _____ () C:\Users\Pippin\Downloads\adwcleaner_3.309.exe 2014-09-11 18:29 - 2014-09-11 18:29 - 00001783 _____ () C:\Users\Pippin\Desktop\mbam.txt 2014-09-11 18:00 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\system32\sru 2014-09-11 17:56 - 2014-09-11 17:56 - 00001104 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-09-11 17:56 - 2014-09-11 17:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-09-11 17:55 - 2014-09-11 17:55 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-09-11 17:55 - 2014-09-07 21:49 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-09-11 17:53 - 2014-09-11 17:53 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Pippin\Downloads\mbam-setup-2.0.2.1012.exe 2014-09-10 21:12 - 2013-02-23 17:19 - 101694776 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-09-10 20:29 - 2013-07-10 21:54 - 00000000 _____ () C:\Windows\system32\vireng.log 2014-09-10 20:02 - 2014-09-10 20:02 - 00018218 _____ () C:\ComboFix.txt 2014-09-10 20:02 - 2014-09-10 19:52 - 00000000 ____D () C:\Qoobox 2014-09-10 20:00 - 2014-09-10 19:51 - 00000000 ____D () C:\Windows\erdnt 2014-09-10 19:59 - 2012-07-26 07:26 - 00000215 _____ () C:\Windows\system.ini 2014-09-10 19:48 - 2014-09-10 19:48 - 05576769 ____R (Swearware) C:\Users\Pippin\Desktop\ComboFix.exe 2014-09-10 19:48 - 2014-09-10 19:47 - 05576769 _____ (Swearware) C:\Users\Pippin\Downloads\ComboFix.exe 2014-09-08 22:00 - 2014-09-03 21:27 - 00227763 _____ () C:\Users\Pippin\Desktop\Picknick.odt 2014-09-07 22:17 - 2014-09-07 22:16 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\Pippin\Desktop\tdsskiller.exe 2014-09-07 22:10 - 2014-09-07 21:49 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable) 2014-09-07 22:10 - 2012-07-26 07:26 - 00262144 ___SH () C:\Windows\system32\config\BBI 2014-09-07 22:09 - 2014-09-07 21:47 - 00000000 ____D () C:\Users\Pippin\Desktop\mbar 2014-09-07 21:45 - 2014-09-07 21:45 - 14349744 _____ (Malwarebytes Corp.) C:\Users\Pippin\Desktop\mbar-1.07.0.1012.exe 2014-09-07 20:43 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\rescache 2014-09-07 20:19 - 2014-09-04 20:07 - 00000000 ____D () C:\Users\Pippin\Downloads\Steuerbericht09201417 2014-09-07 19:42 - 2014-09-07 19:42 - 00006678 _____ () C:\Users\Pippin\Desktop\gmer.txt 2014-09-07 19:26 - 2014-09-07 19:24 - 00026716 _____ () C:\Users\Pippin\Downloads\Addition.txt 2014-09-07 19:26 - 2014-09-07 19:23 - 00033010 _____ () C:\Users\Pippin\Downloads\FRST.txt 2014-09-07 19:23 - 2014-09-07 19:23 - 00380416 _____ () C:\Users\Pippin\Downloads\jyff14mu.exe 2014-09-07 19:15 - 2014-09-07 19:15 - 00000474 _____ () C:\Users\Pippin\Downloads\defogger_disable.log 2014-09-07 19:15 - 2014-09-07 19:15 - 00000000 _____ () C:\Users\Pippin\defogger_reenable 2014-09-07 19:15 - 2013-02-20 07:06 - 00000000 ____D () C:\Users\Pippin 2014-09-07 19:13 - 2014-09-07 19:13 - 00050477 _____ () C:\Users\Pippin\Downloads\Defogger.exe 2014-09-07 19:13 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\AUInstallAgent 2014-09-04 21:53 - 2014-08-11 20:41 - 00144038 _____ () C:\Users\Pippin\Desktop\FFT 2013_fertig.mcf 2014-09-04 21:53 - 2014-08-11 20:41 - 00000000 ____D () C:\Users\Pippin\Desktop\FFT 2013_fertig_mcf-Dateien 2014-09-04 21:53 - 2013-12-20 18:07 - 00000000 ____D () C:\ProgramData\tmp 2014-09-03 21:48 - 2013-03-03 19:48 - 00000099 _____ () C:\Users\Public\LMDebug.log 2014-09-02 21:32 - 2013-02-24 17:00 - 00705480 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-09-02 21:32 - 2013-02-24 17:00 - 00104904 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-08-29 20:20 - 2013-10-23 22:00 - 00000000 ____D () C:\Program Files\Microsoft Office 15 2014-08-28 13:34 - 2014-09-10 21:10 - 00059400 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe 2014-08-28 08:05 - 2014-09-10 21:10 - 00630272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll 2014-08-28 08:05 - 2014-09-10 21:10 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll 2014-08-28 08:05 - 2014-09-10 21:10 - 00086528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll 2014-08-28 08:05 - 2014-09-10 21:10 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe 2014-08-28 08:02 - 2014-09-10 21:10 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe 2014-08-28 08:01 - 2014-09-10 21:10 - 03285504 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll 2014-08-28 08:01 - 2014-09-10 21:10 - 01623552 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll 2014-08-28 08:01 - 2014-09-10 21:10 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll 2014-08-28 08:01 - 2014-09-10 21:10 - 00253440 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll 2014-08-28 08:01 - 2014-09-10 21:10 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\storewuauth.dll 2014-08-28 08:01 - 2014-09-10 21:10 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll 2014-08-28 08:01 - 2014-09-10 21:10 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll 2014-08-28 08:01 - 2014-09-10 21:10 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\wuaext.dll 2014-08-27 23:00 - 2012-08-03 01:02 - 00760560 _____ () C:\Windows\system32\perfh007.dat 2014-08-27 23:00 - 2012-08-03 01:02 - 00158770 _____ () C:\Windows\system32\perfc007.dat 2014-08-27 23:00 - 2012-07-26 09:28 - 01745416 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-08-27 22:51 - 2014-08-20 22:22 - 00449272 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-08-27 22:49 - 2012-07-26 09:59 - 00000000 ____D () C:\Windows\CbsTemp 2014-08-27 22:14 - 2013-02-21 23:27 - 00000000 ____D () C:\Users\Pippin\AppData\Roaming\Skype 2014-08-23 08:47 - 2014-08-27 22:46 - 04036096 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2014-08-20 22:17 - 2012-07-26 10:12 - 00000000 ___RD () C:\Windows\ToastData 2014-08-20 22:17 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\WinStore 2014-08-16 11:34 - 2014-09-10 21:18 - 01407488 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-08-16 11:34 - 2014-09-10 21:18 - 00915968 _____ (Microsoft Corporation) C:\Windows\system32\uxtheme.dll 2014-08-16 11:34 - 2014-09-10 21:18 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-08-16 11:34 - 2014-09-10 21:17 - 02239488 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-08-16 11:33 - 2014-09-10 21:18 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-08-16 11:33 - 2014-09-10 21:18 - 00097280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-08-16 11:33 - 2014-09-10 21:17 - 19280384 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-08-16 11:32 - 2014-09-10 21:18 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-08-16 11:32 - 2014-09-10 21:18 - 02655232 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-08-16 11:32 - 2014-09-10 21:18 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2014-08-16 11:32 - 2014-09-10 21:18 - 00451584 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-08-16 11:32 - 2014-09-10 21:18 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-08-16 11:32 - 2014-09-10 21:18 - 00255488 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2014-08-16 11:32 - 2014-09-10 21:17 - 15399424 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-08-16 11:32 - 2014-09-10 21:17 - 01508864 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-08-16 09:37 - 2014-09-10 21:18 - 01180672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-08-16 09:37 - 2014-09-10 21:17 - 01766400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-08-16 09:36 - 2014-09-10 21:18 - 02861568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-08-16 09:36 - 2014-09-10 21:18 - 02055168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-08-16 09:36 - 2014-09-10 21:18 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2014-08-16 09:36 - 2014-09-10 21:18 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-08-16 09:36 - 2014-09-10 21:18 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2014-08-16 09:36 - 2014-09-10 21:18 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2014-08-16 09:36 - 2014-09-10 21:18 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2014-08-16 09:36 - 2014-09-10 21:18 - 00080384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2014-08-16 09:36 - 2014-09-10 21:17 - 14369280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-08-16 09:36 - 2014-09-10 21:17 - 13757440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-08-16 09:35 - 2014-09-10 21:18 - 01440768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-08-14 20:25 - 2013-09-15 22:09 - 00000000 ____D () C:\Windows\system32\MRT 2014-08-12 22:31 - 2013-09-02 19:47 - 00000984 _____ () C:\Users\Pippin\Desktop\Dropbox.lnk 2014-08-12 22:31 - 2013-09-02 19:44 - 00000000 ____D () C:\Users\Pippin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox 2014-08-12 22:28 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\LiveKernelReports Some content of TEMP: ==================== C:\Users\Pippin\AppData\Local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp_idbli.dll C:\Users\Pippin\AppData\Local\temp\Quarantine.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-09-10 20:22 ==================== End Of Log ============================ --- --- --- Grüße |
|
12.09.2014, 10:56
| #11 |
| /// the machine /// TB-Ausbilder | Finanzamt Trojaner rechtzeitig von Sophos geblockt?ESET Online Scanner
Downloade Dir bitte  SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme? 
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
12.09.2014, 18:01
| #12 |
| | Finanzamt Trojaner rechtzeitig von Sophos geblockt? Kommt daruaf an, wie man Probleme definiert  ESET hat auf jeden Fall einiges erkannt: Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=1aee84dac8d4274086d5532710456ac4
# engine=20127
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-09-12 04:35:36
# local_time=2014-09-12 06:35:36 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.2.9200 NT
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 10442435 70045847 0 0
# compatibility_mode_1='Sophos Anti-Virus'
# compatibility_mode=8450 16777213 100 99 86622 96299290 0 0
# scanned=262565
# found=11
# cleaned=0
# scan_time=7161
sh=1977F2F0A49C992E60324A527A5887305D48E3D7 ft=1 fh=dc889aa2aa041916 vn="Variante von Win64/Systweak.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Windows\System32\roboot64.exe.vir"
sh=A0AC2EF060C27275F2C0768DAF18A02FC0A6E168 ft=0 fh=0000000000000000 vn="Archbomb.RAR Trojaner" ac=I fn="C:\Users\Pippin\Downloads\img_1559.rar"
sh=702156E8AF7BAFB68B38DC2953EFC7D1680A4573 ft=1 fh=c7fbf9e33d27a5e7 vn="Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Pippin\Downloads\Microsoft Office Compatibility Pack - CHIP-Downloader.exe"
sh=33B24DBD3D844B32B332B6B3D417C7C49BDAD5E0 ft=1 fh=b5ae0809b81d5e59 vn="Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Pippin\Downloads\Word Viewer - CHIP-Downloader.exe"
sh=44C75F2F955CFE8650932D5D600397C0712CD10A ft=1 fh=1ed1429be76b2d59 vn="Variante von Win32/Adware.ADON evtl. unerwünschte Anwendung" ac=I fn="F:\exe-dateien\agsetup183se.exe"
sh=26590FB2BCD90BDE7F3C89B7AE4B684B24F74CD2 ft=1 fh=f46f5e2b9517bece vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="F:\exe-dateien\softonic-Deutsch.exe"
sh=E4A78E59F4A86F4BFCE69DE9A846C0ED092D410B ft=1 fh=0c2a662b93c0398c vn="Win32/SoftonicDownloader.A evtl. unerwünschte Anwendung" ac=I fn="F:\exe-dateien\SoftonicDownloader_fuer_zonealarm-firewall.exe"
sh=6994FC133F3D99F1B1257370C9BC01BD54AF5D30 ft=1 fh=d1eb868415c0b931 vn="Variante von Win32/Toolbar.Conduit.AI evtl. unerwünschte Anwendung" ac=I fn="F:\exe-dateien\zaSetup_92_058_000_de.exe"
sh=F05DCC8AB09C37F8C922C709E221A033A2CF00AC ft=1 fh=028e89175da59869 vn="Win32/SoftonicDownloader.A evtl. unerwünschte Anwendung" ac=I fn="F:\Martins Mitbringsel\SoftonicDownloader_fuer_zonealarm-firewall.exe"
sh=6994FC133F3D99F1B1257370C9BC01BD54AF5D30 ft=1 fh=d1eb868415c0b931 vn="Variante von Win32/Toolbar.Conduit.AI evtl. unerwünschte Anwendung" ac=I fn="F:\Martins Mitbringsel\zaSetup_92_058_000_de.exe"
sh=6994FC133F3D99F1B1257370C9BC01BD54AF5D30 ft=1 fh=d1eb868415c0b931 vn="Variante von Win32/Toolbar.Conduit.AI evtl. unerwünschte Anwendung" ac=I fn="F:\setup.exe-dateien\zaSetup_92_058_000_de.exe"
Code:
ATTFilter Results of screen317's Security Check version 0.99.87 x64 (UAC is enabled) Internet Explorer 10 Out of date! ``````````````Antivirus/Firewall Check:`````````````` Windows Defender Sophos Anti-Virus WMI entry may not exist for antivirus; attempting automatic update. `````````Anti-malware/Other Utilities Check:````````` TuneUp Utilities TuneUp Utilities Language Pack (de-DE) TuneUp Utilities Java 8 Update 5 Java version out of Date! Adobe Flash Player 14.0.0.125 Adobe Reader XI Mozilla Firefox (31.0) ````````Process Check: objlist.exe by Laurent```````` Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbam.exe Sophos Sophos Anti-Virus SavService.exe Sophos Sophos Anti-Virus SAVAdminService.exe Sophos Sophos Anti-Virus Web Intelligence swi_service.exe Malwarebytes Anti-Malware mbamscheduler.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: % ````````````````````End of Log`````````````````````` FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 10-09-2014 Ran by Pippin (administrator) on PIP on 12-09-2014 18:53:42 Running from C:\Users\Pippin\Desktop Platform: Windows 8 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 10 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe (ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe (Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe (Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe (Sophos Limited) C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe (Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Microsoft Corporation) C:\Windows\System32\LogonUI.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (ASUS) C:\Program Files\ASUS\P4G\BatteryLife.exe (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe (ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnWMI.exe (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Sophos Limited) C:\Program Files (x86)\Sophos\AutoUpdate\ALMon.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (ASUSTeK) C:\Windows\SysWOW64\ACEngSvr.exe (Dropbox, Inc.) C:\Users\Pippin\AppData\Roaming\Dropbox\bin\Dropbox.exe (ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavMain.exe (Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe (Microsoft Corporation) C:\Windows\System32\msiexec.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [DptfPolicyLpmServiceHelper] => C:\Windows\system32\DptfPolicyLpmServiceHelper.exe [21888 2012-07-30] () HKLM\...\Run: [ACMON] => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [107192 2012-08-24] (ASUS) HKLM-x32\...\Run: [ASUSWebStorage] => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\AsusWSPanel.exe [3417984 2012-08-28] (ASUS Cloud Corporation) HKLM-x32\...\Run: [Sophos AutoUpdate Monitor] => C:\Program Files (x86)\Sophos\AutoUpdate\almon.exe [900160 2012-07-06] (Sophos Limited) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-12-21] (Adobe Systems Incorporated) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [224128 2014-03-18] (Oracle Corporation) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) Startup: C:\Users\Pippin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> C:\Users\Pippin\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) ShellIconOverlayIdentifiers: AsusWSShellExt_B -> {6D4133E5-0742-4ADC-8A8C-9303440F7190} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\ASUSWSShellExt64.dll (ASUS Cloud Corporation.) ShellIconOverlayIdentifiers: AsusWSShellExt_O -> {64174815-8D98-4CE6-8646-4C039977D808} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\ASUSWSShellExt64.dll (ASUS Cloud Corporation.) ShellIconOverlayIdentifiers: AsusWSShellExt_U -> {1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4D} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\ASUSWSShellExt64.dll (ASUS Cloud Corporation.) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation) BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre8\bin\ssv.dll (Oracle Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre8\bin\jp2ssv.dll (Oracle Corporation) Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Winsock: Catalog9 01 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [87616] (Sophos Limited) Winsock: Catalog9 02 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [87616] (Sophos Limited) Winsock: Catalog9 03 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [87616] (Sophos Limited) Winsock: Catalog9 04 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [87616] (Sophos Limited) Winsock: Catalog9 05 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [87616] (Sophos Limited) Winsock: Catalog9 06 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [87616] (Sophos Limited) Winsock: Catalog9 07 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [87616] (Sophos Limited) Winsock: Catalog9 08 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [87616] (Sophos Limited) Winsock: Catalog9 20 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [87616] (Sophos Limited) Winsock: Catalog9-x64 01 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [127040] (Sophos Limited) Winsock: Catalog9-x64 02 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [127040] (Sophos Limited) Winsock: Catalog9-x64 03 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [127040] (Sophos Limited) Winsock: Catalog9-x64 04 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [127040] (Sophos Limited) Winsock: Catalog9-x64 05 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [127040] (Sophos Limited) Winsock: Catalog9-x64 06 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [127040] (Sophos Limited) Winsock: Catalog9-x64 07 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [127040] (Sophos Limited) Winsock: Catalog9-x64 08 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [127040] (Sophos Limited) Winsock: Catalog9-x64 20 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [127040] (Sophos Limited) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 FireFox: ======== FF ProfilePath: C:\Users\Pippin\AppData\Roaming\Mozilla\Firefox\Profiles\63282fnp.default FF DefaultSearchEngine: Google FF SelectedSearchEngine: Google FF Homepage: https://www.google.de/ FF Keyword.URL: user_pref("keyword.URL", ""); FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_125.dll () FF Plugin: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_125.dll () FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF Plugin-x32: @java.com/DTPlugin,version=11.5.2 -> C:\Program Files (x86)\Java\jre8\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.5.2 -> C:\Program Files (x86)\Java\jre8\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll (Nullsoft, Inc.) FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: Adblock Plus - C:\Users\Pippin\AppData\Roaming\Mozilla\Firefox\Profiles\63282fnp.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-02-23] FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK Chrome: ======= ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 ASUS InstantOn; C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe [277120 2012-04-13] (ASUS) R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2369720 2014-08-01] (Microsoft Corporation) R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [129856 2012-06-27] (Intel Corporation) R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation) S3 KeyIso; C:\Windows\SysWOW64\keyiso.dll [43520 2012-07-26] (Microsoft Corporation) R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation) S3 Netlogon; C:\Windows\SysWOW64\netlogon.dll [634368 2012-07-26] (Microsoft Corporation) R2 SAVAdminService; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe [215848 2014-04-14] (Sophos Limited) R2 SAVService; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe [139048 2014-04-14] (Sophos Limited) R2 Sophos AutoUpdate Service; C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe [232512 2012-07-06] (Sophos Limited) S3 StorSvc; C:\Windows\SysWOW64\storsvc.dll [18432 2012-07-26] (Microsoft Corporation) R2 swi_service; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe [2869824 2012-11-12] (Sophos Limited) S2 swi_update_64; C:\ProgramData\Sophos\Web Intelligence\swi_update_64.exe [1998400 2012-11-12] (Sophos Limited) S4 TuneUp.Defrag; C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpDefragService.exe [607040 2013-02-22] (TuneUp Software) S4 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe [1403200 2011-11-21] (TuneUp Software) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16056 2014-03-29] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) U5 AppMgmt; C:\Windows\system32\svchost.exe [29696 2012-09-20] (Microsoft Corporation) R3 ATP; C:\Windows\System32\drivers\AsusTP.sys [61824 2012-10-31] (ASUS Corporation) R3 DptfDevDram; C:\Windows\system32\DRIVERS\DptfDevDram.sys [107328 2012-07-13] (Intel Corporation) R3 DptfDevFan; C:\Windows\system32\DRIVERS\DptfDevFan.sys [42816 2012-07-13] (Intel Corporation) R3 DptfDevGen; C:\Windows\system32\DRIVERS\DptfDevGen.sys [64832 2012-07-13] (Intel Corporation) R3 DptfDevPch; C:\Windows\system32\DRIVERS\DptfDevPch.sys [96064 2012-07-13] (Intel Corporation) R3 DptfDevProc; C:\Windows\system32\DRIVERS\DptfDevProc.sys [228672 2012-07-13] (Intel Corporation) R3 DptfManager; C:\Windows\system32\DRIVERS\DptfManager.sys [361792 2012-07-13] (Intel Corporation) R3 kbfiltr; C:\Windows\System32\drivers\kbfiltr.sys [14992 2012-08-02] ( ) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-09-12] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2014-05-12] (Malwarebytes Corporation) R1 SAVOnAccess; C:\Windows\System32\DRIVERS\savonaccess.sys [144672 2012-04-24] (Sophos Limited) S4 SophosBootDriver; C:\Windows\system32\DRIVERS\SophosBootDriver.sys [25608 2011-08-25] (Sophos Plc) S3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesDriver64.sys [11856 2010-02-24] (TuneUp Software) S3 catchme; \??\C:\ComboFix\catchme.sys [X] U0 msahci; No ImagePath ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-09-12 18:53 - 2014-09-12 18:53 - 00001198 _____ () C:\Users\Pippin\Desktop\checkup.txt 2014-09-12 18:51 - 2014-09-12 18:51 - 00854417 _____ () C:\Users\Pippin\Desktop\SecurityCheck.exe 2014-09-12 18:47 - 2014-09-12 18:47 - 00002956 _____ () C:\Users\Pippin\Desktop\ESET.txt 2014-09-12 16:25 - 2014-09-12 16:25 - 02347384 _____ (ESET) C:\Users\Pippin\Desktop\esetsmartinstaller_deu.exe 2014-09-12 16:16 - 2014-09-12 16:16 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\48230029.sys 2014-09-11 18:54 - 2014-09-12 18:53 - 00016601 _____ () C:\Users\Pippin\Desktop\FRST.txt 2014-09-11 18:54 - 2014-09-12 18:53 - 00000000 ____D () C:\Users\Pippin\Desktop\FRST-OlderVersion 2014-09-11 18:47 - 2014-09-11 18:47 - 00000746 _____ () C:\Users\Pippin\Desktop\JRT.txt 2014-09-11 18:40 - 2014-09-11 18:40 - 00000000 ____D () C:\Windows\ERUNT 2014-09-11 18:39 - 2014-09-11 18:39 - 01016261 _____ (Thisisu) C:\Users\Pippin\Desktop\JRT.exe 2014-09-11 18:31 - 2014-09-11 18:31 - 01370483 _____ () C:\Users\Pippin\Desktop\adwcleaner_3.309.exe 2014-09-11 18:30 - 2014-09-11 18:31 - 01370483 _____ () C:\Users\Pippin\Downloads\adwcleaner_3.309.exe 2014-09-11 18:29 - 2014-09-11 18:29 - 00001783 _____ () C:\Users\Pippin\Desktop\mbam.txt 2014-09-11 17:56 - 2014-09-11 17:56 - 00001104 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-09-11 17:56 - 2014-09-11 17:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-09-11 17:55 - 2014-09-11 17:55 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-09-11 17:55 - 2014-05-12 07:26 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-09-11 17:55 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-09-11 17:53 - 2014-09-11 17:53 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Pippin\Downloads\mbam-setup-2.0.2.1012.exe 2014-09-10 21:18 - 2014-08-16 11:34 - 01407488 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-09-10 21:18 - 2014-08-16 11:34 - 00915968 _____ (Microsoft Corporation) C:\Windows\system32\uxtheme.dll 2014-09-10 21:18 - 2014-08-16 11:34 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-09-10 21:18 - 2014-08-16 11:33 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-09-10 21:18 - 2014-08-16 11:33 - 00097280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-09-10 21:18 - 2014-08-16 11:32 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-09-10 21:18 - 2014-08-16 11:32 - 02655232 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-09-10 21:18 - 2014-08-16 11:32 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2014-09-10 21:18 - 2014-08-16 11:32 - 00451584 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-09-10 21:18 - 2014-08-16 11:32 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-09-10 21:18 - 2014-08-16 11:32 - 00255488 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2014-09-10 21:18 - 2014-08-16 09:37 - 01180672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-09-10 21:18 - 2014-08-16 09:36 - 02861568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-09-10 21:18 - 2014-08-16 09:36 - 02055168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-09-10 21:18 - 2014-08-16 09:36 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2014-09-10 21:18 - 2014-08-16 09:36 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-09-10 21:18 - 2014-08-16 09:36 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2014-09-10 21:18 - 2014-08-16 09:36 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2014-09-10 21:18 - 2014-08-16 09:36 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2014-09-10 21:18 - 2014-08-16 09:36 - 00080384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2014-09-10 21:18 - 2014-08-16 09:35 - 01440768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-09-10 21:18 - 2014-03-07 02:47 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2014-09-10 21:18 - 2013-05-16 00:37 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UXInit.dll 2014-09-10 21:18 - 2013-05-16 00:35 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\UXInit.dll 2014-09-10 21:18 - 2013-05-14 15:14 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-09-10 21:18 - 2013-05-14 11:23 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-09-10 21:18 - 2013-02-21 12:29 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll 2014-09-10 21:18 - 2013-02-21 12:29 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2014-09-10 21:18 - 2013-02-21 12:29 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2014-09-10 21:18 - 2013-02-21 12:14 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll 2014-09-10 21:18 - 2013-02-19 11:53 - 00534528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\uxtheme.dll 2014-09-10 21:18 - 2012-11-08 06:20 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-09-10 21:18 - 2012-11-08 06:20 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-09-10 21:18 - 2012-07-26 05:06 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-09-10 21:17 - 2014-08-16 11:34 - 02239488 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-09-10 21:17 - 2014-08-16 11:33 - 19280384 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-09-10 21:17 - 2014-08-16 11:32 - 15399424 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-09-10 21:17 - 2014-08-16 11:32 - 01508864 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-09-10 21:17 - 2014-08-16 09:37 - 01766400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-09-10 21:17 - 2014-08-16 09:36 - 14369280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-09-10 21:17 - 2014-08-16 09:36 - 13757440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-09-10 21:17 - 2013-02-21 12:29 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-09-10 21:17 - 2013-02-21 12:14 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-09-10 21:12 - 2014-08-01 01:40 - 01287680 _____ (Microsoft Corporation) C:\Windows\system32\schedsvc.dll 2014-09-10 21:11 - 2014-07-24 05:33 - 00875688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr120_clr0400.dll 2014-09-10 21:11 - 2014-07-24 05:33 - 00869544 _____ (Microsoft Corporation) C:\Windows\system32\msvcr120_clr0400.dll 2014-09-10 21:11 - 2014-06-05 03:12 - 00678600 _____ (Microsoft Corporation) C:\Windows\system32\msvcp120_clr0400.dll 2014-09-10 21:11 - 2014-06-04 01:12 - 00536776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp120_clr0400.dll 2014-09-10 21:10 - 2014-08-28 13:34 - 00059400 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe 2014-09-10 21:10 - 2014-08-28 08:05 - 00630272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll 2014-09-10 21:10 - 2014-08-28 08:05 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll 2014-09-10 21:10 - 2014-08-28 08:05 - 00086528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll 2014-09-10 21:10 - 2014-08-28 08:05 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe 2014-09-10 21:10 - 2014-08-28 08:02 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe 2014-09-10 21:10 - 2014-08-28 08:01 - 03285504 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll 2014-09-10 21:10 - 2014-08-28 08:01 - 01623552 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll 2014-09-10 21:10 - 2014-08-28 08:01 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll 2014-09-10 21:10 - 2014-08-28 08:01 - 00253440 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll 2014-09-10 21:10 - 2014-08-28 08:01 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\storewuauth.dll 2014-09-10 21:10 - 2014-08-28 08:01 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll 2014-09-10 21:10 - 2014-08-28 08:01 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll 2014-09-10 21:10 - 2014-08-28 08:01 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\wuaext.dll 2014-09-10 21:10 - 2014-08-09 10:30 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe 2014-09-10 21:10 - 2014-08-09 10:29 - 00144896 _____ (Microsoft Corporation) C:\Windows\system32\tssdisai.dll 2014-09-10 20:02 - 2014-09-10 20:02 - 00018218 _____ () C:\ComboFix.txt 2014-09-10 19:52 - 2014-09-10 20:02 - 00000000 ____D () C:\Qoobox 2014-09-10 19:52 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe 2014-09-10 19:52 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe 2014-09-10 19:52 - 2009-04-20 06:56 - 00060416 _____ () C:\Windows\NIRCMD.exe 2014-09-10 19:52 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe 2014-09-10 19:52 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe 2014-09-10 19:52 - 2000-08-31 02:00 - 00212480 _____ (SteelWerX) C:\Windows\SWXCACLS.exe 2014-09-10 19:52 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe 2014-09-10 19:52 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe 2014-09-10 19:52 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe 2014-09-10 19:51 - 2014-09-10 20:00 - 00000000 ____D () C:\Windows\erdnt 2014-09-10 19:48 - 2014-09-10 19:48 - 05576769 ____R (Swearware) C:\Users\Pippin\Desktop\ComboFix.exe 2014-09-10 19:47 - 2014-09-10 19:48 - 05576769 _____ (Swearware) C:\Users\Pippin\Downloads\ComboFix.exe 2014-09-07 22:16 - 2014-09-07 22:17 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\Pippin\Desktop\tdsskiller.exe 2014-09-07 21:49 - 2014-09-12 16:16 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-09-07 21:49 - 2014-09-11 17:55 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-09-07 21:49 - 2014-09-07 22:10 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable) 2014-09-07 21:48 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-09-07 21:47 - 2014-09-07 22:09 - 00000000 ____D () C:\Users\Pippin\Desktop\mbar 2014-09-07 21:45 - 2014-09-07 21:45 - 14349744 _____ (Malwarebytes Corp.) C:\Users\Pippin\Desktop\mbar-1.07.0.1012.exe 2014-09-07 19:42 - 2014-09-07 19:42 - 00006678 _____ () C:\Users\Pippin\Desktop\gmer.txt 2014-09-07 19:24 - 2014-09-07 19:26 - 00026716 _____ () C:\Users\Pippin\Downloads\Addition.txt 2014-09-07 19:23 - 2014-09-07 19:26 - 00033010 _____ () C:\Users\Pippin\Downloads\FRST.txt 2014-09-07 19:23 - 2014-09-07 19:23 - 00380416 _____ () C:\Users\Pippin\Downloads\jyff14mu.exe 2014-09-07 19:22 - 2014-09-12 18:53 - 00000000 ____D () C:\FRST 2014-09-07 19:19 - 2014-09-11 18:54 - 02105856 _____ (Farbar) C:\Users\Pippin\Desktop\FRST64.exe 2014-09-07 19:15 - 2014-09-07 19:15 - 00000474 _____ () C:\Users\Pippin\Downloads\defogger_disable.log 2014-09-07 19:15 - 2014-09-07 19:15 - 00000000 _____ () C:\Users\Pippin\defogger_reenable 2014-09-07 19:13 - 2014-09-07 19:13 - 00050477 _____ () C:\Users\Pippin\Downloads\Defogger.exe 2014-09-03 21:27 - 2014-09-08 22:00 - 00227763 _____ () C:\Users\Pippin\Desktop\Picknick.odt 2014-08-27 22:46 - 2014-08-23 08:47 - 04036096 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2014-08-20 22:22 - 2014-08-27 22:51 - 00449272 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-08-13 09:40 - 2014-07-16 00:51 - 00071168 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hdaudbus.sys 2014-08-13 09:36 - 2014-06-11 00:44 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe 2014-08-13 09:36 - 2014-06-11 00:43 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe 2014-08-13 09:33 - 2014-07-16 01:03 - 01300992 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll 2014-08-13 09:33 - 2014-07-12 04:36 - 01023488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll 2014-08-13 09:33 - 2014-06-13 03:57 - 01453400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys 2014-08-13 09:33 - 2014-06-13 03:55 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll 2014-08-13 09:31 - 2014-06-20 01:35 - 01312768 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll 2014-08-13 09:31 - 2014-06-20 00:24 - 00694272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll 2014-08-13 09:31 - 2014-06-05 19:56 - 00112984 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe 2014-08-13 09:31 - 2014-06-05 19:30 - 10116608 _____ (Microsoft Corporation) C:\Windows\system32\twinui.dll 2014-08-13 09:31 - 2014-06-05 19:29 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll 2014-08-13 09:31 - 2014-06-05 19:29 - 00393216 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll 2014-08-13 09:31 - 2014-06-05 19:28 - 02306560 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll 2014-08-13 09:31 - 2014-06-05 19:28 - 02146304 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll 2014-08-13 09:31 - 2014-06-05 15:12 - 08857600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll 2014-08-13 09:31 - 2014-06-05 15:11 - 02416128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll 2014-08-13 09:31 - 2014-06-05 15:11 - 00295424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll 2014-08-13 09:31 - 2014-06-05 15:10 - 02037760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll 2014-08-13 09:31 - 2014-06-05 15:10 - 00754176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\actxprxy.dll 2014-08-13 09:31 - 2014-05-29 06:04 - 00094552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys 2014-08-13 09:31 - 2014-05-08 03:34 - 00328024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Classpnp.sys 2014-08-13 09:31 - 2014-05-03 08:34 - 06974808 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2014-08-13 09:31 - 2014-05-03 08:33 - 01824808 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll 2014-08-13 09:31 - 2014-05-03 06:51 - 01408976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll 2014-08-13 09:31 - 2014-05-02 00:37 - 01023488 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll 2014-08-13 09:31 - 2014-04-30 00:32 - 00126464 _____ (Microsoft Corporation) C:\Windows\system32\Robocopy.exe 2014-08-13 09:31 - 2014-04-30 00:32 - 00106496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Robocopy.exe 2014-08-13 09:31 - 2014-04-24 01:51 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSShared.dll 2014-08-13 09:31 - 2014-04-24 01:51 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll 2014-08-13 09:31 - 2014-04-24 01:38 - 00693760 _____ (Microsoft Corporation) C:\Windows\system32\WSShared.dll 2014-08-13 09:31 - 2014-04-24 01:38 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-09-12 18:54 - 2014-09-11 18:54 - 00016601 _____ () C:\Users\Pippin\Desktop\FRST.txt 2014-09-12 18:53 - 2014-09-12 18:53 - 00001198 _____ () C:\Users\Pippin\Desktop\checkup.txt 2014-09-12 18:53 - 2014-09-11 18:54 - 00000000 ____D () C:\Users\Pippin\Desktop\FRST-OlderVersion 2014-09-12 18:53 - 2014-09-07 19:22 - 00000000 ____D () C:\FRST 2014-09-12 18:51 - 2014-09-12 18:51 - 00854417 _____ () C:\Users\Pippin\Desktop\SecurityCheck.exe 2014-09-12 18:47 - 2014-09-12 18:47 - 00002956 _____ () C:\Users\Pippin\Desktop\ESET.txt 2014-09-12 18:00 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\system32\sru 2014-09-12 16:36 - 2012-11-02 13:43 - 01272839 _____ () C:\Windows\WindowsUpdate.log 2014-09-12 16:35 - 2012-08-03 01:02 - 00760560 _____ () C:\Windows\system32\perfh007.dat 2014-09-12 16:35 - 2012-08-03 01:02 - 00158770 _____ () C:\Windows\system32\perfc007.dat 2014-09-12 16:35 - 2012-07-26 09:28 - 01745416 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-09-12 16:25 - 2014-09-12 16:25 - 02347384 _____ (ESET) C:\Users\Pippin\Desktop\esetsmartinstaller_deu.exe 2014-09-12 16:17 - 2013-09-02 19:47 - 00000000 ___RD () C:\Users\Pippin\Dropbox 2014-09-12 16:17 - 2013-09-02 19:43 - 00000000 ____D () C:\Users\Pippin\AppData\Roaming\Dropbox 2014-09-12 16:16 - 2014-09-12 16:16 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\48230029.sys 2014-09-12 16:16 - 2014-09-07 21:49 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-09-12 16:16 - 2013-02-20 07:10 - 00000507 _____ () C:\Users\Pippin\AppData\Roaming\sp_data.sys 2014-09-11 18:54 - 2014-09-07 19:19 - 02105856 _____ (Farbar) C:\Users\Pippin\Desktop\FRST64.exe 2014-09-11 18:47 - 2014-09-11 18:47 - 00000746 _____ () C:\Users\Pippin\Desktop\JRT.txt 2014-09-11 18:40 - 2014-09-11 18:40 - 00000000 ____D () C:\Windows\ERUNT 2014-09-11 18:39 - 2014-09-11 18:39 - 01016261 _____ (Thisisu) C:\Users\Pippin\Desktop\JRT.exe 2014-09-11 18:36 - 2012-07-26 09:22 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-09-11 18:35 - 2014-08-10 21:15 - 00005160 _____ () C:\Windows\PFRO.log 2014-09-11 18:34 - 2014-01-15 23:06 - 00000000 ____D () C:\AdwCleaner 2014-09-11 18:31 - 2014-09-11 18:31 - 01370483 _____ () C:\Users\Pippin\Desktop\adwcleaner_3.309.exe 2014-09-11 18:31 - 2014-09-11 18:30 - 01370483 _____ () C:\Users\Pippin\Downloads\adwcleaner_3.309.exe 2014-09-11 18:29 - 2014-09-11 18:29 - 00001783 _____ () C:\Users\Pippin\Desktop\mbam.txt 2014-09-11 17:56 - 2014-09-11 17:56 - 00001104 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-09-11 17:56 - 2014-09-11 17:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-09-11 17:55 - 2014-09-11 17:55 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-09-11 17:55 - 2014-09-07 21:49 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-09-11 17:53 - 2014-09-11 17:53 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Pippin\Downloads\mbam-setup-2.0.2.1012.exe 2014-09-10 21:23 - 2012-07-26 09:59 - 00000000 ____D () C:\Windows\CbsTemp 2014-09-10 21:17 - 2013-09-15 22:09 - 00000000 ____D () C:\Windows\system32\MRT 2014-09-10 21:12 - 2013-02-23 17:19 - 101694776 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-09-10 20:29 - 2013-07-10 21:54 - 00000000 _____ () C:\Windows\system32\vireng.log 2014-09-10 20:02 - 2014-09-10 20:02 - 00018218 _____ () C:\ComboFix.txt 2014-09-10 20:02 - 2014-09-10 19:52 - 00000000 ____D () C:\Qoobox 2014-09-10 20:00 - 2014-09-10 19:51 - 00000000 ____D () C:\Windows\erdnt 2014-09-10 19:59 - 2012-07-26 07:26 - 00000215 _____ () C:\Windows\system.ini 2014-09-10 19:48 - 2014-09-10 19:48 - 05576769 ____R (Swearware) C:\Users\Pippin\Desktop\ComboFix.exe 2014-09-10 19:48 - 2014-09-10 19:47 - 05576769 _____ (Swearware) C:\Users\Pippin\Downloads\ComboFix.exe 2014-09-08 22:00 - 2014-09-03 21:27 - 00227763 _____ () C:\Users\Pippin\Desktop\Picknick.odt 2014-09-07 22:17 - 2014-09-07 22:16 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\Pippin\Desktop\tdsskiller.exe 2014-09-07 22:10 - 2014-09-07 21:49 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable) 2014-09-07 22:10 - 2012-07-26 07:26 - 00262144 ___SH () C:\Windows\system32\config\BBI 2014-09-07 22:09 - 2014-09-07 21:47 - 00000000 ____D () C:\Users\Pippin\Desktop\mbar 2014-09-07 21:45 - 2014-09-07 21:45 - 14349744 _____ (Malwarebytes Corp.) C:\Users\Pippin\Desktop\mbar-1.07.0.1012.exe 2014-09-07 20:43 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\rescache 2014-09-07 19:42 - 2014-09-07 19:42 - 00006678 _____ () C:\Users\Pippin\Desktop\gmer.txt 2014-09-07 19:26 - 2014-09-07 19:24 - 00026716 _____ () C:\Users\Pippin\Downloads\Addition.txt 2014-09-07 19:26 - 2014-09-07 19:23 - 00033010 _____ () C:\Users\Pippin\Downloads\FRST.txt 2014-09-07 19:23 - 2014-09-07 19:23 - 00380416 _____ () C:\Users\Pippin\Downloads\jyff14mu.exe 2014-09-07 19:15 - 2014-09-07 19:15 - 00000474 _____ () C:\Users\Pippin\Downloads\defogger_disable.log 2014-09-07 19:15 - 2014-09-07 19:15 - 00000000 _____ () C:\Users\Pippin\defogger_reenable 2014-09-07 19:15 - 2013-02-20 07:06 - 00000000 ____D () C:\Users\Pippin 2014-09-07 19:13 - 2014-09-07 19:13 - 00050477 _____ () C:\Users\Pippin\Downloads\Defogger.exe 2014-09-07 19:13 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\AUInstallAgent 2014-09-04 21:53 - 2014-08-11 20:41 - 00144038 _____ () C:\Users\Pippin\Desktop\FFT 2013_fertig.mcf 2014-09-04 21:53 - 2014-08-11 20:41 - 00000000 ____D () C:\Users\Pippin\Desktop\FFT 2013_fertig_mcf-Dateien 2014-09-04 21:53 - 2013-12-20 18:07 - 00000000 ____D () C:\ProgramData\tmp 2014-09-03 21:48 - 2013-03-03 19:48 - 00000099 _____ () C:\Users\Public\LMDebug.log 2014-09-02 21:32 - 2013-02-24 17:00 - 00705480 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-09-02 21:32 - 2013-02-24 17:00 - 00104904 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-08-29 20:20 - 2013-10-23 22:00 - 00000000 ____D () C:\Program Files\Microsoft Office 15 2014-08-28 13:34 - 2014-09-10 21:10 - 00059400 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe 2014-08-28 08:05 - 2014-09-10 21:10 - 00630272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll 2014-08-28 08:05 - 2014-09-10 21:10 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll 2014-08-28 08:05 - 2014-09-10 21:10 - 00086528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll 2014-08-28 08:05 - 2014-09-10 21:10 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe 2014-08-28 08:02 - 2014-09-10 21:10 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe 2014-08-28 08:01 - 2014-09-10 21:10 - 03285504 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll 2014-08-28 08:01 - 2014-09-10 21:10 - 01623552 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll 2014-08-28 08:01 - 2014-09-10 21:10 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll 2014-08-28 08:01 - 2014-09-10 21:10 - 00253440 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll 2014-08-28 08:01 - 2014-09-10 21:10 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\storewuauth.dll 2014-08-28 08:01 - 2014-09-10 21:10 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll 2014-08-28 08:01 - 2014-09-10 21:10 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll 2014-08-28 08:01 - 2014-09-10 21:10 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\wuaext.dll 2014-08-27 22:51 - 2014-08-20 22:22 - 00449272 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-08-27 22:14 - 2013-02-21 23:27 - 00000000 ____D () C:\Users\Pippin\AppData\Roaming\Skype 2014-08-23 08:47 - 2014-08-27 22:46 - 04036096 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2014-08-20 22:17 - 2012-07-26 10:12 - 00000000 ___RD () C:\Windows\ToastData 2014-08-20 22:17 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\WinStore 2014-08-16 11:34 - 2014-09-10 21:18 - 01407488 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-08-16 11:34 - 2014-09-10 21:18 - 00915968 _____ (Microsoft Corporation) C:\Windows\system32\uxtheme.dll 2014-08-16 11:34 - 2014-09-10 21:18 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-08-16 11:34 - 2014-09-10 21:17 - 02239488 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-08-16 11:33 - 2014-09-10 21:18 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-08-16 11:33 - 2014-09-10 21:18 - 00097280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-08-16 11:33 - 2014-09-10 21:17 - 19280384 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-08-16 11:32 - 2014-09-10 21:18 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-08-16 11:32 - 2014-09-10 21:18 - 02655232 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-08-16 11:32 - 2014-09-10 21:18 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2014-08-16 11:32 - 2014-09-10 21:18 - 00451584 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-08-16 11:32 - 2014-09-10 21:18 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-08-16 11:32 - 2014-09-10 21:18 - 00255488 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2014-08-16 11:32 - 2014-09-10 21:17 - 15399424 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-08-16 11:32 - 2014-09-10 21:17 - 01508864 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-08-16 09:37 - 2014-09-10 21:18 - 01180672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-08-16 09:37 - 2014-09-10 21:17 - 01766400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-08-16 09:36 - 2014-09-10 21:18 - 02861568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-08-16 09:36 - 2014-09-10 21:18 - 02055168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-08-16 09:36 - 2014-09-10 21:18 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2014-08-16 09:36 - 2014-09-10 21:18 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-08-16 09:36 - 2014-09-10 21:18 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2014-08-16 09:36 - 2014-09-10 21:18 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2014-08-16 09:36 - 2014-09-10 21:18 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2014-08-16 09:36 - 2014-09-10 21:18 - 00080384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2014-08-16 09:36 - 2014-09-10 21:17 - 14369280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-08-16 09:36 - 2014-09-10 21:17 - 13757440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-08-16 09:35 - 2014-09-10 21:18 - 01440768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl Some content of TEMP: ==================== C:\Users\Pippin\AppData\Local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpigipnj.dll C:\Users\Pippin\AppData\Local\temp\Quarantine.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-09-10 20:22 ==================== End Of Log ============================ --- --- --- Und bei meinem Sophos ist immer noch der Trojaner vom leeren Papierkorb und der Adware/ PUA in der Quarantäe - zweiteren kann ich bereinigen lassen, wenn ich es will. Aber Probleme habe ich nicht, nur Herausforderungen, die ich dummerweise auch noch selber eingebrockt habe  |
|
13.09.2014, 15:19
| #13 |
| /// the machine /// TB-Ausbilder | Finanzamt Trojaner rechtzeitig von Sophos geblockt? In QUarantäne ist doch schön, dafür is sie ja da. Leere den Downloadordner, siehe ESET Log. und hör auf bei Chip oder Softonic zu laden. Fertig Die Reihenfolge ist hier entscheidend.
Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun Hier noch ein paar Tipps zur Absicherung deines Systems. Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
Anti- Viren Software
Zusätzlicher Schutz
Sicheres Browsen
Alternative Browser Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
Performance Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC Halte dich fern von jedlichen Registry Cleanern. Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links Miekemoes Blogspot ( MVP ) Bill Castner ( MVP ) Don'ts
Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
13.09.2014, 19:11
| #14 |
| | Finanzamt Trojaner rechtzeitig von Sophos geblockt? Hallo Schrauber, vielen Dank für die Hilfe und die Tipps  Aber eine Frage habe ich noch: eigentlich dachte ich immer Chip sei ein sicherer Download-Ort - deshalb habe ich dort auch immer sehr viele Sachen geholt  Wenn das nicht der Fall ist: wo sollte man denn dann laden?Danke noch einmal und Grüße  |
|
14.09.2014, 12:31
| #15 |
| /// the machine /// TB-Ausbilder | Finanzamt Trojaner rechtzeitig von Sophos geblockt? Du musst bei Chip aufpassen ohne Ende seit die den Drecks Downloadmanager eingeführt haben. Filepony.de ist unsere Seite, wenn Dir dort ein Download fehlt einfach Bescheid geben http://www.trojaner-board.de/157635-...s-richtig.html
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
| Themen zu Finanzamt Trojaner rechtzeitig von Sophos geblockt? |
| fehlercode 0x5, nodrives, office 365, pup.optional.firseria, pup.optional.opencandy, pup.optional.qone8, pup.optional.sweetpage.a, sweet-page, sweet-page entfernen, sweetpage, sweetpage entfernen, win32/adware.adon, win32/downloadsponsor.a, win32/softonicdownloader.a, win32/toolbar.conduit.ai, win32/toolbar.conduit.b, win64/systweak.a |
WARNUNG an die MITLESER: 
Linear-Darstellung
