Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Windows 7 träge und ständig neue Maleware

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

Antwort
Alt 03.01.2015, 09:55   #1
Espelkamper
 
Windows 7 träge und ständig neue Maleware - Standard

Windows 7 träge und ständig neue Maleware



Hallo zusammen,
also mein Acer-Notebook mit Windows 7 Home Premium SP1 x64 mit Internet-Explorer 9 bzw. 11 läuft in letzter Zeit sehr träge und im Roaming-Ordner finden sich ständig neue Ordner mit kryptischen Namen und ebenso kryptsichen Dateien darin, die nach Analyse durch Avira als Malware eingestuft werden.
Habe die hier erwähnten ersten Schritte fast befolgt, laut Log wäre die neth.dll verdächtig sowie die explorer.exe in serbischer Sprache, dabei handelt es sich um eine deutsche Windowsinstallation.
Beim Durchlauf von c't Desinfec't 2014 wird in der Standardeinstellung (mit Avira AntiVir und Bitdefender) nicht viel angezeigt.
Mit Desinfec't habe ich jedesmal die unbekannten Ordner von der Festplatte C: auf eine Micro-SD-Karte F: verschoben (D: ist das DVD-CD-Laufwerk, E: ein USB-Stick).
Dann Windows neugestartet und die entsprechenden Einträge in HKLM\...\Run sowie HKCU\...\Run entfernt (zuvor noch den Schlüssel "Run" exportiert) und Windows neugestartet.
Aber nach kurzer Zeit stehen im Roaming-Ordner wieder neue Dateien.
Zwischenzeitlich habe ich den Internet-Explorer 11 installiert.
Welches wäre nun der nächste Schritt?
Nach dem Kauf des Notebooks habe ich zwei Recovery-DVDs erstellt und gut versteckt.
Gruß,
Espelkamper

Da das Anhängen der Log-Files mit dem Android-Tablet hier nicht wie beschrieben funktioniert, befinden sich im Anhang folgende Dateien:
Defogger_disable.log
FRST.txt
Addition.txt
GMER.txt
Scan-Ergebnis-20141231-2045.html (jüngster Bericht von Desinfec't)
Bei Bedarf kann ich noch weitere Scan-Ergebnisse, die Avira-Analysen sowie die exportierten Registry-Einträge anhängen.

defogger_disable.log
[CODE]D

Als Virenscanner habe ich Avira AntiVir Free installiert.

Geändert von Espelkamper (03.01.2015 um 10:39 Uhr) Grund: Log-Files über Android-Tablet angehängt, Avira FreeAv Echzeitschutz ergänzt, (F:) ergab Smiley

Alt 03.01.2015, 11:16   #2
schrauber
/// the machine
/// TB-Ausbilder
 

Windows 7 träge und ständig neue Maleware - Standard

Windows 7 träge und ständig neue Maleware



Hi,

Logs bitte immer in den Thread posten. Zur Not aufteilen und mehrere Posts nutzen.
Ich kann auf Arbeit keine Anhänge öffnen, danke.

So funktioniert es:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
__________________

__________________

Alt 03.01.2015, 12:13   #3
Espelkamper
 
Windows 7 träge und ständig neue Maleware - Standard

defogger_disable.log



Hallo Schrauber,
danke für die schnelle Antwort.
Also dann probiere ich es nochmal mit den Log-Dateien.
Gruß,
Espelkamper

[CODE]
d

Nächster Versuch mit dem Total Commander Editor, nachdem es mit dem ES Editor nicht zu funktionieren scheint.

[CODE]d

Code:
ATTFilter
defogger_disable by jpshortstuff (23.02.10.1)

Log created at 19:18 on 02/01/2015 (Travel Mate)

Checking for autostart values...

HKCU\~\Run values retrieved.

HKLM\~\Run values retrieved.

Checking for services/drivers...

-=E.O.F=-
         
Nach dem Öffnen im Browser, dann alles markieren, kopieren, zurück zum Posting, # und einfügen scheint es zu klappen.


FRST Logfile:

FRST Logfile:

FRST Logfile:

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 28-12-2014 Ran by Travel Mate (administrator) on ACERTM on 02-01-2015 18:41:38 Running from C:\Users\Travel Mate\Desktop\AV Loaded Profile: Travel Mate (Available profiles: Travel Mate) Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 (Default browser: IE) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Avira GmbH) C:\Anwendungen\Avira\AntiVir Desktop\sched.exe (Avira GmbH) C:\Anwendungen\Avira\AntiVir Desktop\avguard.exe (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe (Avira GmbH) C:\Anwendungen\Avira\AntiVir Desktop\avshadow.exe (Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe (Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe (Acer Incorporated) C:\Program Files\Acer\Acer Updater\UpdaterService.exe (Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe (NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe (Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Acer Incorporated) C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe (Intel Corporation) C:\Windows\System32\igfxsrvc.exe (Intel Corporation) C:\Windows\System32\igfxext.exe (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe (Avira GmbH) C:\Anwendungen\Avira\AntiVir Desktop\avgnt.exe (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe (shbox.de) C:\Program Files (x86)\FreePDF_XP\fpassist.exe (Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (InterVideo) C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_11_3_300_257_ActiveX.exe (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe (Microsoft Corporation) C:\Windows\System32\cmd.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2723624 2011-03-28] (Synaptics Incorporated) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11860072 2011-06-09] (Realtek Semiconductor) HKLM\...\Run: [Power Management] => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [1831528 2011-05-10] (Acer Incorporated) HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [1097808 2011-04-19] (Dritek System Inc.) HKLM-x32\...\Run: [avgnt] => C:\Anwendungen\Avira\AntiVir Desktop\avgnt.exe [281768 2010-08-02] (Avira GmbH) HKLM-x32\...\Run: [FreePDF Assistant] => C:\Program Files (x86)\FreePDF_XP\fpassist.exe [373760 2013-03-14] (shbox.de) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKU\S-1-5-21-3003312382-2928224955-3310159703-1000\...\RunOnce: [FlashPlayerUpdate] => C:\Windows\system32\Macromed\Flash\FlashUtil64_11_3_300_257_ActiveX.exe [417480 2012-12-17] (Adobe Systems Incorporated) HKU\S-1-5-21-3003312382-2928224955-3310159703-1000\...\Policies\Explorer: [NoDiskSpaceChecks] 1

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-3003312382-2928224955-3310159703-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKU\S-1-5-21-3003312382-2928224955-3310159703-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q= {searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q= {searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Acer\Acer VCM\Skype4COM.dll (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox: ======== FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @videolan.org/vlc,version=2.0.1 -> C:\Anwendungen\VLC\npvlc.dll (VideoLAN) FF StartMenuInternet: FIREFOX.EXE - C:\Anwendungen\Firefox\firefox.exe

Chrome: =======

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AntiVirSchedulerService; C:\Anwendungen\Avira\AntiVir Desktop\sched.exe [135336 2010-08-02] (Avira GmbH) R2 AntiVirService; C:\Anwendungen\Avira\AntiVir Desktop\avguard.exe [267944 2010-08-02] (Avira GmbH) R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-02] (Symantec Corporation) R2 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [256832 2011-04-24] (NTI Corporation) R2 RS_Service; C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe [260640 2010-01-30] (Acer Incorporated)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [81584 2010-08-02] (Avira GmbH) R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [116568 2010-08-02] (Avira GmbH)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-02 18:41 - 2015-01-02 18:41 - 00000000 ____D () C:\FRST 2015-01-02 18:23 - 2015-01-02 18:41 - 00000000 ____D () C:\Users\Travel Mate\Desktop\AV 2015-01-02 11:38 - 2015-01-02 11:38 - 00131551 _____ () C:\Users\Travel Mate\Documents\Avira_AntiVir_Rescue_System_12_2014.htm 2015-01-02 11:38 - 2015-01-02 11:38 - 00000000 ____D () C:\Users\Travel Mate\Documents\Avira_AntiVir_Rescue_System_12_2014-Dateien 2015-01-02 11:37 - 2015-01-02 12:08 - 647282688 _____ () C:\Users\Travel Mate\Downloads\rescue-12system.iso 2015-01-02 11:37 - 2015-01-02 12:08 - 154051656 _____ () C:\Users\Travel Mate\Downloads\avira_free_antivirus468_de (1).exe 2015-01-02 11:35 - 2015-01-02 12:04 - 154051656 _____ () C:\Users\Travel Mate\Downloads\avira_free_antivirus468_de.exe 2015-01-02 11:34 - 2015-01-02 11:34 - 00138414 _____ () C:\Users\Travel Mate\Documents\Avira-AntiVir-Rescue-System_30971022.htm 2015-01-02 11:32 - 2015-01-02 11:34 - 04549888 _____ (Avira Operations & Co. KG) C:\Users\Travel Mate\Downloads\avira_de_av___ws.exe 2015-01-01 13:20 - 2015-01-01 13:20 - 05490752 _____ (Secunia) C:\Users\Travel Mate\Downloads\PSISetup10004.exe 2015-01-01 13:19 - 2015-01-01 13:19 - 00022106 _____ () C:\Users\Travel Mate\Documents\Secunia_Personal_Software_Inspector_PSI_30_Build_10004.htm 2015-01-01 13:19 - 2015-01-01 13:19 - 00000000 ____D () C:\Users\Travel Mate\Documents\Secunia_Personal_Software_Inspector_PSI_30_Build_10004-Dateien 2015-01-01 13:15 - 2015-01-01 13:15 - 00051683 _____ () C:\Users\Travel Mate\Documents\Secunia_Personal_Software_Inspector_PSI.htm 2015-01-01 13:15 - 2015-01-01 13:15 - 00000000 ____D () C:\Users\Travel Mate\Documents\Secunia_Personal_Software_Inspector_PSI-Dateien 2015-01-01 13:14 - 2015-01-01 13:14 - 00709564 _____ () C:\Users\Travel Mate\Downloads\delfix_10.8.exe 2015-01-01 13:13 - 2015-01-01 13:13 - 00021265 _____ () C:\Users\Travel Mate\Documents\DELFIX.HTM 2015-01-01 13:13 - 2015-01-01 13:13 - 00000000 ____D () C:\Users\Travel Mate\Documents\DELFIX-Dateien 2015-01-01 13:11 - 2015-01-01 13:12 - 04134156 _____ () C:\Users\Travel Mate\Downloads\zoek.zip 2015-01-01 13:11 - 2015-01-01 13:11 - 04134156 _____ () C:\Users\Travel Mate\Documents\zoek.zip 2015-01-01 13:11 - 2015-01-01 13:11 - 00003594 _____ () C:\Users\Travel Mate\Documents\ZOEK.HTM 2015-01-01 13:11 - 2015-01-01 13:11 - 00000000 ____D () C:\Users\Travel Mate\Documents\ZOEK-Dateien 2015-01-01 13:07 - 2015-01-01 13:08 - 05604036 _____ (Swearware) C:\Users\Travel Mate\Downloads\ComboFix.exe 2015-01-01 13:07 - 2015-01-01 13:07 - 00448512 _____ (OldTimer Tools) C:\Users\Travel Mate\Downloads\TFC.exe 2015-01-01 13:06 - 2015-01-01 13:06 - 00018203 _____ () C:\Users\Travel Mate\Documents\Temp_File_Cleaner_htm.htm 2015-01-01 13:06 - 2015-01-01 13:06 - 00000000 ____D () C:\Users\Travel Mate\Documents\Temp_File_Cleaner_htm-Dateien 2015-01-01 13:05 - 2015-01-01 13:05 - 00050343 _____ () C:\Users\Travel Mate\Documents\Anleitung_Malwarebytes_Anti-Malware.htm 2015-01-01 13:05 - 2015-01-01 13:05 - 00000000 ____D () C:\Users\Travel Mate\Documents\Anleitung_Malwarebytes_Anti-Malware-Dateien 2015-01-01 13:04 - 2015-01-01 13:05 - 01707939 _____ (Thisisu) C:\Users\Travel Mate\Downloads\JRT.exe 2015-01-01 13:03 - 2015-01-01 13:03 - 00019613 _____ () C:\Users\Travel Mate\Documents\Junkware_Removal_Tool.htm 2015-01-01 13:03 - 2015-01-01 13:03 - 00000000 ____D () C:\Users\Travel Mate\Documents\Junkware_Removal_Tool-Dateien 2015-01-01 13:02 - 2015-01-01 13:03 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Travel Mate\Downloads\mbam-setup-2.0.4.1028.exe 2015-01-01 13:01 - 2015-01-01 13:01 - 00021468 _____ () C:\Users\Travel Mate\Documents\Malwarebytes_Anti-Malware.htm 2015-01-01 13:01 - 2015-01-01 13:01 - 00000000 ____D () C:\Users\Travel Mate\Documents\Malwarebytes_Anti-Malware-Dateien 2015-01-01 13:00 - 2015-01-01 13:00 - 02173952 _____ () C:\Users\Travel Mate\Downloads\AdwCleaner_4.106.exe 2015-01-01 12:59 - 2015-01-01 12:59 - 00019908 _____ () C:\Users\Travel Mate\Documents\AdwCleaner.htm 2015-01-01 12:59 - 2015-01-01 12:59 - 00000000 ____D () C:\Users\Travel Mate\Documents\AdwCleaner-Dateien 2015-01-01 12:57 - 2015-01-01 12:57 - 00017259 _____ () C:\Users\Travel Mate\Documents\GMER.HTM 2015-01-01 12:57 - 2015-01-01 12:57 - 00000000 ____D () C:\Users\Travel Mate\Documents\GMER-Dateien 2015-01-01 12:56 - 2015-01-01 12:56 - 02123264 _____ (Farbar) C:\Users\Travel Mate\Downloads\FRST64.exe 2015-01-01 12:56 - 2015-01-01 12:56 - 00380416 _____ () C:\Users\Travel Mate\Downloads\8tccbsdg.exe 2015-01-01 12:55 - 2015-01-01 12:56 - 01114624 _____ (Farbar) C:\Users\Travel Mate\Downloads\FRST.exe 2015-01-01 12:54 - 2015-01-01 12:54 - 00018850 _____ () C:\Users\Travel Mate\Documents\Farbar_Recovery_Scan_Tool_FRST.htm 2015-01-01 12:54 - 2015-01-01 12:54 - 00000000 ____D () C:\Users\Travel Mate\Documents\Farbar_Recovery_Scan_Tool_FRST-Dateien 2015-01-01 12:53 - 2015-01-01 12:53 - 00050477 _____ () C:\Users\Travel Mate\Downloads\Defogger.exe 2015-01-01 12:52 - 2015-01-01 12:52 - 00017443 _____ () C:\Users\Travel Mate\Documents\DEFOGGER.HTM 2015-01-01 12:52 - 2015-01-01 12:52 - 00000000 ____D () C:\Users\Travel Mate\Documents\DEFOGGER-Dateien 2015-01-01 12:21 - 2015-01-01 12:21 - 00045782 _____ () C:\Users\Travel Mate\Documents\Trojaner-Board_de_Logfiles_posten.htm 2015-01-01 12:21 - 2015-01-01 12:21 - 00000000 ____D () C:\Users\Travel Mate\Documents\Trojaner-Board_de_Logfiles_posten-Dateien 2015-01-01 12:06 - 2015-01-01 12:06 - 00000000 ____D () C:\Users\Travel Mate\Documents\Windows_XP_TR_Vawtrak_A_284_und_TR_Matsnu_J_12_2-Dateien 2015-01-01 12:05 - 2015-01-01 12:06 - 00156252 _____ () C:\Users\Travel Mate\Documents\Windows_XP_TR_Vawtrak_A_284_und_TR_Matsnu_J_12_2.htm 2015-01-01 12:05 - 2015-01-01 12:05 - 00331514 _____ () C:\Users\Travel Mate\Documents\Windows_XP_TR_Vawtrak_A_284_und_TR_Matsnu_J_12_1.htm 2015-01-01 12:05 - 2015-01-01 12:05 - 00331322 _____ () C:\Users\Travel Mate\Documents\Windows_XP_TR_Vawtrak_A_284_und_TR_Matsnu_J_12.htm 2015-01-01 12:05 - 2015-01-01 12:05 - 00000000 ____D () C:\Users\Travel Mate\Documents\Windows_XP_TR_Vawtrak_A_284_und_TR_Matsnu_J_12-Dateien 2015-01-01 12:05 - 2015-01-01 12:05 - 00000000 ____D () C:\Users\Travel Mate\Documents\Windows_XP_TR_Vawtrak_A_284_und_TR_Matsnu_J_12_1-Dateien 2015-01-01 12:03 - 2015-01-01 12:03 - 00058658 _____ () C:\Users\Travel Mate\Documents\Anleitung_fuer_Hilfesuchende_bei_Trojaner-_und_Virenbefall.htm 2015-01-01 12:03 - 2015-01-01 12:03 - 00000000 ____D () C:\Users\Travel Mate\Documents\Anleitung_fuer_Hilfesuchende_bei_Trojaner-_und_Virenbefall-Dateien 2015-01-01 11:33 - 2015-01-01 11:33 - 00000227 _____ () C:\Users\Travel Mate\AVIRA.TXT 2015-01-01 00:51 - 2015-01-01 00:51 - 00000000 __SHD () C:\Users\Travel Mate\AppData\Local\EmieUserList 2015-01-01 00:51 - 2015-01-01 00:51 - 00000000 __SHD () C:\Users\Travel Mate\AppData\Local\EmieSiteList 2015-01-01 00:51 - 2015-01-01 00:51 - 00000000 __SHD () C:\Users\Travel Mate\AppData\Local\EmieBrowserModeList 2015-01-01 00:46 - 2015-01-01 00:46 - 00025508 _____ () C:\Users\Travel Mate\Documents\HKCU_Ycgau.reg 2015-01-01 00:45 - 2015-01-01 00:45 - 00025500 _____ () C:\Users\Travel Mate\Documents\HKCU_Evyv.reg 2015-01-01 00:45 - 2015-01-01 00:45 - 00025322 _____ () C:\Users\Travel Mate\Documents\HKCUÖXuhek.reg 2015-01-01 00:44 - 2015-01-01 00:44 - 00025508 _____ () C:\Users\Travel Mate\Documents\HKCU_Daypo.reg 2015-01-01 00:44 - 2015-01-01 00:44 - 00025370 _____ () C:\Users\Travel Mate\Documents\HKCU_Edpo.reg 2015-01-01 00:40 - 2015-01-01 00:40 - 00000432 _____ () C:\Users\Travel Mate\Documents\HKCU_Run_141231.reg 2014-12-31 17:36 - 2013-10-14 18:00 - 00028368 _____ (Microsoft Corporation) C:\Windows\system32\IEUDINIT.EXE 2014-12-31 17:25 - 2014-12-31 17:25 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2014-12-31 17:25 - 2014-12-31 17:25 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll 2014-12-31 17:24 - 2014-12-31 17:24 - 25059840 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-12-31 17:24 - 2014-12-31 17:24 - 19749376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-12-31 17:24 - 2014-12-31 17:24 - 14412800 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-12-31 17:24 - 2014-12-31 17:24 - 12836864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-12-31 17:24 - 2014-12-31 17:24 - 06039552 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-12-31 17:24 - 2014-12-31 17:24 - 04299264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-12-31 17:24 - 2014-12-31 17:24 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-12-31 17:24 - 2014-12-31 17:24 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-12-31 17:24 - 2014-12-31 17:24 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-12-31 17:24 - 2014-12-31 17:24 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-12-31 17:24 - 2014-12-31 17:24 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-12-31 17:24 - 2014-12-31 17:24 - 02125312 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-12-31 17:24 - 2014-12-31 17:24 - 02052096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-12-31 17:24 - 2014-12-31 17:24 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-12-31 17:24 - 2014-12-31 17:24 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-12-31 17:24 - 2014-12-31 17:24 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2014-12-31 17:24 - 2014-12-31 17:24 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-12-31 17:24 - 2014-12-31 17:24 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2014-12-31 17:24 - 2014-12-31 17:24 - 00942592 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll 2014-12-31 17:24 - 2014-12-31 17:24 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-12-31 17:24 - 2014-12-31 17:24 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-12-31 17:24 - 2014-12-31 17:24 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-12-31 17:24 - 2014-12-31 17:24 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2014-12-31 17:24 - 2014-12-31 17:24 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-12-31 17:24 - 2014-12-31 17:24 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2014-12-31 17:24 - 2014-12-31 17:24 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-12-31 17:24 - 2014-12-31 17:24 - 00645120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsIntl.dll 2014-12-31 17:24 - 2014-12-31 17:24 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-12-31 17:24 - 2014-12-31 17:24 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2014-12-31 17:24 - 2014-12-31 17:24 - 00616104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat 2014-12-31 17:24 - 2014-12-31 17:24 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat 2014-12-31 17:24 - 2014-12-31 17:24 - 00610304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2014-12-31 17:24 - 2014-12-31 17:24 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-12-31 17:24 - 2014-12-31 17:24 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2014-12-31 17:24 - 2014-12-31 17:24 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-12-31 17:24 - 2014-12-31 17:24 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2014-12-31 17:24 - 2014-12-31 17:24 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2014-12-31 17:24 - 2014-12-31 17:24 - 00413696 _____ (Microsoft Corporation) C:\Windows\system32\html.iec 2014-12-31 17:24 - 2014-12-31 17:24 - 00389296 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2014-12-31 17:24 - 2014-12-31 17:24 - 00342200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2014-12-31 17:24 - 2014-12-31 17:24 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec 2014-12-31 17:24 - 2014-12-31 17:24 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-12-31 17:24 - 2014-12-31 17:24 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2014-12-31 17:24 - 2014-12-31 17:24 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll 2014-12-31 17:24 - 2014-12-31 17:24 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll 2014-12-31 17:24 - 2014-12-31 17:24 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\url.dll 2014-12-31 17:24 - 2014-12-31 17:24 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll 2014-12-31 17:24 - 2014-12-31 17:24 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll 2014-12-31 17:24 - 2014-12-31 17:24 - 00208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll 2014-12-31 17:24 - 2014-12-31 17:24 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-12-31 17:24 - 2014-12-31 17:24 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll 2014-12-31 17:24 - 2014-12-31 17:24 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2014-12-31 17:24 - 2014-12-31 17:24 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe 2014-12-31 17:24 - 2014-12-31 17:24 - 00151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe 2014-12-31 17:24 - 2014-12-31 17:24 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll 2014-12-31 17:24 - 2014-12-31 17:24 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-12-31 17:24 - 2014-12-31 17:24 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe 2014-12-31 17:24 - 2014-12-31 17:24 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe 2014-12-31 17:24 - 2014-12-31 17:24 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll 2014-12-31 17:24 - 2014-12-31 17:24 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll 2014-12-31 17:24 - 2014-12-31 17:24 - 00127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll 2014-12-31 17:24 - 2014-12-31 17:24 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll 2014-12-31 17:24 - 2014-12-31 17:24 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2014-12-31 17:24 - 2014-12-31 17:24 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-12-31 17:24 - 2014-12-31 17:24 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll 2014-12-31 17:24 - 2014-12-31 17:24 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll 2014-12-31 17:24 - 2014-12-31 17:24 - 00101376 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll 2014-12-31 17:24 - 2014-12-31 17:24 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-12-31 17:24 - 2014-12-31 17:24 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe 2014-12-31 17:24 - 2014-12-31 17:24 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2014-12-31 17:24 - 2014-12-31 17:24 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll 2014-12-31 17:24 - 2014-12-31 17:24 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe 2014-12-31 17:24 - 2014-12-31 17:24 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll 2014-12-31 17:24 - 2014-12-31 17:24 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll 2014-12-31 17:24 - 2014-12-31 17:24 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2014-12-31 17:24 - 2014-12-31 17:24 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx 2014-12-31 17:24 - 2014-12-31 17:24 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2014-12-31 17:24 - 2014-12-31 17:24 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe 2014-12-31 17:24 - 2014-12-31 17:24 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe 2014-12-31 17:24 - 2014-12-31 17:24 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll 2014-12-31 17:24 - 2014-12-31 17:24 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-12-31 17:24 - 2014-12-31 17:24 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2014-12-31 17:24 - 2014-12-31 17:24 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx 2014-12-31 17:24 - 2014-12-31 17:24 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2014-12-31 17:24 - 2014-12-31 17:24 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll 2014-12-31 17:24 - 2014-12-31 17:24 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2014-12-31 17:24 - 2014-12-31 17:24 - 00056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll 2014-12-31 17:24 - 2014-12-31 17:24 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-12-31 17:24 - 2014-12-31 17:24 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll 2014-12-31 17:24 - 2014-12-31 17:24 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll 2014-12-31 17:24 - 2014-12-31 17:24 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll 2014-12-31 17:24 - 2014-12-31 17:24 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-12-31 17:24 - 2014-12-31 17:24 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll 2014-12-31 17:24 - 2014-12-31 17:24 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2014-12-31 17:24 - 2014-12-31 17:24 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-12-31 17:24 - 2014-12-31 17:24 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll 2014-12-31 17:24 - 2014-12-31 17:24 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll 2014-12-31 17:24 - 2014-12-31 17:24 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-12-31 17:24 - 2014-12-31 17:24 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2014-12-31 17:24 - 2014-12-31 17:24 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll 2014-12-31 17:24 - 2014-12-31 17:24 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll 2014-12-31 17:24 - 2014-12-31 17:24 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe 2014-12-31 17:24 - 2014-12-31 17:24 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe 2014-12-31 17:24 - 2014-12-31 17:24 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe 2014-12-31 17:24 - 2014-12-31 17:24 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe 2014-12-31 17:24 - 2014-12-31 17:24 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2014-12-31 17:14 - 2014-12-31 17:14 - 05549504 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2014-12-31 17:14 - 2014-12-31 17:14 - 03969472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe 2014-12-31 17:14 - 2014-12-31 17:14 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe 2014-12-31 17:14 - 2014-12-31 17:14 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys 2014-12-31 17:14 - 2014-12-31 17:14 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll 2014-12-31 17:14 - 2014-12-31 17:14 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll 2014-12-31 17:14 - 2014-12-31 17:14 - 01161216 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll 2014-12-31 17:14 - 2014-12-31 17:14 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll 2014-12-31 17:14 - 2014-12-31 17:14 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll 2014-12-31 17:14 - 2014-12-31 17:14 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll 2014-12-31 17:14 - 2014-12-31 17:14 - 00640512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll 2014-12-31 17:14 - 2014-12-31 17:14 - 00619520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll 2014-12-31 17:14 - 2014-12-31 17:14 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys 2014-12-31 17:14 - 2014-12-31 17:14 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll 2014-12-31 17:14 - 2014-12-31 17:14 - 00376688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys 2014-12-31 17:14 - 2014-12-31 17:14 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll 2014-12-31 17:14 - 2014-12-31 17:14 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe 2014-12-31 17:14 - 2014-12-31 17:14 - 00327168 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll 2014-12-31 17:14 - 2014-12-31 17:14 - 00288088 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS 2014-12-31 17:14 - 2014-12-31 17:14 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll 2014-12-31 17:14 - 2014-12-31 17:14 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll 2014-12-31 17:14 - 2014-12-31 17:14 - 00231424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswsock.dll 2014-12-31 17:14 - 2014-12-31 17:14 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll 2014-12-31 17:14 - 2014-12-31 17:14 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe 2014-12-31 17:14 - 2014-12-31 17:14 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll 2014-12-31 17:14 - 2014-12-31 17:14 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe 2014-12-31 17:14 - 2014-12-31 17:14 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll 2014-12-31 17:14 - 2014-12-31 17:14 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll 2014-12-31 17:14 - 2014-12-31 17:14 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll 2014-12-31 17:14 - 2014-12-31 17:14 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe 2014-12-31 17:14 - 2014-12-31 17:14 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll 2014-12-31 17:14 - 2014-12-31 17:14 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll 2014-12-31 17:14 - 2014-12-31 17:14 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll 2014-12-31 17:14 - 2014-12-31 17:14 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll 2014-12-31 17:14 - 2014-12-31 17:14 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll 2014-12-31 17:14 - 2014-12-31 17:14 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll 2014-12-31 17:14 - 2014-12-31 17:14 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll 2014-12-31 17:14 - 2014-12-31 17:14 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll 2014-12-31 17:14 - 2014-12-31 17:14 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll 2014-12-31 17:14 - 2014-12-31 17:14 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll 2014-12-31 17:14 - 2014-12-31 17:14 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll 2014-12-31 17:14 - 2014-12-31 17:14 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll 2014-12-31 17:14 - 2014-12-31 17:14 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll 2014-12-31 17:14 - 2014-12-31 17:14 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll 2014-12-31 17:14 - 2014-12-31 17:14 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll 2014-12-31 17:14 - 2014-12-31 17:14 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll 2014-12-31 17:14 - 2014-12-31 17:14 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll 2014-12-31 17:14 - 2014-12-31 17:14 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll 2014-12-31 17:14 - 2014-12-31 17:14 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll 2014-12-31 17:14 - 2014-12-31 17:14 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll 2014-12-31 17:14 - 2014-12-31 17:14 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll 2014-12-31 17:14 - 2014-12-31 17:14 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll 2014-12-31 17:14 - 2014-12-31 17:14 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll 2014-12-31 17:14 - 2014-12-31 17:14 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll 2014-12-31 17:14 - 2014-12-31 17:14 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll 2014-12-31 17:14 - 2014-12-31 17:14 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll 2014-12-31 17:14 - 2014-12-31 17:14 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll 2014-12-31 17:14 - 2014-12-31 17:14 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll 2014-12-31 17:14 - 2014-12-31 17:14 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll 2014-12-31 17:14 - 2014-12-31 17:14 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll 2014-12-31 17:14 - 2014-12-31 17:14 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll 2014-12-31 17:14 - 2014-12-31 17:14 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll 2014-12-31 17:14 - 2014-12-31 17:14 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll 2014-12-31 17:14 - 2014-12-31 17:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll 2014-12-31 17:14 - 2014-12-31 17:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll 2014-12-31 17:14 - 2014-12-31 17:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll 2014-12-31 17:14 - 2014-12-31 17:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll 2014-12-31 17:14 - 2014-12-31 17:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll 2014-12-31 17:14 - 2014-12-31 17:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll 2014-12-31 17:14 - 2014-12-31 17:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll 2014-12-31 17:14 - 2014-12-31 17:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll 2014-12-31 17:14 - 2014-12-31 17:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll 2014-12-31 17:14 - 2014-12-31 17:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll 2014-12-31 17:14 - 2014-12-31 17:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll 2014-12-31 17:14 - 2014-12-31 17:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll 2014-12-31 17:14 - 2014-12-31 17:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll 2014-12-31 17:14 - 2014-12-31 17:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll 2014-12-31 17:14 - 2014-12-31 17:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll 2014-12-31 17:14 - 2014-12-31 17:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll 2014-12-31 17:14 - 2014-12-31 17:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll 2014-12-31 17:14 - 2014-12-31 17:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll 2014-12-31 17:14 - 2014-12-31 17:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll 2014-12-31 17:14 - 2014-12-31 17:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll 2014-12-31 17:14 - 2014-12-31 17:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll 2014-12-31 17:14 - 2014-12-31 17:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll 2014-12-31 17:14 - 2014-12-31 17:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll 2014-12-31 17:14 - 2014-12-31 17:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll 2014-12-31 17:14 - 2014-12-31 17:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll 2014-12-31 17:14 - 2014-12-31 17:14 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe 2014-12-31 17:13 - 2014-12-31 17:13 - 00068608 _____ (Microsoft Corporation) C:\Windows\system32\taskhost.exe 2014-12-31 17:12 - 2014-12-31 17:12 - 03928064 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll 2014-12-31 17:12 - 2014-12-31 17:12 - 03419136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll 2014-12-31 17:12 - 2014-12-31 17:12 - 02776576 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll 2014-12-31 17:12 - 2014-12-31 17:12 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll 2014-12-31 17:12 - 2014-12-31 17:12 - 02284544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll 2014-12-31 17:12 - 2014-12-31 17:12 - 01988096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll 2014-12-31 17:12 - 2014-12-31 17:12 - 01682432 _____ (Microsoft Corporation) C:\Windows\system32\XpsPrint.dll 2014-12-31 17:12 - 2014-12-31 17:12 - 01643520 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll 2014-12-31 17:12 - 2014-12-31 17:12 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll 2014-12-31 17:12 - 2014-12-31 17:12 - 01247744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll 2014-12-31 17:12 - 2014-12-31 17:12 - 01238528 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll 2014-12-31 17:12 - 2014-12-31 17:12 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll 2014-12-31 17:12 - 2014-12-31 17:12 - 01175552 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll 2014-12-31 17:12 - 2014-12-31 17:12 - 01158144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsPrint.dll 2014-12-31 17:12 - 2014-12-31 17:12 - 01080832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10.dll 2014-12-31 17:12 - 2014-12-31 17:12 - 00648192 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll 2014-12-31 17:12 - 2014-12-31 17:12 - 00604160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll 2014-12-31 17:12 - 2014-12-31 17:12 - 00522752 _____ (Microsoft Corporation) C:\Windows\system32\XpsGdiConverter.dll 2014-12-31 17:12 - 2014-12-31 17:12 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll 2014-12-31 17:12 - 2014-12-31 17:12 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll 2014-12-31 17:12 - 2014-12-31 17:12 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll 2014-12-31 17:12 - 2014-12-31 17:12 - 00363008 _____ (Microsoft Corporation) C:\Windows\system32\dxgi.dll 2014-12-31 17:12 - 2014-12-31 17:12 - 00333312 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll 2014-12-31 17:12 - 2014-12-31 17:12 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll 2014-12-31 17:12 - 2014-12-31 17:12 - 00293376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxgi.dll 2014-12-31 17:12 - 2014-12-31 17:12 - 00249856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1core.dll 2014-12-31 17:12 - 2014-12-31 17:12 - 00245248 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecsExt.dll 2014-12-31 17:12 - 2014-12-31 17:12 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\UIAnimation.dll 2014-12-31 17:12 - 2014-12-31 17:12 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10core.dll 2014-12-31 17:12 - 2014-12-31 17:12 - 00207872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecsExt.dll 2014-12-31 17:12 - 2014-12-31 17:12 - 00194560 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll 2014-12-31 17:12 - 2014-12-31 17:12 - 00187392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIAnimation.dll 2014-12-31 17:12 - 2014-12-31 17:12 - 00161792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1.dll 2014-12-31 17:12 - 2014-12-31 17:12 - 00010752 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l1-1-0.dll 2014-12-31 17:12 - 2014-12-31 17:12 - 00010752 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll 2014-12-31 17:12 - 2014-12-31 17:12 - 00009728 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l1-1-0.dll 2014-12-31 17:12 - 2014-12-31 17:12 - 00009728 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll 2014-12-31 17:12 - 2014-12-31 17:12 - 00005632 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dll 2014-12-31 17:12 - 2014-12-31 17:12 - 00005632 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-ole32-l1-1-0.dll 2014-12-31 17:12 - 2014-12-31 17:12 - 00005632 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll 2014-12-31 17:12 - 2014-12-31 17:12 - 00005632 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll 2014-12-31 17:12 - 2014-12-31 17:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-user32-l1-1-0.dll 2014-12-31 17:12 - 2014-12-31 17:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll 2014-12-31 17:12 - 2014-12-31 17:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dll 2014-12-31 17:12 - 2014-12-31 17:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll 2014-12-31 17:12 - 2014-12-31 17:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-version-l1-1-0.dll 2014-12-31 17:12 - 2014-12-31 17:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dll 2014-12-31 17:12 - 2014-12-31 17:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-version-l1-1-0.dll 2014-12-31 17:12 - 2014-12-31 17:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll 2014-12-31 17:12 - 2014-12-31 17:12 - 00002560 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-normaliz-l1-1-0.dll 2014-12-31 17:12 - 2014-12-31 17:12 - 00002560 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll 2014-12-31 17:10 - 2014-12-31 17:10 - 01887232 _____ (Microsoft Corporation) C:\Windows\system32\d3d11.dll 2014-12-31 17:10 - 2014-12-31 17:10 - 01505280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll 2014-12-29 15:28 - 2014-12-29 15:28 - 00082397 _____ () C:\Users\Travel Mate\Documents\Gericom_Phantom_16680_121519813587_30_50_Euro.htm 2014-12-29 15:28 - 2014-12-29 15:28 - 00000000 ____D () C:\Users\Travel Mate\Documents\Gericom_Phantom_16680_121519813587_30_50_Euro-Dateien 2014-12-29 10:28 - 2014-12-29 10:28 - 00000436 _____ () C:\Users\Travel Mate\Documents\HKCU_Run_141229.reg 2014-12-25 20:28 - 2014-12-25 20:28 - 00203951 _____ () C:\Users\Travel Mate\Documents\tuerkis.htm 2014-12-25 20:28 - 2014-12-25 20:28 - 00000000 ____D () C:\Users\Travel Mate\Documents\tuerkis-Dateien 2014-12-25 13:39 - 2014-12-25 13:39 - 00000432 _____ () C:\Users\Travel Mate\Documents\runagain.reg 2014-12-25 11:51 - 2014-12-25 11:51 - 00000432 _____ () C:\Users\Travel Mate\Documents\HKCU_Run_141225.reg 2014-12-24 08:29 - 2014-12-24 08:29 - 00056272 _____ () C:\Users\Travel Mate\Documents\art2725,983587.htm 2014-12-24 08:27 - 2014-12-24 08:27 - 00023541 _____ () C:\Users\Travel Mate\Documents\_ Schwarzwaldradio _.htm 2014-12-24 08:27 - 2014-12-24 08:27 - 00000000 ____D () C:\Users\Travel Mate\Documents\_ Schwarzwaldradio _-Dateien 2014-12-24 08:00 - 2014-12-24 08:00 - 00000000 ____D () C:\Users\Travel Mate\Documents\Creative_Labs_neue_Zen_Style_Modelle-Dateien 2014-12-24 07:59 - 2014-12-24 08:00 - 00021099 _____ () C:\Users\Travel Mate\Documents\Creative_Labs_neue_Zen_Style_Modelle.htm 2014-12-24 07:56 - 2014-12-24 07:56 - 00061777 _____ () C:\Users\Travel Mate\Documents\Creative_Labs_Zen_Style_100_Videos_umwandeln.htm 2014-12-24 07:56 - 2014-12-24 07:56 - 00000000 ____D () C:\Users\Travel Mate\Documents\Creative_Labs_Zen_Style_100_Videos_umwandeln-Dateien 2014-12-22 22:57 - 2014-12-22 22:57 - 00001159 _____ () C:\Users\Travel Mate\Desktop\AppData - Verknüpfung.lnk 2014-12-22 22:37 - 2014-12-22 22:37 - 00000434 _____ () C:\Users\Travel Mate\Documents\Roaming.reg 2014-12-21 22:51 - 2014-12-21 22:51 - 00073985 _____ () C:\Users\Travel Mate\Documents\Gericom_Hummer_2430e_XL_331400144916.htm 2014-12-21 22:51 - 2014-12-21 22:51 - 00000000 ____D () C:\Users\Travel Mate\Documents\Gericom_Hummer_2430e_XL_331400144916-Dateien 2014-12-21 22:19 - 2014-12-21 22:19 - 00092531 _____ () C:\Users\Travel Mate\Documents\Gericom_Blockbuster_Excellent_7000_1780_259IA2_331395379352.htm 2014-12-21 21:47 - 2014-12-21 21:47 - 00096734 _____ () C:\Users\Travel Mate\Documents\Gericom_Blockbuster_Radeon_MSW_NB251S5_151501184773.htm 2014-12-21 21:11 - 2014-12-21 21:11 - 00100095 _____ () C:\Users\Travel Mate\Documents\Gericom_Bellagio_1330e_G557_321607047670.htm 2014-12-21 21:11 - 2014-12-21 21:11 - 00000000 ____D () C:\Users\Travel Mate\Documents\Gericom_Bellagio_1330e_G557_321607047670-Dateien 2014-12-21 20:58 - 2014-12-21 20:58 - 00094714 _____ () C:\Users\Travel Mate\Documents\Gericom_Webgine_XL_Per4mance_S_2030_N356S1_141500030300.htm 2014-12-21 20:32 - 2014-12-21 20:32 - 00096743 _____ () C:\Users\Travel Mate\Documents\HP_Pavilion_ZV_5000_181599928144.htm 2014-12-21 20:32 - 2014-12-21 20:32 - 00000000 ____D () C:\Users\Travel Mate\Documents\HP_Pavilion_ZV_5000_181599928144-Dateien 2014-12-21 20:06 - 2014-12-21 20:07 - 00093252 _____ () C:\Users\Travel Mate\Documents\3_Stueck_Dell_Latitude_D620-D630_defekt_291325840383_114_Euro.htm 2014-12-21 20:06 - 2014-12-21 20:06 - 01699012 _____ () C:\Users\Travel Mate\Documents\XXXX 3_Stück_Dell_Latitude_D620-D630_defekt_291325840383_114_Euro.htm 2014-12-21 20:04 - 2014-12-21 20:04 - 00092498 _____ () C:\Users\Travel Mate\Documents\Medion_MD97400_231405188709.htm 2014-12-21 20:04 - 2014-12-21 20:04 - 00000000 ____D () C:\Users\Travel Mate\Documents\Medion_MD97400_231405188709-Dateien 2014-12-21 19:43 - 2014-12-21 19:43 - 00098434 _____ () C:\Users\Travel Mate\Documents\Samsung_SyncMaster_T200_161502083770.htm 2014-12-21 19:43 - 2014-12-21 19:43 - 00000000 ____D () C:\Users\Travel Mate\Documents\Samsung_SyncMaster_T200_161502083770-Dateien 2014-12-21 19:25 - 2014-12-21 19:25 - 00088275 _____ () C:\Users\Travel Mate\Documents\Gericom_Bellagio_1730e_181600258752.htm 2014-12-21 19:25 - 2014-12-21 19:25 - 00000000 ____D () C:\Users\Travel Mate\Documents\Gericom_Bellagio_1730e_181600258752-Dateien 2014-12-21 18:54 - 2014-12-21 18:54 - 00097706 _____ () C:\Users\Travel Mate\Documents\3_Speicherriegel_DIMM_2x512MB_1x1GB_161489607538.htm 2014-12-21 18:46 - 2014-12-21 18:46 - 00153316 _____ () C:\Users\Travel Mate\Documents\Hitachi_Ultrastar_HUA722050CLA330_500GB_291167355468.htm 2014-12-21 18:46 - 2014-12-21 18:46 - 00153316 _____ () C:\Users\Travel Mate\Documents\Hitachi_Deskstar_HUA722050CLA330_500GB_291167355468.htm 2014-12-21 17:34 - 2014-12-21 17:34 - 00000890 _____ () C:\Users\Travel Mate\Desktop\Downloads - Verknüpfung.lnk 2014-12-21 17:33 - 2014-12-21 17:33 - 00007667 _____ () C:\Users\Travel Mate\Desktop\141003 - Verknüpfung.lnk 2014-12-20 13:19 - 2014-12-20 13:20 - 00087604 _____ () C:\Users\Travel Mate\Documents\Dell Latitude D630_201241823587_147.htm 2014-12-20 10:26 - 2014-12-20 10:26 - 00000786 _____ () C:\Windows\KB2936068.log 2014-12-20 07:36 - 2014-12-20 07:37 - 00005314 _____ () C:\Windows\IE10_main.log 2014-12-20 07:30 - 2014-12-31 17:36 - 00024988 _____ () C:\Windows\IE11_main.log 2014-12-20 07:30 - 2014-12-20 07:37 - 00000134 _____ () C:\Users\Travel Mate\Desktop\Internet Explorer-Problembehebung.url 2014-12-15 22:26 - 2014-12-15 22:26 - 00099288 _____ () C:\Users\Travel Mate\Documents\Dell_Latitude_D630_261700909380_30_50.htm 2014-12-15 21:33 - 2014-12-15 21:33 - 00105122 _____ () C:\Users\Travel Mate\Desktop\Gericom_Bellagio_1720e_IPC_7521P_MIM2210_121498523874.htm 2014-12-15 20:02 - 2014-12-15 20:02 - 00096860 _____ () C:\Users\Travel Mate\Documents\Acer_Aspire_5315_ICL50_171557016246.htm 2014-12-15 19:39 - 2014-12-15 19:39 - 00102933 _____ () C:\Users\Travel Mate\Documents\Hitachi_Deskstar_HDS725050KLA360_500GB_221614269222.htm 2014-12-15 19:07 - 2014-12-15 19:07 - 00097716 _____ () C:\Users\Travel Mate\Desktop\Colorful_Nvidia_GeForce_9400_GT_512MB_4719331346072.html 2014-12-15 18:48 - 2015-01-01 00:48 - 00000000 ___HD () C:\ProgramData\{CA2FACF7-9029-4A21-892B-E7F60B39FF1A} 2014-12-15 15:51 - 2014-12-15 16:04 - 92789928 _____ (Ashampoo GmbH & Co. KG ) C:\Users\Travel Mate\Downloads\ashampoo_burning_studio_2014_12.0.5_15376.exe 2014-12-15 15:50 - 2014-12-15 15:50 - 00142275 _____ () C:\Users\Travel Mate\Downloads\Ashampoo_Burning_Studio_2014.htm 2014-12-15 15:50 - 2014-12-15 15:50 - 00000000 ____D () C:\Users\Travel Mate\Downloads\Ashampoo_Burning_Studio_2014-Dateien 2014-12-15 12:42 - 2014-12-15 12:42 - 00035393 _____ () C:\Users\Travel Mate\Downloads\Ausserplanmaessiges_Sicherheitsupdate_MS14-021_fuer_den_Internet_Explorer_6_7_8_9_10_und_11_ist_online.htm 2014-12-15 12:20 - 2014-12-15 12:21 - 11054840 _____ (Microsoft Corporation) C:\Users\Travel Mate\Downloads\WindowsServer2003.WindowsXP-KB2936068-x64-DEU.exe 2014-12-15 12:19 - 2014-12-15 12:20 - 09661680 _____ (Microsoft Corporation) C:\Users\Travel Mate\Downloads\IE8-WindowsXP-KB2936068-x86-ENU.exe 2014-12-15 12:18 - 2014-12-15 12:20 - 20434168 _____ (Microsoft Corporation) C:\Users\Travel Mate\Downloads\IE7-WindowsServer2003.WindowsXP-KB2936068-x64-ENU.exe 2014-12-15 12:15 - 2014-12-15 12:15 - 08673520 _____ (Microsoft Corporation) C:\Users\Travel Mate\Downloads\IE7-WindowsXP-KB2936068-x86-ENU.exe 2014-12-15 12:14 - 2014-12-15 12:15 - 22947064 _____ (Microsoft Corporation) C:\Users\Travel Mate\Downloads\IE8-WindowsServer2003.WindowsXP-KB2936068-x64-ENU.exe 2014-12-15 12:11 - 2014-12-15 12:12 - 09669360 _____ (Microsoft Corporation) C:\Users\Travel Mate\Downloads\IE8-WindowsXP-KB2936068-x86-DEU.exe 2014-12-15 12:06 - 2014-12-15 12:06 - 00057152 _____ () C:\Users\Travel Mate\Downloads\Lutz_Donnerhacke_de_comp_security_firewall_FAQ.htm 2014-12-15 12:03 - 2014-12-15 12:03 - 00195967 _____ () C:\Users\Travel Mate\Downloads\Microsoft_Security_Bulletin_MS14-018_Kritisch.htm 2014-12-15 11:45 - 2014-12-15 11:45 - 00083482 _____ () C:\Users\Travel Mate\Documents\Gericom_Hummer_Advance_2560_XL_201206591377_29_25.htm 2014-12-15 11:42 - 2014-12-15 11:42 - 00111868 _____ () C:\Users\Travel Mate\Documents\Dell_Latitude_D630_181575633384_33_53.htm 2014-12-15 11:40 - 2014-12-15 11:40 - 00097254 _____ () C:\Users\Travel Mate\Documents\Dell_Latitude_D630_Series_321570817498_32_50.htm 2014-12-15 11:09 - 2014-12-15 11:09 - 00109452 _____ () C:\Users\Travel Mate\Documents\Dell_Latitude_D630_171520444830_25_50.htm 2014-12-15 11:06 - 2014-12-15 11:06 - 00098058 _____ () C:\Users\Travel Mate\Documents\Dell_Latitude_D630_281484637517_16.htm 2014-12-15 10:50 - 2014-12-15 10:50 - 00114772 _____ () C:\Users\Travel Mate\Documents\Gericom_Hummer_26640_XL_161467504073_30_60.htm 2014-12-15 10:39 - 2014-12-15 10:39 - 00109479 _____ () C:\Users\Travel Mate\Documents\Dell_Latitude_D630_161469685234_40_50.htm 2014-12-06 20:24 - 2014-12-06 20:24 - 00030035 _____ () C:\Users\Travel Mate\Downloads\mkbt20.zip 2014-12-06 20:23 - 2014-12-06 20:24 - 00045817 _____ () C:\Users\Travel Mate\Downloads\MKBT20.HTM 2014-12-06 20:23 - 2014-12-06 20:24 - 00000000 ____D () C:\Users\Travel Mate\Downloads\MKBT20-Dateien 2014-12-06 20:18 - 2014-12-06 20:18 - 00000000 ____D () C:\Users\Travel Mate\Downloads\How_to_use_ISO_Recorder-Dateien 2014-12-06 20:17 - 2014-12-06 20:18 - 00003576 _____ () C:\Users\Travel Mate\Downloads\How_to_use_ISO_Recorder.htm 2014-12-06 18:31 - 2014-12-06 18:31 - 00086920 _____ () C:\Users\Travel Mate\Downloads\Easy2Boot_list_of_tested_payload_files.htm 2014-12-06 18:31 - 2014-12-06 18:31 - 00073116 _____ () C:\Users\Travel Mate\Downloads\Live-Systeme_als_ISOs_vom_Stick_booten.htm 2014-12-06 18:31 - 2014-12-06 18:31 - 00000000 ____D () C:\Users\Travel Mate\Downloads\Live-Systeme_als_ISOs_vom_Stick_booten-Dateien 2014-12-06 18:31 - 2014-12-06 18:31 - 00000000 ____D () C:\Users\Travel Mate\Downloads\Easy2Boot_list_of_tested_payload_files-Dateien 2014-12-06 18:30 - 2014-12-06 18:30 - 07015164 _____ () C:\Users\Travel Mate\Downloads\MPI_Tool_Pack_Plus_CloverLite_040.zip 2014-12-06 15:40 - 2014-12-06 15:40 - 00008930 _____ () C:\Users\Travel Mate\Downloads\smime.p7s

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-02 17:45 - 2013-10-03 17:24 - 00000000 ____D () C:\Users\Travel Mate\AppData\Local\FreePDF_XP 2015-01-02 17:42 - 2012-04-26 11:44 - 00945369 _____ () C:\Windows\WindowsUpdate.log 2015-01-02 15:55 - 2012-04-26 21:32 - 00643866 _____ () C:\Windows\system32\perfh007.dat 2015-01-02 15:55 - 2012-04-26 21:32 - 00126394 _____ () C:\Windows\system32\perfc007.dat 2015-01-02 15:55 - 2009-07-14 06:13 - 01472002 _____ () C:\Windows\system32\PerfStringBackup.INI 2015-01-02 12:41 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache 2015-01-01 11:33 - 2012-12-12 11:36 - 00000000 ____D () C:\Users\Travel Mate 2015-01-01 00:55 - 2009-07-14 05:45 - 00016752 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-01-01 00:55 - 2009-07-14 05:45 - 00016752 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-01-01 00:48 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2015-01-01 00:48 - 2009-07-14 05:51 - 00053425 _____ () C:\Windows\setupact.log 2014-12-31 17:42 - 2012-12-12 11:39 - 00001417 _____ () C:\Users\Travel Mate\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2014-12-31 17:40 - 2009-07-14 05:45 - 00318296 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-12-31 17:38 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\PolicyDefinitions 2014-12-31 17:37 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\SysWOW64\zh-HK 2014-12-31 17:37 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\SysWOW64\tr-TR 2014-12-31 17:37 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\zh-HK 2014-12-31 17:37 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\tr-TR 2014-12-25 11:12 - 2013-02-07 17:15 - 00001210 _____ () C:\Users\Travel Mate\Desktop\Multidecoder.lnk 2014-12-22 22:36 - 2013-08-26 09:31 - 00000000 ____D () C:\CARS 2014-12-21 23:11 - 2013-05-12 17:32 - 00000000 ____D () C:\Users\Travel Mate\AppData\Local\Deployment 2014-12-15 19:59 - 2014-11-23 17:04 - 00010760 _____ () C:\Users\Travel Mate\diverses.txt 2014-12-09 08:28 - 2013-02-12 04:50 - 00000000 ____D () C:\Users\Travel Mate\AppData\Roaming\vlc

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-12-25 12:16

==================== End Of Log ============================
         
--- --- ---

--- --- ---

--- --- ---

--- --- ---

--- --- ---

Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 28-12-2014 Ran by Travel Mate at 2015-01-02 18:43:10 Running from C:\Users\Travel Mate\Desktop\AV Boot Mode: Normal ==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: AntiVir Desktop (Enabled - Out of date) {090F9C29-64CE-6C6F-379C-5901B49A85B7} AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: AntiVir Desktop (Enabled - Out of date) {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Acer Backup Manager (HKLM-x32\...\InstallShield_{0B61BBD5-DA3C-409A-8730-0C3DC3B0F270}) (Version: 3.0.0.99 - NTI Corporation) Acer Crystal Eye Webcam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 1.0.1904 - CyberLink Corp.) Acer Crystal Eye Webcam (x32 Version: 1.0.1904 - CyberLink Corp.) Hidden Acer ePower Management (HKLM-x32\...\{3DB0448D-AD82-4923-B305-D001E521A964}) (Version: 6.00.3007 - Acer Incorporated) Acer eRecovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 5.00.3502 - Acer Incorporated) Acer Registration (HKLM-x32\...\Acer Registration) (Version: 1.04.3505 - Acer Incorporated) Acer ScreenSaver (HKLM-x32\...\Acer Screensaver) (Version: 1.1.0517.2011 - Acer Incorporated) Acer Updater (HKLM-x32\...\{EE171732-BEB4-4576-887D-CB62727F01CA}) (Version: 1.02.3500 - Acer Incorporated) Acer VCM (HKLM-x32\...\{047F790A-7A2A-4B6A-AD02-38092BA63DAC}) (Version: 4.05.3501 - Acer Incorporated) Adobe Flash Player 11 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 11.3.300.257 - Adobe Systems Incorporated) Adobe Reader X MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.0.0 - Adobe Systems Incorporated) AFPL Ghostscript 8.54 (HKLM-x32\...\AFPL Ghostscript 8.54) (Version: - ) AFPL Ghostscript Fonts (HKLM-x32\...\AFPL Ghostscript Fonts) (Version: - ) Albelli Fotobücher (HKU\S-1-5-21-3003312382-2928224955-3310159703-1000\...\{EE20E438-B675-4421-AB07-928F0EC9FB22}_is1) (Version: - Albelli) Avira AntiVir Personal - Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 10.0.0.592 - Avira GmbH) Backup Manager V3 (x32 Version: 3.0.0.99 - NTI Corporation) Hidden Black Mirror 2 (HKLM-x32\...\Black Mirror 2_is1) (Version: - dtp) Broadcom NetLink Controller (HKLM\...\{C91DCB72-F5BB-410D-A91A-314F5D1B4284}) (Version: 14.8.4.1 - Broadcom Corporation) Corel WinDVD (HKLM-x32\...\{5C1F18D2-F6B7-4242-B803-B5A78648185D}) (Version: 10.0.5.899 - Corel Inc.) D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden eBay Worldwide (HKLM-x32\...\{D3E5A972-9A15-427D-AE78-8181A5FD943C}) (Version: 2.2.0409 - OEM) Evernote v. 4.5.1 (HKLM-x32\...\{28921580-E4BB-11E0-9FD7-1CC1DEF07CBE}) (Version: 4.5.1.5451 - Evernote Corp.) Fotogalerija Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden FreePDF (Remove only) (HKLM-x32\...\FreePDF_XP) (Version: - ) Galeria de Fotografias do Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Galería fotográfica de Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Galeria fotogràfica del Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Galeria fotografii usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Galerie foto Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Gray Matter (HKLM-x32\...\Gray Matter_is1) (Version: - dtp) Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3501 - Acer Incorporated) Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation) Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation) Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2418 - Intel Corporation) Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Launch Manager (HKLM-x32\...\LManager) (Version: 6.0.5 - Acer Inc.) Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden Microsoft .NET Compact Framework 2.0 SP1 (HKLM-x32\...\{625386A4-B6B6-4911-A6E8-23189C3F2D15}) (Version: 2.0.6129 -Microsoft Corporation) Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation) Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 4.0.50401.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 -Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 -Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 -Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Mozilla Firefox (3.6.8) (HKLM-x32\...\Mozilla Firefox (3.6.8)) (Version: 3.6.8 (de) - Mozilla) newsXpresso (HKLM-x32\...\InstallShield_{613C0AC5-3A67-4B94-8B13-9176AD83F5BF}) (Version: 1.0.0.40 - esobi Inc.) newsXpresso (x32 Version: 1.0.0.40 - esobi Inc.) Hidden Norton Online Backup (HKLM-x32\...\{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}) (Version: 2.1.17869 - Symantec Corporation) NTI Media Maker 9 (HKLM-x32\...\InstallShield_{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}) (Version: 9.0.2.8942 - NTI Corporation) NTI Media Maker 9 (x32 Version: 9.0.2.8942 - NTI Corporation) Hidden OpenOffice.org 3.4.1 (HKLM-x32\...\{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}) (Version: 3.41.9593 - Apache Software Foundation) Poczta usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Podstawowe programy Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Pošta Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Raccolta foto di Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6392 - Realtek Semiconductor Corp.) Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30127 - Realtek Semiconductor Corp.) RedMon - Redirection Port Monitor (HKLM\...\Redirection Port Monitor) (Version: - ) Skype™ 5.5 (HKLM-x32\...\{AA59DDE4-B672-4621-A016-4C248204957A}) (Version: 5.5.117 - Skype Technologies S.A.) Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.2.17.5 - Synaptics Incorporated) The First Templar 1.00 (HKU\S-1-5-21-3003312382-2928224955-3310159703-1000\...\The First Templar) (Version: 1.00 - Kalypso Media) VLC media player 2.0.1 (HKLM-x32\...\VLC media player) (Version: 2.0.1 - VideoLAN) Welcome Center (HKLM-x32\...\Acer Welcome Center) (Version: 1.02.3505 - Acer Incorporated) Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation) Συλλογή φωτογραφιών του Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Основные компоненты Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Почта Windows Live (x32 Version: 15.4.3502.0922 - Корпорация Майкрософт) Hidden Фотоальбом Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Фотогалерия на Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden גלריית התמונות של Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden ﺪﻳﺮﺑ Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

 ضﺮﻌﻣ Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

 رﻮﺻ



==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-3003312382-2928224955-3310159703-1000_Classes\CLSID\{F9E1BD9A-84B5-4D12-9195-0B3E7D86FD35}\InprocServer32 -> C:\ProgramData\{CA2FACF7-9029-4A21-892B-E7F60B39FF1A}\neth.dll (Microsoft Corporation)

==================== Restore Points =========================

20-12-2014 08:13:58 Geplanter Prüfpunkt 20-12-2014 10:38:40 Windows Update 27-12-2014 20:09:49 Geplanter Prüfpunkt 31-12-2014 17:09:40 Windows Modules Installer

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {B2B8CE61-33B7-4088-B713-B1909635A6AB} - System32\Tasks\{40B30B6F-BD59-4066-990B-67A303EF1655} => pcalua.exe -a D:\SETUP.EXE -d D:\

==================== Loaded Modules (whitelisted) =============

2013-09-20 15:48 - 2010-06-17 19:56 - 00087040 _____ () C:\Windows\System32\redmonnt.dll 2012-01-10 12:42 - 2011-06-10 03:36 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll 2012-12-20 18:40 - 2010-06-17 15:27 - 00355688 _____ () C:\Anwendungen\Avira\AntiVir Desktop\sqlite3.dll 2011-04-24 03:29 - 2011-04-24 03:29 - 00465640 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\sqlite3.dll 2011-04-24 03:29 - 2011-04-24 03:29 - 01081664 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\ACE.dll 2011-04-24 03:29 - 2011-04-24 03:29 - 00125760 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\MailConverter32.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

========================= Accounts: ==========================

Administrator (S-1-5-21-3003312382-2928224955-3310159703-500 - Administrator - Disabled) Gast (S-1-5-21-3003312382-2928224955-3310159703-501 - Limited - Disabled) Travel Mate (S-1-5-21-3003312382-2928224955-3310159703-1000 - Administrator - Enabled) => C:\Users\Travel Mate

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors: ================== Error: (01/02/2015 11:48:27 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: AcroRd32.exe, Version: 10.0.0.396, Zeitstempel: 0x4cc5e97b Name des fehlerhaften Moduls: msvcrt.dll, Version: 7.0.7600.16385, Zeitstempel: 0x4a5bda6f Ausnahmecode: 0xc0000005 Fehleroffset: 0x00009b60 ID des fehlerhaften Prozesses: 0x810 Startzeit der fehlerhaften Anwendung: 0xAcroRd32.exe0 Pfad der fehlerhaften Anwendung: AcroRd32.exe1 Pfad des fehlerhaften Moduls: AcroRd32.exe2 Berichtskennung: AcroRd32.exe3

Error: (01/02/2015 11:47:50 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: AcroRd32.exe, Version: 10.0.0.396, Zeitstempel: 0x4cc5e97b Name des fehlerhaften Moduls: msvcrt.dll, Version: 7.0.7600.16385, Zeitstempel: 0x4a5bda6f Ausnahmecode: 0xc0000005 Fehleroffset: 0x00009b60 ID des fehlerhaften Prozesses: 0x14bc Startzeit der fehlerhaften Anwendung: 0xAcroRd32.exe0 Pfad der fehlerhaften Anwendung: AcroRd32.exe1 Pfad des fehlerhaften Moduls: AcroRd32.exe2 Berichtskennung: AcroRd32.exe3

Error: (01/01/2015 00:22:25 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: AcroRd32.exe, Version: 10.0.0.396, Zeitstempel: 0x4cc5e97b Name des fehlerhaften Moduls: msvcrt.dll, Version: 7.0.7600.16385, Zeitstempel: 0x4a5bda6f Ausnahmecode: 0xc0000005 Fehleroffset: 0x00009b60 ID des fehlerhaften Prozesses: 0x14c0 Startzeit der fehlerhaften Anwendung: 0xAcroRd32.exe0 Pfad der fehlerhaften Anwendung: AcroRd32.exe1 Pfad des fehlerhaften Moduls: AcroRd32.exe2 Berichtskennung: AcroRd32.exe3

Error: (01/01/2015 00:48:44 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/01/2015 00:43:05 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/01/2015 00:38:07 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/31/2014 05:41:37 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/31/2014 04:40:15 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/28/2014 09:13:16 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: Programm iexplore.exe, Version 9.0.8112.16545 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 578

Startzeit: 01d022d89ec891d1

Endzeit: 13

Anwendungspfad: C:\Program Files (x86)\Internet Explorer\iexplore.exe

Berichts-ID:

Error: (12/27/2014 08:41:19 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: Programm iexplore.exe, Version 9.0.8112.16545 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 15c8

Startzeit: 01d0220abdfc73c9

Endzeit: 16

Anwendungspfad: C:\Program Files (x86)\Internet Explorer\iexplore.exe

Berichts-ID:

System errors: ============= Error: (01/02/2015 05:58:14 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT) Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252.

Error: (01/02/2015 05:58:13 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT) Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252.

Error: (01/02/2015 05:58:13 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT) Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252.

Error: (01/02/2015 03:46:16 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT) Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252.

Error: (01/02/2015 03:46:15 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT) Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252.

Error: (01/02/2015 03:46:13 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT) Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252.

Error: (01/02/2015 00:44:52 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT) Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252.

Error: (01/02/2015 00:43:44 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT) Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252.

Error: (01/02/2015 00:43:07 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT) Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252.

Error: (01/02/2015 00:42:57 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT) Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252.

Microsoft Office Sessions: ========================= Error: (01/02/2015 11:48:27 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: AcroRd32.exe10.0.0.3964cc5e97bmsvcrt.dll7.0.7600.163854a5bda6fc000000500009b6081001d026799b350d7fC:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exeC:\Windows\syswow64\msvcrt.dlle1b29c62-926c-11e4-9fc5-e840f2d02631

Error: (01/02/2015 11:47:50 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: AcroRd32.exe10.0.0.3964cc5e97bmsvcrt.dll7.0.7600.163854a5bda6fc000000500009b6014bc01d026797a351da3C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exeC:\Windows\syswow64\msvcrt.dllcb8e0cbd-926c-11e4-9fc5-e840f2d02631

Error: (01/01/2015 00:22:25 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: AcroRd32.exe10.0.0.3964cc5e97bmsvcrt.dll7.0.7600.163854a5bda6fc000000500009b6014c001d025b52bf7e88dC:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exeC:\Windows\syswow64\msvcrt.dll75784992-91a8-11e4-9fc5-e840f2d02631

Error: (01/01/2015 00:48:44 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/01/2015 00:43:05 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/01/2015 00:38:07 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/31/2014 05:41:37 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/31/2014 04:40:15 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/28/2014 09:13:16 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: iexplore.exe9.0.8112.1654557801d022d89ec891d113C:\Program Files (x86)\Internet Explorer\iexplore.exe

Error: (12/27/2014 08:41:19 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: iexplore.exe9.0.8112.1654515c801d0220abdfc73c916C:\Program Files (x86)\Internet Explorer\iexplore.exe

==================== Memory info ===========================

Processor: Intel(R) Pentium(R) CPU P6200 @ 2.13GHz Percentage of memory in use: 49% Total physical RAM: 3764.36 MB Available physical RAM: 1907.18 MB Total Pagefile: 7526.9 MB Available Pagefile: 5016.28 MB Total Virtual: 8192 MB Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:284.99 GB) (Free:62.68 GB) NTFS Drive d: (IE11) (CDROM) (Total:0.09 GB) (Free:0 GB) CDFS Drive e: () (Removable) (Total:59.55 GB) (Free:38.4 GB) FAT32 Drive f: (MICROSD) (Removable) (Total:14.87 GB) (Free:6.26 GB) NTFS

==================== MBR & Partition Table ==================

======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: F1C971A0) Partition 1: (Not Active) - (Size=13 GB) - (Type=27) Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=285 GB) - (Type=07 NTFS)

======================================================== Disk: 1 (MBR Code: Windows 7 or 8) (Size: 14.9 GB) (Disk ID: 00F54379) Partition 1: (Not Active) - (Size=14.9 GB) - (Type=07 NTFS)

======================================================== Disk: 2 (Size: 59.6 GB) (Disk ID: E1CC9ECD) Partition 1: (Not Active) - (Size=59.6 GB) - (Type=0B)

==================== End Of Log ============================
         
Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 28-12-2014 Ran by Travel Mate at 2015-01-02 18:43:10 Running from C:\Users\Travel Mate\Desktop\AV Boot Mode: Normal ==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: AntiVir Desktop (Enabled - Out of date) {090F9C29-64CE-6C6F-379C-5901B49A85B7} AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: AntiVir Desktop (Enabled - Out of date) {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Acer Backup Manager (HKLM-x32\...\InstallShield_{0B61BBD5-DA3C-409A-8730-0C3DC3B0F270}) (Version: 3.0.0.99 - NTI Corporation) Acer Crystal Eye Webcam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 1.0.1904 - CyberLink Corp.) Acer Crystal Eye Webcam (x32 Version: 1.0.1904 - CyberLink Corp.) Hidden Acer ePower Management (HKLM-x32\...\{3DB0448D-AD82-4923-B305-D001E521A964}) (Version: 6.00.3007 - Acer Incorporated) Acer eRecovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 5.00.3502 - Acer Incorporated) Acer Registration (HKLM-x32\...\Acer Registration) (Version: 1.04.3505 - Acer Incorporated) Acer ScreenSaver (HKLM-x32\...\Acer Screensaver) (Version: 1.1.0517.2011 - Acer Incorporated) Acer Updater (HKLM-x32\...\{EE171732-BEB4-4576-887D-CB62727F01CA}) (Version: 1.02.3500 - Acer Incorporated) Acer VCM (HKLM-x32\...\{047F790A-7A2A-4B6A-AD02-38092BA63DAC}) (Version: 4.05.3501 - Acer Incorporated) Adobe Flash Player 11 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 11.3.300.257 - Adobe Systems Incorporated) Adobe Reader X MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.0.0 - Adobe Systems Incorporated) AFPL Ghostscript 8.54 (HKLM-x32\...\AFPL Ghostscript 8.54) (Version: - ) AFPL Ghostscript Fonts (HKLM-x32\...\AFPL Ghostscript Fonts) (Version: - ) Albelli Fotobücher (HKU\S-1-5-21-3003312382-2928224955-3310159703-1000\...\{EE20E438-B675-4421-AB07-928F0EC9FB22}_is1) (Version: - Albelli) Avira AntiVir Personal - Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 10.0.0.592 - Avira GmbH) Backup Manager V3 (x32 Version: 3.0.0.99 - NTI Corporation) Hidden Black Mirror 2 (HKLM-x32\...\Black Mirror 2_is1) (Version: - dtp) Broadcom NetLink Controller (HKLM\...\{C91DCB72-F5BB-410D-A91A-314F5D1B4284}) (Version: 14.8.4.1 - Broadcom Corporation) Corel WinDVD (HKLM-x32\...\{5C1F18D2-F6B7-4242-B803-B5A78648185D}) (Version: 10.0.5.899 - Corel Inc.) D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden eBay Worldwide (HKLM-x32\...\{D3E5A972-9A15-427D-AE78-8181A5FD943C}) (Version: 2.2.0409 - OEM) Evernote v. 4.5.1 (HKLM-x32\...\{28921580-E4BB-11E0-9FD7-1CC1DEF07CBE}) (Version: 4.5.1.5451 - Evernote Corp.) Fotogalerija Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden FreePDF (Remove only) (HKLM-x32\...\FreePDF_XP) (Version: - ) Galeria de Fotografias do Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Galería fotográfica de Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Galeria fotogràfica del Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Galeria fotografii usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Galerie foto Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Gray Matter (HKLM-x32\...\Gray Matter_is1) (Version: - dtp) Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3501 - Acer Incorporated) Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation) Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation) Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2418 - Intel Corporation) Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Launch Manager (HKLM-x32\...\LManager) (Version: 6.0.5 - Acer Inc.) Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden Microsoft .NET Compact Framework 2.0 SP1 (HKLM-x32\...\{625386A4-B6B6-4911-A6E8-23189C3F2D15}) (Version: 2.0.6129 -Microsoft Corporation) Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation) Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 4.0.50401.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 -Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 -Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 -Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Mozilla Firefox (3.6.8) (HKLM-x32\...\Mozilla Firefox (3.6.8)) (Version: 3.6.8 (de) - Mozilla) newsXpresso (HKLM-x32\...\InstallShield_{613C0AC5-3A67-4B94-8B13-9176AD83F5BF}) (Version: 1.0.0.40 - esobi Inc.) newsXpresso (x32 Version: 1.0.0.40 - esobi Inc.) Hidden Norton Online Backup (HKLM-x32\...\{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}) (Version: 2.1.17869 - Symantec Corporation) NTI Media Maker 9 (HKLM-x32\...\InstallShield_{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}) (Version: 9.0.2.8942 - NTI Corporation) NTI Media Maker 9 (x32 Version: 9.0.2.8942 - NTI Corporation) Hidden OpenOffice.org 3.4.1 (HKLM-x32\...\{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}) (Version: 3.41.9593 - Apache Software Foundation) Poczta usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Podstawowe programy Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Pošta Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Raccolta foto di Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6392 - Realtek Semiconductor Corp.) Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30127 - Realtek Semiconductor Corp.) RedMon - Redirection Port Monitor (HKLM\...\Redirection Port Monitor) (Version: - ) Skype™ 5.5 (HKLM-x32\...\{AA59DDE4-B672-4621-A016-4C248204957A}) (Version: 5.5.117 - Skype Technologies S.A.) Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.2.17.5 - Synaptics Incorporated) The First Templar 1.00 (HKU\S-1-5-21-3003312382-2928224955-3310159703-1000\...\The First Templar) (Version: 1.00 - Kalypso Media) VLC media player 2.0.1 (HKLM-x32\...\VLC media player) (Version: 2.0.1 - VideoLAN) Welcome Center (HKLM-x32\...\Acer Welcome Center) (Version: 1.02.3505 - Acer Incorporated) Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation) Συλλογή φωτογραφιών του Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Основные компоненты Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Почта Windows Live (x32 Version: 15.4.3502.0922 - Корпорация Майкрософт) Hidden Фотоальбом Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Фотогалерия на Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden גלריית התמונות של Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden ﺪﻳﺮﺑ Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

 ضﺮﻌﻣ Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

 رﻮﺻ



==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-3003312382-2928224955-3310159703-1000_Classes\CLSID\{F9E1BD9A-84B5-4D12-9195-0B3E7D86FD35}\InprocServer32 -> C:\ProgramData\{CA2FACF7-9029-4A21-892B-E7F60B39FF1A}\neth.dll (Microsoft Corporation)

==================== Restore Points =========================

20-12-2014 08:13:58 Geplanter Prüfpunkt 20-12-2014 10:38:40 Windows Update 27-12-2014 20:09:49 Geplanter Prüfpunkt 31-12-2014 17:09:40 Windows Modules Installer

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {B2B8CE61-33B7-4088-B713-B1909635A6AB} - System32\Tasks\{40B30B6F-BD59-4066-990B-67A303EF1655} => pcalua.exe -a D:\SETUP.EXE -d D:\

==================== Loaded Modules (whitelisted) =============

2013-09-20 15:48 - 2010-06-17 19:56 - 00087040 _____ () C:\Windows\System32\redmonnt.dll 2012-01-10 12:42 - 2011-06-10 03:36 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll 2012-12-20 18:40 - 2010-06-17 15:27 - 00355688 _____ () C:\Anwendungen\Avira\AntiVir Desktop\sqlite3.dll 2011-04-24 03:29 - 2011-04-24 03:29 - 00465640 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\sqlite3.dll 2011-04-24 03:29 - 2011-04-24 03:29 - 01081664 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\ACE.dll 2011-04-24 03:29 - 2011-04-24 03:29 - 00125760 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\MailConverter32.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

========================= Accounts: ==========================

Administrator (S-1-5-21-3003312382-2928224955-3310159703-500 - Administrator - Disabled) Gast (S-1-5-21-3003312382-2928224955-3310159703-501 - Limited - Disabled) Travel Mate (S-1-5-21-3003312382-2928224955-3310159703-1000 - Administrator - Enabled) => C:\Users\Travel Mate

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors: ================== Error: (01/02/2015 11:48:27 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: AcroRd32.exe, Version: 10.0.0.396, Zeitstempel: 0x4cc5e97b Name des fehlerhaften Moduls: msvcrt.dll, Version: 7.0.7600.16385, Zeitstempel: 0x4a5bda6f Ausnahmecode: 0xc0000005 Fehleroffset: 0x00009b60 ID des fehlerhaften Prozesses: 0x810 Startzeit der fehlerhaften Anwendung: 0xAcroRd32.exe0 Pfad der fehlerhaften Anwendung: AcroRd32.exe1 Pfad des fehlerhaften Moduls: AcroRd32.exe2 Berichtskennung: AcroRd32.exe3

Error: (01/02/2015 11:47:50 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: AcroRd32.exe, Version: 10.0.0.396, Zeitstempel: 0x4cc5e97b Name des fehlerhaften Moduls: msvcrt.dll, Version: 7.0.7600.16385, Zeitstempel: 0x4a5bda6f Ausnahmecode: 0xc0000005 Fehleroffset: 0x00009b60 ID des fehlerhaften Prozesses: 0x14bc Startzeit der fehlerhaften Anwendung: 0xAcroRd32.exe0 Pfad der fehlerhaften Anwendung: AcroRd32.exe1 Pfad des fehlerhaften Moduls: AcroRd32.exe2 Berichtskennung: AcroRd32.exe3

Error: (01/01/2015 00:22:25 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: AcroRd32.exe, Version: 10.0.0.396, Zeitstempel: 0x4cc5e97b Name des fehlerhaften Moduls: msvcrt.dll, Version: 7.0.7600.16385, Zeitstempel: 0x4a5bda6f Ausnahmecode: 0xc0000005 Fehleroffset: 0x00009b60 ID des fehlerhaften Prozesses: 0x14c0 Startzeit der fehlerhaften Anwendung: 0xAcroRd32.exe0 Pfad der fehlerhaften Anwendung: AcroRd32.exe1 Pfad des fehlerhaften Moduls: AcroRd32.exe2 Berichtskennung: AcroRd32.exe3

Error: (01/01/2015 00:48:44 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/01/2015 00:43:05 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/01/2015 00:38:07 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/31/2014 05:41:37 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/31/2014 04:40:15 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/28/2014 09:13:16 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: Programm iexplore.exe, Version 9.0.8112.16545 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 578

Startzeit: 01d022d89ec891d1

Endzeit: 13

Anwendungspfad: C:\Program Files (x86)\Internet Explorer\iexplore.exe

Berichts-ID:

Error: (12/27/2014 08:41:19 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: Programm iexplore.exe, Version 9.0.8112.16545 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 15c8

Startzeit: 01d0220abdfc73c9

Endzeit: 16

Anwendungspfad: C:\Program Files (x86)\Internet Explorer\iexplore.exe

Berichts-ID:

System errors: ============= Error: (01/02/2015 05:58:14 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT) Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252.

Error: (01/02/2015 05:58:13 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT) Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252.

Error: (01/02/2015 05:58:13 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT) Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252.

Error: (01/02/2015 03:46:16 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT) Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252.

Error: (01/02/2015 03:46:15 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT) Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252.

Error: (01/02/2015 03:46:13 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT) Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252.

Error: (01/02/2015 00:44:52 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT) Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252.

Error: (01/02/2015 00:43:44 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT) Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252.

Error: (01/02/2015 00:43:07 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT) Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252.

Error: (01/02/2015 00:42:57 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT) Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252.

Microsoft Office Sessions: ========================= Error: (01/02/2015 11:48:27 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: AcroRd32.exe10.0.0.3964cc5e97bmsvcrt.dll7.0.7600.163854a5bda6fc000000500009b6081001d026799b350d7fC:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exeC:\Windows\syswow64\msvcrt.dlle1b29c62-926c-11e4-9fc5-e840f2d02631

Error: (01/02/2015 11:47:50 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: AcroRd32.exe10.0.0.3964cc5e97bmsvcrt.dll7.0.7600.163854a5bda6fc000000500009b6014bc01d026797a351da3C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exeC:\Windows\syswow64\msvcrt.dllcb8e0cbd-926c-11e4-9fc5-e840f2d02631

Error: (01/01/2015 00:22:25 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: AcroRd32.exe10.0.0.3964cc5e97bmsvcrt.dll7.0.7600.163854a5bda6fc000000500009b6014c001d025b52bf7e88dC:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exeC:\Windows\syswow64\msvcrt.dll75784992-91a8-11e4-9fc5-e840f2d02631

Error: (01/01/2015 00:48:44 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/01/2015 00:43:05 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/01/2015 00:38:07 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/31/2014 05:41:37 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/31/2014 04:40:15 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/28/2014 09:13:16 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: iexplore.exe9.0.8112.1654557801d022d89ec891d113C:\Program Files (x86)\Internet Explorer\iexplore.exe

Error: (12/27/2014 08:41:19 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: iexplore.exe9.0.8112.1654515c801d0220abdfc73c916C:\Program Files (x86)\Internet Explorer\iexplore.exe

==================== Memory info ===========================

Processor: Intel(R) Pentium(R) CPU P6200 @ 2.13GHz Percentage of memory in use: 49% Total physical RAM: 3764.36 MB Available physical RAM: 1907.18 MB Total Pagefile: 7526.9 MB Available Pagefile: 5016.28 MB Total Virtual: 8192 MB Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:284.99 GB) (Free:62.68 GB) NTFS Drive d: (IE11) (CDROM) (Total:0.09 GB) (Free:0 GB) CDFS Drive e: () (Removable) (Total:59.55 GB) (Free:38.4 GB) FAT32 Drive f: (MICROSD) (Removable) (Total:14.87 GB) (Free:6.26 GB) NTFS

==================== MBR & Partition Table ==================

======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: F1C971A0) Partition 1: (Not Active) - (Size=13 GB) - (Type=27) Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=285 GB) - (Type=07 NTFS)

======================================================== Disk: 1 (MBR Code: Windows 7 or 8) (Size: 14.9 GB) (Disk ID: 00F54379) Partition 1: (Not Active) - (Size=14.9 GB) - (Type=07 NTFS)

======================================================== Disk: 2 (Size: 59.6 GB) (Disk ID: E1CC9ECD) Partition 1: (Not Active) - (Size=59.6 GB) - (Type=0B)

==================== End Of Log ============================
         
__________________

Alt 03.01.2015, 12:20   #4
schrauber
/// the machine
/// TB-Ausbilder
 

Windows 7 träge und ständig neue Maleware - Standard

Windows 7 träge und ständig neue Maleware



Bitte mal WOrdWrap in deinem Editor abschalten, dann die Logs nochmal öffnen und posten, das kann ja kein Mensch entziffern.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 03.01.2015, 12:22   #5
Espelkamper
 
Windows 7 träge und ständig neue Maleware - Standard

Scan-Ergebnis-20141231-2045.html



Ergebnis des letzten Durchlaufs mit Desinfec't vom 31.12.2014

Code:
ATTFilter
Virenfunde

Avira Bitdefender Aktion /media/Acer/Users/Travel Mate/Downloads/190713/Notebook-BatteryInfo-Setup.exe Adware/Winload.D VirusTotal Dateimanager umbenennen /media/MICROSD/AVI/Hexyul/ahylu.exe TR/Crypt.Xpack.123986 Trojan.GenericKD.2057002 VirusTotal Dateimanager umbenennen /media/MICROSD/AVI/Neqez/yhyb.exe Gen:Variant.Graftor.169635 VirusTotal Dateimanager umbenennen /media/Acer/Users/Travel Mate/Documents/TOOLS/Setup.exe ADWARE/Adware.Gen7 VirusTotal Dateimanager umbenennen /media/MICROSD/AVI/UiyiYapl/LayyeWubfu.auo TR/Vawtrak.A.771 Gen:Variant.Kazy.517991 VirusTotal Dateimanager umbenennen /media/MICROSD/AVI/Siyww/reopa.exe TR/Crypt.ZPACK.115911 Gen:Variant.Zusy.120815 VirusTotal Dateimanager umbenennen /media/MICROSD/AVI/Windows Genuine Advantage/{275A5439-6EA4-4329-BD7A-DCC070FFC294}/api-ms-win-system-d3d10core-l1-1-0.dll TR/Crypt.ZPACK.114056 Trojan.GenericKD.2030121 VirusTotal Dateimanager umbenennen

Alle gefundenen Dateien mit der Endung .VIRUS versehen
         
So, ich hoffe, es reicht fürs Erste.
Die beiden Adwares liegen friedlich im Download-Ordner und sind nicht installiert.
Einige Schadprogramme sind nicht mehr auf der Festplatte, sondern auf einem externen Speicher.
Zuvor wurden sie wohl schon beim Hochfahren gestartet (HKLM...Run).
Mit den Standardeinstellungen findet Desinfec't offenbar keine weiteren Schadprogramme auf der Festplatte C: .
Und trotzdem tauchen im Ordner Roaming weiterhin neue, merkwürdige Ordner und Dateien auf, die nach Analyse von Avira Malware sind.
Danke und Gruß,
Espelkamper


Geändert von Espelkamper (03.01.2015 um 12:33 Uhr) Grund: Ergänzt

Alt 03.01.2015, 13:40   #6
schrauber
/// the machine
/// TB-Ausbilder
 

Windows 7 träge und ständig neue Maleware - Standard

Windows 7 träge und ständig neue Maleware



Könntest Du die FRST Logs bite wie oben beschrieben nochmal posten? Sonst kann ich nicht helfen.
__________________
--> Windows 7 träge und ständig neue Maleware

Alt 03.01.2015, 14:20   #7
Espelkamper
 
Windows 7 träge und ständig neue Maleware - Standard

Windows 7 träge und ständig neue Malware



Mahlzeit,
bitte, meine vorherigen Versuche mit dem Android-Tablet zu entschuldigen, es war wohl doch keine so gute Idee.
Nun habe ich das Acer-Notebook nochmal gestartet, in Notepad den Haken bei Zeilenumbruch entfernt und probiere es wieder mit den Log-Dateien.

defogger_disable.log
Code:
ATTFilter
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 19:18 on 02/01/2015 (Travel Mate)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-
         
--- --- ---


FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 28-12-2014
Ran by Travel Mate (administrator) on ACERTM on 02-01-2015 18:41:38
Running from C:\Users\Travel Mate\Desktop\AV
Loaded Profile: Travel Mate (Available profiles: Travel Mate)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Avira GmbH) C:\Anwendungen\Avira\AntiVir Desktop\sched.exe
(Avira GmbH) C:\Anwendungen\Avira\AntiVir Desktop\avguard.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Avira GmbH) C:\Anwendungen\Avira\AntiVir Desktop\avshadow.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Avira GmbH) C:\Anwendungen\Avira\AntiVir Desktop\avgnt.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(shbox.de) C:\Program Files (x86)\FreePDF_XP\fpassist.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(InterVideo) C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_11_3_300_257_ActiveX.exe
(Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2723624 2011-03-28] (Synaptics Incorporated)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11860072 2011-06-09] (Realtek Semiconductor)
HKLM\...\Run: [Power Management] => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [1831528 2011-05-10] (Acer Incorporated)
HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [1097808 2011-04-19] (Dritek System Inc.)
HKLM-x32\...\Run: [avgnt] => C:\Anwendungen\Avira\AntiVir Desktop\avgnt.exe [281768 2010-08-02] (Avira GmbH)
HKLM-x32\...\Run: [FreePDF Assistant] => C:\Program Files (x86)\FreePDF_XP\fpassist.exe [373760 2013-03-14] (shbox.de)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3003312382-2928224955-3310159703-1000\...\RunOnce: [FlashPlayerUpdate] => C:\Windows\system32\Macromed\Flash\FlashUtil64_11_3_300_257_ActiveX.exe [417480 2012-12-17] (Adobe Systems Incorporated)
HKU\S-1-5-21-3003312382-2928224955-3310159703-1000\...\Policies\Explorer: [NoDiskSpaceChecks] 1

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-3003312382-2928224955-3310159703-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-3003312382-2928224955-3310159703-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Acer\Acer VCM\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.0.1 -> C:\Anwendungen\VLC\npvlc.dll (VideoLAN)
FF StartMenuInternet: FIREFOX.EXE - C:\Anwendungen\Firefox\firefox.exe

Chrome: 
=======

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AntiVirSchedulerService; C:\Anwendungen\Avira\AntiVir Desktop\sched.exe [135336 2010-08-02] (Avira GmbH)
R2 AntiVirService; C:\Anwendungen\Avira\AntiVir Desktop\avguard.exe [267944 2010-08-02] (Avira GmbH)
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-02] (Symantec Corporation)
R2 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [256832 2011-04-24] (NTI Corporation)
R2 RS_Service; C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe [260640 2010-01-30] (Acer Incorporated)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [81584 2010-08-02] (Avira GmbH)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [116568 2010-08-02] (Avira GmbH)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-02 18:41 - 2015-01-02 18:41 - 00000000 ____D () C:\FRST
2015-01-02 18:23 - 2015-01-02 18:41 - 00000000 ____D () C:\Users\Travel Mate\Desktop\AV
2015-01-02 11:38 - 2015-01-02 11:38 - 00131551 _____ () C:\Users\Travel Mate\Documents\Avira_AntiVir_Rescue_System_12_2014.htm
2015-01-02 11:38 - 2015-01-02 11:38 - 00000000 ____D () C:\Users\Travel Mate\Documents\Avira_AntiVir_Rescue_System_12_2014-Dateien
2015-01-02 11:37 - 2015-01-02 12:08 - 647282688 _____ () C:\Users\Travel Mate\Downloads\rescue-12system.iso
2015-01-02 11:37 - 2015-01-02 12:08 - 154051656 _____ () C:\Users\Travel Mate\Downloads\avira_free_antivirus468_de (1).exe
2015-01-02 11:35 - 2015-01-02 12:04 - 154051656 _____ () C:\Users\Travel Mate\Downloads\avira_free_antivirus468_de.exe
2015-01-02 11:34 - 2015-01-02 11:34 - 00138414 _____ () C:\Users\Travel Mate\Documents\Avira-AntiVir-Rescue-System_30971022.htm
2015-01-02 11:32 - 2015-01-02 11:34 - 04549888 _____ (Avira Operations & Co. KG) C:\Users\Travel Mate\Downloads\avira_de_av___ws.exe
2015-01-01 13:20 - 2015-01-01 13:20 - 05490752 _____ (Secunia) C:\Users\Travel Mate\Downloads\PSISetup10004.exe
2015-01-01 13:19 - 2015-01-01 13:19 - 00022106 _____ () C:\Users\Travel Mate\Documents\Secunia_Personal_Software_Inspector_PSI_30_Build_10004.htm
2015-01-01 13:19 - 2015-01-01 13:19 - 00000000 ____D () C:\Users\Travel Mate\Documents\Secunia_Personal_Software_Inspector_PSI_30_Build_10004-Dateien
2015-01-01 13:15 - 2015-01-01 13:15 - 00051683 _____ () C:\Users\Travel Mate\Documents\Secunia_Personal_Software_Inspector_PSI.htm
2015-01-01 13:15 - 2015-01-01 13:15 - 00000000 ____D () C:\Users\Travel Mate\Documents\Secunia_Personal_Software_Inspector_PSI-Dateien
2015-01-01 13:14 - 2015-01-01 13:14 - 00709564 _____ () C:\Users\Travel Mate\Downloads\delfix_10.8.exe
2015-01-01 13:13 - 2015-01-01 13:13 - 00021265 _____ () C:\Users\Travel Mate\Documents\DELFIX.HTM
2015-01-01 13:13 - 2015-01-01 13:13 - 00000000 ____D () C:\Users\Travel Mate\Documents\DELFIX-Dateien
2015-01-01 13:11 - 2015-01-01 13:12 - 04134156 _____ () C:\Users\Travel Mate\Downloads\zoek.zip
2015-01-01 13:11 - 2015-01-01 13:11 - 04134156 _____ () C:\Users\Travel Mate\Documents\zoek.zip
2015-01-01 13:11 - 2015-01-01 13:11 - 00003594 _____ () C:\Users\Travel Mate\Documents\ZOEK.HTM
2015-01-01 13:11 - 2015-01-01 13:11 - 00000000 ____D () C:\Users\Travel Mate\Documents\ZOEK-Dateien
2015-01-01 13:07 - 2015-01-01 13:08 - 05604036 _____ (Swearware) C:\Users\Travel Mate\Downloads\ComboFix.exe
2015-01-01 13:07 - 2015-01-01 13:07 - 00448512 _____ (OldTimer Tools) C:\Users\Travel Mate\Downloads\TFC.exe
2015-01-01 13:06 - 2015-01-01 13:06 - 00018203 _____ () C:\Users\Travel Mate\Documents\Temp_File_Cleaner_htm.htm
2015-01-01 13:06 - 2015-01-01 13:06 - 00000000 ____D () C:\Users\Travel Mate\Documents\Temp_File_Cleaner_htm-Dateien
2015-01-01 13:05 - 2015-01-01 13:05 - 00050343 _____ () C:\Users\Travel Mate\Documents\Anleitung_Malwarebytes_Anti-Malware.htm
2015-01-01 13:05 - 2015-01-01 13:05 - 00000000 ____D () C:\Users\Travel Mate\Documents\Anleitung_Malwarebytes_Anti-Malware-Dateien
2015-01-01 13:04 - 2015-01-01 13:05 - 01707939 _____ (Thisisu) C:\Users\Travel Mate\Downloads\JRT.exe
2015-01-01 13:03 - 2015-01-01 13:03 - 00019613 _____ () C:\Users\Travel Mate\Documents\Junkware_Removal_Tool.htm
2015-01-01 13:03 - 2015-01-01 13:03 - 00000000 ____D () C:\Users\Travel Mate\Documents\Junkware_Removal_Tool-Dateien
2015-01-01 13:02 - 2015-01-01 13:03 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Travel Mate\Downloads\mbam-setup-2.0.4.1028.exe
2015-01-01 13:01 - 2015-01-01 13:01 - 00021468 _____ () C:\Users\Travel Mate\Documents\Malwarebytes_Anti-Malware.htm
2015-01-01 13:01 - 2015-01-01 13:01 - 00000000 ____D () C:\Users\Travel Mate\Documents\Malwarebytes_Anti-Malware-Dateien
2015-01-01 13:00 - 2015-01-01 13:00 - 02173952 _____ () C:\Users\Travel Mate\Downloads\AdwCleaner_4.106.exe
2015-01-01 12:59 - 2015-01-01 12:59 - 00019908 _____ () C:\Users\Travel Mate\Documents\AdwCleaner.htm
2015-01-01 12:59 - 2015-01-01 12:59 - 00000000 ____D () C:\Users\Travel Mate\Documents\AdwCleaner-Dateien
2015-01-01 12:57 - 2015-01-01 12:57 - 00017259 _____ () C:\Users\Travel Mate\Documents\GMER.HTM
2015-01-01 12:57 - 2015-01-01 12:57 - 00000000 ____D () C:\Users\Travel Mate\Documents\GMER-Dateien
2015-01-01 12:56 - 2015-01-01 12:56 - 02123264 _____ (Farbar) C:\Users\Travel Mate\Downloads\FRST64.exe
2015-01-01 12:56 - 2015-01-01 12:56 - 00380416 _____ () C:\Users\Travel Mate\Downloads\8tccbsdg.exe
2015-01-01 12:55 - 2015-01-01 12:56 - 01114624 _____ (Farbar) C:\Users\Travel Mate\Downloads\FRST.exe
2015-01-01 12:54 - 2015-01-01 12:54 - 00018850 _____ () C:\Users\Travel Mate\Documents\Farbar_Recovery_Scan_Tool_FRST.htm
2015-01-01 12:54 - 2015-01-01 12:54 - 00000000 ____D () C:\Users\Travel Mate\Documents\Farbar_Recovery_Scan_Tool_FRST-Dateien
2015-01-01 12:53 - 2015-01-01 12:53 - 00050477 _____ () C:\Users\Travel Mate\Downloads\Defogger.exe
2015-01-01 12:52 - 2015-01-01 12:52 - 00017443 _____ () C:\Users\Travel Mate\Documents\DEFOGGER.HTM
2015-01-01 12:52 - 2015-01-01 12:52 - 00000000 ____D () C:\Users\Travel Mate\Documents\DEFOGGER-Dateien
2015-01-01 12:21 - 2015-01-01 12:21 - 00045782 _____ () C:\Users\Travel Mate\Documents\Trojaner-Board_de_Logfiles_posten.htm
2015-01-01 12:21 - 2015-01-01 12:21 - 00000000 ____D () C:\Users\Travel Mate\Documents\Trojaner-Board_de_Logfiles_posten-Dateien
2015-01-01 12:06 - 2015-01-01 12:06 - 00000000 ____D () C:\Users\Travel Mate\Documents\Windows_XP_TR_Vawtrak_A_284_und_TR_Matsnu_J_12_2-Dateien
2015-01-01 12:05 - 2015-01-01 12:06 - 00156252 _____ () C:\Users\Travel Mate\Documents\Windows_XP_TR_Vawtrak_A_284_und_TR_Matsnu_J_12_2.htm
2015-01-01 12:05 - 2015-01-01 12:05 - 00331514 _____ () C:\Users\Travel Mate\Documents\Windows_XP_TR_Vawtrak_A_284_und_TR_Matsnu_J_12_1.htm
2015-01-01 12:05 - 2015-01-01 12:05 - 00331322 _____ () C:\Users\Travel Mate\Documents\Windows_XP_TR_Vawtrak_A_284_und_TR_Matsnu_J_12.htm
2015-01-01 12:05 - 2015-01-01 12:05 - 00000000 ____D () C:\Users\Travel Mate\Documents\Windows_XP_TR_Vawtrak_A_284_und_TR_Matsnu_J_12-Dateien
2015-01-01 12:05 - 2015-01-01 12:05 - 00000000 ____D () C:\Users\Travel Mate\Documents\Windows_XP_TR_Vawtrak_A_284_und_TR_Matsnu_J_12_1-Dateien
2015-01-01 12:03 - 2015-01-01 12:03 - 00058658 _____ () C:\Users\Travel Mate\Documents\Anleitung_fuer_Hilfesuchende_bei_Trojaner-_und_Virenbefall.htm
2015-01-01 12:03 - 2015-01-01 12:03 - 00000000 ____D () C:\Users\Travel Mate\Documents\Anleitung_fuer_Hilfesuchende_bei_Trojaner-_und_Virenbefall-Dateien
2015-01-01 11:33 - 2015-01-01 11:33 - 00000227 _____ () C:\Users\Travel Mate\AVIRA.TXT
2015-01-01 00:51 - 2015-01-01 00:51 - 00000000 __SHD () C:\Users\Travel Mate\AppData\Local\EmieUserList
2015-01-01 00:51 - 2015-01-01 00:51 - 00000000 __SHD () C:\Users\Travel Mate\AppData\Local\EmieSiteList
2015-01-01 00:51 - 2015-01-01 00:51 - 00000000 __SHD () C:\Users\Travel Mate\AppData\Local\EmieBrowserModeList
2015-01-01 00:46 - 2015-01-01 00:46 - 00025508 _____ () C:\Users\Travel Mate\Documents\HKCU_Ycgau.reg
2015-01-01 00:45 - 2015-01-01 00:45 - 00025500 _____ () C:\Users\Travel Mate\Documents\HKCU_Evyv.reg
2015-01-01 00:45 - 2015-01-01 00:45 - 00025322 _____ () C:\Users\Travel Mate\Documents\HKCUÖXuhek.reg
2015-01-01 00:44 - 2015-01-01 00:44 - 00025508 _____ () C:\Users\Travel Mate\Documents\HKCU_Daypo.reg
2015-01-01 00:44 - 2015-01-01 00:44 - 00025370 _____ () C:\Users\Travel Mate\Documents\HKCU_Edpo.reg
2015-01-01 00:40 - 2015-01-01 00:40 - 00000432 _____ () C:\Users\Travel Mate\Documents\HKCU_Run_141231.reg
2014-12-31 17:36 - 2013-10-14 18:00 - 00028368 _____ (Microsoft Corporation) C:\Windows\system32\IEUDINIT.EXE
2014-12-31 17:25 - 2014-12-31 17:25 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-12-31 17:25 - 2014-12-31 17:25 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2014-12-31 17:24 - 2014-12-31 17:24 - 25059840 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-12-31 17:24 - 2014-12-31 17:24 - 19749376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-12-31 17:24 - 2014-12-31 17:24 - 14412800 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-12-31 17:24 - 2014-12-31 17:24 - 12836864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-12-31 17:24 - 2014-12-31 17:24 - 06039552 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-12-31 17:24 - 2014-12-31 17:24 - 04299264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-12-31 17:24 - 2014-12-31 17:24 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-12-31 17:24 - 2014-12-31 17:24 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-12-31 17:24 - 2014-12-31 17:24 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-12-31 17:24 - 2014-12-31 17:24 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-12-31 17:24 - 2014-12-31 17:24 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-12-31 17:24 - 2014-12-31 17:24 - 02125312 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-12-31 17:24 - 2014-12-31 17:24 - 02052096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-12-31 17:24 - 2014-12-31 17:24 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-12-31 17:24 - 2014-12-31 17:24 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-12-31 17:24 - 2014-12-31 17:24 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-12-31 17:24 - 2014-12-31 17:24 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-12-31 17:24 - 2014-12-31 17:24 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-12-31 17:24 - 2014-12-31 17:24 - 00942592 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
2014-12-31 17:24 - 2014-12-31 17:24 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-12-31 17:24 - 2014-12-31 17:24 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-12-31 17:24 - 2014-12-31 17:24 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-12-31 17:24 - 2014-12-31 17:24 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-12-31 17:24 - 2014-12-31 17:24 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-12-31 17:24 - 2014-12-31 17:24 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-12-31 17:24 - 2014-12-31 17:24 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-12-31 17:24 - 2014-12-31 17:24 - 00645120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsIntl.dll
2014-12-31 17:24 - 2014-12-31 17:24 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-12-31 17:24 - 2014-12-31 17:24 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-12-31 17:24 - 2014-12-31 17:24 - 00616104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2014-12-31 17:24 - 2014-12-31 17:24 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2014-12-31 17:24 - 2014-12-31 17:24 - 00610304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-12-31 17:24 - 2014-12-31 17:24 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-12-31 17:24 - 2014-12-31 17:24 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-12-31 17:24 - 2014-12-31 17:24 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-12-31 17:24 - 2014-12-31 17:24 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-12-31 17:24 - 2014-12-31 17:24 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-12-31 17:24 - 2014-12-31 17:24 - 00413696 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2014-12-31 17:24 - 2014-12-31 17:24 - 00389296 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-12-31 17:24 - 2014-12-31 17:24 - 00342200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-12-31 17:24 - 2014-12-31 17:24 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2014-12-31 17:24 - 2014-12-31 17:24 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-12-31 17:24 - 2014-12-31 17:24 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-12-31 17:24 - 2014-12-31 17:24 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2014-12-31 17:24 - 2014-12-31 17:24 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2014-12-31 17:24 - 2014-12-31 17:24 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-12-31 17:24 - 2014-12-31 17:24 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2014-12-31 17:24 - 2014-12-31 17:24 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2014-12-31 17:24 - 2014-12-31 17:24 - 00208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2014-12-31 17:24 - 2014-12-31 17:24 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-12-31 17:24 - 2014-12-31 17:24 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2014-12-31 17:24 - 2014-12-31 17:24 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-12-31 17:24 - 2014-12-31 17:24 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2014-12-31 17:24 - 2014-12-31 17:24 - 00151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2014-12-31 17:24 - 2014-12-31 17:24 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2014-12-31 17:24 - 2014-12-31 17:24 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-12-31 17:24 - 2014-12-31 17:24 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2014-12-31 17:24 - 2014-12-31 17:24 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2014-12-31 17:24 - 2014-12-31 17:24 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2014-12-31 17:24 - 2014-12-31 17:24 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2014-12-31 17:24 - 2014-12-31 17:24 - 00127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2014-12-31 17:24 - 2014-12-31 17:24 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2014-12-31 17:24 - 2014-12-31 17:24 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-12-31 17:24 - 2014-12-31 17:24 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-12-31 17:24 - 2014-12-31 17:24 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2014-12-31 17:24 - 2014-12-31 17:24 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-12-31 17:24 - 2014-12-31 17:24 - 00101376 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2014-12-31 17:24 - 2014-12-31 17:24 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-12-31 17:24 - 2014-12-31 17:24 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2014-12-31 17:24 - 2014-12-31 17:24 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-12-31 17:24 - 2014-12-31 17:24 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-12-31 17:24 - 2014-12-31 17:24 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2014-12-31 17:24 - 2014-12-31 17:24 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2014-12-31 17:24 - 2014-12-31 17:24 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2014-12-31 17:24 - 2014-12-31 17:24 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-12-31 17:24 - 2014-12-31 17:24 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2014-12-31 17:24 - 2014-12-31 17:24 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-12-31 17:24 - 2014-12-31 17:24 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2014-12-31 17:24 - 2014-12-31 17:24 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2014-12-31 17:24 - 2014-12-31 17:24 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2014-12-31 17:24 - 2014-12-31 17:24 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-12-31 17:24 - 2014-12-31 17:24 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-12-31 17:24 - 2014-12-31 17:24 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2014-12-31 17:24 - 2014-12-31 17:24 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-12-31 17:24 - 2014-12-31 17:24 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2014-12-31 17:24 - 2014-12-31 17:24 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-12-31 17:24 - 2014-12-31 17:24 - 00056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2014-12-31 17:24 - 2014-12-31 17:24 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-12-31 17:24 - 2014-12-31 17:24 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-12-31 17:24 - 2014-12-31 17:24 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2014-12-31 17:24 - 2014-12-31 17:24 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2014-12-31 17:24 - 2014-12-31 17:24 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-12-31 17:24 - 2014-12-31 17:24 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2014-12-31 17:24 - 2014-12-31 17:24 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-12-31 17:24 - 2014-12-31 17:24 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-12-31 17:24 - 2014-12-31 17:24 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2014-12-31 17:24 - 2014-12-31 17:24 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2014-12-31 17:24 - 2014-12-31 17:24 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-12-31 17:24 - 2014-12-31 17:24 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-12-31 17:24 - 2014-12-31 17:24 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2014-12-31 17:24 - 2014-12-31 17:24 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2014-12-31 17:24 - 2014-12-31 17:24 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-12-31 17:24 - 2014-12-31 17:24 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2014-12-31 17:24 - 2014-12-31 17:24 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-12-31 17:24 - 2014-12-31 17:24 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2014-12-31 17:24 - 2014-12-31 17:24 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-12-31 17:14 - 2014-12-31 17:14 - 05549504 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-12-31 17:14 - 2014-12-31 17:14 - 03969472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2014-12-31 17:14 - 2014-12-31 17:14 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2014-12-31 17:14 - 2014-12-31 17:14 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-12-31 17:14 - 2014-12-31 17:14 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2014-12-31 17:14 - 2014-12-31 17:14 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2014-12-31 17:14 - 2014-12-31 17:14 - 01161216 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2014-12-31 17:14 - 2014-12-31 17:14 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2014-12-31 17:14 - 2014-12-31 17:14 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2014-12-31 17:14 - 2014-12-31 17:14 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2014-12-31 17:14 - 2014-12-31 17:14 - 00640512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2014-12-31 17:14 - 2014-12-31 17:14 - 00619520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2014-12-31 17:14 - 2014-12-31 17:14 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2014-12-31 17:14 - 2014-12-31 17:14 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2014-12-31 17:14 - 2014-12-31 17:14 - 00376688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2014-12-31 17:14 - 2014-12-31 17:14 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2014-12-31 17:14 - 2014-12-31 17:14 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2014-12-31 17:14 - 2014-12-31 17:14 - 00327168 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll
2014-12-31 17:14 - 2014-12-31 17:14 - 00288088 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2014-12-31 17:14 - 2014-12-31 17:14 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2014-12-31 17:14 - 2014-12-31 17:14 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2014-12-31 17:14 - 2014-12-31 17:14 - 00231424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswsock.dll
2014-12-31 17:14 - 2014-12-31 17:14 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2014-12-31 17:14 - 2014-12-31 17:14 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2014-12-31 17:14 - 2014-12-31 17:14 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2014-12-31 17:14 - 2014-12-31 17:14 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2014-12-31 17:14 - 2014-12-31 17:14 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2014-12-31 17:14 - 2014-12-31 17:14 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2014-12-31 17:14 - 2014-12-31 17:14 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2014-12-31 17:14 - 2014-12-31 17:14 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2014-12-31 17:14 - 2014-12-31 17:14 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2014-12-31 17:14 - 2014-12-31 17:14 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2014-12-31 17:14 - 2014-12-31 17:14 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2014-12-31 17:14 - 2014-12-31 17:14 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2014-12-31 17:14 - 2014-12-31 17:14 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2014-12-31 17:14 - 2014-12-31 17:14 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2014-12-31 17:14 - 2014-12-31 17:14 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2014-12-31 17:14 - 2014-12-31 17:14 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2014-12-31 17:14 - 2014-12-31 17:14 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2014-12-31 17:14 - 2014-12-31 17:14 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2014-12-31 17:14 - 2014-12-31 17:14 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2014-12-31 17:14 - 2014-12-31 17:14 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2014-12-31 17:14 - 2014-12-31 17:14 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2014-12-31 17:14 - 2014-12-31 17:14 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2014-12-31 17:14 - 2014-12-31 17:14 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2014-12-31 17:14 - 2014-12-31 17:14 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2014-12-31 17:14 - 2014-12-31 17:14 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2014-12-31 17:14 - 2014-12-31 17:14 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2014-12-31 17:14 - 2014-12-31 17:14 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2014-12-31 17:14 - 2014-12-31 17:14 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2014-12-31 17:14 - 2014-12-31 17:14 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2014-12-31 17:14 - 2014-12-31 17:14 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2014-12-31 17:14 - 2014-12-31 17:14 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2014-12-31 17:14 - 2014-12-31 17:14 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2014-12-31 17:14 - 2014-12-31 17:14 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2014-12-31 17:14 - 2014-12-31 17:14 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2014-12-31 17:14 - 2014-12-31 17:14 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2014-12-31 17:14 - 2014-12-31 17:14 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2014-12-31 17:14 - 2014-12-31 17:14 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2014-12-31 17:14 - 2014-12-31 17:14 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2014-12-31 17:14 - 2014-12-31 17:14 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2014-12-31 17:14 - 2014-12-31 17:14 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2014-12-31 17:14 - 2014-12-31 17:14 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2014-12-31 17:14 - 2014-12-31 17:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2014-12-31 17:14 - 2014-12-31 17:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2014-12-31 17:14 - 2014-12-31 17:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2014-12-31 17:14 - 2014-12-31 17:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2014-12-31 17:14 - 2014-12-31 17:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2014-12-31 17:14 - 2014-12-31 17:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2014-12-31 17:14 - 2014-12-31 17:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2014-12-31 17:14 - 2014-12-31 17:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2014-12-31 17:14 - 2014-12-31 17:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2014-12-31 17:14 - 2014-12-31 17:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2014-12-31 17:14 - 2014-12-31 17:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2014-12-31 17:14 - 2014-12-31 17:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2014-12-31 17:14 - 2014-12-31 17:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2014-12-31 17:14 - 2014-12-31 17:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2014-12-31 17:14 - 2014-12-31 17:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2014-12-31 17:14 - 2014-12-31 17:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2014-12-31 17:14 - 2014-12-31 17:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2014-12-31 17:14 - 2014-12-31 17:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2014-12-31 17:14 - 2014-12-31 17:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2014-12-31 17:14 - 2014-12-31 17:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2014-12-31 17:14 - 2014-12-31 17:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2014-12-31 17:14 - 2014-12-31 17:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2014-12-31 17:14 - 2014-12-31 17:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2014-12-31 17:14 - 2014-12-31 17:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2014-12-31 17:14 - 2014-12-31 17:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2014-12-31 17:14 - 2014-12-31 17:14 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2014-12-31 17:13 - 2014-12-31 17:13 - 00068608 _____ (Microsoft Corporation) C:\Windows\system32\taskhost.exe
2014-12-31 17:12 - 2014-12-31 17:12 - 03928064 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2014-12-31 17:12 - 2014-12-31 17:12 - 03419136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2014-12-31 17:12 - 2014-12-31 17:12 - 02776576 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2014-12-31 17:12 - 2014-12-31 17:12 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-12-31 17:12 - 2014-12-31 17:12 - 02284544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2014-12-31 17:12 - 2014-12-31 17:12 - 01988096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-12-31 17:12 - 2014-12-31 17:12 - 01682432 _____ (Microsoft Corporation) C:\Windows\system32\XpsPrint.dll
2014-12-31 17:12 - 2014-12-31 17:12 - 01643520 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2014-12-31 17:12 - 2014-12-31 17:12 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-12-31 17:12 - 2014-12-31 17:12 - 01247744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2014-12-31 17:12 - 2014-12-31 17:12 - 01238528 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll
2014-12-31 17:12 - 2014-12-31 17:12 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-12-31 17:12 - 2014-12-31 17:12 - 01175552 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2014-12-31 17:12 - 2014-12-31 17:12 - 01158144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsPrint.dll
2014-12-31 17:12 - 2014-12-31 17:12 - 01080832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10.dll
2014-12-31 17:12 - 2014-12-31 17:12 - 00648192 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2014-12-31 17:12 - 2014-12-31 17:12 - 00604160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2014-12-31 17:12 - 2014-12-31 17:12 - 00522752 _____ (Microsoft Corporation) C:\Windows\system32\XpsGdiConverter.dll
2014-12-31 17:12 - 2014-12-31 17:12 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2014-12-31 17:12 - 2014-12-31 17:12 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2014-12-31 17:12 - 2014-12-31 17:12 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll
2014-12-31 17:12 - 2014-12-31 17:12 - 00363008 _____ (Microsoft Corporation) C:\Windows\system32\dxgi.dll
2014-12-31 17:12 - 2014-12-31 17:12 - 00333312 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll
2014-12-31 17:12 - 2014-12-31 17:12 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll
2014-12-31 17:12 - 2014-12-31 17:12 - 00293376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxgi.dll
2014-12-31 17:12 - 2014-12-31 17:12 - 00249856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1core.dll
2014-12-31 17:12 - 2014-12-31 17:12 - 00245248 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecsExt.dll
2014-12-31 17:12 - 2014-12-31 17:12 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\UIAnimation.dll
2014-12-31 17:12 - 2014-12-31 17:12 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10core.dll
2014-12-31 17:12 - 2014-12-31 17:12 - 00207872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecsExt.dll
2014-12-31 17:12 - 2014-12-31 17:12 - 00194560 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll
2014-12-31 17:12 - 2014-12-31 17:12 - 00187392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIAnimation.dll
2014-12-31 17:12 - 2014-12-31 17:12 - 00161792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1.dll
2014-12-31 17:12 - 2014-12-31 17:12 - 00010752 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2014-12-31 17:12 - 2014-12-31 17:12 - 00010752 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2014-12-31 17:12 - 2014-12-31 17:12 - 00009728 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2014-12-31 17:12 - 2014-12-31 17:12 - 00009728 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2014-12-31 17:12 - 2014-12-31 17:12 - 00005632 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2014-12-31 17:12 - 2014-12-31 17:12 - 00005632 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-ole32-l1-1-0.dll
2014-12-31 17:12 - 2014-12-31 17:12 - 00005632 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2014-12-31 17:12 - 2014-12-31 17:12 - 00005632 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2014-12-31 17:12 - 2014-12-31 17:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-user32-l1-1-0.dll
2014-12-31 17:12 - 2014-12-31 17:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2014-12-31 17:12 - 2014-12-31 17:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2014-12-31 17:12 - 2014-12-31 17:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2014-12-31 17:12 - 2014-12-31 17:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-version-l1-1-0.dll
2014-12-31 17:12 - 2014-12-31 17:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dll
2014-12-31 17:12 - 2014-12-31 17:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2014-12-31 17:12 - 2014-12-31 17:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2014-12-31 17:12 - 2014-12-31 17:12 - 00002560 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2014-12-31 17:12 - 2014-12-31 17:12 - 00002560 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2014-12-31 17:10 - 2014-12-31 17:10 - 01887232 _____ (Microsoft Corporation) C:\Windows\system32\d3d11.dll
2014-12-31 17:10 - 2014-12-31 17:10 - 01505280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll
2014-12-29 15:28 - 2014-12-29 15:28 - 00082397 _____ () C:\Users\Travel Mate\Documents\Gericom_Phantom_16680_121519813587_30_50_Euro.htm
2014-12-29 15:28 - 2014-12-29 15:28 - 00000000 ____D () C:\Users\Travel Mate\Documents\Gericom_Phantom_16680_121519813587_30_50_Euro-Dateien
2014-12-29 10:28 - 2014-12-29 10:28 - 00000436 _____ () C:\Users\Travel Mate\Documents\HKCU_Run_141229.reg
2014-12-25 20:28 - 2014-12-25 20:28 - 00203951 _____ () C:\Users\Travel Mate\Documents\tuerkis.htm
2014-12-25 20:28 - 2014-12-25 20:28 - 00000000 ____D () C:\Users\Travel Mate\Documents\tuerkis-Dateien
2014-12-25 13:39 - 2014-12-25 13:39 - 00000432 _____ () C:\Users\Travel Mate\Documents\runagain.reg
2014-12-25 11:51 - 2014-12-25 11:51 - 00000432 _____ () C:\Users\Travel Mate\Documents\HKCU_Run_141225.reg
2014-12-24 08:29 - 2014-12-24 08:29 - 00056272 _____ () C:\Users\Travel Mate\Documents\art2725,983587.htm
2014-12-24 08:27 - 2014-12-24 08:27 - 00023541 _____ () C:\Users\Travel Mate\Documents\_*Schwarzwaldradio*_.htm
2014-12-24 08:27 - 2014-12-24 08:27 - 00000000 ____D () C:\Users\Travel Mate\Documents\_*Schwarzwaldradio*_-Dateien
2014-12-24 08:00 - 2014-12-24 08:00 - 00000000 ____D () C:\Users\Travel Mate\Documents\Creative_Labs_neue_Zen_Style_Modelle-Dateien
2014-12-24 07:59 - 2014-12-24 08:00 - 00021099 _____ () C:\Users\Travel Mate\Documents\Creative_Labs_neue_Zen_Style_Modelle.htm
2014-12-24 07:56 - 2014-12-24 07:56 - 00061777 _____ () C:\Users\Travel Mate\Documents\Creative_Labs_Zen_Style_100_Videos_umwandeln.htm
2014-12-24 07:56 - 2014-12-24 07:56 - 00000000 ____D () C:\Users\Travel Mate\Documents\Creative_Labs_Zen_Style_100_Videos_umwandeln-Dateien
2014-12-22 22:57 - 2014-12-22 22:57 - 00001159 _____ () C:\Users\Travel Mate\Desktop\AppData - Verknüpfung.lnk
2014-12-22 22:37 - 2014-12-22 22:37 - 00000434 _____ () C:\Users\Travel Mate\Documents\Roaming.reg
2014-12-21 22:51 - 2014-12-21 22:51 - 00073985 _____ () C:\Users\Travel Mate\Documents\Gericom_Hummer_2430e_XL_331400144916.htm
2014-12-21 22:51 - 2014-12-21 22:51 - 00000000 ____D () C:\Users\Travel Mate\Documents\Gericom_Hummer_2430e_XL_331400144916-Dateien
2014-12-21 22:19 - 2014-12-21 22:19 - 00092531 _____ () C:\Users\Travel Mate\Documents\Gericom_Blockbuster_Excellent_7000_1780_259IA2_331395379352.htm
2014-12-21 21:47 - 2014-12-21 21:47 - 00096734 _____ () C:\Users\Travel Mate\Documents\Gericom_Blockbuster_Radeon_MSW_NB251S5_151501184773.htm
2014-12-21 21:11 - 2014-12-21 21:11 - 00100095 _____ () C:\Users\Travel Mate\Documents\Gericom_Bellagio_1330e_G557_321607047670.htm
2014-12-21 21:11 - 2014-12-21 21:11 - 00000000 ____D () C:\Users\Travel Mate\Documents\Gericom_Bellagio_1330e_G557_321607047670-Dateien
2014-12-21 20:58 - 2014-12-21 20:58 - 00094714 _____ () C:\Users\Travel Mate\Documents\Gericom_Webgine_XL_Per4mance_S_2030_N356S1_141500030300.htm
2014-12-21 20:32 - 2014-12-21 20:32 - 00096743 _____ () C:\Users\Travel Mate\Documents\HP_Pavilion_ZV_5000_181599928144.htm
2014-12-21 20:32 - 2014-12-21 20:32 - 00000000 ____D () C:\Users\Travel Mate\Documents\HP_Pavilion_ZV_5000_181599928144-Dateien
2014-12-21 20:06 - 2014-12-21 20:07 - 00093252 _____ () C:\Users\Travel Mate\Documents\3_Stueck_Dell_Latitude_D620-D630_defekt_291325840383_114_Euro.htm
2014-12-21 20:06 - 2014-12-21 20:06 - 01699012 _____ () C:\Users\Travel Mate\Documents\XXXX 3_Stück_Dell_Latitude_D620-D630_defekt_291325840383_114_Euro.htm
2014-12-21 20:04 - 2014-12-21 20:04 - 00092498 _____ () C:\Users\Travel Mate\Documents\Medion_MD97400_231405188709.htm
2014-12-21 20:04 - 2014-12-21 20:04 - 00000000 ____D () C:\Users\Travel Mate\Documents\Medion_MD97400_231405188709-Dateien
2014-12-21 19:43 - 2014-12-21 19:43 - 00098434 _____ () C:\Users\Travel Mate\Documents\Samsung_SyncMaster_T200_161502083770.htm
2014-12-21 19:43 - 2014-12-21 19:43 - 00000000 ____D () C:\Users\Travel Mate\Documents\Samsung_SyncMaster_T200_161502083770-Dateien
2014-12-21 19:25 - 2014-12-21 19:25 - 00088275 _____ () C:\Users\Travel Mate\Documents\Gericom_Bellagio_1730e_181600258752.htm
2014-12-21 19:25 - 2014-12-21 19:25 - 00000000 ____D () C:\Users\Travel Mate\Documents\Gericom_Bellagio_1730e_181600258752-Dateien
2014-12-21 18:54 - 2014-12-21 18:54 - 00097706 _____ () C:\Users\Travel Mate\Documents\3_Speicherriegel_DIMM_2x512MB_1x1GB_161489607538.htm
2014-12-21 18:46 - 2014-12-21 18:46 - 00153316 _____ () C:\Users\Travel Mate\Documents\Hitachi_Ultrastar_HUA722050CLA330_500GB_291167355468.htm
2014-12-21 18:46 - 2014-12-21 18:46 - 00153316 _____ () C:\Users\Travel Mate\Documents\Hitachi_Deskstar_HUA722050CLA330_500GB_291167355468.htm
2014-12-21 17:34 - 2014-12-21 17:34 - 00000890 _____ () C:\Users\Travel Mate\Desktop\Downloads - Verknüpfung.lnk
2014-12-21 17:33 - 2014-12-21 17:33 - 00007667 _____ () C:\Users\Travel Mate\Desktop\141003 - Verknüpfung.lnk
2014-12-20 13:19 - 2014-12-20 13:20 - 00087604 _____ () C:\Users\Travel Mate\Documents\Dell Latitude D630_201241823587_147.htm
2014-12-20 10:26 - 2014-12-20 10:26 - 00000786 _____ () C:\Windows\KB2936068.log
2014-12-20 07:36 - 2014-12-20 07:37 - 00005314 _____ () C:\Windows\IE10_main.log
2014-12-20 07:30 - 2014-12-31 17:36 - 00024988 _____ () C:\Windows\IE11_main.log
2014-12-20 07:30 - 2014-12-20 07:37 - 00000134 _____ () C:\Users\Travel Mate\Desktop\Internet Explorer-Problembehebung.url
2014-12-15 22:26 - 2014-12-15 22:26 - 00099288 _____ () C:\Users\Travel Mate\Documents\Dell_Latitude_D630_261700909380_30_50.htm
2014-12-15 21:33 - 2014-12-15 21:33 - 00105122 _____ () C:\Users\Travel Mate\Desktop\Gericom_Bellagio_1720e_IPC_7521P_MIM2210_121498523874.htm
2014-12-15 20:02 - 2014-12-15 20:02 - 00096860 _____ () C:\Users\Travel Mate\Documents\Acer_Aspire_5315_ICL50_171557016246.htm
2014-12-15 19:39 - 2014-12-15 19:39 - 00102933 _____ () C:\Users\Travel Mate\Documents\Hitachi_Deskstar_HDS725050KLA360_500GB_221614269222.htm
2014-12-15 19:07 - 2014-12-15 19:07 - 00097716 _____ () C:\Users\Travel Mate\Desktop\Colorful_Nvidia_GeForce_9400_GT_512MB_4719331346072.html
2014-12-15 18:48 - 2015-01-01 00:48 - 00000000 ___HD () C:\ProgramData\{CA2FACF7-9029-4A21-892B-E7F60B39FF1A}
2014-12-15 15:51 - 2014-12-15 16:04 - 92789928 _____ (Ashampoo GmbH & Co. KG ) C:\Users\Travel Mate\Downloads\ashampoo_burning_studio_2014_12.0.5_15376.exe
2014-12-15 15:50 - 2014-12-15 15:50 - 00142275 _____ () C:\Users\Travel Mate\Downloads\Ashampoo_Burning_Studio_2014.htm
2014-12-15 15:50 - 2014-12-15 15:50 - 00000000 ____D () C:\Users\Travel Mate\Downloads\Ashampoo_Burning_Studio_2014-Dateien
2014-12-15 12:42 - 2014-12-15 12:42 - 00035393 _____ () C:\Users\Travel Mate\Downloads\Ausserplanmaessiges_Sicherheitsupdate_MS14-021_fuer_den_Internet_Explorer_6_7_8_9_10_und_11_ist_online.htm
2014-12-15 12:20 - 2014-12-15 12:21 - 11054840 _____ (Microsoft Corporation) C:\Users\Travel Mate\Downloads\WindowsServer2003.WindowsXP-KB2936068-x64-DEU.exe
2014-12-15 12:19 - 2014-12-15 12:20 - 09661680 _____ (Microsoft Corporation) C:\Users\Travel Mate\Downloads\IE8-WindowsXP-KB2936068-x86-ENU.exe
2014-12-15 12:18 - 2014-12-15 12:20 - 20434168 _____ (Microsoft Corporation) C:\Users\Travel Mate\Downloads\IE7-WindowsServer2003.WindowsXP-KB2936068-x64-ENU.exe
2014-12-15 12:15 - 2014-12-15 12:15 - 08673520 _____ (Microsoft Corporation) C:\Users\Travel Mate\Downloads\IE7-WindowsXP-KB2936068-x86-ENU.exe
2014-12-15 12:14 - 2014-12-15 12:15 - 22947064 _____ (Microsoft Corporation) C:\Users\Travel Mate\Downloads\IE8-WindowsServer2003.WindowsXP-KB2936068-x64-ENU.exe
2014-12-15 12:11 - 2014-12-15 12:12 - 09669360 _____ (Microsoft Corporation) C:\Users\Travel Mate\Downloads\IE8-WindowsXP-KB2936068-x86-DEU.exe
2014-12-15 12:06 - 2014-12-15 12:06 - 00057152 _____ () C:\Users\Travel Mate\Downloads\Lutz_Donnerhacke_de_comp_security_firewall_FAQ.htm
2014-12-15 12:03 - 2014-12-15 12:03 - 00195967 _____ () C:\Users\Travel Mate\Downloads\Microsoft_Security_Bulletin_MS14-018_Kritisch.htm
2014-12-15 11:45 - 2014-12-15 11:45 - 00083482 _____ () C:\Users\Travel Mate\Documents\Gericom_Hummer_Advance_2560_XL_201206591377_29_25.htm
2014-12-15 11:42 - 2014-12-15 11:42 - 00111868 _____ () C:\Users\Travel Mate\Documents\Dell_Latitude_D630_181575633384_33_53.htm
2014-12-15 11:40 - 2014-12-15 11:40 - 00097254 _____ () C:\Users\Travel Mate\Documents\Dell_Latitude_D630_Series_321570817498_32_50.htm
2014-12-15 11:09 - 2014-12-15 11:09 - 00109452 _____ () C:\Users\Travel Mate\Documents\Dell_Latitude_D630_171520444830_25_50.htm
2014-12-15 11:06 - 2014-12-15 11:06 - 00098058 _____ () C:\Users\Travel Mate\Documents\Dell_Latitude_D630_281484637517_16.htm
2014-12-15 10:50 - 2014-12-15 10:50 - 00114772 _____ () C:\Users\Travel Mate\Documents\Gericom_Hummer_26640_XL_161467504073_30_60.htm
2014-12-15 10:39 - 2014-12-15 10:39 - 00109479 _____ () C:\Users\Travel Mate\Documents\Dell_Latitude_D630_161469685234_40_50.htm
2014-12-06 20:24 - 2014-12-06 20:24 - 00030035 _____ () C:\Users\Travel Mate\Downloads\mkbt20.zip
2014-12-06 20:23 - 2014-12-06 20:24 - 00045817 _____ () C:\Users\Travel Mate\Downloads\MKBT20.HTM
2014-12-06 20:23 - 2014-12-06 20:24 - 00000000 ____D () C:\Users\Travel Mate\Downloads\MKBT20-Dateien
2014-12-06 20:18 - 2014-12-06 20:18 - 00000000 ____D () C:\Users\Travel Mate\Downloads\How_to_use_ISO_Recorder-Dateien
2014-12-06 20:17 - 2014-12-06 20:18 - 00003576 _____ () C:\Users\Travel Mate\Downloads\How_to_use_ISO_Recorder.htm
2014-12-06 18:31 - 2014-12-06 18:31 - 00086920 _____ () C:\Users\Travel Mate\Downloads\Easy2Boot_list_of_tested_payload_files.htm
2014-12-06 18:31 - 2014-12-06 18:31 - 00073116 _____ () C:\Users\Travel Mate\Downloads\Live-Systeme_als_ISOs_vom_Stick_booten.htm
2014-12-06 18:31 - 2014-12-06 18:31 - 00000000 ____D () C:\Users\Travel Mate\Downloads\Live-Systeme_als_ISOs_vom_Stick_booten-Dateien
2014-12-06 18:31 - 2014-12-06 18:31 - 00000000 ____D () C:\Users\Travel Mate\Downloads\Easy2Boot_list_of_tested_payload_files-Dateien
2014-12-06 18:30 - 2014-12-06 18:30 - 07015164 _____ () C:\Users\Travel Mate\Downloads\MPI_Tool_Pack_Plus_CloverLite_040.zip
2014-12-06 15:40 - 2014-12-06 15:40 - 00008930 _____ () C:\Users\Travel Mate\Downloads\smime.p7s

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-02 17:45 - 2013-10-03 17:24 - 00000000 ____D () C:\Users\Travel Mate\AppData\Local\FreePDF_XP
2015-01-02 17:42 - 2012-04-26 11:44 - 00945369 _____ () C:\Windows\WindowsUpdate.log
2015-01-02 15:55 - 2012-04-26 21:32 - 00643866 _____ () C:\Windows\system32\perfh007.dat
2015-01-02 15:55 - 2012-04-26 21:32 - 00126394 _____ () C:\Windows\system32\perfc007.dat
2015-01-02 15:55 - 2009-07-14 06:13 - 01472002 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-02 12:41 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2015-01-01 11:33 - 2012-12-12 11:36 - 00000000 ____D () C:\Users\Travel Mate
2015-01-01 00:55 - 2009-07-14 05:45 - 00016752 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-01 00:55 - 2009-07-14 05:45 - 00016752 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-01 00:48 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-01 00:48 - 2009-07-14 05:51 - 00053425 _____ () C:\Windows\setupact.log
2014-12-31 17:42 - 2012-12-12 11:39 - 00001417 _____ () C:\Users\Travel Mate\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-12-31 17:40 - 2009-07-14 05:45 - 00318296 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-12-31 17:38 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-12-31 17:37 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\SysWOW64\zh-HK
2014-12-31 17:37 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\SysWOW64\tr-TR
2014-12-31 17:37 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\zh-HK
2014-12-31 17:37 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\tr-TR
2014-12-25 11:12 - 2013-02-07 17:15 - 00001210 _____ () C:\Users\Travel Mate\Desktop\Multidecoder.lnk
2014-12-22 22:36 - 2013-08-26 09:31 - 00000000 ____D () C:\CARS
2014-12-21 23:11 - 2013-05-12 17:32 - 00000000 ____D () C:\Users\Travel Mate\AppData\Local\Deployment
2014-12-15 19:59 - 2014-11-23 17:04 - 00010760 _____ () C:\Users\Travel Mate\diverses.txt
2014-12-09 08:28 - 2013-02-12 04:50 - 00000000 ____D () C:\Users\Travel Mate\AppData\Roaming\vlc

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-12-25 12:16

==================== End Of Log ============================
         
--- --- ---

--- --- ---


Addition.txt
Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 28-12-2014
Ran by Travel Mate at 2015-01-02 18:43:10
Running from C:\Users\Travel Mate\Desktop\AV
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: AntiVir Desktop (Enabled - Out of date) {090F9C29-64CE-6C6F-379C-5901B49A85B7}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AntiVir Desktop (Enabled - Out of date) {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Acer Backup Manager (HKLM-x32\...\InstallShield_{0B61BBD5-DA3C-409A-8730-0C3DC3B0F270}) (Version: 3.0.0.99 - NTI Corporation)
Acer Crystal Eye Webcam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 1.0.1904 - CyberLink Corp.)
Acer Crystal Eye Webcam (x32 Version: 1.0.1904 - CyberLink Corp.) Hidden
Acer ePower Management (HKLM-x32\...\{3DB0448D-AD82-4923-B305-D001E521A964}) (Version: 6.00.3007 - Acer Incorporated)
Acer eRecovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 5.00.3502 - Acer Incorporated)
Acer Registration (HKLM-x32\...\Acer Registration) (Version: 1.04.3505 - Acer Incorporated)
Acer ScreenSaver (HKLM-x32\...\Acer Screensaver) (Version: 1.1.0517.2011 - Acer Incorporated)
Acer Updater (HKLM-x32\...\{EE171732-BEB4-4576-887D-CB62727F01CA}) (Version: 1.02.3500 - Acer Incorporated)
Acer VCM (HKLM-x32\...\{047F790A-7A2A-4B6A-AD02-38092BA63DAC}) (Version: 4.05.3501 - Acer Incorporated)
Adobe Flash Player 11 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 11.3.300.257 - Adobe Systems Incorporated)
Adobe Reader X MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.0.0 - Adobe Systems Incorporated)
AFPL Ghostscript 8.54 (HKLM-x32\...\AFPL Ghostscript 8.54) (Version:  - )
AFPL Ghostscript Fonts (HKLM-x32\...\AFPL Ghostscript Fonts) (Version:  - )
Albelli Fotobücher (HKU\S-1-5-21-3003312382-2928224955-3310159703-1000\...\{EE20E438-B675-4421-AB07-928F0EC9FB22}_is1) (Version:  - Albelli)
Avira AntiVir Personal - Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 10.0.0.592 - Avira GmbH)
Backup Manager V3 (x32 Version: 3.0.0.99 - NTI Corporation) Hidden
Black Mirror 2 (HKLM-x32\...\Black Mirror 2_is1) (Version:  - dtp)
Broadcom NetLink Controller (HKLM\...\{C91DCB72-F5BB-410D-A91A-314F5D1B4284}) (Version: 14.8.4.1 - Broadcom Corporation)
Corel WinDVD (HKLM-x32\...\{5C1F18D2-F6B7-4242-B803-B5A78648185D}) (Version: 10.0.5.899 - Corel Inc.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
eBay Worldwide (HKLM-x32\...\{D3E5A972-9A15-427D-AE78-8181A5FD943C}) (Version: 2.2.0409 - OEM)
Evernote v. 4.5.1 (HKLM-x32\...\{28921580-E4BB-11E0-9FD7-1CC1DEF07CBE}) (Version: 4.5.1.5451 - Evernote Corp.)
Fotogalerija Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
FreePDF (Remove only) (HKLM-x32\...\FreePDF_XP) (Version:  - )
Galeria de Fotografias do Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galería fotográfica de Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galeria fotogràfica del Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galeria fotografii usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie foto Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Gray Matter (HKLM-x32\...\Gray Matter_is1) (Version:  - dtp)
Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3501 - Acer Incorporated)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2418 - Intel Corporation)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Launch Manager (HKLM-x32\...\LManager) (Version: 6.0.5 - Acer Inc.)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Compact Framework 2.0 SP1 (HKLM-x32\...\{625386A4-B6B6-4911-A6E8-23189C3F2D15}) (Version: 2.0.6129 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 4.0.50401.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Mozilla Firefox (3.6.8) (HKLM-x32\...\Mozilla Firefox (3.6.8)) (Version: 3.6.8 (de) - Mozilla)
newsXpresso (HKLM-x32\...\InstallShield_{613C0AC5-3A67-4B94-8B13-9176AD83F5BF}) (Version: 1.0.0.40 - esobi Inc.)
newsXpresso (x32 Version: 1.0.0.40 - esobi Inc.) Hidden
Norton Online Backup (HKLM-x32\...\{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}) (Version: 2.1.17869 - Symantec Corporation)
NTI Media Maker 9 (HKLM-x32\...\InstallShield_{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}) (Version: 9.0.2.8942 - NTI Corporation)
NTI Media Maker 9 (x32 Version: 9.0.2.8942 - NTI Corporation) Hidden
OpenOffice.org 3.4.1 (HKLM-x32\...\{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}) (Version: 3.41.9593 - Apache Software Foundation)
Poczta usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Podstawowe programy Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Pošta Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Raccolta foto di Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6392 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30127 - Realtek Semiconductor Corp.)
RedMon - Redirection Port Monitor (HKLM\...\Redirection Port Monitor) (Version:  - )
Skype™ 5.5 (HKLM-x32\...\{AA59DDE4-B672-4621-A016-4C248204957A}) (Version: 5.5.117 - Skype Technologies S.A.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.2.17.5 - Synaptics Incorporated)
The First Templar 1.00 (HKU\S-1-5-21-3003312382-2928224955-3310159703-1000\...\The First Templar) (Version: 1.00 - Kalypso Media)
VLC media player 2.0.1 (HKLM-x32\...\VLC media player) (Version: 2.0.1 - VideoLAN)
Welcome Center (HKLM-x32\...\Acer Welcome Center) (Version: 1.02.3505 - Acer Incorporated)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
Συλλογή φωτογραφιών του Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Основные компоненты Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Почта Windows Live (x32 Version: 15.4.3502.0922 - Корпорация Майкрософт) Hidden
Фотоальбом Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Фотогалерия на Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
גלריית התמונות של Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
بريد Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
معرض صور Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-3003312382-2928224955-3310159703-1000_Classes\CLSID\{F9E1BD9A-84B5-4D12-9195-0B3E7D86FD35}\InprocServer32 -> C:\ProgramData\{CA2FACF7-9029-4A21-892B-E7F60B39FF1A}\neth.dll (Microsoft Corporation)

==================== Restore Points  =========================

20-12-2014 08:13:58 Geplanter Prüfpunkt
20-12-2014 10:38:40 Windows Update
27-12-2014 20:09:49 Geplanter Prüfpunkt
31-12-2014 17:09:40 Windows Modules Installer

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {B2B8CE61-33B7-4088-B713-B1909635A6AB} - System32\Tasks\{40B30B6F-BD59-4066-990B-67A303EF1655} => pcalua.exe -a D:\SETUP.EXE -d D:\

==================== Loaded Modules (whitelisted) =============

2013-09-20 15:48 - 2010-06-17 19:56 - 00087040 _____ () C:\Windows\System32\redmonnt.dll
2012-01-10 12:42 - 2011-06-10 03:36 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2012-12-20 18:40 - 2010-06-17 15:27 - 00355688 _____ () C:\Anwendungen\Avira\AntiVir Desktop\sqlite3.dll
2011-04-24 03:29 - 2011-04-24 03:29 - 00465640 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\sqlite3.dll
2011-04-24 03:29 - 2011-04-24 03:29 - 01081664 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\ACE.dll
2011-04-24 03:29 - 2011-04-24 03:29 - 00125760 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\MailConverter32.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


========================= Accounts: ==========================

Administrator (S-1-5-21-3003312382-2928224955-3310159703-500 - Administrator - Disabled)
Gast (S-1-5-21-3003312382-2928224955-3310159703-501 - Limited - Disabled)
Travel Mate (S-1-5-21-3003312382-2928224955-3310159703-1000 - Administrator - Enabled) => C:\Users\Travel Mate

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (01/02/2015 11:48:27 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: AcroRd32.exe, Version: 10.0.0.396, Zeitstempel: 0x4cc5e97b
Name des fehlerhaften Moduls: msvcrt.dll, Version: 7.0.7600.16385, Zeitstempel: 0x4a5bda6f
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00009b60
ID des fehlerhaften Prozesses: 0x810
Startzeit der fehlerhaften Anwendung: 0xAcroRd32.exe0
Pfad der fehlerhaften Anwendung: AcroRd32.exe1
Pfad des fehlerhaften Moduls: AcroRd32.exe2
Berichtskennung: AcroRd32.exe3

Error: (01/02/2015 11:47:50 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: AcroRd32.exe, Version: 10.0.0.396, Zeitstempel: 0x4cc5e97b
Name des fehlerhaften Moduls: msvcrt.dll, Version: 7.0.7600.16385, Zeitstempel: 0x4a5bda6f
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00009b60
ID des fehlerhaften Prozesses: 0x14bc
Startzeit der fehlerhaften Anwendung: 0xAcroRd32.exe0
Pfad der fehlerhaften Anwendung: AcroRd32.exe1
Pfad des fehlerhaften Moduls: AcroRd32.exe2
Berichtskennung: AcroRd32.exe3

Error: (01/01/2015 00:22:25 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: AcroRd32.exe, Version: 10.0.0.396, Zeitstempel: 0x4cc5e97b
Name des fehlerhaften Moduls: msvcrt.dll, Version: 7.0.7600.16385, Zeitstempel: 0x4a5bda6f
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00009b60
ID des fehlerhaften Prozesses: 0x14c0
Startzeit der fehlerhaften Anwendung: 0xAcroRd32.exe0
Pfad der fehlerhaften Anwendung: AcroRd32.exe1
Pfad des fehlerhaften Moduls: AcroRd32.exe2
Berichtskennung: AcroRd32.exe3

Error: (01/01/2015 00:48:44 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/01/2015 00:43:05 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/01/2015 00:38:07 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/31/2014 05:41:37 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/31/2014 04:40:15 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/28/2014 09:13:16 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm iexplore.exe, Version 9.0.8112.16545 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 578

Startzeit: 01d022d89ec891d1

Endzeit: 13

Anwendungspfad: C:\Program Files (x86)\Internet Explorer\iexplore.exe

Berichts-ID:

Error: (12/27/2014 08:41:19 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm iexplore.exe, Version 9.0.8112.16545 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 15c8

Startzeit: 01d0220abdfc73c9

Endzeit: 16

Anwendungspfad: C:\Program Files (x86)\Internet Explorer\iexplore.exe

Berichts-ID:


System errors:
=============
Error: (01/02/2015 05:58:14 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252.

Error: (01/02/2015 05:58:13 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252.

Error: (01/02/2015 05:58:13 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252.

Error: (01/02/2015 03:46:16 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252.

Error: (01/02/2015 03:46:15 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252.

Error: (01/02/2015 03:46:13 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252.

Error: (01/02/2015 00:44:52 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252.

Error: (01/02/2015 00:43:44 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252.

Error: (01/02/2015 00:43:07 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252.

Error: (01/02/2015 00:42:57 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252.


Microsoft Office Sessions:
=========================
Error: (01/02/2015 11:48:27 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: AcroRd32.exe10.0.0.3964cc5e97bmsvcrt.dll7.0.7600.163854a5bda6fc000000500009b6081001d026799b350d7fC:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exeC:\Windows\syswow64\msvcrt.dlle1b29c62-926c-11e4-9fc5-e840f2d02631

Error: (01/02/2015 11:47:50 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: AcroRd32.exe10.0.0.3964cc5e97bmsvcrt.dll7.0.7600.163854a5bda6fc000000500009b6014bc01d026797a351da3C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exeC:\Windows\syswow64\msvcrt.dllcb8e0cbd-926c-11e4-9fc5-e840f2d02631

Error: (01/01/2015 00:22:25 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: AcroRd32.exe10.0.0.3964cc5e97bmsvcrt.dll7.0.7600.163854a5bda6fc000000500009b6014c001d025b52bf7e88dC:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exeC:\Windows\syswow64\msvcrt.dll75784992-91a8-11e4-9fc5-e840f2d02631

Error: (01/01/2015 00:48:44 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/01/2015 00:43:05 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/01/2015 00:38:07 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/31/2014 05:41:37 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/31/2014 04:40:15 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/28/2014 09:13:16 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: iexplore.exe9.0.8112.1654557801d022d89ec891d113C:\Program Files (x86)\Internet Explorer\iexplore.exe

Error: (12/27/2014 08:41:19 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: iexplore.exe9.0.8112.1654515c801d0220abdfc73c916C:\Program Files (x86)\Internet Explorer\iexplore.exe


==================== Memory info =========================== 

Processor: Intel(R) Pentium(R) CPU P6200 @ 2.13GHz
Percentage of memory in use: 49%
Total physical RAM: 3764.36 MB
Available physical RAM: 1907.18 MB
Total Pagefile: 7526.9 MB
Available Pagefile: 5016.28 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:284.99 GB) (Free:62.68 GB) NTFS
Drive d: (IE11) (CDROM) (Total:0.09 GB) (Free:0 GB) CDFS
Drive e: () (Removable) (Total:59.55 GB) (Free:38.4 GB) FAT32
Drive f: (MICROSD) (Removable) (Total:14.87 GB) (Free:6.26 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: F1C971A0)
Partition 1: (Not Active) - (Size=13 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=285 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 14.9 GB) (Disk ID: 00F54379)
Partition 1: (Not Active) - (Size=14.9 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (Size: 59.6 GB) (Disk ID: E1CC9ECD)
Partition 1: (Not Active) - (Size=59.6 GB) - (Type=0B)

==================== End Of Log ============================
         
--- --- ---


GMER.txt
Code:
ATTFilter
GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2015-01-02 19:13:11
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD32 rev.01.0 298,09GB
Running: 8tccbsdg.exe; Driver: C:\Users\TRAVEL~1\AppData\Local\Temp\kxldrpob.sys


---- Kernel code sections - GMER 2.1 ----

INITKDBG  C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 528                                                                                                                               fffff80002ded000 45 bytes [00, 00, 10, 02, 4D, 6D, 43, ...]
INITKDBG  C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 575                                                                                                                               fffff80002ded02f 16 bytes [00, 01, 00, 00, 00, 00, 00, ...]

---- User code sections - GMER 2.1 ----

.text     C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[2016] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                                    0000000075f91465 2 bytes [F9, 75]
.text     C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[2016] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                                   0000000075f914bb 2 bytes [F9, 75]
.text     ...                                                                                                                                                                                              * 2

---- Threads - GMER 2.1 ----

Thread    C:\Windows\Explorer.EXE [1336:1276]                                                                                                                                                              000000000038f8e0
Thread    C:\Windows\Explorer.EXE [1336:996]                                                                                                                                                               000000000038f8e0
Thread    C:\Windows\Explorer.EXE [1336:988]                                                                                                                                                               000000000038f8e0
Thread    C:\Windows\Explorer.EXE [1336:1832]                                                                                                                                                              000000000038f8e0
Thread    C:\Windows\explorer.exe [6476:6420]                                                                                                                                                              0000000000496630
Thread    C:\Windows\explorer.exe [6476:6396]                                                                                                                                                              0000000000496630
Thread    C:\Windows\explorer.exe [6476:4352]                                                                                                                                                              0000000000496630
Thread    C:\Windows\explorer.exe [6476:6384]                                                                                                                                                              00000000001fccbc
Thread    C:\Windows\explorer.exe [6476:6368]                                                                                                                                                              0000000000200334
---- Processes - GMER 2.1 ----

Library   C:\ProgramData\{CA2FACF7-9029-4A21-892B-E7F60B39FF1A}\neth.dll (*** suspicious ***) @ C:\Windows\Explorer.EXE [1336] (Serbian_Latin Keyboard Layout/Microsoft Corporation)(2014-12-15 17:48:08)  0000000022c50000

---- EOF - GMER 2.1 ----
         
--- --- ---


Scan-Ergebnis-20141231-2045.html (jüngster Bericht von Desinfec't)
Code:
ATTFilter
Virenfunde
Avira Bitdefender Aktion
/media/Acer/Users/Travel Mate/Downloads/190713/Notebook-BatteryInfo-Setup.exe Adware/Winload.D  VirusTotal Dateimanager umbenennen  
/media/MICROSD/AVI/Hexyul/ahylu.exe TR/Crypt.Xpack.123986 Trojan.GenericKD.2057002 VirusTotal Dateimanager umbenennen  
/media/MICROSD/AVI/Neqez/yhyb.exe  Gen:Variant.Graftor.169635 VirusTotal Dateimanager umbenennen  
/media/Acer/Users/Travel Mate/Documents/TOOLS/Setup.exe  ADWARE/Adware.Gen7 VirusTotal Dateimanager umbenennen  
/media/MICROSD/AVI/UiyiYapl/LayyeWubfu.auo TR/Vawtrak.A.771 Gen:Variant.Kazy.517991 VirusTotal Dateimanager umbenennen  
/media/MICROSD/AVI/Siyww/reopa.exe TR/Crypt.ZPACK.115911 Gen:Variant.Zusy.120815 VirusTotal Dateimanager umbenennen  
/media/MICROSD/AVI/Windows Genuine Advantage/{275A5439-6EA4-4329-BD7A-DCC070FFC294}/api-ms-win-system-d3d10core-l1-1-0.dll TR/Crypt.ZPACK.114056 Trojan.GenericKD.2030121 VirusTotal Dateimanager umbenennen  

Alle gefundenen Dateien mit der Endung .VIRUS versehen
         
--- --- ---


Übrigens waren die Log-Dateien in dieser Reihenfolge entstanden:
Desinfec't Suchlauf
FRST Suchlauf
GMER gestartet
WLAN ausgeschaltet
AntiVir Haken bei Echtzeitschutz entfernt
GMER beendet und neu gestartet und den Suchlauf durchgeführt
GMER beendet
AntiVir Haken bei Echtzeitschutz wieder gesetzt
WLAN aktiviert
Defogger ausgeführt (obwohl ich denke, daß kein Emulator installiert ist)
Rechner heruntergefahren, dabei blieb lange die Meldung "Windows wird heruntergefahren" stehen, nach etwa 10 Minuten kam ein Bluescreen

Hoffe, es paßt nun alles.
Wenn es nicht genug Lesematerial sein sollte, dann bitte Bescheid geben.
Danke und Gruß,
Espelkamper

Alt 03.01.2015, 15:47   #8
schrauber
/// the machine
/// TB-Ausbilder
 

Windows 7 träge und ständig neue Maleware - Standard

Windows 7 träge und ständig neue Maleware



Jaaa, viel besser


Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 03.01.2015, 17:14   #9
Espelkamper
 
Windows 7 träge und ständig neue Maleware - Standard

TDSSKiller Log



Hallo Schrauber,
das Ausführen des Programms war einfach, der Download weniger.
Aktuell scheint der Download der aktuellen Version nicht zu funktionieren (Error 404), habe es sowohl mit dem Windows-Notebook versucht als auch mit dem Android-Tablet.
Es ging nur der Umweg über die ältere Version 2.8.15.0, die nach dem Start das Update geladen hat.
Beim Ausführen brauchte ich auch nichts zu skippen.

Die Log-Datei zu TDSSKiller:
Code:
ATTFilter
17:04:03.0616 0x12f0  TDSS rootkit removing tool 3.0.0.42 Dec 12 2014 00:35:20
17:04:28.0727 0x12f0  ============================================================
17:04:28.0727 0x12f0  Current date / time: 2015/01/03 17:04:28.0727
17:04:28.0727 0x12f0  SystemInfo:
17:04:28.0727 0x12f0  
17:04:28.0727 0x12f0  OS Version: 6.1.7601 ServicePack: 1.0
17:04:28.0727 0x12f0  Product type: Workstation
17:04:28.0727 0x12f0  ComputerName: ACERTM
17:04:28.0727 0x12f0  UserName: Travel Mate
17:04:28.0727 0x12f0  Windows directory: C:\Windows
17:04:28.0727 0x12f0  System windows directory: C:\Windows
17:04:28.0727 0x12f0  Running under WOW64
17:04:28.0727 0x12f0  Processor architecture: Intel x64
17:04:28.0727 0x12f0  Number of processors: 2
17:04:28.0727 0x12f0  Page size: 0x1000
17:04:28.0727 0x12f0  Boot type: Normal boot
17:04:28.0727 0x12f0  ============================================================
17:04:28.0827 0x12f0  KLMD registered as C:\Windows\system32\drivers\71756205.sys
17:04:29.0111 0x12f0  System UUID: {E30F0D6A-8BE3-0270-74B8-889267E9C01F}
17:04:29.0765 0x12f0  Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 ( 298.09 Gb ), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
17:04:29.0765 0x12f0  Drive \Device\Harddisk1\DR1 - Size: 0xEE4800000 ( 59.57 Gb ), SectorSize: 0x200, Cylinders: 0x1E60, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
17:04:29.0775 0x12f0  ============================================================
17:04:29.0775 0x12f0  \Device\Harddisk0\DR0:
17:04:29.0775 0x12f0  MBR partitions:
17:04:29.0775 0x12f0  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1A00800, BlocksNum 0x32000
17:04:29.0775 0x12f0  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1A32800, BlocksNum 0x239FB800
17:04:29.0775 0x12f0  \Device\Harddisk1\DR1:
17:04:29.0775 0x12f0  MBR partitions:
17:04:29.0775 0x12f0  \Device\Harddisk1\DR1\Partition1: MBR, Type 0xB, StartLBA 0x860, BlocksNum 0x77237A0
17:04:29.0775 0x12f0  ============================================================
17:04:29.0805 0x12f0  C: <-> \Device\Harddisk0\DR0\Partition2
17:04:29.0805 0x12f0  ============================================================
17:04:29.0805 0x12f0  Initialize success
17:04:29.0805 0x12f0  ============================================================
17:04:44.0049 0x10b0  ============================================================
17:04:44.0049 0x10b0  Scan started
17:04:44.0049 0x10b0  Mode: Manual; SigCheck; TDLFS; 
17:04:44.0049 0x10b0  ============================================================
17:04:44.0049 0x10b0  KSN ping started
17:04:58.0561 0x10b0  KSN ping finished: true
17:04:59.0100 0x10b0  ================ Scan system memory ========================
17:04:59.0100 0x10b0  System memory - ok
17:04:59.0110 0x10b0  ================ Scan services =============================
17:04:59.0342 0x10b0  [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
17:04:59.0462 0x10b0  1394ohci - ok
17:04:59.0532 0x10b0  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
17:04:59.0552 0x10b0  ACPI - ok
17:04:59.0602 0x10b0  [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
17:04:59.0662 0x10b0  AcpiPmi - ok
17:04:59.0712 0x10b0  [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
17:04:59.0772 0x10b0  adp94xx - ok
17:04:59.0792 0x10b0  [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci         C:\Windows\system32\drivers\adpahci.sys
17:04:59.0822 0x10b0  adpahci - ok
17:04:59.0832 0x10b0  [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
17:04:59.0852 0x10b0  adpu320 - ok
17:04:59.0892 0x10b0  [ 4B78B431F225FD8624C5655CB1DE7B61, 198A5AF2125C7C41F531A652D200C083A55A97DC541E3C0B5B253C7329949156 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
17:04:59.0942 0x10b0  AeLookupSvc - ok
17:05:00.0002 0x10b0  [ 314C17917AC8523EC77A710215012A65, 725CF2D5F63C06F7704C24FE0CFA696215DADC6C0EC445D9671E82F8E23E56AD ] AFD             C:\Windows\system32\drivers\afd.sys
17:05:00.0092 0x10b0  AFD - ok
17:05:00.0122 0x10b0  [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440          C:\Windows\system32\drivers\agp440.sys
17:05:00.0142 0x10b0  agp440 - ok
17:05:00.0162 0x10b0  [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG             C:\Windows\System32\alg.exe
17:05:00.0222 0x10b0  ALG - ok
17:05:00.0252 0x10b0  [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide          C:\Windows\system32\drivers\aliide.sys
17:05:00.0262 0x10b0  aliide - ok
17:05:00.0272 0x10b0  [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide          C:\Windows\system32\drivers\amdide.sys
17:05:00.0292 0x10b0  amdide - ok
17:05:00.0322 0x10b0  [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
17:05:00.0372 0x10b0  AmdK8 - ok
17:05:00.0392 0x10b0  [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM          C:\Windows\system32\drivers\amdppm.sys
17:05:00.0442 0x10b0  AmdPPM - ok
17:05:00.0462 0x10b0  [ D4121AE6D0C0E7E13AA221AA57EF2D49, 626F43C099BD197BE56648C367B711143C2BCCE96496BBDEF19F391D52FA01D0 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
17:05:00.0482 0x10b0  amdsata - ok
17:05:00.0502 0x10b0  [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys
17:05:00.0532 0x10b0  amdsbs - ok
17:05:00.0552 0x10b0  [ 540DAF1CEA6094886D72126FD7C33048, 296578572A93F5B74E1AD443E000B79DC99D1CBD25082E02704800F886A3065F ] amdxata         C:\Windows\system32\drivers\amdxata.sys
17:05:00.0562 0x10b0  amdxata - ok
17:05:00.0672 0x10b0  [ D0438DB784D7BD2F07F5B9C7FB698049, 650BFBFF53FC7736B21D8E389296C666A8A85E10A977588C5AED417F293C6609 ] AntiVirSchedulerService C:\Anwendungen\Avira\AntiVir Desktop\sched.exe
17:05:00.0712 0x10b0  AntiVirSchedulerService - ok
17:05:00.0772 0x10b0  [ 56B25729F1E8DDC2A194823E41DE8235, 9F3E8B3F17FFA79632C8AC1B7CE3A351BC2377C6E2C275A3868C52E41490AFDF ] AntiVirService  C:\Anwendungen\Avira\AntiVir Desktop\avguard.exe
17:05:00.0782 0x10b0  AntiVirService - ok
17:05:00.0812 0x10b0  [ 89A69C3F2F319B43379399547526D952, 8ABDB4B8E106F96EBBA0D4D04C4F432296516E107E7BA5644ED2E50CF9BB491A ] AppID           C:\Windows\system32\drivers\appid.sys
17:05:00.0892 0x10b0  AppID - ok
17:05:00.0925 0x10b0  [ 0BC381A15355A3982216F7172F545DE1, C33AF13CB218F7BF52E967452573DF2ADD20A95C6BF99229794FEF07C4BBE725 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
17:05:00.0974 0x10b0  AppIDSvc - ok
17:05:00.0994 0x10b0  [ 3977D4A871CA0D4F2ED1E7DB46829731, 2AF1C3225994769C3FD25CD7E9603964B035576F25B0B6D91545566E0722FFAA ] Appinfo         C:\Windows\System32\appinfo.dll
17:05:01.0054 0x10b0  Appinfo - ok
17:05:01.0074 0x10b0  [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc             C:\Windows\system32\drivers\arc.sys
17:05:01.0094 0x10b0  arc - ok
17:05:01.0104 0x10b0  [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas          C:\Windows\system32\drivers\arcsas.sys
17:05:01.0124 0x10b0  arcsas - ok
17:05:01.0144 0x10b0  [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
17:05:01.0204 0x10b0  AsyncMac - ok
17:05:01.0224 0x10b0  [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi           C:\Windows\system32\drivers\atapi.sys
17:05:01.0234 0x10b0  atapi - ok
17:05:01.0394 0x10b0  [ DE9FB3DADE8FD39AE2C587DF22D36B8E, 5315448D41661E625D51330E689139E914E7173DF1F8593C9F81ABC959F5F85D ] athr            C:\Windows\system32\DRIVERS\athrx.sys
17:05:01.0624 0x10b0  athr - ok
17:05:01.0694 0x10b0  [ F23FEF6D569FCE88671949894A8BECF1, FCE7B156ED663471CF9A736915F00302E93B50FC647563D235313A37FCE8F0F6 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
17:05:01.0804 0x10b0  AudioEndpointBuilder - ok
17:05:01.0824 0x10b0  [ F23FEF6D569FCE88671949894A8BECF1, FCE7B156ED663471CF9A736915F00302E93B50FC647563D235313A37FCE8F0F6 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
17:05:01.0894 0x10b0  AudioSrv - ok
17:05:01.0924 0x10b0  [ 1244ABC7B1978A4C43B8276CB1D91859, CE90CCC0E7975FC7C58CB400380C06E159EA1D5F7F2638E5C4BB9A253BD34BFF ] avgntflt        C:\Windows\system32\DRIVERS\avgntflt.sys
17:05:01.0964 0x10b0  avgntflt - ok
17:05:01.0984 0x10b0  [ C98FA6E5AD0E857D22716BD2B8B1F399, 438C86D1A5C629C189F561AAC07342095C2BD4847734204425AAF1E2C22431FA ] avipbb          C:\Windows\system32\DRIVERS\avipbb.sys
17:05:01.0994 0x10b0  avipbb - ok
17:05:02.0034 0x10b0  [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV        C:\Windows\System32\AxInstSV.dll
17:05:02.0084 0x10b0  AxInstSV - ok
17:05:02.0144 0x10b0  [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv         C:\Windows\system32\drivers\bxvbda.sys
17:05:02.0214 0x10b0  b06bdrv - ok
17:05:02.0274 0x10b0  [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
17:05:02.0354 0x10b0  b57nd60a - ok
17:05:02.0416 0x10b0  [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC          C:\Windows\System32\bdesvc.dll
17:05:02.0466 0x10b0  BDESVC - ok
17:05:02.0486 0x10b0  [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep            C:\Windows\system32\drivers\Beep.sys
17:05:02.0557 0x10b0  Beep - ok
17:05:02.0628 0x10b0  [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE             C:\Windows\System32\bfe.dll
17:05:02.0757 0x10b0  BFE - ok
17:05:02.0812 0x10b0  [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS            C:\Windows\System32\qmgr.dll
17:05:02.0958 0x10b0  BITS - ok
17:05:02.0984 0x10b0  [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive        C:\Windows\system32\drivers\blbdrive.sys
17:05:03.0014 0x10b0  blbdrive - ok
17:05:03.0024 0x10b0  [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
17:05:03.0064 0x10b0  bowser - ok
17:05:03.0074 0x10b0  [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo        C:\Windows\system32\drivers\BrFiltLo.sys
17:05:03.0104 0x10b0  BrFiltLo - ok
17:05:03.0114 0x10b0  [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp        C:\Windows\system32\drivers\BrFiltUp.sys
17:05:03.0134 0x10b0  BrFiltUp - ok
17:05:03.0154 0x10b0  [ 5C2F352A4E961D72518261257AAE204B, 9EE1001E1D46A414A7A86FE1DBBE232203E26F54D9EF43ED31ED8EACD4D09853 ] Bridge          C:\Windows\system32\DRIVERS\bridge.sys
17:05:03.0224 0x10b0  Bridge - ok
17:05:03.0234 0x10b0  [ 5C2F352A4E961D72518261257AAE204B, 9EE1001E1D46A414A7A86FE1DBBE232203E26F54D9EF43ED31ED8EACD4D09853 ] BridgeMP        C:\Windows\system32\DRIVERS\bridge.sys
17:05:03.0284 0x10b0  BridgeMP - ok
17:05:03.0314 0x10b0  [ 8EF0D5C41EC907751B8429162B1239ED, 9CC25F1F93FACA6F6CE23F78EB58590C39A2E3C8A3ACDF400E8A9DE0757EADAE ] Browser         C:\Windows\System32\browser.dll
17:05:03.0394 0x10b0  Browser - ok
17:05:03.0424 0x10b0  [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
17:05:03.0484 0x10b0  Brserid - ok
17:05:03.0504 0x10b0  [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
17:05:03.0544 0x10b0  BrSerWdm - ok
17:05:03.0564 0x10b0  [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
17:05:03.0596 0x10b0  BrUsbMdm - ok
17:05:03.0616 0x10b0  [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
17:05:03.0646 0x10b0  BrUsbSer - ok
17:05:03.0676 0x10b0  [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
17:05:03.0716 0x10b0  BTHMODEM - ok
17:05:03.0756 0x10b0  [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv         C:\Windows\system32\bthserv.dll
17:05:03.0813 0x10b0  bthserv - ok
17:05:03.0832 0x10b0  [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
17:05:04.0002 0x10b0  cdfs - ok
17:05:04.0053 0x10b0  [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
17:05:04.0178 0x10b0  cdrom - ok
17:05:04.0216 0x10b0  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc     C:\Windows\System32\certprop.dll
17:05:04.0348 0x10b0  CertPropSvc - ok
17:05:04.0378 0x10b0  [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass        C:\Windows\system32\drivers\circlass.sys
17:05:04.0419 0x10b0  circlass - ok
17:05:04.0460 0x10b0  [ FE1EC06F2253F691FE36217C592A0206, B9F122DB5E665ECDF29A5CB8BB6B531236F31A54A95769D6C5C1924C87FE70CE ] CLFS            C:\Windows\system32\CLFS.sys
17:05:04.0501 0x10b0  CLFS - ok
17:05:04.0589 0x10b0  [ D88040F816FDA31C3B466F0FA0918F29, 39D3630E623DA25B8444B6D3AAAB16B98E7E289C5619E19A85D47B74C71449F3 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
17:05:04.0611 0x10b0  clr_optimization_v2.0.50727_32 - ok
17:05:04.0668 0x10b0  [ D1CEEA2B47CB998321C579651CE3E4F8, 654013B8FD229A50017B08DEC6CA19C7DDA8CE0771260E057A92625201D539B1 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
17:05:04.0693 0x10b0  clr_optimization_v2.0.50727_64 - ok
17:05:04.0735 0x10b0  [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt          C:\Windows\system32\drivers\CmBatt.sys
17:05:04.0765 0x10b0  CmBatt - ok
17:05:04.0770 0x10b0  [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide          C:\Windows\system32\drivers\cmdide.sys
17:05:04.0786 0x10b0  cmdide - ok
17:05:04.0832 0x10b0  [ D5FEA92400F12412B3922087C09DA6A5, C8CD9215D26D3295FE487C96A4FC3F4C8AFED764AE9445D9858D7489823A8A2B ] CNG             C:\Windows\system32\Drivers\cng.sys
17:05:04.0908 0x10b0  CNG - ok
17:05:04.0940 0x10b0  [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt        C:\Windows\system32\drivers\compbatt.sys
17:05:04.0950 0x10b0  Compbatt - ok
17:05:04.0990 0x10b0  [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
17:05:05.0050 0x10b0  CompositeBus - ok
17:05:05.0060 0x10b0  COMSysApp - ok
17:05:05.0080 0x10b0  [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
17:05:05.0113 0x10b0  crcdisk - ok
17:05:05.0152 0x10b0  [ 15597883FBE9B056F276ADA3AD87D9AF, B347E0B11228E38313C59C8ED984253A8A1FF482ED137CF5F488C4AFD6B08857 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
17:05:05.0222 0x10b0  CryptSvc - ok
17:05:05.0262 0x10b0  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] DcomLaunch      C:\Windows\system32\rpcss.dll
17:05:05.0352 0x10b0  DcomLaunch - ok
17:05:05.0392 0x10b0  [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc       C:\Windows\System32\defragsvc.dll
17:05:05.0462 0x10b0  defragsvc - ok
17:05:05.0482 0x10b0  [ 9BB2EF44EAA163B29C4A4587887A0FE4, 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
17:05:05.0552 0x10b0  DfsC - ok
17:05:05.0572 0x10b0  [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp            C:\Windows\system32\dhcpcore.dll
17:05:05.0662 0x10b0  Dhcp - ok
17:05:05.0692 0x10b0  [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache        C:\Windows\system32\drivers\discache.sys
17:05:05.0752 0x10b0  discache - ok
17:05:05.0782 0x10b0  [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk            C:\Windows\system32\drivers\disk.sys
17:05:05.0802 0x10b0  Disk - ok
17:05:05.0842 0x10b0  [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
17:05:05.0912 0x10b0  Dnscache - ok
17:05:05.0942 0x10b0  [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc         C:\Windows\System32\dot3svc.dll
17:05:06.0012 0x10b0  dot3svc - ok
17:05:06.0060 0x10b0  [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS             C:\Windows\system32\dps.dll
17:05:06.0104 0x10b0  DPS - ok
17:05:06.0156 0x10b0  [ 9B19F34400D24DF84C858A421C205754, 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
17:05:06.0186 0x10b0  drmkaud - ok
17:05:06.0298 0x10b0  [ AEA290020589EAF37BA17BA4B0C60937, 68FA01FFE19A611BDD5DFF218F98A482A951F81C2E8DDFA6583D4F2769238788 ] DsiWMIService   C:\Program Files (x86)\Launch Manager\dsiwmis.exe
17:05:06.0318 0x10b0  DsiWMIService - ok
17:05:06.0370 0x10b0  [ F5BEE30450E18E6B83A5012C100616FD, 44D0577D159FC2BDF4EAD1DC2C7FD14925D075225EF97608CAC52DEE405B08FD ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
17:05:06.0410 0x10b0  DXGKrnl - ok
17:05:06.0452 0x10b0  [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost         C:\Windows\System32\eapsvc.dll
17:05:06.0512 0x10b0  EapHost - ok
17:05:06.0642 0x10b0  [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv           C:\Windows\system32\drivers\evbda.sys
17:05:06.0892 0x10b0  ebdrv - ok
17:05:06.0922 0x10b0  [ 0793F40B9B8A1BDD266296409DBD91EA, 8A383FC9A66A327905C340D06138980F9E489479535A2C2AAE5E8BB14A74826E ] EFS             C:\Windows\System32\lsass.exe
17:05:06.0932 0x10b0  EFS - ok
17:05:07.0022 0x10b0  [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
17:05:07.0152 0x10b0  ehRecvr - ok
17:05:07.0182 0x10b0  [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched         C:\Windows\ehome\ehsched.exe
17:05:07.0222 0x10b0  ehSched - ok
17:05:07.0272 0x10b0  [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
17:05:07.0332 0x10b0  elxstor - ok
17:05:07.0472 0x10b0  [ AC5C64F828C0A6A1350971501AC2A0C7, 920EB0AC38AD65930A747EDC98144010AE97A4B74153B90EE36E9C45055649A1 ] ePowerSvc       C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
17:05:07.0532 0x10b0  ePowerSvc - ok
17:05:07.0552 0x10b0  [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
17:05:07.0592 0x10b0  ErrDev - ok
17:05:07.0662 0x10b0  [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem     C:\Windows\system32\es.dll
17:05:07.0732 0x10b0  EventSystem - ok
17:05:07.0762 0x10b0  [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat           C:\Windows\system32\drivers\exfat.sys
17:05:07.0812 0x10b0  exfat - ok
17:05:07.0872 0x10b0  [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
17:05:07.0942 0x10b0  fastfat - ok
17:05:08.0002 0x10b0  [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax             C:\Windows\system32\fxssvc.exe
17:05:08.0082 0x10b0  Fax - ok
17:05:08.0092 0x10b0  [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc             C:\Windows\system32\drivers\fdc.sys
17:05:08.0132 0x10b0  fdc - ok
17:05:08.0172 0x10b0  [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost         C:\Windows\system32\fdPHost.dll
17:05:08.0222 0x10b0  fdPHost - ok
17:05:08.0232 0x10b0  [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub        C:\Windows\system32\fdrespub.dll
17:05:08.0292 0x10b0  FDResPub - ok
17:05:08.0302 0x10b0  [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
17:05:08.0322 0x10b0  FileInfo - ok
17:05:08.0352 0x10b0  [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
17:05:08.0412 0x10b0  Filetrace - ok
17:05:08.0502 0x10b0  [ BB0667B0171B632B97EA759515476F07, 07A123B2182D5813D2898928C231638353CF086606E9D5A5AF4A2A73E17CEC27 ] FLEXnet Licensing Service C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
17:05:08.0562 0x10b0  FLEXnet Licensing Service - ok
17:05:08.0592 0x10b0  [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk        C:\Windows\system32\drivers\flpydisk.sys
17:05:08.0612 0x10b0  flpydisk - ok
17:05:08.0632 0x10b0  [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
17:05:08.0652 0x10b0  FltMgr - ok
17:05:08.0742 0x10b0  [ C4C183E6551084039EC862DA1C945E3D, 0874A2ACDD24D64965AA9A76E9C818E216880AE4C9A2E07ED932EE404585CEE6 ] FontCache       C:\Windows\system32\FntCache.dll
17:05:08.0891 0x10b0  FontCache - ok
17:05:08.0946 0x10b0  [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
17:05:08.0956 0x10b0  FontCache3.0.0.0 - ok
17:05:08.0976 0x10b0  [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
17:05:08.0996 0x10b0  FsDepends - ok
17:05:09.0006 0x10b0  [ E95EF8547DE20CF0603557C0CF7A9462, 55540B06B7B380CA2DA6EEE2D76C6CD6131ADB02B2D0B172A36536863A0C57B6 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
17:05:09.0016 0x10b0  Fs_Rec - ok
17:05:09.0026 0x10b0  [ 1F7B25B858FA27015169FE95E54108ED, 72DD12E924AA7273B3E4BDD2A2C581DECE304C8EF3D44EA79ABB032F3F95DCE5 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
17:05:09.0056 0x10b0  fvevol - ok
17:05:09.0066 0x10b0  [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
17:05:09.0086 0x10b0  gagp30kx - ok
17:05:09.0146 0x10b0  [ 277BBC7E1AA1EE957F573A10ECA7EF3A, 2EE60B924E583E847CC24E78B401EF95C69DB777A5B74E1EC963E18D47B94D24 ] gpsvc           C:\Windows\System32\gpsvc.dll
17:05:09.0246 0x10b0  gpsvc - ok
17:05:09.0296 0x10b0  [ C9B2D1D3F86FD3673EF847DEF73B6F9E, 9D3822A6464F685F770F8D02A8AE623A676888F135E8425C3BAF1CC077429A7F ] GREGService     C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
17:05:09.0306 0x10b0  GREGService - ok
17:05:09.0316 0x10b0  [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
17:05:09.0366 0x10b0  hcw85cir - ok
17:05:09.0406 0x10b0  [ 975761C778E33CD22498059B91E7373A, 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
17:05:09.0476 0x10b0  HdAudAddService - ok
17:05:09.0506 0x10b0  [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
17:05:09.0546 0x10b0  HDAudBus - ok
17:05:09.0586 0x10b0  [ B6AC71AAA2B10848F57FC49D55A651AF, 4FAD833654E86F9FAF972AC8AF87FD4A9A765B26B96F096BBD63506B5D521A91 ] HECIx64         C:\Windows\system32\drivers\HECIx64.sys
17:05:09.0616 0x10b0  HECIx64 - ok
17:05:09.0636 0x10b0  [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt         C:\Windows\system32\drivers\HidBatt.sys
17:05:09.0656 0x10b0  HidBatt - ok
17:05:09.0686 0x10b0  [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth          C:\Windows\system32\drivers\hidbth.sys
17:05:09.0716 0x10b0  HidBth - ok
17:05:09.0736 0x10b0  [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr           C:\Windows\system32\drivers\hidir.sys
17:05:09.0756 0x10b0  HidIr - ok
17:05:09.0796 0x10b0  [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv         C:\Windows\system32\hidserv.dll
17:05:09.0866 0x10b0  hidserv - ok
17:05:09.0886 0x10b0  [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb          C:\Windows\system32\drivers\hidusb.sys
17:05:09.0916 0x10b0  HidUsb - ok
17:05:09.0946 0x10b0  [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc          C:\Windows\system32\kmsvc.dll
17:05:10.0026 0x10b0  hkmsvc - ok
17:05:10.0046 0x10b0  [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
17:05:10.0106 0x10b0  HomeGroupListener - ok
17:05:10.0146 0x10b0  [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
17:05:10.0176 0x10b0  HomeGroupProvider - ok
17:05:10.0206 0x10b0  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
17:05:10.0226 0x10b0  HpSAMD - ok
17:05:10.0276 0x10b0  [ 0EA7DE1ACB728DD5A369FD742D6EEE28, 21C489412EB33A12B22290EB701C19BA57006E8702E76F730954F0784DDE9779 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
17:05:10.0396 0x10b0  HTTP - ok
17:05:10.0416 0x10b0  [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
17:05:10.0426 0x10b0  hwpolicy - ok
17:05:10.0456 0x10b0  [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
17:05:10.0476 0x10b0  i8042prt - ok
17:05:10.0538 0x10b0  [ D7921D5A870B11CC1ADAB198A519D50A, 5DF99EB5D5504E9D9EB21658E8B4A58DEE2AD143A1875DB7F9B7BF4877FCB57F ] iaStor          C:\Windows\system32\drivers\iaStor.sys
17:05:10.0558 0x10b0  iaStor - ok
17:05:10.0598 0x10b0  [ AAAF44DB3BD0B9D1FB6969B23ECC8366, 805AA4A9464002D1AB3832E4106B2AAA1331F4281367E75956062AAE99699385 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
17:05:10.0628 0x10b0  iaStorV - ok
17:05:10.0698 0x10b0  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD, 2B9512324DBA4A97F6AC34E8067EE08E3B6874CD60F6CB4209AFC22A34D2BE99 ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
17:05:10.0768 0x10b0  idsvc - ok
17:05:10.0788 0x10b0  IEEtwCollectorService - ok
17:05:11.0258 0x10b0  [ 9937600A1584FF00565D5379EB4C9EDB, CF03333E9E7BD940B27194A9CF21ED8A6A10B698B545A898291976F650FC2675 ] igfx            C:\Windows\system32\DRIVERS\igdkmd64.sys
17:05:11.0980 0x10b0  igfx - ok
17:05:12.0036 0x10b0  [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
17:05:12.0042 0x10b0  iirsp - ok
17:05:12.0092 0x10b0  [ FCD84C381E0140AF901E58D48882D26B, 76955FFC230C801E8ED890E32076075F04CD6E5EC79E594FDE6D23797A36B406 ] IKEEXT          C:\Windows\System32\ikeext.dll
17:05:12.0218 0x10b0  IKEEXT - ok
17:05:12.0274 0x10b0  [ DD587A55390ED2295BCE6D36AD567DA9, AEB7DCB8EF89BEE8D9649A05FC482B1E4E3F44243D57A2577C862EB69166C48E ] Impcd           C:\Windows\system32\drivers\Impcd.sys
17:05:12.0334 0x10b0  Impcd - ok
17:05:12.0474 0x10b0  [ 718A4008EE5DA174400396B27509EF82, 01F563AFF8156B3B72FB0ED1F25F6F451157FE0C4C5671072FD62FD1ED7F73AA ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
17:05:12.0564 0x10b0  IntcAzAudAddService - ok
17:05:12.0584 0x10b0  [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide        C:\Windows\system32\drivers\intelide.sys
17:05:12.0594 0x10b0  intelide - ok
17:05:12.0634 0x10b0  [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
17:05:12.0674 0x10b0  intelppm - ok
17:05:12.0704 0x10b0  [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
17:05:12.0794 0x10b0  IPBusEnum - ok
17:05:12.0824 0x10b0  [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
17:05:12.0874 0x10b0  IpFilterDriver - ok
17:05:12.0914 0x10b0  [ A34A587FFFD45FA649FBA6D03784D257, C9A2BCD4E2A5EB6E320092A3AFD5737ECDCDA0B83EE42314A23C4978F2974767 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
17:05:13.0024 0x10b0  iphlpsvc - ok
17:05:13.0024 0x10b0  [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
17:05:13.0044 0x10b0  IPMIDRV - ok
17:05:13.0054 0x10b0  [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
17:05:13.0104 0x10b0  IPNAT - ok
17:05:13.0134 0x10b0  [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM          C:\Windows\system32\drivers\irenum.sys
17:05:13.0154 0x10b0  IRENUM - ok
17:05:13.0164 0x10b0  [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
17:05:13.0174 0x10b0  isapnp - ok
17:05:13.0204 0x10b0  [ D931D7309DEB2317035B07C9F9E6B0BD, 13AD84172ED8C6153F8A98499C01733B74E48464CE07D099508E38D409913ED3 ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
17:05:13.0234 0x10b0  iScsiPrt - ok
17:05:13.0264 0x10b0  [ F415A88162D23977B5EDAE4F0410E903, B86FD88B4285ED96BFDB9430E4DB134AC1B09DBB541929C4D6C1EEAF792D444D ] IviRegMgr       C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
17:05:13.0274 0x10b0  IviRegMgr - ok
17:05:13.0334 0x10b0  [ 455B75C19BF3F1F2EE3AC10E1169826C, C8CE6DE48E0B4621F2851A994261FA787556A27F9868A8859E5E8A8354028257 ] k57nd60a        C:\Windows\system32\DRIVERS\k57nd60a.sys
17:05:13.0364 0x10b0  k57nd60a - ok
17:05:13.0394 0x10b0  [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass        C:\Windows\system32\drivers\kbdclass.sys
17:05:13.0404 0x10b0  kbdclass - ok
17:05:13.0424 0x10b0  [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid          C:\Windows\system32\drivers\kbdhid.sys
17:05:13.0454 0x10b0  kbdhid - ok
17:05:13.0464 0x10b0  [ 0793F40B9B8A1BDD266296409DBD91EA, 8A383FC9A66A327905C340D06138980F9E489479535A2C2AAE5E8BB14A74826E ] KeyIso          C:\Windows\system32\lsass.exe
17:05:13.0474 0x10b0  KeyIso - ok
17:05:13.0514 0x10b0  [ CCD53B5BD33CE0C889E830D839C8B66E, 51B7556DA7DAA0BC75E00E53099776016A55FAA115D5A4E6830E12A0A0869C10 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
17:05:13.0554 0x10b0  KSecDD - ok
17:05:13.0564 0x10b0  [ 9FF918A261752C12639E8AD4208D2C2F, B60F7A730C92F2BF7E85A6CA14DD7671AEECEE154CEC83B1E23EF268C25C9E5E ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
17:05:13.0584 0x10b0  KSecPkg - ok
17:05:13.0604 0x10b0  [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
17:05:13.0664 0x10b0  ksthunk - ok
17:05:13.0704 0x10b0  [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm           C:\Windows\system32\msdtckrm.dll
17:05:13.0784 0x10b0  KtmRm - ok
17:05:13.0844 0x10b0  [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer    C:\Windows\system32\srvsvc.dll
17:05:13.0944 0x10b0  LanmanServer - ok
17:05:13.0969 0x10b0  [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
17:05:14.0036 0x10b0  LanmanWorkstation - ok
17:05:14.0096 0x10b0  [ B705C7097F9A0EC941D02DCE7C7D426C, 1A137BEA25BF7BA1EF190212CD6E556B53293D6388E9F7E790BF53F641F3CF89 ] Live Updater Service C:\Program Files\Acer\Acer Updater\UpdaterService.exe
17:05:14.0116 0x10b0  Live Updater Service - ok
17:05:14.0146 0x10b0  [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
17:05:14.0206 0x10b0  lltdio - ok
17:05:14.0256 0x10b0  [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
17:05:14.0326 0x10b0  lltdsvc - ok
17:05:14.0346 0x10b0  [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts         C:\Windows\System32\lmhsvc.dll
17:05:14.0396 0x10b0  lmhosts - ok
17:05:14.0486 0x10b0  [ 9D8B95C0EAE145C46BC4A727B23DA395, AC95291AEF6B6CA79BFF4CB48184FF251FF814EDACCE1467F5C860EE2C92D30A ] LMS             C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
17:05:14.0516 0x10b0  LMS - ok
17:05:14.0566 0x10b0  [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
17:05:14.0586 0x10b0  LSI_FC - ok
17:05:14.0596 0x10b0  [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
17:05:14.0616 0x10b0  LSI_SAS - ok
17:05:14.0626 0x10b0  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2        C:\Windows\system32\drivers\lsi_sas2.sys
17:05:14.0636 0x10b0  LSI_SAS2 - ok
17:05:14.0646 0x10b0  [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
17:05:14.0666 0x10b0  LSI_SCSI - ok
17:05:14.0686 0x10b0  [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv           C:\Windows\system32\drivers\luafv.sys
17:05:14.0756 0x10b0  luafv - ok
17:05:14.0776 0x10b0  [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
17:05:14.0816 0x10b0  Mcx2Svc - ok
17:05:14.0826 0x10b0  [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas         C:\Windows\system32\drivers\megasas.sys
17:05:14.0846 0x10b0  megasas - ok
17:05:14.0888 0x10b0  [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR          C:\Windows\system32\drivers\MegaSR.sys
17:05:14.0918 0x10b0  MegaSR - ok
17:05:14.0938 0x10b0  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS           C:\Windows\system32\mmcss.dll
17:05:14.0993 0x10b0  MMCSS - ok
17:05:14.0999 0x10b0  [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem           C:\Windows\system32\drivers\modem.sys
17:05:15.0060 0x10b0  Modem - ok
17:05:15.0092 0x10b0  [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
17:05:15.0122 0x10b0  monitor - ok
17:05:15.0132 0x10b0  [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass        C:\Windows\system32\drivers\mouclass.sys
17:05:15.0152 0x10b0  mouclass - ok
17:05:15.0162 0x10b0  [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid          C:\Windows\system32\drivers\mouhid.sys
17:05:15.0197 0x10b0  mouhid - ok
17:05:15.0219 0x10b0  [ 32E7A3D591D671A6DF2DB515A5CBE0FA, 47CED0B9067AE8BF5EEF60B17ADEE5906BEDCC56E4CB460B7BFBC12BB9A69E63 ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
17:05:15.0234 0x10b0  mountmgr - ok
17:05:15.0244 0x10b0  [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio            C:\Windows\system32\drivers\mpio.sys
17:05:15.0264 0x10b0  mpio - ok
17:05:15.0294 0x10b0  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
17:05:15.0345 0x10b0  mpsdrv - ok
17:05:15.0396 0x10b0  [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc          C:\Windows\system32\mpssvc.dll
17:05:15.0506 0x10b0  MpsSvc - ok
17:05:15.0516 0x10b0  [ DC722758B8261E1ABAFD31A3C0A66380, 88BBE073E2CCD1DAB4656DDC53D5161E8A91D035ADAC1465D0CEBA86F1BB6D9A ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
17:05:15.0556 0x10b0  MRxDAV - ok
17:05:15.0556 0x10b0  [ A5D9106A73DC88564C825D317CAC68AC, 0457B2AEA4E05A91D0E43F317894A614434D8CEBE35020785387F307E231FBE4 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
17:05:15.0596 0x10b0  mrxsmb - ok
17:05:15.0606 0x10b0  [ D711B3C1D5F42C0C2415687BE09FC163, 9B3013AC60BD2D0FF52086658BA5FF486ADE15954A552D7DD590580E8BAE3EFF ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
17:05:15.0636 0x10b0  mrxsmb10 - ok
17:05:15.0646 0x10b0  [ 9423E9D355C8D303E76B8CFBD8A5C30C, 220B33F120C2DD937FE4D5664F4B581DC0ACF78D62EB56B7720888F67B9644CC ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
17:05:15.0666 0x10b0  mrxsmb20 - ok
17:05:15.0676 0x10b0  [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci          C:\Windows\system32\drivers\msahci.sys
17:05:15.0696 0x10b0  msahci - ok
17:05:15.0696 0x10b0  [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
17:05:15.0726 0x10b0  msdsm - ok
17:05:15.0746 0x10b0  [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC           C:\Windows\System32\msdtc.exe
17:05:15.0776 0x10b0  MSDTC - ok
17:05:15.0796 0x10b0  [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
17:05:15.0836 0x10b0  Msfs - ok
17:05:15.0866 0x10b0  [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
17:05:15.0926 0x10b0  mshidkmdf - ok
17:05:15.0936 0x10b0  [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
17:05:15.0946 0x10b0  msisadrv - ok
17:05:15.0986 0x10b0  [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
17:05:16.0056 0x10b0  MSiSCSI - ok
17:05:16.0056 0x10b0  msiserver - ok
17:05:16.0076 0x10b0  [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
17:05:16.0136 0x10b0  MSKSSRV - ok
17:05:16.0146 0x10b0  [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
17:05:16.0216 0x10b0  MSPCLOCK - ok
17:05:16.0226 0x10b0  [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
17:05:16.0276 0x10b0  MSPQM - ok
17:05:16.0306 0x10b0  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
17:05:16.0346 0x10b0  MsRPC - ok
17:05:16.0366 0x10b0  [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
17:05:16.0376 0x10b0  mssmbios - ok
17:05:16.0386 0x10b0  [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
17:05:16.0446 0x10b0  MSTEE - ok
17:05:16.0469 0x10b0  [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig        C:\Windows\system32\drivers\MTConfig.sys
17:05:16.0488 0x10b0  MTConfig - ok
17:05:16.0498 0x10b0  [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup             C:\Windows\system32\Drivers\mup.sys
17:05:16.0518 0x10b0  Mup - ok
17:05:16.0554 0x10b0  [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent        C:\Windows\system32\qagentRT.dll
17:05:16.0620 0x10b0  napagent - ok
17:05:16.0682 0x10b0  [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
17:05:16.0742 0x10b0  NativeWifiP - ok
17:05:16.0792 0x10b0  [ 79B47FD40D9A817E932F9D26FAC0A81C, 53E260B8BFC50BA45FA73BFCF4E58C233890D0EAA9DEFDCCBB55FD3EB992FF2D ] NDIS            C:\Windows\system32\drivers\ndis.sys
17:05:16.0842 0x10b0  NDIS - ok
17:05:16.0872 0x10b0  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
17:05:16.0912 0x10b0  NdisCap - ok
17:05:16.0954 0x10b0  [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
17:05:17.0004 0x10b0  NdisTapi - ok
17:05:17.0034 0x10b0  [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
17:05:17.0094 0x10b0  Ndisuio - ok
17:05:17.0104 0x10b0  [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
17:05:17.0174 0x10b0  NdisWan - ok
17:05:17.0194 0x10b0  [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
17:05:17.0234 0x10b0  NDProxy - ok
17:05:17.0254 0x10b0  [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
17:05:17.0314 0x10b0  NetBIOS - ok
17:05:17.0324 0x10b0  [ 09594D1089C523423B32A4229263F068, 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
17:05:17.0374 0x10b0  NetBT - ok
17:05:17.0394 0x10b0  [ 0793F40B9B8A1BDD266296409DBD91EA, 8A383FC9A66A327905C340D06138980F9E489479535A2C2AAE5E8BB14A74826E ] Netlogon        C:\Windows\system32\lsass.exe
17:05:17.0414 0x10b0  Netlogon - ok
17:05:17.0444 0x10b0  [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman          C:\Windows\System32\netman.dll
17:05:17.0514 0x10b0  Netman - ok
17:05:17.0544 0x10b0  [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm        C:\Windows\System32\netprofm.dll
17:05:17.0614 0x10b0  netprofm - ok
17:05:17.0644 0x10b0  [ 3E5A36127E201DDF663176B66828FAFE, 5A08BA9EFB1A72DF1DD839BA5FA2B8994012BA62A515588FF62333B33B60045B ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
17:05:17.0664 0x10b0  NetTcpPortSharing - ok
17:05:17.0694 0x10b0  [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
17:05:17.0714 0x10b0  nfrd960 - ok
17:05:17.0744 0x10b0  [ 1EE99A89CC788ADA662441D1E9830529, 6B4FDD74BB81E12BD4B25A3E8AECB0FA77FA0075D454DD1D6DC1790ADF1F2AA8 ] NlaSvc          C:\Windows\System32\nlasvc.dll
17:05:17.0834 0x10b0  NlaSvc - ok
17:05:18.0004 0x10b0  [ 5839A8027D6D324A7CD494051A96628C, 474F2D0BB463ABE68D7C4D2C630860AED4B722EC62C616C91EE00AA965378382 ] NOBU            C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
17:05:18.0134 0x10b0  NOBU - ok
17:05:18.0164 0x10b0  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs            C:\Windows\system32\drivers\Npfs.sys
17:05:18.0204 0x10b0  Npfs - ok
17:05:18.0234 0x10b0  [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi             C:\Windows\system32\nsisvc.dll
17:05:18.0294 0x10b0  nsi - ok
17:05:18.0314 0x10b0  [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
17:05:18.0374 0x10b0  nsiproxy - ok
17:05:18.0454 0x10b0  [ A2F74975097F52A00745F9637451FDD8, C681DDBD3382C477C2A030E828B5CFB529CB57C7847BD9AFF25E2A5E58B2DAF3 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
17:05:18.0574 0x10b0  Ntfs - ok
17:05:18.0674 0x10b0  [ 1873214666F6F0A883742DF91FBC48C9, DCF5382CE338D4B5B0C3A3B722A19B6C7BAB59EB7B266FEF04698B79070E2C4B ] NTI IScheduleSvc C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
17:05:18.0704 0x10b0  NTI IScheduleSvc - ok
17:05:18.0754 0x10b0  [ EE3BA1024594D5D09E314F206B94069E, 34C8EC3DF1C3088D8A0442CAA4F5506665AFB2DF016709457ED2AB7DA45F53A6 ] NTIDrvr         C:\Windows\system32\drivers\NTIDrvr.sys
17:05:18.0764 0x10b0  NTIDrvr - ok
17:05:18.0774 0x10b0  [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null            C:\Windows\system32\drivers\Null.sys
17:05:18.0824 0x10b0  Null - ok
17:05:18.0844 0x10b0  [ 0A92CB65770442ED0DC44834632F66AD, 581327F07A68DBD5CC749214BE5F1211FC2CE41C7A4F0656B680AFB51A35ACE7 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
17:05:18.0864 0x10b0  nvraid - ok
17:05:18.0874 0x10b0  [ DAB0E87525C10052BF65F06152F37E4A, AD9BFF0D5FD3FFB95C758B478E1F6A9FE45E7B37AEC71EB5070D292FEAAEDF37 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
17:05:18.0894 0x10b0  nvstor - ok
17:05:18.0914 0x10b0  [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
17:05:18.0934 0x10b0  nv_agp - ok
17:05:18.0944 0x10b0  [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
17:05:18.0984 0x10b0  ohci1394 - ok
17:05:19.0014 0x10b0  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
17:05:19.0074 0x10b0  p2pimsvc - ok
17:05:19.0104 0x10b0  [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc          C:\Windows\system32\p2psvc.dll
17:05:19.0144 0x10b0  p2psvc - ok
17:05:19.0154 0x10b0  [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport         C:\Windows\system32\drivers\parport.sys
17:05:19.0174 0x10b0  Parport - ok
17:05:19.0194 0x10b0  [ 871EADAC56B0A4C6512BBE32753CCF79, F9FD9DBA55274BB72B897550988DCDFD0F2D9367BE641DFDE07D240052DDC180 ] partmgr         C:\Windows\system32\drivers\partmgr.sys
17:05:19.0214 0x10b0  partmgr - ok
17:05:19.0234 0x10b0  [ 3AEAA8B561E63452C655DC0584922257, 04C072969B58657602EB0C21CEDF24FCEE14E61B90A0F758F93925EF2C9FC32D ] PcaSvc          C:\Windows\System32\pcasvc.dll
17:05:19.0274 0x10b0  PcaSvc - ok
17:05:19.0294 0x10b0  [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci             C:\Windows\system32\drivers\pci.sys
17:05:19.0324 0x10b0  pci - ok
17:05:19.0344 0x10b0  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide          C:\Windows\system32\drivers\pciide.sys
17:05:19.0354 0x10b0  pciide - ok
17:05:19.0374 0x10b0  [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
17:05:19.0394 0x10b0  pcmcia - ok
17:05:19.0424 0x10b0  [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw             C:\Windows\system32\drivers\pcw.sys
17:05:19.0434 0x10b0  pcw - ok
17:05:19.0474 0x10b0  [ 68769C3356B3BE5D1C732C97B9A80D6E, FB2D61145980A2899D1B7729184C54070315B0E63C9A22400A76CCD39E00029C ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
17:05:19.0574 0x10b0  PEAUTH - ok
17:05:19.0654 0x10b0  [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost        C:\Windows\SysWow64\perfhost.exe
17:05:19.0704 0x10b0  PerfHost - ok
17:05:19.0774 0x10b0  [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla             C:\Windows\system32\pla.dll
17:05:19.0954 0x10b0  pla - ok
17:05:20.0024 0x10b0  [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
17:05:20.0114 0x10b0  PlugPlay - ok
17:05:20.0134 0x10b0  [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
17:05:20.0164 0x10b0  PNRPAutoReg - ok
17:05:20.0184 0x10b0  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
17:05:20.0214 0x10b0  PNRPsvc - ok
17:05:20.0254 0x10b0  [ 4F15D75ADF6156BF56ECED6D4A55C389, 2ADA3EA69A5D7EC2A4D2DD89178DB94EAFDDF95F07B0070D654D9F7A5C12A044 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
17:05:20.0324 0x10b0  PolicyAgent - ok
17:05:20.0334 0x10b0  [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power           C:\Windows\system32\umpo.dll
17:05:20.0394 0x10b0  Power - ok
17:05:20.0434 0x10b0  [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
17:05:20.0504 0x10b0  PptpMiniport - ok
17:05:20.0514 0x10b0  [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor       C:\Windows\system32\drivers\processr.sys
17:05:20.0554 0x10b0  Processor - ok
17:05:20.0584 0x10b0  [ 5C78838B4D166D1A27DB3A8A820C799A, BBF7E1D0B6754CF06BF3936671FDF5BF6E845CA5678D0940EA54E9212B539B7F ] ProfSvc         C:\Windows\system32\profsvc.dll
17:05:20.0654 0x10b0  ProfSvc - ok
17:05:20.0674 0x10b0  [ 0793F40B9B8A1BDD266296409DBD91EA, 8A383FC9A66A327905C340D06138980F9E489479535A2C2AAE5E8BB14A74826E ] ProtectedStorage C:\Windows\system32\lsass.exe
17:05:20.0694 0x10b0  ProtectedStorage - ok
17:05:20.0714 0x10b0  [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
17:05:20.0774 0x10b0  Psched - ok
17:05:20.0804 0x10b0  [ F036CFB275D0C55F4E45FBBF5F98B3C8, D8D1CA9F65B34A93AB9F7FD9BB6C453B2BF4E8320E620F56055B743DF1D56DE8 ] PSI_SVC_2       C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
17:05:20.0824 0x10b0  PSI_SVC_2 - ok
17:05:20.0894 0x10b0  [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300          C:\Windows\system32\drivers\ql2300.sys
17:05:21.0024 0x10b0  ql2300 - ok
17:05:21.0044 0x10b0  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
17:05:21.0064 0x10b0  ql40xx - ok
17:05:21.0104 0x10b0  [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE           C:\Windows\system32\qwave.dll
17:05:21.0144 0x10b0  QWAVE - ok
17:05:21.0154 0x10b0  [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
17:05:21.0194 0x10b0  QWAVEdrv - ok
17:05:21.0214 0x10b0  [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
17:05:21.0274 0x10b0  RasAcd - ok
17:05:21.0294 0x10b0  [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
17:05:21.0344 0x10b0  RasAgileVpn - ok
17:05:21.0354 0x10b0  [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto         C:\Windows\System32\rasauto.dll
17:05:21.0424 0x10b0  RasAuto - ok
17:05:21.0444 0x10b0  [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
17:05:21.0514 0x10b0  Rasl2tp - ok
17:05:21.0534 0x10b0  [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan          C:\Windows\System32\rasmans.dll
17:05:21.0624 0x10b0  RasMan - ok
17:05:21.0624 0x10b0  [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
17:05:21.0684 0x10b0  RasPppoe - ok
17:05:21.0704 0x10b0  [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
17:05:21.0774 0x10b0  RasSstp - ok
17:05:21.0784 0x10b0  [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
17:05:21.0844 0x10b0  rdbss - ok
17:05:21.0864 0x10b0  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus          C:\Windows\system32\drivers\rdpbus.sys
17:05:21.0894 0x10b0  rdpbus - ok
17:05:21.0914 0x10b0  [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
17:05:21.0954 0x10b0  RDPCDD - ok
17:05:21.0994 0x10b0  [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
17:05:22.0054 0x10b0  RDPENCDD - ok
17:05:22.0074 0x10b0  [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
17:05:22.0114 0x10b0  RDPREFMP - ok
17:05:22.0144 0x10b0  [ 15B66C206B5CB095BAB980553F38ED23, 3CA50786A8D3D6BAF145AFD22C1ED92C2EB39F5D6AF4F6B09B69610FDE0C5B24 ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
17:05:22.0204 0x10b0  RDPWD - ok
17:05:22.0234 0x10b0  [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
17:05:22.0264 0x10b0  rdyboost - ok
17:05:22.0304 0x10b0  [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess    C:\Windows\System32\mprdim.dll
17:05:22.0364 0x10b0  RemoteAccess - ok
17:05:22.0384 0x10b0  [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
17:05:22.0464 0x10b0  RemoteRegistry - ok
17:05:22.0484 0x10b0  [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
17:05:22.0544 0x10b0  RpcEptMapper - ok
17:05:22.0564 0x10b0  [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator      C:\Windows\system32\locator.exe
17:05:22.0594 0x10b0  RpcLocator - ok
17:05:22.0624 0x10b0  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] RpcSs           C:\Windows\system32\rpcss.dll
17:05:22.0684 0x10b0  RpcSs - ok
17:05:22.0724 0x10b0  [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
17:05:22.0794 0x10b0  rspndr - ok
17:05:22.0834 0x10b0  [ 135A64530D7699AD48F29D73A658DD11, 35838AE8ACFD9047C68DD0C8910557A82998E5CD778D5B98D4767AFA4BCE85BB ] RSUSBSTOR       C:\Windows\System32\Drivers\RtsUStor.sys
17:05:22.0844 0x10b0  RSUSBSTOR - ok
17:05:22.0894 0x10b0  [ 7CB9F0FDD730F4A4ECF6CDE15EA12E8A, A6810A901620119E1809297A568DC903729471F4F4F813F1C60378E122D2358E ] RS_Service      C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe
17:05:22.0914 0x10b0  RS_Service - ok
17:05:22.0934 0x10b0  [ 0793F40B9B8A1BDD266296409DBD91EA, 8A383FC9A66A327905C340D06138980F9E489479535A2C2AAE5E8BB14A74826E ] SamSs           C:\Windows\system32\lsass.exe
17:05:22.0944 0x10b0  SamSs - ok
17:05:22.0964 0x10b0  [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
17:05:22.0984 0x10b0  sbp2port - ok
17:05:23.0014 0x10b0  [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
17:05:23.0064 0x10b0  SCardSvr - ok
17:05:23.0084 0x10b0  [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
17:05:23.0144 0x10b0  scfilter - ok
17:05:23.0194 0x10b0  [ 262F6592C3299C005FD6BEC90FC4463A, 54095E37F0B6CC677A3E9BDD40F4647C713273D197DB341063AA7F342A60C4A7 ] Schedule        C:\Windows\system32\schedsvc.dll
17:05:23.0314 0x10b0  Schedule - ok
17:05:23.0354 0x10b0  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc     C:\Windows\System32\certprop.dll
17:05:23.0394 0x10b0  SCPolicySvc - ok
17:05:23.0420 0x10b0  [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
17:05:23.0456 0x10b0  SDRSVC - ok
17:05:23.0486 0x10b0  [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv          C:\Windows\system32\drivers\secdrv.sys
17:05:23.0546 0x10b0  secdrv - ok
17:05:23.0556 0x10b0  [ BC617A4E1B4FA8DF523A061739A0BD87, 10C4057F6B321EB5237FF619747B74F5401BC17D15A8C7060829E8204A2297F9 ] seclogon        C:\Windows\system32\seclogon.dll
17:05:23.0606 0x10b0  seclogon - ok
17:05:23.0616 0x10b0  [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS            C:\Windows\System32\sens.dll
17:05:23.0676 0x10b0  SENS - ok
17:05:23.0676 0x10b0  [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc        C:\Windows\system32\sensrsvc.dll
17:05:23.0726 0x10b0  SensrSvc - ok
17:05:23.0736 0x10b0  [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum         C:\Windows\system32\drivers\serenum.sys
17:05:23.0766 0x10b0  Serenum - ok
17:05:23.0776 0x10b0  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial          C:\Windows\system32\drivers\serial.sys
17:05:23.0816 0x10b0  Serial - ok
17:05:23.0826 0x10b0  [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse        C:\Windows\system32\drivers\sermouse.sys
17:05:23.0846 0x10b0  sermouse - ok
17:05:23.0876 0x10b0  [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv      C:\Windows\system32\sessenv.dll
17:05:23.0946 0x10b0  SessionEnv - ok
17:05:23.0946 0x10b0  [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
17:05:23.0976 0x10b0  sffdisk - ok
17:05:23.0976 0x10b0  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
17:05:24.0006 0x10b0  sffp_mmc - ok
17:05:24.0006 0x10b0  [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
17:05:24.0036 0x10b0  sffp_sd - ok
17:05:24.0046 0x10b0  [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
17:05:24.0056 0x10b0  sfloppy - ok
17:05:24.0086 0x10b0  [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
17:05:24.0166 0x10b0  SharedAccess - ok
17:05:24.0196 0x10b0  [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
17:05:24.0276 0x10b0  ShellHWDetection - ok
17:05:24.0276 0x10b0  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2        C:\Windows\system32\drivers\SiSRaid2.sys
17:05:24.0296 0x10b0  SiSRaid2 - ok
17:05:24.0296 0x10b0  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
17:05:24.0316 0x10b0  SiSRaid4 - ok
17:05:24.0326 0x10b0  [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
17:05:24.0386 0x10b0  Smb - ok
17:05:24.0428 0x10b0  [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
17:05:24.0448 0x10b0  SNMPTRAP - ok
17:05:24.0468 0x10b0  [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr           C:\Windows\system32\drivers\spldr.sys
17:05:24.0478 0x10b0  spldr - ok
17:05:24.0508 0x10b0  [ B96C17B5DC1424D56EEA3A99E97428CD, AF0A85066A7983878DC1C663811CE61C6CA1912DC956184F878B7B82DB93C651 ] Spooler         C:\Windows\System32\spoolsv.exe
17:05:24.0578 0x10b0  Spooler - ok
17:05:24.0738 0x10b0  [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc          C:\Windows\system32\sppsvc.exe
17:05:24.0948 0x10b0  sppsvc - ok
17:05:24.0968 0x10b0  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
17:05:25.0028 0x10b0  sppuinotify - ok
17:05:25.0048 0x10b0  [ 441FBA48BFF01FDB9D5969EBC1838F0B, 306128F1AD489F87161A089D1BDC1542A4CB742D91A0C12A7CD1863FDB8932C0 ] srv             C:\Windows\system32\DRIVERS\srv.sys
17:05:25.0108 0x10b0  srv - ok
17:05:25.0138 0x10b0  [ B4ADEBBF5E3677CCE9651E0F01F7CC28, 726DB2283113AB2A9681E8E9F61132303D6D86E9CD034C40EE4A8C9DB29E87F7 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
17:05:25.0188 0x10b0  srv2 - ok
17:05:25.0218 0x10b0  [ 27E461F0BE5BFF5FC737328F749538C3, AFA4704ED8FFC1A0BAB40DFB81D3AE3F3D933A3C9BF54DDAF39FF9AF3646D9E6 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
17:05:25.0238 0x10b0  srvnet - ok
17:05:25.0258 0x10b0  [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
17:05:25.0328 0x10b0  SSDPSRV - ok
17:05:25.0328 0x10b0  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc         C:\Windows\system32\sstpsvc.dll
17:05:25.0378 0x10b0  SstpSvc - ok
17:05:25.0400 0x10b0  [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor        C:\Windows\system32\drivers\stexstor.sys
17:05:25.0417 0x10b0  stexstor - ok
17:05:25.0460 0x10b0  [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc          C:\Windows\System32\wiaservc.dll
17:05:25.0543 0x10b0  stisvc - ok
17:05:25.0562 0x10b0  [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum          C:\Windows\system32\drivers\swenum.sys
17:05:25.0582 0x10b0  swenum - ok
17:05:25.0612 0x10b0  [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv           C:\Windows\System32\swprv.dll
17:05:25.0722 0x10b0  swprv - ok
17:05:25.0804 0x10b0  [ BBA2EA927EC5CC5DEF5F1BF2B125C0F7, 73DDBE70B854D2DADAEB80732517B8C06776DA5D6C803A46D251AD3F8C6A9780 ] SynTP           C:\Windows\system32\DRIVERS\SynTP.sys
17:05:25.0865 0x10b0  SynTP - ok
17:05:25.0946 0x10b0  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D, 3C13217548BE61F2BDB8BD41F77345CDDA1F97BF0AE17241C335B9807EB3DBB8 ] SysMain         C:\Windows\system32\sysmain.dll
17:05:26.0060 0x10b0  SysMain - ok
17:05:26.0070 0x10b0  [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\Windows\System32\TabSvc.dll
17:05:26.0100 0x10b0  TabletInputService - ok
17:05:26.0110 0x10b0  [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv         C:\Windows\System32\tapisrv.dll
17:05:26.0180 0x10b0  TapiSrv - ok
17:05:26.0190 0x10b0  [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS             C:\Windows\System32\tbssvc.dll
17:05:26.0250 0x10b0  TBS - ok
17:05:26.0382 0x10b0  [ 40AF23633D197905F03AB5628C558C51, 644656A15236E964E4BE57B42225EAA5643C4CF1FFF6D306813A000716F9D72C ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
17:05:26.0522 0x10b0  Tcpip - ok
17:05:26.0632 0x10b0  [ 40AF23633D197905F03AB5628C558C51, 644656A15236E964E4BE57B42225EAA5643C4CF1FFF6D306813A000716F9D72C ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
17:05:26.0705 0x10b0  TCPIP6 - ok
17:05:26.0772 0x10b0  [ DF687E3D8836BFB04FCC0615BF15A519, 7C5B1E72673B4299DFC21E869F0FBB28198CA54DF4F4AF7080005F2D82467784 ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
17:05:26.0845 0x10b0  tcpipreg - ok
17:05:26.0864 0x10b0  [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
17:05:26.0945 0x10b0  TDPIPE - ok
17:05:26.0950 0x10b0  [ E4245BDA3190A582D55ED09E137401A9, F59C983882997D68CC7B1B2080AEE9EBE2AE90D478F877559BD2AAA97158A116 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
17:05:26.0998 0x10b0  TDTCP - ok
17:05:27.0033 0x10b0  [ DDAD5A7AB24D8B65F8D724F5C20FD806, B71F2967A4EE7395E4416C1526CB85368AEA988BDD1F2C9719C48B08FAFA9661 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
17:05:27.0093 0x10b0  tdx - ok
17:05:27.0113 0x10b0  [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD          C:\Windows\system32\drivers\termdd.sys
17:05:27.0130 0x10b0  TermDD - ok
17:05:27.0180 0x10b0  [ 2E648163254233755035B46DD7B89123, 6FA0D07CE18A3A69D82EE49D875F141E39406E92C34EAC76AC4EB052E6EBCBCD ] TermService     C:\Windows\System32\termsrv.dll
17:05:27.0294 0x10b0  TermService - ok
17:05:27.0312 0x10b0  [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes          C:\Windows\system32\themeservice.dll
17:05:27.0342 0x10b0  Themes - ok
17:05:27.0352 0x10b0  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER     C:\Windows\system32\mmcss.dll
17:05:27.0402 0x10b0  THREADORDER - ok
17:05:27.0412 0x10b0  [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks          C:\Windows\System32\trkwks.dll
17:05:27.0472 0x10b0  TrkWks - ok
17:05:27.0522 0x10b0  [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
17:05:27.0582 0x10b0  TrustedInstaller - ok
17:05:27.0602 0x10b0  [ CE18B2CDFC837C99E5FAE9CA6CBA5D30, CA302C2ED6A6BF4670BAAA4F5C14C0238CF0C80316856AA0DB053F4D593033AC ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
17:05:27.0675 0x10b0  tssecsrv - ok
17:05:27.0734 0x10b0  [ D11C783E3EF9A3C52C0EBE83CC5000E9, A136C355D4C8945729163D15801364A614E23217B15F9313C85BA45BB71A74EB ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
17:05:27.0784 0x10b0  TsUsbFlt - ok
17:05:27.0784 0x10b0  [ 9CC2CCAE8A84820EAECB886D477CBCB8, 50D8AA2D7477A6618A0C31BB4D1C4887B457865FB1105E2E7B984EEFA337B804 ] TsUsbGD         C:\Windows\system32\drivers\TsUsbGD.sys
17:05:27.0824 0x10b0  TsUsbGD - ok
17:05:27.0854 0x10b0  [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
17:05:27.0924 0x10b0  tunnel - ok
17:05:27.0924 0x10b0  [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
17:05:27.0944 0x10b0  uagp35 - ok
17:05:28.0034 0x10b0  [ A17D5E1A6DF4EAB0A480F2C490DE4C9D, 1EA835F172B6BF3D7F496E079DF1CDF00122B2110C08D61427582BC9405D2B7B ] UBHelper        C:\Windows\system32\drivers\UBHelper.sys
17:05:28.0044 0x10b0  UBHelper - ok
17:05:28.0074 0x10b0  [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
17:05:28.0174 0x10b0  udfs - ok
17:05:28.0244 0x10b0  [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect       C:\Windows\system32\UI0Detect.exe
17:05:28.0284 0x10b0  UI0Detect - ok
17:05:28.0326 0x10b0  [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
17:05:28.0336 0x10b0  uliagpkx - ok
17:05:28.0386 0x10b0  [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
17:05:28.0416 0x10b0  umbus - ok
17:05:28.0466 0x10b0  [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass          C:\Windows\system32\drivers\umpass.sys
17:05:28.0496 0x10b0  UmPass - ok
17:05:28.0646 0x10b0  [ 0B0B9F55B12767A755932C26B5FED715, B9DEA81177410F1829D140EBF77BCD7396BC5B48373E3533798F98B7195A57EC ] UNS             C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
17:05:28.0811 0x10b0  UNS - ok
17:05:28.0908 0x10b0  [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost        C:\Windows\System32\upnphost.dll
17:05:29.0050 0x10b0  upnphost - ok
17:05:29.0112 0x10b0  [ 6F1A3157A1C89435352CEB543CDB359C, 325B46220779C5FE3B6F19FF794474837FAB9675D9C98ACB68CCE47B1CFE5F12 ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
17:05:29.0142 0x10b0  usbccgp - ok
17:05:29.0172 0x10b0  [ AF0892A803FDDA7492F595368E3B68E7, F263346DEB4D742EB436CF578F187AC8521D84CED52E98475E6198EC52244F07 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
17:05:29.0202 0x10b0  usbcir - ok
17:05:29.0232 0x10b0  [ C025055FE7B87701EB042095DF1A2D7B, D7B34B6C2C5BD3C8141895AC21BB637EA5E3C4F7A85EEF4C4C36E6BB2045A3D9 ] usbehci         C:\Windows\system32\drivers\usbehci.sys
17:05:29.0262 0x10b0  usbehci - ok
17:05:29.0322 0x10b0  [ 287C6C9410B111B68B52CA298F7B8C24, 98900C08FE662A00DF8B37837B2BEBF9ACB7989C387AF36B2109B05A4F462D4E ] usbhub          C:\Windows\system32\drivers\usbhub.sys
17:05:29.0372 0x10b0  usbhub - ok
17:05:29.0382 0x10b0  [ 9840FC418B4CBD632D3D0A667A725C31, 776D86A032DCA2842EF7AADB35473193CA80547223EFAA7F110F296C377077B0 ] usbohci         C:\Windows\system32\drivers\usbohci.sys
17:05:29.0412 0x10b0  usbohci - ok
17:05:29.0442 0x10b0  [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
17:05:29.0482 0x10b0  usbprint - ok
17:05:29.0494 0x10b0  [ FED648B01349A3C8395A5169DB5FB7D6, DC4D7594C24ADD076927B9347F1B50B91CF03A4ABDB284248D5711D9C19DEB96 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
17:05:29.0544 0x10b0  USBSTOR - ok
17:05:29.0554 0x10b0  [ 62069A34518BCF9C1FD9E74B3F6DB7CD, C58E21424718729324B285BEE1C96551540FCC3FD650B2D10895EBA48D981E25 ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
17:05:29.0584 0x10b0  usbuhci - ok
17:05:29.0614 0x10b0  [ 454800C2BC7F3927CE030141EE4F4C50, 10901E62DAA70657C499AD590DECCCA6E46FDDF4A193B2F19279E1B8ED7B1E44 ] usbvideo        C:\Windows\system32\Drivers\usbvideo.sys
17:05:29.0706 0x10b0  usbvideo - ok
17:05:29.0726 0x10b0  [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms           C:\Windows\System32\uxsms.dll
17:05:29.0796 0x10b0  UxSms - ok
17:05:29.0833 0x10b0  [ 0793F40B9B8A1BDD266296409DBD91EA, 8A383FC9A66A327905C340D06138980F9E489479535A2C2AAE5E8BB14A74826E ] VaultSvc        C:\Windows\system32\lsass.exe
17:05:29.0848 0x10b0  VaultSvc - ok
17:05:29.0878 0x10b0  [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
17:05:29.0898 0x10b0  vdrvroot - ok
17:05:29.0968 0x10b0  [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds             C:\Windows\System32\vds.exe
17:05:30.0100 0x10b0  vds - ok
17:05:30.0132 0x10b0  [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
17:05:30.0162 0x10b0  vga - ok
17:05:30.0172 0x10b0  [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave         C:\Windows\System32\drivers\vga.sys
17:05:30.0232 0x10b0  VgaSave - ok
17:05:30.0242 0x10b0  [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
17:05:30.0272 0x10b0  vhdmp - ok
17:05:30.0272 0x10b0  [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide          C:\Windows\system32\drivers\viaide.sys
17:05:30.0292 0x10b0  viaide - ok
17:05:30.0322 0x10b0  [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
17:05:30.0357 0x10b0  volmgr - ok
17:05:30.0404 0x10b0  [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
17:05:30.0434 0x10b0  volmgrx - ok
17:05:30.0444 0x10b0  [ 0D08D2F3B3FF84E433346669B5E0F639, 3D6716CEC95B8861A7CC5778E91F310528DC6BEE0E57A3C8757FC675154EBDEC ] volsnap         C:\Windows\system32\drivers\volsnap.sys
17:05:30.0485 0x10b0  volsnap - ok
17:05:30.0498 0x10b0  [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
17:05:30.0529 0x10b0  vsmraid - ok
17:05:30.0646 0x10b0  [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS             C:\Windows\system32\vssvc.exe
17:05:30.0936 0x10b0  VSS - ok
17:05:30.0978 0x10b0  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
17:05:31.0008 0x10b0  vwifibus - ok
17:05:31.0028 0x10b0  [ 6A3D66263414FF0D6FA754C646612F3F, 30F6BA594B0D3B94113064015A16D97811CD989DF1715CCE21CEAB9894C1B4FB ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
17:05:31.0068 0x10b0  vwififlt - ok
17:05:31.0108 0x10b0  [ 6A638FC4BFDDC4D9B186C28C91BD1A01, 5521F1DC515586777EC4837E0AEAA3E613CC178AF1074031C4D0D0C695A93168 ] vwifimp         C:\Windows\system32\DRIVERS\vwifimp.sys
17:05:31.0128 0x10b0  vwifimp - ok
17:05:31.0208 0x10b0  [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time         C:\Windows\system32\w32time.dll
17:05:31.0348 0x10b0  W32Time - ok
17:05:31.0388 0x10b0  [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
17:05:31.0418 0x10b0  WacomPen - ok
17:05:31.0458 0x10b0  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
17:05:31.0508 0x10b0  WANARP - ok
17:05:31.0518 0x10b0  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
17:05:31.0558 0x10b0  Wanarpv6 - ok
17:05:31.0630 0x10b0  [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine        C:\Windows\system32\wbengine.exe
17:05:31.0802 0x10b0  wbengine - ok
17:05:31.0822 0x10b0  [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
17:05:31.0862 0x10b0  WbioSrvc - ok
17:05:31.0892 0x10b0  [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc         C:\Windows\System32\wcncsvc.dll
17:05:31.0962 0x10b0  wcncsvc - ok
17:05:31.0982 0x10b0  [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
17:05:32.0022 0x10b0  WcsPlugInService - ok
17:05:32.0052 0x10b0  [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd              C:\Windows\system32\drivers\wd.sys
17:05:32.0072 0x10b0  Wd - ok
17:05:32.0112 0x10b0  [ 441BD2D7B4F98134C3A4F9FA570FD250, FF20815273014C5A27C2B75E2C70FE674809293627056199F502DFDF4CECFCA1 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
17:05:32.0162 0x10b0  Wdf01000 - ok
17:05:32.0192 0x10b0  [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiServiceHost  C:\Windows\system32\wdi.dll
17:05:32.0302 0x10b0  WdiServiceHost - ok
17:05:32.0302 0x10b0  [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiSystemHost   C:\Windows\system32\wdi.dll
17:05:32.0332 0x10b0  WdiSystemHost - ok
17:05:32.0352 0x10b0  [ 3DB6D04E1C64272F8B14EB8BC4616280, 9138642B1C19F895D4ECFD930160C80FBF15813CE63BBF4C899842C300FD3026 ] WebClient       C:\Windows\System32\webclnt.dll
17:05:32.0412 0x10b0  WebClient - ok
17:05:32.0442 0x10b0  [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc          C:\Windows\system32\wecsvc.dll
17:05:32.0512 0x10b0  Wecsvc - ok
17:05:32.0532 0x10b0  [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
17:05:32.0582 0x10b0  wercplsupport - ok
17:05:32.0602 0x10b0  [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc          C:\Windows\System32\WerSvc.dll
17:05:32.0652 0x10b0  WerSvc - ok
17:05:32.0694 0x10b0  [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
17:05:32.0734 0x10b0  WfpLwf - ok
17:05:32.0774 0x10b0  [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
17:05:32.0804 0x10b0  WIMMount - ok
17:05:32.0884 0x10b0  WinDefend - ok
17:05:32.0934 0x10b0  WinHttpAutoProxySvc - ok
17:05:32.0994 0x10b0  [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
17:05:33.0074 0x10b0  Winmgmt - ok
17:05:33.0204 0x10b0  [ BCB1310604AA415C4508708975B3931E, 9D943F086D454345153A0DD426B4432532A44FD87950386B186E1CAD2AC70565 ] WinRM           C:\Windows\system32\WsmSvc.dll
17:05:33.0416 0x10b0  WinRM - ok
17:05:33.0486 0x10b0  [ FE88B288356E7B47B74B13372ADD906D, A16B166F6BB32EF9D2A142F27B9EC54CBC7B3AC915799783CF4C40E525BC9E03 ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
17:05:33.0536 0x10b0  WinUsb - ok
17:05:33.0606 0x10b0  [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc         C:\Windows\System32\wlansvc.dll
17:05:33.0716 0x10b0  Wlansvc - ok
17:05:33.0798 0x10b0  [ 06C8FA1CF39DE6A735B54D906BA791C6, D8FEC7DE227781CDA876904701B2AA995268F74DCD6CB34AA0296C557FC283B6 ] wlcrasvc        C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
17:05:33.0818 0x10b0  wlcrasvc - ok
17:05:33.0933 0x10b0  [ 2BACD71123F42CEA603F4E205E1AE337, 1FEF20554110371D738F462ECFFA999158EFEED02062414C58C1B61C422BF0B9 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
17:05:34.0127 0x10b0  wlidsvc - ok
17:05:34.0162 0x10b0  [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
17:05:34.0182 0x10b0  WmiAcpi - ok
17:05:34.0217 0x10b0  [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
17:05:34.0254 0x10b0  wmiApSrv - ok
17:05:34.0284 0x10b0  WMPNetworkSvc - ok
17:05:34.0324 0x10b0  [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc          C:\Windows\System32\wpcsvc.dll
17:05:34.0354 0x10b0  WPCSvc - ok
17:05:34.0374 0x10b0  [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
17:05:34.0394 0x10b0  WPDBusEnum - ok
17:05:34.0431 0x10b0  [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
17:05:34.0488 0x10b0  ws2ifsl - ok
17:05:34.0506 0x10b0  [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc          C:\Windows\System32\wscsvc.dll
17:05:34.0536 0x10b0  wscsvc - ok
17:05:34.0546 0x10b0  WSearch - ok
17:05:34.0656 0x10b0  [ 9DF12EDBC698B0BC353B3EF84861E430, 5777972DC6242096EE2D4DAEEFC822DE9077560322DED7B9696BB23B7C240403 ] wuauserv        C:\Windows\system32\wuaueng.dll
17:05:34.0836 0x10b0  wuauserv - ok
17:05:34.0866 0x10b0  [ D3381DC54C34D79B22CEE0D65BA91B7C, 70DC4ADCA4C0C28BB133287511E329D1B6B9B97F96CDE5B1D2F1F59FE1A965D9 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
17:05:34.0926 0x10b0  WudfPf - ok
17:05:34.0946 0x10b0  [ CF8D590BE3373029D57AF80914190682, FB9641777E90A58C063FBE95F081DC6D2F4770827DE19108A9DC3E3D6B17B4BF ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
17:05:35.0016 0x10b0  WUDFRd - ok
17:05:35.0026 0x10b0  [ 7A95C95B6C4CF292D689106BCAE49543, 9029F489E1E817CE12839B8C6656E46190497D445DC3F43C20CF96E5E6BD0691 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
17:05:35.0076 0x10b0  wudfsvc - ok
17:05:35.0116 0x10b0  [ 9A3452B3C2A46C073166C5CF49FAD1AE, D6F95F51D8E37BA4CF403965EC08CCFEEA9EEFDBFC7752432EAEC19925BDA115 ] WwanSvc         C:\Windows\System32\wwansvc.dll
17:05:35.0156 0x10b0  WwanSvc - ok
17:05:35.0176 0x10b0  ================ Scan global ===============================
17:05:35.0206 0x10b0  [ BA0CD8C393E8C9F83354106093832C7B, 18D8A4780A2BAA6CEF7FBBBDA0EF6BF2DADF146E1E578A618DD5859E8ADBF1A8 ] C:\Windows\system32\basesrv.dll
17:05:35.0266 0x10b0  [ 0C27239FEA4DB8A2AAC9E502186B7264, 102AA14D7A3CCCE913D9887AF4CCE87EA649A21BEF5196DFFCAD7E8F0B6A7293 ] C:\Windows\system32\winsrv.dll
17:05:35.0296 0x10b0  [ 0C27239FEA4DB8A2AAC9E502186B7264, 102AA14D7A3CCCE913D9887AF4CCE87EA649A21BEF5196DFFCAD7E8F0B6A7293 ] C:\Windows\system32\winsrv.dll
17:05:35.0326 0x10b0  [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\Windows\system32\sxssrv.dll
17:05:35.0376 0x10b0  [ 24ACB7E5BE595468E3B9AA488B9B4FCB, 63541E3432FCE953F266AE553E7A394978D6EE3DB52388D885F668CF42C5E7E2 ] C:\Windows\system32\services.exe
17:05:35.0386 0x10b0  [ Global ] - ok
17:05:35.0396 0x10b0  ================ Scan MBR ==================================
17:05:35.0406 0x10b0  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
17:05:35.0866 0x10b0  \Device\Harddisk0\DR0 - ok
17:05:35.0876 0x10b0  [ DDAE9D649DB12F6AFF24483F2C298989 ] \Device\Harddisk1\DR1
17:05:36.0056 0x10b0  \Device\Harddisk1\DR1 - ok
17:05:36.0056 0x10b0  ================ Scan VBR ==================================
17:05:36.0056 0x10b0  [ 73728C49258A6DE7F3CB6FE0272E7438 ] \Device\Harddisk0\DR0\Partition1
17:05:36.0066 0x10b0  \Device\Harddisk0\DR0\Partition1 - ok
17:05:36.0066 0x10b0  [ 4B1A979FEF8360D39B35D12493250C03 ] \Device\Harddisk0\DR0\Partition2
17:05:36.0066 0x10b0  \Device\Harddisk0\DR0\Partition2 - ok
17:05:36.0076 0x10b0  [ AA27792AB8B2427540AAA942D1007B4E ] \Device\Harddisk1\DR1\Partition1
17:05:36.0076 0x10b0  \Device\Harddisk1\DR1\Partition1 - ok
17:05:36.0076 0x10b0  ================ Scan generic autorun ======================
17:05:36.0136 0x10b0  [ BA9E8BF3E91C14DE99FDB1FA946D07AF, 9C3F5F52EE5B8D02B15EE18AA492FB110547A8DCDA3F8284A614F4E1A30F9BB1 ] C:\Windows\system32\igfxtray.exe
17:05:36.0176 0x10b0  IgfxTray - ok
17:05:36.0216 0x10b0  [ B20857C91A3E992A5AC93D8625C53CAE, ECB89856B267E2F4930CB7B404B51425C6375A47F864577C1A7B8B255278EC12 ] C:\Windows\system32\hkcmd.exe
17:05:36.0246 0x10b0  HotKeysCmds - ok
17:05:36.0266 0x10b0  [ 29E120E36791B2E620CC398847C28E12, 7C2904FEDD50F49447FD091D33BB3BFA5A2A684101ADB123BC2C08699320B912 ] C:\Windows\system32\igfxpers.exe
17:05:36.0296 0x10b0  Persistence - ok
17:05:36.0296 0x10b0  SynTPEnh - ok
17:05:36.0772 0x10b0  [ 023FAC742820932580B68DB91E0D7B6A, 9B2AF05CBA9BB153A2EE959BA9911A93E9C75CFDF8E040D8E3D86CB9BD505091 ] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
17:05:37.0510 0x10b0  RTHDVCPL - ok
17:05:37.0644 0x10b0  [ 13F8A10F1CD89DB7778C56A60C1B4919, 723CA875D01C391493BD660F35DBA4A0F9D9C54C19A2DF9AA89957A42BC83076 ] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
17:05:37.0753 0x10b0  Power Management - ok
17:05:37.0878 0x10b0  [ 2B726C063889EBD34E8BFEAFFC89564C, 77621D8F97AE4FED49F160FE9F8BB2A1FE581A30C41581F09073C1E91D41C8AD ] C:\Program Files (x86)\Launch Manager\LManager.exe
17:05:37.0948 0x10b0  LManager - ok
17:05:38.0038 0x10b0  [ 61941D4566C3B09F377E0E1A97BD0D9A, 5A1A8CC97E10F95D38DDA4AFDE592ACC84728DAAEE46E72319EC813E514106F7 ] C:\Anwendungen\Avira\AntiVir Desktop\avgnt.exe
17:05:38.0068 0x10b0  avgnt - ok
17:05:38.0148 0x10b0  [ 4AC6587E639CD5EAB5B657E7C1FBE680, 30FED733DA956D57016AB6570851E9B8A1C7711D0741EF14B792E3ECEB5AD035 ] C:\Program Files (x86)\FreePDF_XP\fpassist.exe
17:05:38.0178 0x10b0  FreePDF Assistant - detected UnsignedFile.Multi.Generic ( 1 )
17:05:40.0568 0x10b0  Detect skipped due to KSN trusted
17:05:40.0568 0x10b0  FreePDF Assistant - ok
17:05:40.0698 0x10b0  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
17:05:40.0928 0x10b0  Sidebar - ok
17:05:40.0988 0x10b0  [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
17:05:41.0078 0x10b0  mctadmin - ok
17:05:41.0118 0x10b0  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
17:05:41.0168 0x10b0  Sidebar - ok
17:05:41.0178 0x10b0  [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
17:05:41.0198 0x10b0  mctadmin - ok
17:05:41.0198 0x10b0  Waiting for KSN requests completion. In queue: 70
17:05:42.0198 0x10b0  Waiting for KSN requests completion. In queue: 70
17:05:43.0198 0x10b0  Waiting for KSN requests completion. In queue: 70
17:05:44.0398 0x10b0  AV detected via SS2: AntiVir Desktop, C:\Anwendungen\Avira\AntiVir Desktop\wsctool.exe ( 10.0.0.0 ), 0x41010 ( enabled : outofdate )
17:05:44.0448 0x10b0  Win FW state via NFP2: enabled
17:05:46.0908 0x10b0  ============================================================
17:05:46.0908 0x10b0  Scan finished
17:05:46.0908 0x10b0  ============================================================
17:05:46.0918 0x0c8c  Detected object count: 0
17:05:46.0918 0x0c8c  Actual detected object count: 0
17:06:07.0210 0x1300  Deinitialize success
         
Gruß,
Espelkamper

Alt 03.01.2015, 18:01   #10
schrauber
/// the machine
/// TB-Ausbilder
 

Windows 7 träge und ständig neue Maleware - Standard

Windows 7 träge und ständig neue Maleware



hi,

Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 03.01.2015, 18:28   #11
Espelkamper
 
Windows 7 träge und ständig neue Maleware - Standard

Scan mit Combofix



Hallo Schrauber,
gut, Combofix hat auch gleich geloadet und loadet nicht mehr.
Der Scan läuft jetzt gerade.
Gruß,
Espelkamper

Alt 03.01.2015, 20:15   #12
schrauber
/// the machine
/// TB-Ausbilder
 

Windows 7 träge und ständig neue Maleware - Standard

Windows 7 träge und ständig neue Maleware



ok
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 03.01.2015, 21:15   #13
Espelkamper
 
Windows 7 träge und ständig neue Maleware - Standard

Combofix.log



Hallo Schrauber,
das Scannen hat ein wenig länger gedauert, weil ich zweimal scannen mußte.
Nach dem ersten Durchlauf konnte ich Avira nicht wieder aktivieren und nach dem Neustart war die Datei log.txt nicht auffindbar.
Das Scannen an sich verlief problemlos und ohne Fehlermeldungen, allerdings sind die dafür veranschlagten 10 Minuten leicht untertrieben.

Hier nun die Log.txt:
Code:
ATTFilter
ComboFix 15-01-02.01 - Travel Mate 03.01.2015  19:02:54.2.2 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.3764.2406 [GMT 1:00]
ausgeführt von:: c:\users\Travel Mate\Desktop\AV\ComboFix.exe
AV: AntiVir Desktop *Disabled/Outdated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Outdated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((   Dateien erstellt von 2014-12-03 bis 2015-01-03  ))))))))))))))))))))))))))))))
.
.
2015-01-03 18:11 . 2015-01-03 18:11	--------	d-----w-	c:\users\Default\AppData\Local\temp
2015-01-02 17:41 . 2015-01-02 17:43	--------	d-----w-	C:\FRST
2014-12-31 23:51 . 2014-12-31 23:51	--------	d-sh--w-	c:\users\Travel Mate\AppData\Local\EmieUserList
2014-12-31 23:51 . 2014-12-31 23:51	--------	d-sh--w-	c:\users\Travel Mate\AppData\Local\EmieSiteList
2014-12-31 23:51 . 2014-12-31 23:51	--------	d-sh--w-	c:\users\Travel Mate\AppData\Local\EmieBrowserModeList
2014-12-31 16:36 . 2013-10-14 17:00	28368	----a-w-	c:\windows\system32\IEUDINIT.EXE
2014-12-31 16:25 . 2014-12-31 16:25	940032	----a-w-	c:\windows\system32\MsSpellCheckingFacility.exe
2014-12-31 16:25 . 2014-12-31 16:25	194048	----a-w-	c:\windows\SysWow64\elshyph.dll
2014-12-31 16:14 . 2014-12-31 16:14	878080	----a-w-	c:\windows\system32\advapi32.dll
2014-12-31 16:13 . 2014-12-31 16:13	68608	----a-w-	c:\windows\system32\taskhost.exe
2014-12-31 16:10 . 2014-12-31 16:10	1887232	----a-w-	c:\windows\system32\d3d11.dll
2014-12-31 16:10 . 2014-12-31 16:10	1505280	----a-w-	c:\windows\SysWow64\d3d11.dll
2014-12-15 17:48 . 2015-01-03 17:51	--------	d--h--w-	c:\programdata\{CA2FACF7-9029-4A21-892B-E7F60B39FF1A}
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-12-31 16:14 . 2014-12-31 16:14	44032	----a-w-	c:\windows\apppatch\acwow64.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2011-04-19 1097808]
"avgnt"="c:\anwendungen\Avira\AntiVir Desktop\avgnt.exe" [2010-08-02 281768]
"FreePDF Assistant"="c:\program files (x86)\FreePDF_XP\fpassist.exe" [2013-03-14 373760]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSimpleNetIDList"= 1 (0x1)
"NoDiskSpaceChecks"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\anwendungen\Avira\AntiVir Desktop\sched.exe;c:\anwendungen\Avira\AntiVir Desktop\sched.exe [x]
S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe;c:\program files (x86)\Launch Manager\dsiwmis.exe [x]
S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [x]
S2 GREGService;GREGService;c:\program files (x86)\Acer\Registration\GREGsvc.exe;c:\program files (x86)\Acer\Registration\GREGsvc.exe [x]
S2 Live Updater Service;Live Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe;c:\program files\Acer\Acer Updater\UpdaterService.exe [x]
S2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe;c:\program files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [x]
S2 RS_Service;Raw Socket Service;c:\program files (x86)\Acer\Acer VCM\RS_Service.exe;c:\program files (x86)\Acer\Acer VCM\RS_Service.exe [x]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\drivers\HECIx64.sys;c:\windows\SYSNATIVE\drivers\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys;c:\windows\SYSNATIVE\drivers\Impcd.sys [x]
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys;c:\windows\SYSNATIVE\DRIVERS\k57nd60a.sys [x]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\System32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-06-20 167704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-06-20 392472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-06-20 416024]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-06-09 11860072]
"Power Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2011-05-10 1831528]
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = about:blank
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - 
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2015-01-03  19:13:28
ComboFix-quarantined-files.txt  2015-01-03 18:13
ComboFix2.txt  2015-01-03 17:45
.
Vor Suchlauf: 43 Verzeichnis(se), 67.923.795.968 Bytes frei
Nach Suchlauf: 44 Verzeichnis(se), 67.853.959.168 Bytes frei
.
- - End Of File - - 2E84355F3B7DF483E97CC061F4A53AF6
         
Gruß und angenehme Nachtruhe,
Espelkamper

Alt 04.01.2015, 11:01   #14
schrauber
/// the machine
/// TB-Ausbilder
 

Windows 7 träge und ständig neue Maleware - Standard

Windows 7 träge und ständig neue Maleware



Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 05.01.2015, 06:06   #15
Espelkamper
 
Windows 7 träge und ständig neue Maleware - Standard

Log-Dateien



Hallo Schrauber,
habe die beschriebenen Programme durchlaufen lassen, braucht bei der Menge etwas länger.
Was mir übrigens noch aufgefallen war und auch für den heutigen Tag wieder der Fall ist, ist, daß im Internet Explorer unter Verlauf diverse Server auftauchen, die ich nicht aufgerufen habe.
Hier also nun die Log-Dateien.

MABM.txt vom 5.1.15
(Während des Scans wurden zwei Einträge in Quarantäne verschoben, "neth.dll" und ein langer Sermon {..}. Allerdings steht in dieser jüngsten von drei Dateien nichts dazu.)
Code:
ATTFilter
 Malwarebytes Anti-Malware 
www.malwarebytes.org


Scan, 05.01.2015 00:11:21, SYSTEM, ACERTM, Manual, Start: % 1 "% 2", Dauer: % 1 min 36 Sekunden, Bedrohungs-Suchlauf, Abgeschlossen, 2 Malwareerkennung, 0-Malwareerkennung, 

(end)
         


AdwCleaner[S0].txt vom 5.1.15
Code:
ATTFilter
# AdwCleaner v4.106 - Bericht erstellt am 05/01/2015 um 05:13:48
# Aktualisiert 21/12/2014 von Xplode
# Database : 2015-01-03.1 [Live]
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : Travel Mate - ACERTM
# Gestartet von : C:\Users\Travel Mate\Desktop\AV\AdwCleaner_4.106.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****


***** [ Tasks ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKCU\Software\Conduit
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{EE171732-BEB4-4576-887D-CB62727F01CA}

***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.17496


*************************

AdwCleaner[R0].txt - [962 octets] - [05/01/2015 05:10:21]
AdwCleaner[S0].txt - [834 octets] - [05/01/2015 05:13:48]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [893 octets] ##########
         

JRT.txt vom 5.1.15
Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.1 (12.28.2014:1)
OS: Windows 7 Home Premium x64
Ran by Travel Mate on 05.01.2015 at  5:24:29,12
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 05.01.2015 at  5:27:16,01
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         

5.1.15

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 04-01-2015
Ran by Travel Mate (administrator) on ACERTM on 05-01-2015 05:47:23
Running from C:\Users\Travel Mate\Desktop\AV
Loaded Profile: Travel Mate (Available profiles: Travel Mate)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Avira GmbH) C:\Anwendungen\Avira\AntiVir Desktop\sched.exe
(Avira GmbH) C:\Anwendungen\Avira\AntiVir Desktop\avguard.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Avira GmbH) C:\Anwendungen\Avira\AntiVir Desktop\avshadow.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Avira GmbH) C:\Anwendungen\Avira\AntiVir Desktop\avgnt.exe
(shbox.de) C:\Program Files (x86)\FreePDF_XP\fpassist.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(InterVideo) C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2723624 2011-03-28] (Synaptics Incorporated)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11860072 2011-06-09] (Realtek Semiconductor)
HKLM\...\Run: [Power Management] => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [1831528 2011-05-10] (Acer Incorporated)
HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [1097808 2011-04-19] (Dritek System Inc.)
HKLM-x32\...\Run: [avgnt] => C:\Anwendungen\Avira\AntiVir Desktop\avgnt.exe [281768 2010-08-02] (Avira GmbH)
HKLM-x32\...\Run: [FreePDF Assistant] => C:\Program Files (x86)\FreePDF_XP\fpassist.exe [373760 2013-03-14] (shbox.de)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3003312382-2928224955-3310159703-1000\...\Policies\Explorer: [NoDiskSpaceChecks] 1

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-3003312382-2928224955-3310159703-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3003312382-2928224955-3310159703-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-3003312382-2928224955-3310159703-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Acer\Acer VCM\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.0.1 -> C:\Anwendungen\VLC\npvlc.dll (VideoLAN)
FF StartMenuInternet: FIREFOX.EXE - C:\Anwendungen\Firefox\firefox.exe

Chrome: 
=======

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AntiVirSchedulerService; C:\Anwendungen\Avira\AntiVir Desktop\sched.exe [135336 2010-08-02] (Avira GmbH)
R2 AntiVirService; C:\Anwendungen\Avira\AntiVir Desktop\avguard.exe [267944 2010-08-02] (Avira GmbH)
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-02] (Symantec Corporation)
R2 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [256832 2011-04-24] (NTI Corporation)
R2 RS_Service; C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe [260640 2010-01-30] (Acer Incorporated)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [81584 2010-08-02] (Avira GmbH)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [116568 2010-08-02] (Avira GmbH)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-05 05:27 - 2015-01-05 05:27 - 00000631 _____ () C:\Users\Travel Mate\Desktop\JRT.txt
2015-01-05 05:24 - 2015-01-05 05:24 - 00000000 ____D () C:\Windows\ERUNT
2015-01-05 05:10 - 2015-01-05 05:13 - 00000000 ____D () C:\AdwCleaner
2015-01-04 23:25 - 2015-01-05 05:06 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-04 23:23 - 2015-01-04 23:23 - 00001110 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-01-04 23:23 - 2015-01-04 23:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-01-04 23:23 - 2015-01-04 23:23 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-01-04 23:23 - 2015-01-04 23:23 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2015-01-04 23:23 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-01-04 23:23 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-01-04 23:23 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-01-03 19:13 - 2015-01-03 19:13 - 00010539 _____ () C:\ComboFix.txt
2015-01-03 18:18 - 2015-01-03 19:13 - 00000000 ____D () C:\Qoobox
2015-01-03 18:18 - 2015-01-03 18:44 - 00000000 ____D () C:\Windows\erdnt
2015-01-03 18:18 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-01-03 18:18 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-01-03 18:18 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-01-03 18:18 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-01-03 18:18 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-01-03 18:18 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2015-01-03 18:18 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2015-01-03 18:18 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2015-01-03 17:03 - 2015-01-03 17:03 - 00000000 ____D () C:\Users\Travel Mate\Downloads\tdsskiller
2015-01-03 17:02 - 2015-01-03 17:02 - 04166770 _____ () C:\Users\Travel Mate\Downloads\tdsskiller.zip
2015-01-03 16:50 - 2015-01-03 16:50 - 02213976 _____ (Kaspersky Lab ZAO) C:\Users\Travel Mate\Downloads\tdsskiller.exe
2015-01-03 13:27 - 2015-01-03 13:27 - 419291031 _____ () C:\Windows\MEMORY.DMP
2015-01-03 13:27 - 2015-01-03 13:27 - 00442624 _____ () C:\Windows\Minidump\010315-28048-01.dmp
2015-01-03 13:27 - 2015-01-03 13:27 - 00000000 ____D () C:\Windows\Minidump
2015-01-02 19:18 - 2015-01-02 19:18 - 00000000 _____ () C:\Users\Travel Mate\defogger_reenable
2015-01-02 18:41 - 2015-01-05 05:47 - 00000000 ____D () C:\FRST
2015-01-02 18:23 - 2015-01-05 05:47 - 00000000 ____D () C:\Users\Travel Mate\Desktop\AV
2015-01-02 11:38 - 2015-01-02 11:38 - 00131551 _____ () C:\Users\Travel Mate\Documents\Avira_AntiVir_Rescue_System_12_2014.htm
2015-01-02 11:38 - 2015-01-02 11:38 - 00000000 ____D () C:\Users\Travel Mate\Documents\Avira_AntiVir_Rescue_System_12_2014-Dateien
2015-01-02 11:37 - 2015-01-02 12:08 - 647282688 _____ () C:\Users\Travel Mate\Downloads\rescue-12system.iso
2015-01-02 11:35 - 2015-01-02 12:04 - 154051656 _____ () C:\Users\Travel Mate\Downloads\avira_free_antivirus468_de.exe
2015-01-02 11:34 - 2015-01-02 11:34 - 00138414 _____ () C:\Users\Travel Mate\Documents\Avira-AntiVir-Rescue-System_30971022.htm
2015-01-02 11:32 - 2015-01-02 11:34 - 04549888 _____ (Avira Operations & Co. KG) C:\Users\Travel Mate\Downloads\avira_de_av___ws.exe
2015-01-01 13:20 - 2015-01-01 13:20 - 05490752 _____ (Secunia) C:\Users\Travel Mate\Downloads\PSISetup10004.exe
2015-01-01 13:19 - 2015-01-01 13:19 - 00022106 _____ () C:\Users\Travel Mate\Documents\Secunia_Personal_Software_Inspector_PSI_30_Build_10004.htm
2015-01-01 13:19 - 2015-01-01 13:19 - 00000000 ____D () C:\Users\Travel Mate\Documents\Secunia_Personal_Software_Inspector_PSI_30_Build_10004-Dateien
2015-01-01 13:15 - 2015-01-01 13:15 - 00051683 _____ () C:\Users\Travel Mate\Documents\Secunia_Personal_Software_Inspector_PSI.htm
2015-01-01 13:15 - 2015-01-01 13:15 - 00000000 ____D () C:\Users\Travel Mate\Documents\Secunia_Personal_Software_Inspector_PSI-Dateien
2015-01-01 13:14 - 2015-01-01 13:14 - 00709564 _____ () C:\Users\Travel Mate\Downloads\delfix_10.8.exe
2015-01-01 13:13 - 2015-01-01 13:13 - 00021265 _____ () C:\Users\Travel Mate\Documents\DELFIX.HTM
2015-01-01 13:13 - 2015-01-01 13:13 - 00000000 ____D () C:\Users\Travel Mate\Documents\DELFIX-Dateien
2015-01-01 13:11 - 2015-01-01 13:12 - 04134156 _____ () C:\Users\Travel Mate\Downloads\zoek.zip
2015-01-01 13:11 - 2015-01-01 13:11 - 04134156 _____ () C:\Users\Travel Mate\Documents\zoek.zip
2015-01-01 13:11 - 2015-01-01 13:11 - 00003594 _____ () C:\Users\Travel Mate\Documents\ZOEK.HTM
2015-01-01 13:11 - 2015-01-01 13:11 - 00000000 ____D () C:\Users\Travel Mate\Documents\ZOEK-Dateien
2015-01-01 13:07 - 2015-01-03 18:14 - 05605575 _____ (Swearware) C:\Users\Travel Mate\Downloads\ComboFix.exe
2015-01-01 13:07 - 2015-01-01 13:08 - 05604036 _____ (Swearware) C:\Users\Travel Mate\Downloads\ComboFix_.exe
2015-01-01 13:07 - 2015-01-01 13:07 - 00448512 _____ (OldTimer Tools) C:\Users\Travel Mate\Downloads\TFC.exe
2015-01-01 13:06 - 2015-01-01 13:06 - 00018203 _____ () C:\Users\Travel Mate\Documents\Temp_File_Cleaner_htm.htm
2015-01-01 13:06 - 2015-01-01 13:06 - 00000000 ____D () C:\Users\Travel Mate\Documents\Temp_File_Cleaner_htm-Dateien
2015-01-01 13:05 - 2015-01-01 13:05 - 00050343 _____ () C:\Users\Travel Mate\Documents\Anleitung_Malwarebytes_Anti-Malware.htm
2015-01-01 13:05 - 2015-01-01 13:05 - 00000000 ____D () C:\Users\Travel Mate\Documents\Anleitung_Malwarebytes_Anti-Malware-Dateien
2015-01-01 13:04 - 2015-01-01 13:05 - 01707939 _____ (Thisisu) C:\Users\Travel Mate\Downloads\JRT.exe
2015-01-01 13:03 - 2015-01-01 13:03 - 00019613 _____ () C:\Users\Travel Mate\Documents\Junkware_Removal_Tool.htm
2015-01-01 13:03 - 2015-01-01 13:03 - 00000000 ____D () C:\Users\Travel Mate\Documents\Junkware_Removal_Tool-Dateien
2015-01-01 13:02 - 2015-01-01 13:03 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Travel Mate\Downloads\mbam-setup-2.0.4.1028.exe
2015-01-01 13:01 - 2015-01-01 13:01 - 00021468 _____ () C:\Users\Travel Mate\Documents\Malwarebytes_Anti-Malware.htm
2015-01-01 13:01 - 2015-01-01 13:01 - 00000000 ____D () C:\Users\Travel Mate\Documents\Malwarebytes_Anti-Malware-Dateien
2015-01-01 13:00 - 2015-01-01 13:00 - 02173952 _____ () C:\Users\Travel Mate\Downloads\AdwCleaner_4.106.exe
2015-01-01 12:59 - 2015-01-01 12:59 - 00019908 _____ () C:\Users\Travel Mate\Documents\AdwCleaner.htm
2015-01-01 12:59 - 2015-01-01 12:59 - 00000000 ____D () C:\Users\Travel Mate\Documents\AdwCleaner-Dateien
2015-01-01 12:57 - 2015-01-01 12:57 - 00017259 _____ () C:\Users\Travel Mate\Documents\GMER.HTM
2015-01-01 12:57 - 2015-01-01 12:57 - 00000000 ____D () C:\Users\Travel Mate\Documents\GMER-Dateien
2015-01-01 12:56 - 2015-01-01 12:56 - 02123264 _____ (Farbar) C:\Users\Travel Mate\Downloads\FRST64.exe
2015-01-01 12:56 - 2015-01-01 12:56 - 00380416 _____ () C:\Users\Travel Mate\Downloads\8tccbsdg.exe
2015-01-01 12:55 - 2015-01-01 12:56 - 01114624 _____ (Farbar) C:\Users\Travel Mate\Downloads\FRST.exe
2015-01-01 12:54 - 2015-01-01 12:54 - 00018850 _____ () C:\Users\Travel Mate\Documents\Farbar_Recovery_Scan_Tool_FRST.htm
2015-01-01 12:54 - 2015-01-01 12:54 - 00000000 ____D () C:\Users\Travel Mate\Documents\Farbar_Recovery_Scan_Tool_FRST-Dateien
2015-01-01 12:53 - 2015-01-01 12:53 - 00050477 _____ () C:\Users\Travel Mate\Downloads\Defogger.exe
2015-01-01 12:52 - 2015-01-01 12:52 - 00017443 _____ () C:\Users\Travel Mate\Documents\DEFOGGER.HTM
2015-01-01 12:52 - 2015-01-01 12:52 - 00000000 ____D () C:\Users\Travel Mate\Documents\DEFOGGER-Dateien
2015-01-01 12:21 - 2015-01-01 12:21 - 00045782 _____ () C:\Users\Travel Mate\Documents\Trojaner-Board_de_Logfiles_posten.htm
2015-01-01 12:21 - 2015-01-01 12:21 - 00000000 ____D () C:\Users\Travel Mate\Documents\Trojaner-Board_de_Logfiles_posten-Dateien
2015-01-01 12:06 - 2015-01-01 12:06 - 00000000 ____D () C:\Users\Travel Mate\Documents\Windows_XP_TR_Vawtrak_A_284_und_TR_Matsnu_J_12_2-Dateien
2015-01-01 12:05 - 2015-01-01 12:06 - 00156252 _____ () C:\Users\Travel Mate\Documents\Windows_XP_TR_Vawtrak_A_284_und_TR_Matsnu_J_12_2.htm
2015-01-01 12:05 - 2015-01-01 12:05 - 00331514 _____ () C:\Users\Travel Mate\Documents\Windows_XP_TR_Vawtrak_A_284_und_TR_Matsnu_J_12_1.htm
2015-01-01 12:05 - 2015-01-01 12:05 - 00331322 _____ () C:\Users\Travel Mate\Documents\Windows_XP_TR_Vawtrak_A_284_und_TR_Matsnu_J_12.htm
2015-01-01 12:05 - 2015-01-01 12:05 - 00000000 ____D () C:\Users\Travel Mate\Documents\Windows_XP_TR_Vawtrak_A_284_und_TR_Matsnu_J_12-Dateien
2015-01-01 12:05 - 2015-01-01 12:05 - 00000000 ____D () C:\Users\Travel Mate\Documents\Windows_XP_TR_Vawtrak_A_284_und_TR_Matsnu_J_12_1-Dateien
2015-01-01 12:03 - 2015-01-01 12:03 - 00058658 _____ () C:\Users\Travel Mate\Documents\Anleitung_fuer_Hilfesuchende_bei_Trojaner-_und_Virenbefall.htm
2015-01-01 12:03 - 2015-01-01 12:03 - 00000000 ____D () C:\Users\Travel Mate\Documents\Anleitung_fuer_Hilfesuchende_bei_Trojaner-_und_Virenbefall-Dateien
2015-01-01 11:33 - 2015-01-01 11:33 - 00000227 _____ () C:\Users\Travel Mate\AVIRA.TXT
2015-01-01 00:51 - 2015-01-01 00:51 - 00000000 __SHD () C:\Users\Travel Mate\AppData\Local\EmieUserList
2015-01-01 00:51 - 2015-01-01 00:51 - 00000000 __SHD () C:\Users\Travel Mate\AppData\Local\EmieSiteList
2015-01-01 00:51 - 2015-01-01 00:51 - 00000000 __SHD () C:\Users\Travel Mate\AppData\Local\EmieBrowserModeList
2015-01-01 00:46 - 2015-01-01 00:46 - 00025508 _____ () C:\Users\Travel Mate\Documents\HKCU_Ycgau.reg
2015-01-01 00:45 - 2015-01-01 00:45 - 00025500 _____ () C:\Users\Travel Mate\Documents\HKCU_Evyv.reg
2015-01-01 00:45 - 2015-01-01 00:45 - 00025322 _____ () C:\Users\Travel Mate\Documents\HKCUÖXuhek.reg
2015-01-01 00:44 - 2015-01-01 00:44 - 00025508 _____ () C:\Users\Travel Mate\Documents\HKCU_Daypo.reg
2015-01-01 00:44 - 2015-01-01 00:44 - 00025370 _____ () C:\Users\Travel Mate\Documents\HKCU_Edpo.reg
2015-01-01 00:40 - 2015-01-01 00:40 - 00000432 _____ () C:\Users\Travel Mate\Documents\HKCU_Run_141231.reg
2014-12-31 17:36 - 2013-10-14 18:00 - 00028368 _____ (Microsoft Corporation) C:\Windows\system32\IEUDINIT.EXE
2014-12-31 17:25 - 2014-12-31 17:25 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-12-31 17:25 - 2014-12-31 17:25 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2014-12-31 17:24 - 2014-12-31 17:24 - 25059840 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-12-31 17:24 - 2014-12-31 17:24 - 19749376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-12-31 17:24 - 2014-12-31 17:24 - 14412800 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-12-31 17:24 - 2014-12-31 17:24 - 12836864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-12-31 17:24 - 2014-12-31 17:24 - 06039552 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-12-31 17:24 - 2014-12-31 17:24 - 04299264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-12-31 17:24 - 2014-12-31 17:24 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-12-31 17:24 - 2014-12-31 17:24 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-12-31 17:24 - 2014-12-31 17:24 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-12-31 17:24 - 2014-12-31 17:24 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-12-31 17:24 - 2014-12-31 17:24 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-12-31 17:24 - 2014-12-31 17:24 - 02125312 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-12-31 17:24 - 2014-12-31 17:24 - 02052096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-12-31 17:24 - 2014-12-31 17:24 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-12-31 17:24 - 2014-12-31 17:24 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-12-31 17:24 - 2014-12-31 17:24 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-12-31 17:24 - 2014-12-31 17:24 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-12-31 17:24 - 2014-12-31 17:24 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-12-31 17:24 - 2014-12-31 17:24 - 00942592 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
2014-12-31 17:24 - 2014-12-31 17:24 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-12-31 17:24 - 2014-12-31 17:24 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-12-31 17:24 - 2014-12-31 17:24 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-12-31 17:24 - 2014-12-31 17:24 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-12-31 17:24 - 2014-12-31 17:24 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-12-31 17:24 - 2014-12-31 17:24 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-12-31 17:24 - 2014-12-31 17:24 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-12-31 17:24 - 2014-12-31 17:24 - 00645120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsIntl.dll
2014-12-31 17:24 - 2014-12-31 17:24 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-12-31 17:24 - 2014-12-31 17:24 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-12-31 17:24 - 2014-12-31 17:24 - 00616104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2014-12-31 17:24 - 2014-12-31 17:24 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2014-12-31 17:24 - 2014-12-31 17:24 - 00610304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-12-31 17:24 - 2014-12-31 17:24 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-12-31 17:24 - 2014-12-31 17:24 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-12-31 17:24 - 2014-12-31 17:24 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-12-31 17:24 - 2014-12-31 17:24 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-12-31 17:24 - 2014-12-31 17:24 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-12-31 17:24 - 2014-12-31 17:24 - 00413696 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2014-12-31 17:24 - 2014-12-31 17:24 - 00389296 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-12-31 17:24 - 2014-12-31 17:24 - 00342200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-12-31 17:24 - 2014-12-31 17:24 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2014-12-31 17:24 - 2014-12-31 17:24 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-12-31 17:24 - 2014-12-31 17:24 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-12-31 17:24 - 2014-12-31 17:24 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2014-12-31 17:24 - 2014-12-31 17:24 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2014-12-31 17:24 - 2014-12-31 17:24 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-12-31 17:24 - 2014-12-31 17:24 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2014-12-31 17:24 - 2014-12-31 17:24 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2014-12-31 17:24 - 2014-12-31 17:24 - 00208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2014-12-31 17:24 - 2014-12-31 17:24 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-12-31 17:24 - 2014-12-31 17:24 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2014-12-31 17:24 - 2014-12-31 17:24 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-12-31 17:24 - 2014-12-31 17:24 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2014-12-31 17:24 - 2014-12-31 17:24 - 00151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2014-12-31 17:24 - 2014-12-31 17:24 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2014-12-31 17:24 - 2014-12-31 17:24 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-12-31 17:24 - 2014-12-31 17:24 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2014-12-31 17:24 - 2014-12-31 17:24 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2014-12-31 17:24 - 2014-12-31 17:24 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2014-12-31 17:24 - 2014-12-31 17:24 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2014-12-31 17:24 - 2014-12-31 17:24 - 00127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2014-12-31 17:24 - 2014-12-31 17:24 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2014-12-31 17:24 - 2014-12-31 17:24 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-12-31 17:24 - 2014-12-31 17:24 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-12-31 17:24 - 2014-12-31 17:24 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2014-12-31 17:24 - 2014-12-31 17:24 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-12-31 17:24 - 2014-12-31 17:24 - 00101376 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2014-12-31 17:24 - 2014-12-31 17:24 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-12-31 17:24 - 2014-12-31 17:24 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2014-12-31 17:24 - 2014-12-31 17:24 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-12-31 17:24 - 2014-12-31 17:24 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-12-31 17:24 - 2014-12-31 17:24 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2014-12-31 17:24 - 2014-12-31 17:24 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2014-12-31 17:24 - 2014-12-31 17:24 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2014-12-31 17:24 - 2014-12-31 17:24 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-12-31 17:24 - 2014-12-31 17:24 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2014-12-31 17:24 - 2014-12-31 17:24 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-12-31 17:24 - 2014-12-31 17:24 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2014-12-31 17:24 - 2014-12-31 17:24 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2014-12-31 17:24 - 2014-12-31 17:24 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2014-12-31 17:24 - 2014-12-31 17:24 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-12-31 17:24 - 2014-12-31 17:24 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-12-31 17:24 - 2014-12-31 17:24 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2014-12-31 17:24 - 2014-12-31 17:24 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-12-31 17:24 - 2014-12-31 17:24 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2014-12-31 17:24 - 2014-12-31 17:24 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-12-31 17:24 - 2014-12-31 17:24 - 00056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2014-12-31 17:24 - 2014-12-31 17:24 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-12-31 17:24 - 2014-12-31 17:24 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-12-31 17:24 - 2014-12-31 17:24 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2014-12-31 17:24 - 2014-12-31 17:24 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2014-12-31 17:24 - 2014-12-31 17:24 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-12-31 17:24 - 2014-12-31 17:24 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2014-12-31 17:24 - 2014-12-31 17:24 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-12-31 17:24 - 2014-12-31 17:24 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-12-31 17:24 - 2014-12-31 17:24 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2014-12-31 17:24 - 2014-12-31 17:24 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2014-12-31 17:24 - 2014-12-31 17:24 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-12-31 17:24 - 2014-12-31 17:24 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-12-31 17:24 - 2014-12-31 17:24 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2014-12-31 17:24 - 2014-12-31 17:24 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2014-12-31 17:24 - 2014-12-31 17:24 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-12-31 17:24 - 2014-12-31 17:24 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2014-12-31 17:24 - 2014-12-31 17:24 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-12-31 17:24 - 2014-12-31 17:24 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2014-12-31 17:24 - 2014-12-31 17:24 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-12-31 17:14 - 2014-12-31 17:14 - 05549504 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-12-31 17:14 - 2014-12-31 17:14 - 03969472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2014-12-31 17:14 - 2014-12-31 17:14 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2014-12-31 17:14 - 2014-12-31 17:14 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-12-31 17:14 - 2014-12-31 17:14 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2014-12-31 17:14 - 2014-12-31 17:14 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2014-12-31 17:14 - 2014-12-31 17:14 - 01161216 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2014-12-31 17:14 - 2014-12-31 17:14 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2014-12-31 17:14 - 2014-12-31 17:14 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2014-12-31 17:14 - 2014-12-31 17:14 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2014-12-31 17:14 - 2014-12-31 17:14 - 00640512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2014-12-31 17:14 - 2014-12-31 17:14 - 00619520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2014-12-31 17:14 - 2014-12-31 17:14 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2014-12-31 17:14 - 2014-12-31 17:14 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2014-12-31 17:14 - 2014-12-31 17:14 - 00376688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2014-12-31 17:14 - 2014-12-31 17:14 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2014-12-31 17:14 - 2014-12-31 17:14 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2014-12-31 17:14 - 2014-12-31 17:14 - 00327168 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll
2014-12-31 17:14 - 2014-12-31 17:14 - 00288088 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2014-12-31 17:14 - 2014-12-31 17:14 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2014-12-31 17:14 - 2014-12-31 17:14 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2014-12-31 17:14 - 2014-12-31 17:14 - 00231424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswsock.dll
2014-12-31 17:14 - 2014-12-31 17:14 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2014-12-31 17:14 - 2014-12-31 17:14 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2014-12-31 17:14 - 2014-12-31 17:14 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2014-12-31 17:14 - 2014-12-31 17:14 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2014-12-31 17:14 - 2014-12-31 17:14 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2014-12-31 17:14 - 2014-12-31 17:14 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2014-12-31 17:14 - 2014-12-31 17:14 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2014-12-31 17:14 - 2014-12-31 17:14 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2014-12-31 17:14 - 2014-12-31 17:14 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2014-12-31 17:14 - 2014-12-31 17:14 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2014-12-31 17:14 - 2014-12-31 17:14 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2014-12-31 17:14 - 2014-12-31 17:14 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2014-12-31 17:14 - 2014-12-31 17:14 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2014-12-31 17:14 - 2014-12-31 17:14 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2014-12-31 17:14 - 2014-12-31 17:14 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2014-12-31 17:14 - 2014-12-31 17:14 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2014-12-31 17:14 - 2014-12-31 17:14 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2014-12-31 17:14 - 2014-12-31 17:14 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2014-12-31 17:14 - 2014-12-31 17:14 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2014-12-31 17:14 - 2014-12-31 17:14 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2014-12-31 17:14 - 2014-12-31 17:14 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2014-12-31 17:14 - 2014-12-31 17:14 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2014-12-31 17:14 - 2014-12-31 17:14 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2014-12-31 17:14 - 2014-12-31 17:14 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2014-12-31 17:14 - 2014-12-31 17:14 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2014-12-31 17:14 - 2014-12-31 17:14 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2014-12-31 17:14 - 2014-12-31 17:14 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2014-12-31 17:14 - 2014-12-31 17:14 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2014-12-31 17:14 - 2014-12-31 17:14 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2014-12-31 17:14 - 2014-12-31 17:14 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2014-12-31 17:14 - 2014-12-31 17:14 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2014-12-31 17:14 - 2014-12-31 17:14 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2014-12-31 17:14 - 2014-12-31 17:14 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2014-12-31 17:14 - 2014-12-31 17:14 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2014-12-31 17:14 - 2014-12-31 17:14 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2014-12-31 17:14 - 2014-12-31 17:14 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2014-12-31 17:14 - 2014-12-31 17:14 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2014-12-31 17:14 - 2014-12-31 17:14 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2014-12-31 17:14 - 2014-12-31 17:14 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2014-12-31 17:14 - 2014-12-31 17:14 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2014-12-31 17:14 - 2014-12-31 17:14 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2014-12-31 17:14 - 2014-12-31 17:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2014-12-31 17:14 - 2014-12-31 17:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2014-12-31 17:14 - 2014-12-31 17:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2014-12-31 17:14 - 2014-12-31 17:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2014-12-31 17:14 - 2014-12-31 17:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2014-12-31 17:14 - 2014-12-31 17:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2014-12-31 17:14 - 2014-12-31 17:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2014-12-31 17:14 - 2014-12-31 17:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2014-12-31 17:14 - 2014-12-31 17:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2014-12-31 17:14 - 2014-12-31 17:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2014-12-31 17:14 - 2014-12-31 17:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2014-12-31 17:14 - 2014-12-31 17:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2014-12-31 17:14 - 2014-12-31 17:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2014-12-31 17:14 - 2014-12-31 17:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2014-12-31 17:14 - 2014-12-31 17:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2014-12-31 17:14 - 2014-12-31 17:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2014-12-31 17:14 - 2014-12-31 17:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2014-12-31 17:14 - 2014-12-31 17:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2014-12-31 17:14 - 2014-12-31 17:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2014-12-31 17:14 - 2014-12-31 17:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2014-12-31 17:14 - 2014-12-31 17:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2014-12-31 17:14 - 2014-12-31 17:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2014-12-31 17:14 - 2014-12-31 17:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2014-12-31 17:14 - 2014-12-31 17:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2014-12-31 17:14 - 2014-12-31 17:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2014-12-31 17:14 - 2014-12-31 17:14 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2014-12-31 17:13 - 2014-12-31 17:13 - 00068608 _____ (Microsoft Corporation) C:\Windows\system32\taskhost.exe
2014-12-31 17:12 - 2014-12-31 17:12 - 03928064 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2014-12-31 17:12 - 2014-12-31 17:12 - 03419136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2014-12-31 17:12 - 2014-12-31 17:12 - 02776576 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2014-12-31 17:12 - 2014-12-31 17:12 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-12-31 17:12 - 2014-12-31 17:12 - 02284544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2014-12-31 17:12 - 2014-12-31 17:12 - 01988096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-12-31 17:12 - 2014-12-31 17:12 - 01682432 _____ (Microsoft Corporation) C:\Windows\system32\XpsPrint.dll
2014-12-31 17:12 - 2014-12-31 17:12 - 01643520 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2014-12-31 17:12 - 2014-12-31 17:12 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-12-31 17:12 - 2014-12-31 17:12 - 01247744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2014-12-31 17:12 - 2014-12-31 17:12 - 01238528 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll
2014-12-31 17:12 - 2014-12-31 17:12 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-12-31 17:12 - 2014-12-31 17:12 - 01175552 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2014-12-31 17:12 - 2014-12-31 17:12 - 01158144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsPrint.dll
2014-12-31 17:12 - 2014-12-31 17:12 - 01080832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10.dll
2014-12-31 17:12 - 2014-12-31 17:12 - 00648192 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2014-12-31 17:12 - 2014-12-31 17:12 - 00604160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2014-12-31 17:12 - 2014-12-31 17:12 - 00522752 _____ (Microsoft Corporation) C:\Windows\system32\XpsGdiConverter.dll
2014-12-31 17:12 - 2014-12-31 17:12 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2014-12-31 17:12 - 2014-12-31 17:12 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2014-12-31 17:12 - 2014-12-31 17:12 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll
2014-12-31 17:12 - 2014-12-31 17:12 - 00363008 _____ (Microsoft Corporation) C:\Windows\system32\dxgi.dll
2014-12-31 17:12 - 2014-12-31 17:12 - 00333312 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll
2014-12-31 17:12 - 2014-12-31 17:12 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll
2014-12-31 17:12 - 2014-12-31 17:12 - 00293376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxgi.dll
2014-12-31 17:12 - 2014-12-31 17:12 - 00249856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1core.dll
2014-12-31 17:12 - 2014-12-31 17:12 - 00245248 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecsExt.dll
2014-12-31 17:12 - 2014-12-31 17:12 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\UIAnimation.dll
2014-12-31 17:12 - 2014-12-31 17:12 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10core.dll
2014-12-31 17:12 - 2014-12-31 17:12 - 00207872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecsExt.dll
2014-12-31 17:12 - 2014-12-31 17:12 - 00194560 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll
2014-12-31 17:12 - 2014-12-31 17:12 - 00187392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIAnimation.dll
2014-12-31 17:12 - 2014-12-31 17:12 - 00161792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1.dll
2014-12-31 17:12 - 2014-12-31 17:12 - 00010752 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2014-12-31 17:12 - 2014-12-31 17:12 - 00010752 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2014-12-31 17:12 - 2014-12-31 17:12 - 00009728 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2014-12-31 17:12 - 2014-12-31 17:12 - 00009728 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2014-12-31 17:12 - 2014-12-31 17:12 - 00005632 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2014-12-31 17:12 - 2014-12-31 17:12 - 00005632 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-ole32-l1-1-0.dll
2014-12-31 17:12 - 2014-12-31 17:12 - 00005632 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2014-12-31 17:12 - 2014-12-31 17:12 - 00005632 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2014-12-31 17:12 - 2014-12-31 17:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-user32-l1-1-0.dll
2014-12-31 17:12 - 2014-12-31 17:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2014-12-31 17:12 - 2014-12-31 17:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2014-12-31 17:12 - 2014-12-31 17:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2014-12-31 17:12 - 2014-12-31 17:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-version-l1-1-0.dll
2014-12-31 17:12 - 2014-12-31 17:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dll
2014-12-31 17:12 - 2014-12-31 17:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2014-12-31 17:12 - 2014-12-31 17:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2014-12-31 17:12 - 2014-12-31 17:12 - 00002560 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2014-12-31 17:12 - 2014-12-31 17:12 - 00002560 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2014-12-31 17:10 - 2014-12-31 17:10 - 01887232 _____ (Microsoft Corporation) C:\Windows\system32\d3d11.dll
2014-12-31 17:10 - 2014-12-31 17:10 - 01505280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll
2014-12-29 15:28 - 2014-12-29 15:28 - 00082397 _____ () C:\Users\Travel Mate\Documents\Gericom_Phantom_16680_121519813587_30_50_Euro.htm
2014-12-29 15:28 - 2014-12-29 15:28 - 00000000 ____D () C:\Users\Travel Mate\Documents\Gericom_Phantom_16680_121519813587_30_50_Euro-Dateien
2014-12-29 10:28 - 2014-12-29 10:28 - 00000436 _____ () C:\Users\Travel Mate\Documents\HKCU_Run_141229.reg
2014-12-25 20:28 - 2014-12-25 20:28 - 00203951 _____ () C:\Users\Travel Mate\Documents\Laura_Scott_Spitzenkleid_tuerkis.htm
2014-12-25 20:28 - 2014-12-25 20:28 - 00000000 ____D () C:\Users\Travel Mate\Documents\Laura_Scott_Spitzenkleid_tuerkis-Dateien
2014-12-25 13:39 - 2014-12-25 13:39 - 00000432 _____ () C:\Users\Travel Mate\Documents\runagain.reg
2014-12-25 11:51 - 2014-12-25 11:51 - 00000432 _____ () C:\Users\Travel Mate\Documents\HKCU_Run_141225.reg
2014-12-24 08:29 - 2014-12-24 08:29 - 00056272 _____ () C:\Users\Travel Mate\Documents\art2725,983587.htm
2014-12-24 08:27 - 2014-12-24 08:27 - 00023541 _____ () C:\Users\Travel Mate\Documents\_*Schwarzwaldradio*_.htm
2014-12-24 08:27 - 2014-12-24 08:27 - 00000000 ____D () C:\Users\Travel Mate\Documents\_*Schwarzwaldradio*_-Dateien
2014-12-24 08:00 - 2014-12-24 08:00 - 00000000 ____D () C:\Users\Travel Mate\Documents\Creative_Labs_neue_Zen_Style_Modelle-Dateien
2014-12-24 07:59 - 2014-12-24 08:00 - 00021099 _____ () C:\Users\Travel Mate\Documents\Creative_Labs_neue_Zen_Style_Modelle.htm
2014-12-24 07:56 - 2014-12-24 07:56 - 00061777 _____ () C:\Users\Travel Mate\Documents\Creative_Labs_Zen_Style_100_Videos_umwandeln.htm
2014-12-24 07:56 - 2014-12-24 07:56 - 00000000 ____D () C:\Users\Travel Mate\Documents\Creative_Labs_Zen_Style_100_Videos_umwandeln-Dateien
2014-12-22 22:57 - 2014-12-22 22:57 - 00001159 _____ () C:\Users\Travel Mate\Desktop\AppData - Verknüpfung.lnk
2014-12-22 22:37 - 2014-12-22 22:37 - 00000434 _____ () C:\Users\Travel Mate\Documents\Roaming.reg
2014-12-21 22:51 - 2014-12-21 22:51 - 00073985 _____ () C:\Users\Travel Mate\Documents\Gericom_Hummer_2430e_XL_331400144916.htm
2014-12-21 22:51 - 2014-12-21 22:51 - 00000000 ____D () C:\Users\Travel Mate\Documents\Gericom_Hummer_2430e_XL_331400144916-Dateien
2014-12-21 22:19 - 2014-12-21 22:19 - 00092531 _____ () C:\Users\Travel Mate\Documents\Gericom_Blockbuster_Excellent_7000_1780_259IA2_331395379352.htm
2014-12-21 21:47 - 2014-12-21 21:47 - 00096734 _____ () C:\Users\Travel Mate\Documents\Gericom_Blockbuster_Radeon_MSW_NB251S5_151501184773.htm
2014-12-21 21:11 - 2014-12-21 21:11 - 00100095 _____ () C:\Users\Travel Mate\Documents\Gericom_Bellagio_1330e_G557_321607047670.htm
2014-12-21 21:11 - 2014-12-21 21:11 - 00000000 ____D () C:\Users\Travel Mate\Documents\Gericom_Bellagio_1330e_G557_321607047670-Dateien
2014-12-21 20:58 - 2014-12-21 20:58 - 00094714 _____ () C:\Users\Travel Mate\Documents\Gericom_Webgine_XL_Per4mance_S_2030_N356S1_141500030300.htm
2014-12-21 20:32 - 2014-12-21 20:32 - 00096743 _____ () C:\Users\Travel Mate\Documents\HP_Pavilion_ZV_5000_181599928144.htm
2014-12-21 20:32 - 2014-12-21 20:32 - 00000000 ____D () C:\Users\Travel Mate\Documents\HP_Pavilion_ZV_5000_181599928144-Dateien
2014-12-21 20:06 - 2014-12-21 20:07 - 00093252 _____ () C:\Users\Travel Mate\Documents\3_Stueck_Dell_Latitude_D620-D630_defekt_291325840383_114_Euro.htm
2014-12-21 20:06 - 2014-12-21 20:06 - 01699012 _____ () C:\Users\Travel Mate\Documents\XXXX 3_Stück_Dell_Latitude_D620-D630_defekt_291325840383_114_Euro.htm
2014-12-21 20:04 - 2014-12-21 20:04 - 00092498 _____ () C:\Users\Travel Mate\Documents\Medion_MD97400_231405188709.htm
2014-12-21 20:04 - 2014-12-21 20:04 - 00000000 ____D () C:\Users\Travel Mate\Documents\Medion_MD97400_231405188709-Dateien
2014-12-21 19:43 - 2014-12-21 19:43 - 00098434 _____ () C:\Users\Travel Mate\Documents\Samsung_SyncMaster_T200_161502083770.htm
2014-12-21 19:43 - 2014-12-21 19:43 - 00000000 ____D () C:\Users\Travel Mate\Documents\Samsung_SyncMaster_T200_161502083770-Dateien
2014-12-21 19:25 - 2014-12-21 19:25 - 00088275 _____ () C:\Users\Travel Mate\Documents\Gericom_Bellagio_1730e_181600258752.htm
2014-12-21 19:25 - 2014-12-21 19:25 - 00000000 ____D () C:\Users\Travel Mate\Documents\Gericom_Bellagio_1730e_181600258752-Dateien
2014-12-21 18:54 - 2014-12-21 18:54 - 00097706 _____ () C:\Users\Travel Mate\Documents\3_Speicherriegel_DIMM_2x512MB_1x1GB_161489607538.htm
2014-12-21 18:46 - 2014-12-21 18:46 - 00153316 _____ () C:\Users\Travel Mate\Documents\Hitachi_Ultrastar_HUA722050CLA330_500GB_291167355468.htm
2014-12-21 18:46 - 2014-12-21 18:46 - 00153316 _____ () C:\Users\Travel Mate\Documents\Hitachi_Deskstar_HUA722050CLA330_500GB_291167355468.htm
2014-12-21 17:34 - 2014-12-21 17:34 - 00000890 _____ () C:\Users\Travel Mate\Desktop\Downloads - Verknüpfung.lnk
2014-12-21 17:33 - 2014-12-21 17:33 - 00007667 _____ () C:\Users\Travel Mate\Desktop\141003 - Verknüpfung.lnk
2014-12-20 13:19 - 2014-12-20 13:20 - 00087604 _____ () C:\Users\Travel Mate\Documents\Dell Latitude D630_201241823587_147.htm
2014-12-20 10:26 - 2014-12-20 10:26 - 00000786 _____ () C:\Windows\KB2936068.log
2014-12-20 07:36 - 2014-12-20 07:37 - 00005314 _____ () C:\Windows\IE10_main.log
2014-12-20 07:30 - 2014-12-31 17:36 - 00024988 _____ () C:\Windows\IE11_main.log
2014-12-20 07:30 - 2014-12-20 07:37 - 00000134 _____ () C:\Users\Travel Mate\Desktop\Internet Explorer-Problembehebung.url
2014-12-15 22:26 - 2014-12-15 22:26 - 00099288 _____ () C:\Users\Travel Mate\Documents\Dell_Latitude_D630_261700909380_30_50.htm
2014-12-15 21:33 - 2014-12-15 21:33 - 00105122 _____ () C:\Users\Travel Mate\Desktop\Gericom_Bellagio_1720e_IPC_7521P_MIM2210_121498523874.htm
2014-12-15 20:02 - 2014-12-15 20:02 - 00096860 _____ () C:\Users\Travel Mate\Documents\Acer_Aspire_5315_ICL50_171557016246.htm
2014-12-15 19:39 - 2014-12-15 19:39 - 00102933 _____ () C:\Users\Travel Mate\Documents\Hitachi_Deskstar_HDS725050KLA360_500GB_221614269222.htm
2014-12-15 19:07 - 2014-12-15 19:07 - 00097716 _____ () C:\Users\Travel Mate\Desktop\Colorful_Nvidia_GeForce_9400_GT_512MB_4719331346072.html
2014-12-15 18:48 - 2015-01-05 05:04 - 00000000 ___HD () C:\ProgramData\{CA2FACF7-9029-4A21-892B-E7F60B39FF1A}
2014-12-15 15:51 - 2014-12-15 16:04 - 92789928 _____ (Ashampoo GmbH & Co. KG ) C:\Users\Travel Mate\Downloads\ashampoo_burning_studio_2014_12.0.5_15376.exe
2014-12-15 15:50 - 2014-12-15 15:50 - 00142275 _____ () C:\Users\Travel Mate\Downloads\Ashampoo_Burning_Studio_2014.htm
2014-12-15 15:50 - 2014-12-15 15:50 - 00000000 ____D () C:\Users\Travel Mate\Downloads\Ashampoo_Burning_Studio_2014-Dateien
2014-12-15 12:42 - 2014-12-15 12:42 - 00035393 _____ () C:\Users\Travel Mate\Downloads\Ausserplanmaessiges_Sicherheitsupdate_MS14-021_fuer_den_Internet_Explorer_6_7_8_9_10_und_11_ist_online.htm
2014-12-15 12:20 - 2014-12-15 12:21 - 11054840 _____ (Microsoft Corporation) C:\Users\Travel Mate\Downloads\WindowsServer2003.WindowsXP-KB2936068-x64-DEU.exe
2014-12-15 12:19 - 2014-12-15 12:20 - 09661680 _____ (Microsoft Corporation) C:\Users\Travel Mate\Downloads\IE8-WindowsXP-KB2936068-x86-ENU.exe
2014-12-15 12:18 - 2014-12-15 12:20 - 20434168 _____ (Microsoft Corporation) C:\Users\Travel Mate\Downloads\IE7-WindowsServer2003.WindowsXP-KB2936068-x64-ENU.exe
2014-12-15 12:15 - 2014-12-15 12:15 - 08673520 _____ (Microsoft Corporation) C:\Users\Travel Mate\Downloads\IE7-WindowsXP-KB2936068-x86-ENU.exe
2014-12-15 12:14 - 2014-12-15 12:15 - 22947064 _____ (Microsoft Corporation) C:\Users\Travel Mate\Downloads\IE8-WindowsServer2003.WindowsXP-KB2936068-x64-ENU.exe
2014-12-15 12:11 - 2014-12-15 12:12 - 09669360 _____ (Microsoft Corporation) C:\Users\Travel Mate\Downloads\IE8-WindowsXP-KB2936068-x86-DEU.exe
2014-12-15 12:06 - 2014-12-15 12:06 - 00057152 _____ () C:\Users\Travel Mate\Downloads\Lutz_Donnerhacke_de_comp_security_firewall_FAQ.htm
2014-12-15 12:03 - 2014-12-15 12:03 - 00195967 _____ () C:\Users\Travel Mate\Downloads\Microsoft_Security_Bulletin_MS14-018_Kritisch.htm
2014-12-15 11:45 - 2014-12-15 11:45 - 00083482 _____ () C:\Users\Travel Mate\Documents\Gericom_Hummer_Advance_2560_XL_201206591377_29_25.htm
2014-12-15 11:42 - 2014-12-15 11:42 - 00111868 _____ () C:\Users\Travel Mate\Documents\Dell_Latitude_D630_181575633384_33_53.htm
2014-12-15 11:40 - 2014-12-15 11:40 - 00097254 _____ () C:\Users\Travel Mate\Documents\Dell_Latitude_D630_Series_321570817498_32_50.htm
2014-12-15 11:09 - 2014-12-15 11:09 - 00109452 _____ () C:\Users\Travel Mate\Documents\Dell_Latitude_D630_171520444830_25_50.htm
2014-12-15 11:06 - 2014-12-15 11:06 - 00098058 _____ () C:\Users\Travel Mate\Documents\Dell_Latitude_D630_281484637517_16.htm
2014-12-15 10:50 - 2014-12-15 10:50 - 00114772 _____ () C:\Users\Travel Mate\Documents\Gericom_Hummer_26640_XL_161467504073_30_60.htm
2014-12-15 10:39 - 2014-12-15 10:39 - 00109479 _____ () C:\Users\Travel Mate\Documents\Dell_Latitude_D630_161469685234_40_50.htm
2014-12-06 20:24 - 2014-12-06 20:24 - 00030035 _____ () C:\Users\Travel Mate\Downloads\mkbt20.zip
2014-12-06 20:23 - 2014-12-06 20:24 - 00045817 _____ () C:\Users\Travel Mate\Downloads\MKBT20.HTM
2014-12-06 20:23 - 2014-12-06 20:24 - 00000000 ____D () C:\Users\Travel Mate\Downloads\MKBT20-Dateien
2014-12-06 20:18 - 2014-12-06 20:18 - 00000000 ____D () C:\Users\Travel Mate\Downloads\How_to_use_ISO_Recorder-Dateien
2014-12-06 20:17 - 2014-12-06 20:18 - 00003576 _____ () C:\Users\Travel Mate\Downloads\How_to_use_ISO_Recorder.htm
2014-12-06 18:31 - 2014-12-06 18:31 - 00086920 _____ () C:\Users\Travel Mate\Downloads\Easy2Boot_list_of_tested_payload_files.htm
2014-12-06 18:31 - 2014-12-06 18:31 - 00073116 _____ () C:\Users\Travel Mate\Downloads\Live-Systeme_als_ISOs_vom_Stick_booten.htm
2014-12-06 18:31 - 2014-12-06 18:31 - 00000000 ____D () C:\Users\Travel Mate\Downloads\Live-Systeme_als_ISOs_vom_Stick_booten-Dateien
2014-12-06 18:31 - 2014-12-06 18:31 - 00000000 ____D () C:\Users\Travel Mate\Downloads\Easy2Boot_list_of_tested_payload_files-Dateien
2014-12-06 18:30 - 2014-12-06 18:30 - 07015164 _____ () C:\Users\Travel Mate\Downloads\MPI_Tool_Pack_Plus_CloverLite_040.zip
2014-12-06 15:40 - 2014-12-06 15:40 - 00008930 _____ () C:\Users\Travel Mate\Downloads\smime.p7s

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-05 05:46 - 2009-07-14 05:45 - 00016752 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-05 05:46 - 2009-07-14 05:45 - 00016752 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-05 05:42 - 2012-04-26 11:44 - 00984255 _____ () C:\Windows\WindowsUpdate.log
2015-01-05 05:39 - 2013-10-03 17:24 - 00000000 ____D () C:\Users\Travel Mate\AppData\Local\FreePDF_XP
2015-01-05 05:38 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-05 05:38 - 2009-07-14 05:51 - 00054041 _____ () C:\Windows\setupact.log
2015-01-05 05:14 - 2010-11-21 04:47 - 00017770 _____ () C:\Windows\PFRO.log
2015-01-05 05:04 - 2010-11-21 08:16 - 00000000 ____D () C:\Windows\ShellNew
2015-01-03 19:11 - 2009-07-14 03:34 - 00000215 _____ () C:\Windows\system.ini
2015-01-02 19:18 - 2012-12-12 11:36 - 00000000 ____D () C:\Users\Travel Mate
2015-01-02 15:55 - 2012-04-26 21:32 - 00643866 _____ () C:\Windows\system32\perfh007.dat
2015-01-02 15:55 - 2012-04-26 21:32 - 00126394 _____ () C:\Windows\system32\perfc007.dat
2015-01-02 15:55 - 2009-07-14 06:13 - 01472002 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-02 12:41 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2014-12-31 17:42 - 2012-12-12 11:39 - 00001417 _____ () C:\Users\Travel Mate\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-12-31 17:40 - 2009-07-14 05:45 - 00318296 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-12-31 17:38 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-12-31 17:37 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\SysWOW64\zh-HK
2014-12-31 17:37 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\SysWOW64\tr-TR
2014-12-31 17:37 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\zh-HK
2014-12-31 17:37 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\tr-TR
2014-12-25 11:12 - 2013-02-07 17:15 - 00001210 _____ () C:\Users\Travel Mate\Desktop\Multidecoder.lnk
2014-12-22 22:36 - 2013-08-26 09:31 - 00000000 ____D () C:\CARS
2014-12-21 23:11 - 2013-05-12 17:32 - 00000000 ____D () C:\Users\Travel Mate\AppData\Local\Deployment
2014-12-15 19:59 - 2014-11-23 17:04 - 00010760 _____ () C:\Users\Travel Mate\diverses.txt
2014-12-09 08:28 - 2013-02-12 04:50 - 00000000 ____D () C:\Users\Travel Mate\AppData\Roaming\vlc

Some content of TEMP:
====================
C:\Users\Travel Mate\AppData\Local\Temp\Quarantine.exe
C:\Users\Travel Mate\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-12-25 12:16

==================== End Of Log ============================
         
--- --- ---



Gruß,
Espelkamper

Geändert von Espelkamper (05.01.2015 um 06:17 Uhr) Grund: unbekannte Server unter "Verlauf"

Antwort

Themen zu Windows 7 träge und ständig neue Maleware
analyse, antivir, avira, avira antivir, bitdefender, c't desinfec't 2014, code, dateien, defender, einträge, entfernt, erstellt, explorer.exe, festplatte, hallo zusammen, home, internet-explorer, log, maleware, malware, namen, neth.dll, neue, platte, trojaner, unbekannte, windows, windows 7




Ähnliche Themen: Windows 7 träge und ständig neue Maleware


  1. Firefox lädt ständig - ununterbrochen neu/Werbung/neue Tabs/neue Fenster
    Log-Analyse und Auswertung - 28.10.2015 (11)
  2. windows 7 neu, IE träge
    Log-Analyse und Auswertung - 04.10.2015 (2)
  3. windows ist jetzt sehr träge
    Alles rund um Windows - 23.09.2015 (4)
  4. Maleware,Trojaner und sich ständig minimierende programme
    Plagegeister aller Art und deren Bekämpfung - 28.07.2015 (13)
  5. Windows 7: Ständig neue Werbeanzeigen sowie neue Fenster öffnen sich in Chrome
    Plagegeister aller Art und deren Bekämpfung - 12.03.2015 (15)
  6. Windows 7: Ständig neue Werbeanzeigen sowie neue Fenster öffnen sich in Chrome.
    Plagegeister aller Art und deren Bekämpfung - 13.01.2015 (10)
  7. Es kommt ständig Werbung und es werden ständig neue Seiten
    Log-Analyse und Auswertung - 31.10.2014 (15)
  8. windows 7 es öffnen sich ständig neue fenster rechner ist sehr langsam, ist auch schon mit blue screen abgestürtzt
    Log-Analyse und Auswertung - 09.09.2014 (1)
  9. Windows Installer und ständig Werbund und Pop Ups, neue Fenster im Browser
    Plagegeister aller Art und deren Bekämpfung - 27.07.2014 (13)
  10. Windows 7: websearch.de Virus? ständig poppen neue Seiten im Browser auf
    Log-Analyse und Auswertung - 06.07.2014 (24)
  11. Es kommt ständig Werbung und es werden ständig neue Seiten geöffnet
    Plagegeister aller Art und deren Bekämpfung - 29.06.2014 (16)
  12. Windows 8 / Mozilla Firefox : Ständig öffnen sich neue Fenster und Tabs mit Werbung und Warnhinweisen
    Log-Analyse und Auswertung - 28.05.2014 (7)
  13. Windows 7: Computer fühlt sich träge an
    Log-Analyse und Auswertung - 20.01.2014 (7)
  14. Windows 7 32bit: Hohe Prozessorauslastung / System träge
    Plagegeister aller Art und deren Bekämpfung - 29.06.2011 (19)
  15. ständig neue "neue" viren TR/Dropper.Gen;TR/Crypt.XPACK.Gen;TR/Crypt.PEPM.Gen;BDS/Backdoor.Gen2...
    Plagegeister aller Art und deren Bekämpfung - 03.12.2010 (2)
  16. Laptop sehr träge, 89 Prozesse, hängt sich ständig auf
    Plagegeister aller Art und deren Bekämpfung - 08.01.2010 (1)
  17. seltsame windows-sicherheitswarnung und ständig neue fenster
    Log-Analyse und Auswertung - 02.06.2008 (1)

Zum Thema Windows 7 träge und ständig neue Maleware - Hallo zusammen, also mein Acer-Notebook mit Windows 7 Home Premium SP1 x64 mit Internet-Explorer 9 bzw. 11 läuft in letzter Zeit sehr träge und im Roaming-Ordner finden sich ständig neue - Windows 7 träge und ständig neue Maleware...

Alle Zeitangaben in WEZ +1. Es ist jetzt 15:15 Uhr.


Copyright ©2000-2024, Trojaner-Board
Archiv
Du betrachtest: Windows 7 träge und ständig neue Maleware auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.