| |
| |||||||
Log-Analyse und Auswertung: Windows 8 - Audio-Werbung im Hintergrund!Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
26.01.2015, 15:23
| #1 |
| |  Windows 8 - Audio-Werbung im Hintergrund! Hallo!! Seid zwei Tagen erscheinen bei mir immer zwischendurch im Hintergrund Werbe-Audios, die ungefähr 20 Sek dauern und dann wieder verschwinden. Außerdem poppen immer wieder kurz Fenster auf, die dann aber sofort wieder verschwinden, sie sind ohne Inhalt, es sieht nur kurz so aus, als würde sich etwas öffnen, der Laptop arbeitet, geschiehen tut dann aber nichts. Ich habe mit dem Programm Revo Uninstaller schon einige unerwünschte Programme deinstalliert und gelöscht (Namen wie QuickDeaaaal und ähnliche), das Problem besteht aber weiterhin. Kann mir jemand helfen? Liebe Grüße. Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 24-01-2015 01
Ran by Friederike Volkmann at 2015-01-26 15:08:23
Running from C:\Users\Rike Volkmann\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Absolute Reminder (HKLM-x32\...\{40F4FF7A-B214-4453-B973-080B09CED019}) (Version: 2.1.0.8 - Absolute Software)
Adobe Reader XI (11.0.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Amazon Browser App (HKLM-x32\...\{0A7D6F3C-F2AB-48ED-BE23-99791BFF87D6}) (Version: 1.0.0.0 - Amazon)
Amazon MP3-Downloader 1.0.18 (HKU\S-1-5-21-3189138124-3710648530-2942340369-1001\...\Amazon MP3-Downloader) (Version: 1.0.18 - Amazon Services LLC)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Audible Download Manager (HKLM-x32\...\AudibleDownloadManager) (Version: 6.6.0.15 - Audible, Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Canon MG5100 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5100_series) (Version: - )
Citavi 4 (HKLM-x32\...\{CC0A85B2-734A-45B3-B678-05F6A6499AC7}) (Version: 4.4.0.28 - Swiss Academic Software)
CyberLink Media Suite Essentials (HKLM-x32\...\InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}) (Version: 10.0 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dell Digital Delivery (HKLM-x32\...\{D9ED3EFC-AB00-4CE0-ADED-80EE6B1158A7}) (Version: 2.2.2000.0 - Dell Products, LP)
Dell Support Center (HKLM\...\PC-Doctor for Windows) (Version: 3.2.6032.39 - PC-Doctor, Inc.)
Dell Touchpad (HKLM\...\SynTPDeinstKey) (Version: 16.2.10.3 - Synaptics Incorporated)
Dell WLAN and Bluetooth Client Installation (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Dell Inc.)
Dropbox (HKU\S-1-5-21-3189138124-3710648530-2942340369-1001\...\Dropbox) (Version: 3.0.3 - Dropbox, Inc.)
DSC/AA Factory Installer (Version: 3.2.6032.39 - PC-Doctor, Inc.) Hidden
Fotogalerie (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Free YouTube to MP3 Converter version 3.12.0.128 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.0.128 - DVDVideoSoft Ltd.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 40.0.2214.91 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google+ Auto Backup (HKLM-x32\...\{A50DE037-B5C0-4C8A-8049-B0C576B313D1}) (Version: 1.0.21.81 - Google)
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
Microsoft Office 365 ProPlus - de-de (HKLM\...\O365ProPlusRetail - de-de) (Version: 15.0.4675.1003 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 32.0.2 - Mozilla)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4675.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4675.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4675.1003 - Microsoft Corporation) Hidden
OpenOffice.org 3.4.1 (HKLM-x32\...\{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}) (Version: 3.41.9593 - Apache Software Foundation)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.0.204 - Ihr Firmenname)
Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 11.1.003 - Dell Inc.)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Skype™ 6.20 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.20.104 - Skype Technologies S.A.)
Spotify (HKU\S-1-5-21-3189138124-3710648530-2942340369-1001\...\Spotify) (Version: 0.9.15.27.g87efe634 - Spotify AB)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3503.0728 - Microsoft Corporation)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-3189138124-3710648530-2942340369-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Rike Volkmann\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3189138124-3710648530-2942340369-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> "C:\WINDOWS\system32\igfxEM.exe" No File
CustomCLSID: HKU\S-1-5-21-3189138124-3710648530-2942340369-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Rike Volkmann\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3189138124-3710648530-2942340369-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Rike Volkmann\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3189138124-3710648530-2942340369-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Rike Volkmann\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3189138124-3710648530-2942340369-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Rike Volkmann\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3189138124-3710648530-2942340369-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Rike Volkmann\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3189138124-3710648530-2942340369-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Rike Volkmann\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3189138124-3710648530-2942340369-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Rike Volkmann\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3189138124-3710648530-2942340369-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Rike Volkmann\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
==================== Restore Points =========================
09-01-2015 18:52:34 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005
14-01-2015 12:54:12 Windows Update
25-01-2015 15:48:22 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005
25-01-2015 15:48:22 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2013-08-22 14:25 - 2013-08-22 14:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {1BB470E8-A6A7-4F76-88DB-50264437D833} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {2D3F9691-403B-48F7-AF7A-E24AD50A1996} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {470B5DF2-1AE6-4959-9F79-56AAEBA293A3} - System32\Tasks\PCDEventLauncher => C:\Program Files\Dell Support Center\sessionchecker.exe [2012-07-17] (PC-Doctor, Inc.)
Task: {48E675D8-EC88-4413-8EA8-9FE090588C81} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-11-04] (Microsoft Corporation)
Task: {4A4A753D-DC9C-45DE-A6CA-73D50169FF8F} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2014-10-07] (Microsoft Corporation)
Task: {51BEC15D-43AC-45BD-B955-221F1F2DC980} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {9AFFCCB4-E19A-4EDF-845D-64BE8BD6DD50} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\Dell Support Center\uaclauncher.exe [2012-07-17] (PC-Doctor, Inc.)
Task: {A708129B-BE01-4E48-BB61-9DE88562B6D0} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2014-11-12] (Microsoft Corporation)
Task: {A7C93678-CBAE-4AEB-BE43-C8AC66BDD86C} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2014-10-07] (Microsoft Corporation)
Task: {BB130F91-88B8-47DA-8491-D9F9874B6628} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-01-25] (Google Inc.)
Task: {BB2D4F5D-A0F2-4610-8D71-79BB5C82C549} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
Task: {EFBC7B51-4683-43B0-86C8-4215E739E0EB} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-01-25] (Google Inc.)
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
==================== Loaded Modules (whitelisted) =============
2014-09-25 11:04 - 2014-05-20 08:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2012-10-29 20:36 - 2012-04-25 03:43 - 00254512 ____N () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
2014-08-23 13:06 - 2014-08-23 13:06 - 00709120 _____ () C:\Program Files\005\vulsrsebjh64.exe
2015-01-25 15:31 - 2015-01-25 15:31 - 01169920 _____ () c:\windows\temp\db24.exe
2015-01-09 18:52 - 2015-01-12 13:55 - 00091304 _____ () C:\Users\Rike Volkmann\AppData\Roaming\Compatibility Verifier\compatibilitychecksvc.exe
2012-08-01 01:10 - 2012-08-01 01:10 - 00384128 _____ () C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\ContactsApi.dll
2012-08-01 01:05 - 2012-08-01 01:05 - 00020992 _____ () C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\L10n\de-DE\BtTray.de-DE.dll
2012-10-06 00:12 - 2012-10-06 00:12 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2013-05-22 19:50 - 2013-05-22 19:50 - 00400704 _____ () C:\Users\Rike Volkmann\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe
2015-01-26 15:05 - 2015-01-26 15:05 - 00050477 _____ () C:\Users\Rike Volkmann\Downloads\Defogger.exe
2012-10-29 20:34 - 2012-06-08 04:34 - 00627216 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2012-06-08 17:34 - 2012-06-08 17:34 - 00016400 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
2014-10-22 01:22 - 2014-10-22 01:22 - 00750080 _____ () C:\Users\Rike Volkmann\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2015-01-26 11:18 - 2015-01-26 11:18 - 00043008 _____ () c:\Users\Rike Volkmann\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpyvqmkj.dll
2014-10-22 01:22 - 2014-10-22 01:22 - 00047616 _____ () C:\Users\Rike Volkmann\AppData\Roaming\Dropbox\bin\libEGL.dll
2014-10-22 01:22 - 2014-10-22 01:22 - 00863744 _____ () C:\Users\Rike Volkmann\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll
2014-10-22 01:22 - 2014-10-22 01:22 - 00200704 _____ () C:\Users\Rike Volkmann\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll
2012-08-10 16:51 - 2012-08-10 16:51 - 00985088 _____ () C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
2015-01-25 16:44 - 2015-01-21 04:50 - 01117512 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.91\libglesv2.dll
2015-01-25 16:44 - 2015-01-21 04:50 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.91\libegl.dll
2015-01-25 16:44 - 2015-01-21 04:50 - 09171272 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.91\pdf.dll
2015-01-09 18:52 - 2015-01-19 17:22 - 51542184 _____ () C:\Users\Rike Volkmann\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe
2015-01-09 18:52 - 2015-01-07 22:22 - 01360552 _____ () C:\Users\Rike Volkmann\AppData\Roaming\Compatibility Verifier\libglesv2.dll
2015-01-09 18:52 - 2015-01-07 22:22 - 00214184 _____ () C:\Users\Rike Volkmann\AppData\Roaming\Compatibility Verifier\libegl.dll
2015-01-09 18:52 - 2015-01-07 22:22 - 00985768 _____ () C:\Users\Rike Volkmann\AppData\Roaming\Compatibility Verifier\ffmpegsumo.dll
2015-01-09 18:52 - 2015-01-07 22:22 - 16827048 _____ () C:\Users\Rike Volkmann\AppData\Roaming\Compatibility Verifier\NPSWF32_15_0_0_189.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
AlternateDataStreams: C:\Users\Rike Volkmann\OneDrive:ms-properties
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
========================= Accounts: ==========================
Administrator (S-1-5-21-3189138124-3710648530-2942340369-500 - Administrator - Disabled)
Friederike Volkmann (S-1-5-21-3189138124-3710648530-2942340369-1001 - Administrator - Enabled) => C:\Users\Rike Volkmann
Gast (S-1-5-21-3189138124-3710648530-2942340369-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3189138124-3710648530-2942340369-1003 - Limited - Enabled)
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (01/26/2015 11:39:06 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005
Error: (01/26/2015 11:36:09 AM) (Source: Microsoft-Windows-RestartManager) (EventID: 10007) (User: Rikes-Laptop)
Description: Die Anwendung oder der Dienst "Apple Mobile Device" konnte nicht neu gestartet werden.
Error: (01/26/2015 11:19:32 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: compatibilitycheck.exe, Version: 0.0.0.0, Zeitstempel: 0x54bd82c9
Name des fehlerhaften Moduls: compatibilitycheck.exe, Version: 0.0.0.0, Zeitstempel: 0x54bd82c9
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0009587e
ID des fehlerhaften Prozesses: 0x1698
Startzeit der fehlerhaften Anwendung: 0xcompatibilitycheck.exe0
Pfad der fehlerhaften Anwendung: compatibilitycheck.exe1
Pfad des fehlerhaften Moduls: compatibilitycheck.exe2
Berichtskennung: compatibilitycheck.exe3
Vollständiger Name des fehlerhaften Pakets: compatibilitycheck.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: compatibilitycheck.exe5
Error: (01/25/2015 11:00:05 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: compatibilitycheck.exe, Version: 0.0.0.0, Zeitstempel: 0x54bd82c9
Name des fehlerhaften Moduls: compatibilitycheck.exe, Version: 0.0.0.0, Zeitstempel: 0x54bd82c9
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0009587e
ID des fehlerhaften Prozesses: 0x464
Startzeit der fehlerhaften Anwendung: 0xcompatibilitycheck.exe0
Pfad der fehlerhaften Anwendung: compatibilitycheck.exe1
Pfad des fehlerhaften Moduls: compatibilitycheck.exe2
Berichtskennung: compatibilitycheck.exe3
Vollständiger Name des fehlerhaften Pakets: compatibilitycheck.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: compatibilitycheck.exe5
Error: (01/25/2015 10:24:29 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: compatibilitycheck.exe, Version: 0.0.0.0, Zeitstempel: 0x54bd82c9
Name des fehlerhaften Moduls: compatibilitycheck.exe, Version: 0.0.0.0, Zeitstempel: 0x54bd82c9
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0009587e
ID des fehlerhaften Prozesses: 0x1554
Startzeit der fehlerhaften Anwendung: 0xcompatibilitycheck.exe0
Pfad der fehlerhaften Anwendung: compatibilitycheck.exe1
Pfad des fehlerhaften Moduls: compatibilitycheck.exe2
Berichtskennung: compatibilitycheck.exe3
Vollständiger Name des fehlerhaften Pakets: compatibilitycheck.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: compatibilitycheck.exe5
Error: (01/25/2015 10:20:38 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: compatibilitycheck.exe, Version: 0.0.0.0, Zeitstempel: 0x54bd82c9
Name des fehlerhaften Moduls: compatibilitycheck.exe, Version: 0.0.0.0, Zeitstempel: 0x54bd82c9
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0009587e
ID des fehlerhaften Prozesses: 0xa2c
Startzeit der fehlerhaften Anwendung: 0xcompatibilitycheck.exe0
Pfad der fehlerhaften Anwendung: compatibilitycheck.exe1
Pfad des fehlerhaften Moduls: compatibilitycheck.exe2
Berichtskennung: compatibilitycheck.exe3
Vollständiger Name des fehlerhaften Pakets: compatibilitycheck.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: compatibilitycheck.exe5
Error: (01/25/2015 10:15:02 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: compatibilitycheck.exe, Version: 0.0.0.0, Zeitstempel: 0x54bd82c9
Name des fehlerhaften Moduls: compatibilitycheck.exe, Version: 0.0.0.0, Zeitstempel: 0x54bd82c9
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0009587e
ID des fehlerhaften Prozesses: 0xfa8
Startzeit der fehlerhaften Anwendung: 0xcompatibilitycheck.exe0
Pfad der fehlerhaften Anwendung: compatibilitycheck.exe1
Pfad des fehlerhaften Moduls: compatibilitycheck.exe2
Berichtskennung: compatibilitycheck.exe3
Vollständiger Name des fehlerhaften Pakets: compatibilitycheck.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: compatibilitycheck.exe5
Error: (01/25/2015 09:58:47 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: compatibilitycheck.exe, Version: 0.0.0.0, Zeitstempel: 0x54bd82c9
Name des fehlerhaften Moduls: compatibilitycheck.exe, Version: 0.0.0.0, Zeitstempel: 0x54bd82c9
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0009587e
ID des fehlerhaften Prozesses: 0x6cc
Startzeit der fehlerhaften Anwendung: 0xcompatibilitycheck.exe0
Pfad der fehlerhaften Anwendung: compatibilitycheck.exe1
Pfad des fehlerhaften Moduls: compatibilitycheck.exe2
Berichtskennung: compatibilitycheck.exe3
Vollständiger Name des fehlerhaften Pakets: compatibilitycheck.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: compatibilitycheck.exe5
Error: (01/25/2015 09:54:07 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: compatibilitycheck.exe, Version: 0.0.0.0, Zeitstempel: 0x54bd82c9
Name des fehlerhaften Moduls: compatibilitycheck.exe, Version: 0.0.0.0, Zeitstempel: 0x54bd82c9
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0009587e
ID des fehlerhaften Prozesses: 0x874
Startzeit der fehlerhaften Anwendung: 0xcompatibilitycheck.exe0
Pfad der fehlerhaften Anwendung: compatibilitycheck.exe1
Pfad des fehlerhaften Moduls: compatibilitycheck.exe2
Berichtskennung: compatibilitycheck.exe3
Vollständiger Name des fehlerhaften Pakets: compatibilitycheck.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: compatibilitycheck.exe5
Error: (01/25/2015 09:28:21 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: compatibilitycheck.exe, Version: 0.0.0.0, Zeitstempel: 0x54bd82c9
Name des fehlerhaften Moduls: compatibilitycheck.exe, Version: 0.0.0.0, Zeitstempel: 0x54bd82c9
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0009587e
ID des fehlerhaften Prozesses: 0xaac
Startzeit der fehlerhaften Anwendung: 0xcompatibilitycheck.exe0
Pfad der fehlerhaften Anwendung: compatibilitycheck.exe1
Pfad des fehlerhaften Moduls: compatibilitycheck.exe2
Berichtskennung: compatibilitycheck.exe3
Vollständiger Name des fehlerhaften Pakets: compatibilitycheck.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: compatibilitycheck.exe5
System errors:
=============
Error: (01/26/2015 11:36:09 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Apple Mobile Device" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error: (01/26/2015 11:36:09 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Apple Mobile Device erreicht.
Error: (01/26/2015 11:16:32 AM) (Source: bowser) (EventID: 8003) (User: )
Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "O2",
der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{E6FD7EBC-9C00-4639-B029-DD9EE0E92A6E}-Transport zu sein scheint.
Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.
Error: (01/25/2015 06:11:31 PM) (Source: DCOM) (EventID: 10010) (User: Rikes-Laptop)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}
Error: (01/25/2015 06:10:59 PM) (Source: DCOM) (EventID: 10010) (User: Rikes-Laptop)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}
Error: (01/25/2015 04:22:10 PM) (Source: DCOM) (EventID: 10010) (User: Rikes-Laptop)
Description: {ED1D0FDF-4414-470A-A56D-CFB68623FC58}
Error: (01/25/2015 03:48:11 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Compatibility Verify" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (01/25/2015 03:33:06 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Dell Digital Delivery Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (01/25/2015 03:30:59 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "CouponarificService64" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error: (01/25/2015 03:30:53 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am 24.01.2015 um 15:06:51 unerwartet heruntergefahren.
Microsoft Office Sessions:
=========================
Error: (01/26/2015 11:39:06 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005
Error: (01/26/2015 11:36:09 AM) (Source: Microsoft-Windows-RestartManager) (EventID: 10007) (User: Rikes-Laptop)
Description: 0AppleMobileDeviceService.exeApple Mobile Device03026217815520
Error: (01/26/2015 11:19:32 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: compatibilitycheck.exe0.0.0.054bd82c9compatibilitycheck.exe0.0.0.054bd82c9c00000050009587e169801d039510b03c49fC:\Users\Rike Volkmann\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exeC:\Users\Rike Volkmann\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exed0f522a8-a544-11e4-bea6-7845c4b78f96
Error: (01/25/2015 11:00:05 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: compatibilitycheck.exe0.0.0.054bd82c9compatibilitycheck.exe0.0.0.054bd82c9c00000050009587e46401d038e9ef03d6ffC:\Users\Rike Volkmann\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exeC:\Users\Rike Volkmann\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe8489b641-a4dd-11e4-bea6-7845c4b78f96
Error: (01/25/2015 10:24:29 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: compatibilitycheck.exe0.0.0.054bd82c9compatibilitycheck.exe0.0.0.054bd82c9c00000050009587e155401d038e4edceec7bC:\Users\Rike Volkmann\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exeC:\Users\Rike Volkmann\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe8b3c7aaf-a4d8-11e4-bea6-7845c4b78f96
Error: (01/25/2015 10:20:38 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: compatibilitycheck.exe0.0.0.054bd82c9compatibilitycheck.exe0.0.0.054bd82c9c00000050009587ea2c01d038e4374e6076C:\Users\Rike Volkmann\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exeC:\Users\Rike Volkmann\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe019e4b29-a4d8-11e4-bea6-7845c4b78f96
Error: (01/25/2015 10:15:02 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: compatibilitycheck.exe0.0.0.054bd82c9compatibilitycheck.exe0.0.0.054bd82c9c00000050009587efa801d038e38123c3f4C:\Users\Rike Volkmann\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exeC:\Users\Rike Volkmann\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe393b3286-a4d7-11e4-bea6-7845c4b78f96
Error: (01/25/2015 09:58:47 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: compatibilitycheck.exe0.0.0.054bd82c9compatibilitycheck.exe0.0.0.054bd82c9c00000050009587e6cc01d038e1576c1923C:\Users\Rike Volkmann\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exeC:\Users\Rike Volkmann\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exef4637f4d-a4d4-11e4-bea6-7845c4b78f96
Error: (01/25/2015 09:54:07 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: compatibilitycheck.exe0.0.0.054bd82c9compatibilitycheck.exe0.0.0.054bd82c9c00000050009587e87401d038e0a0b8739eC:\Users\Rike Volkmann\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exeC:\Users\Rike Volkmann\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe4d6cb6eb-a4d4-11e4-bea6-7845c4b78f96
Error: (01/25/2015 09:28:21 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: compatibilitycheck.exe0.0.0.054bd82c9compatibilitycheck.exe0.0.0.054bd82c9c00000050009587eaac01d038dd0b47fd27C:\Users\Rike Volkmann\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exeC:\Users\Rike Volkmann\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exeb413b5f8-a4d0-11e4-bea6-7845c4b78f96
CodeIntegrity Errors:
===================================
Date: 2015-01-26 15:08:13.395
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\imthx64.dll because the set of per-page image hashes could not be found on the system.
Date: 2015-01-26 15:08:13.335
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\imapo64.dll because the set of per-page image hashes could not be found on the system.
Date: 2015-01-26 15:08:13.147
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\imthx64.dll because the set of per-page image hashes could not be found on the system.
Date: 2015-01-26 15:08:13.083
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\imapo64.dll because the set of per-page image hashes could not be found on the system.
Date: 2015-01-26 15:07:04.917
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\imthx64.dll because the set of per-page image hashes could not be found on the system.
Date: 2015-01-26 15:07:04.834
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\imapo64.dll because the set of per-page image hashes could not be found on the system.
Date: 2015-01-26 15:07:04.628
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\imthx64.dll because the set of per-page image hashes could not be found on the system.
Date: 2015-01-26 15:07:04.569
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\imapo64.dll because the set of per-page image hashes could not be found on the system.
Date: 2015-01-26 15:07:02.593
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\imthx64.dll because the set of per-page image hashes could not be found on the system.
Date: 2015-01-26 15:07:02.530
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\imapo64.dll because the set of per-page image hashes could not be found on the system.
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i3-3217U CPU @ 1.80GHz
Percentage of memory in use: 58%
Total physical RAM: 3962.51 MB
Available physical RAM: 1639.5 MB
Total Pagefile: 4666.51 MB
Available Pagefile: 2355.58 MB
Total Virtual: 131072 MB
Available Virtual: 131071.8 MB
==================== Drives ================================
Drive c: (OS) (Fixed) (Total:452.3 GB) (Free:380.26 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 361FCE16)
Partition: GPT Partition Type.
========================================================
Disk: 1 (Size: 8 GB) (Disk ID: FA6B946E)
Partition: GPT Partition Type.
==================== End Of Log ============================
Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-01-2015 01
Ran by Friederike Volkmann (administrator) on RIKES-LAPTOP on 26-01-2015 15:07:17
Running from C:\Users\Rike Volkmann\Downloads
Loaded Profiles: Friederike Volkmann (Available profiles: Friederike Volkmann)
Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AdminService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
() C:\Program Files\005\vulsrsebjh64.exe
(Atheros) C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
() C:\Windows\Temp\db24.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
() C:\Users\Rike Volkmann\AppData\Roaming\Compatibility Verifier\compatibilitychecksvc.exe
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
(Qualcomm Atheros) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtTray.exe
(Atheros Communications) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
() C:\Users\Rike Volkmann\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe
(Spotify Ltd) C:\Users\Rike Volkmann\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Audible, Inc.) C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Dropbox, Inc.) C:\Users\Rike Volkmann\AppData\Roaming\Dropbox\bin\Dropbox.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Users\Rike Volkmann\Downloads\Defogger.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [QuickSet] => c:\Program Files\Dell\QuickSet\QuickSet.exe [3759504 2012-07-20] (Dell Inc.)
HKLM\...\Run: [BtTray] => C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtTray.exe [763520 2012-08-01] (Qualcomm Atheros)
HKLM\...\Run: [BtvStack] => C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe [127616 2012-08-01] (Atheros Communications)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2916152 2012-08-15] (Synaptics Incorporated)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1425408 2012-07-24] (IDT, Inc.)
HKLM-x32\...\Run: [CLMLServer_For_P2G8] => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111120 2012-06-08] (CyberLink)
HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491120 2012-07-04] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [143888 2012-06-02] (CyberLink Corp.)
HKLM-x32\...\Run: [APSDaemon] => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3189138124-3710648530-2942340369-1001\...\Run: [AmazonMP3DownloaderHelper] => C:\Users\Rike Volkmann\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe [400704 2013-05-22] ()
HKU\S-1-5-21-3189138124-3710648530-2942340369-1001\...\Run: [Spotify Web Helper] => C:\Users\Rike Volkmann\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1676344 2015-01-13] (Spotify Ltd)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Audible Download Manager.lnk
ShortcutTarget: Audible Download Manager.lnk -> C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe (Audible, Inc.)
Startup: C:\Users\Rike Volkmann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Rike Volkmann\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Rike Volkmann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=MSE1
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=MSE1
HKU\S-1-5-21-3189138124-3710648530-2942340369-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://t.de.msn.com/
HKU\S-1-5-21-3189138124-3710648530-2942340369-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=MSE1
SearchScopes: HKU\S-1-5-21-3189138124-3710648530-2942340369-1001 -> {C60BBC6C-479C-412A-8EC3-E49FD91564AF} URL =
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Citavi Picker -> {609D670F-B735-4da7-AC6D-F3BD358E325E} -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: deaal4me -> {b9d6317b-646f-4e9e-85fd-dcf04ac1d4d0} -> C:\ProgramData\deaal4me\VjTf1AW77z5IuY.x64.dll No File
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: DVDVideoSoft WebPageAdjuster Class -> {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -> C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll (DVDVideoSoft Ltd.)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: Citavi Picker -> {609D670F-B735-4da7-AC6D-F3BD358E325E} -> C:\WINDOWS\SysWOW64\mscoree.dll (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: DVDVideoSoft WebPageAdjuster Class -> {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -> C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
FireFox:
========
FF ProfilePath: C:\Users\Rike Volkmann\AppData\Roaming\Mozilla\Firefox\Profiles\e5w1e129.default-1410297490929
FF Homepage: hxxp://www.ecosia.org/
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3503.0728 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3189138124-3710648530-2942340369-1001: amazon.com/AmazonMP3DownloaderPlugin -> C:\Users\Rike Volkmann\AppData\Local\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10181.dll (Amazon.com, Inc.)
FF Extension: Adblock Plus - C:\Users\Rike Volkmann\AppData\Roaming\Mozilla\Firefox\Profiles\e5w1e129.default-1410297490929\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-09-23]
FF HKLM-x32\...\Firefox\Extensions: [{8AA36F4F-6DC7-4c06-77AF-5035170634FE}] - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox
FF Extension: Citavi Picker - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox [2014-11-10]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [Not Found]
Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR StartupUrls: Default -> "hxxp://www.ecosia.de/"
CHR Profile: C:\Users\Rike Volkmann\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Präsentationen) - C:\Users\Rike Volkmann\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-01-25]
CHR Extension: (Google Docs) - C:\Users\Rike Volkmann\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-01-25]
CHR Extension: (Google Drive) - C:\Users\Rike Volkmann\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-01-25]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Rike Volkmann\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-01-25]
CHR Extension: (YouTube) - C:\Users\Rike Volkmann\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-01-25]
CHR Extension: (Google-Suche) - C:\Users\Rike Volkmann\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-01-25]
CHR Extension: (Google Tabellen) - C:\Users\Rike Volkmann\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-01-25]
CHR Extension: (Google Wallet) - C:\Users\Rike Volkmann\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-01-25]
CHR Extension: (Google Mail) - C:\Users\Rike Volkmann\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-01-25]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AtherosSvc; C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe [207488 2012-08-01] (Qualcomm Atheros Commnucations)
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [321024 2013-08-22] (Microsoft Corporation)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2449592 2014-11-12] (Microsoft Corporation)
S2 DellDigitalDelivery; c:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe [173056 2012-06-19] (Dell Products, LP.) [File not signed]
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [254512 2012-04-25] ()
R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [321536 2012-07-24] (IDT, Inc.) [File not signed]
R4 Verifies and fixes application compatibility issues; C:\Users\Rike Volkmann\AppData\Roaming\Compatibility Verifier\compatibilitychecksvc.exe [91304 2015-01-12] ()
R2 vulsrsebjh64; C:\Program Files\005\vulsrsebjh64.exe [709120 2014-08-23] () [File not signed]
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation)
R2 ZAtheros Wlan Agent; C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe [77824 2012-07-23] (Atheros) [File not signed]
S2 CouponarificService64; C:\Program Files (x86)\0892CCEA-3029-46F2-BD98-F3177431F5F8\xtloowpkjv64.exe [X]
S3 MozillaMaintenance; "C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe" [X]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [76952 2012-08-01] (Qualcomm Atheros)
S3 BthA2DP; C:\Windows\system32\drivers\BthA2DP.sys [131584 2013-08-22] (Microsoft Corporation)
S3 BthHFAud; C:\Windows\system32\DRIVERS\BthHfAud.sys [32640 2013-08-22] (Microsoft Corporation)
S3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-03-18] (Microsoft Corporation)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
S3 DellRbtn; C:\Windows\System32\drivers\DellRbtn.sys [10752 2012-08-05] (OSR Open Systems Resources, Inc.)
R1 netfilter64; C:\Windows\System32\drivers\netfilter64.sys [41168 2014-11-19] (NetFilterSDK.com)
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [41272 2012-08-15] (Synaptics Incorporated)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [43832 2012-08-15] (Synaptics Incorporated)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-01-26 15:07 - 2015-01-26 15:07 - 00016840 _____ () C:\Users\Rike Volkmann\Downloads\FRST.txt
2015-01-26 15:07 - 2015-01-26 15:07 - 00000000 ____D () C:\FRST
2015-01-26 15:06 - 2015-01-26 15:07 - 02129920 _____ (Farbar) C:\Users\Rike Volkmann\Downloads\FRST64.exe
2015-01-26 15:06 - 2015-01-26 15:06 - 01120768 _____ (Farbar) C:\Users\Rike Volkmann\Downloads\FRST.exe
2015-01-26 15:05 - 2015-01-26 15:05 - 00050477 _____ () C:\Users\Rike Volkmann\Downloads\Defogger.exe
2015-01-26 15:05 - 2015-01-26 15:05 - 00000500 _____ () C:\Users\Rike Volkmann\Downloads\defogger_disable.log
2015-01-26 15:05 - 2015-01-26 15:05 - 00000000 _____ () C:\Users\Rike Volkmann\defogger_reenable
2015-01-26 11:21 - 2015-01-26 11:21 - 00001286 _____ () C:\Users\Rike Volkmann\Desktop\Revo Uninstaller.lnk
2015-01-26 11:21 - 2015-01-26 11:21 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2015-01-26 11:20 - 2015-01-26 11:20 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Rike Volkmann\Downloads\revosetup95.exe
2015-01-26 11:16 - 2015-01-26 11:16 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Macromedia
2015-01-26 11:16 - 2015-01-26 11:16 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Adobe
2015-01-26 11:16 - 2015-01-26 11:16 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Macromedia
2015-01-26 11:16 - 2015-01-26 11:16 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Adobe
2015-01-25 16:44 - 2015-01-25 16:44 - 00002273 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-01-25 16:44 - 2015-01-25 16:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-01-25 16:39 - 2015-01-26 14:44 - 00001162 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-25 16:39 - 2015-01-26 11:18 - 00001158 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-25 16:39 - 2015-01-25 16:39 - 00004134 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2015-01-25 16:39 - 2015-01-25 16:39 - 00003898 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2015-01-25 16:38 - 2015-01-25 16:38 - 00880784 _____ (Google Inc.) C:\Users\Rike Volkmann\Downloads\ChromeSetup.exe
2015-01-25 16:25 - 2015-01-26 14:58 - 00000112 _____ () C:\ProgramData\8fAo0362.dat
2015-01-14 12:38 - 2014-12-19 07:26 - 00140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxdav.sys
2015-01-14 12:38 - 2014-12-12 03:04 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWbPrxy.exe
2015-01-14 12:38 - 2014-12-12 01:51 - 00075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ahcache.sys
2015-01-14 12:38 - 2014-12-09 02:50 - 00225280 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2015-01-14 12:38 - 2014-12-08 20:42 - 00535640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2015-01-14 12:38 - 2014-12-08 20:42 - 00531616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2015-01-14 12:38 - 2014-12-08 20:42 - 00448792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2015-01-14 12:38 - 2014-12-08 20:42 - 00413248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll
2015-01-14 12:38 - 2014-12-08 20:42 - 00372408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll
2015-01-14 12:38 - 2014-12-08 20:42 - 00108944 _____ (Microsoft Corporation) C:\WINDOWS\system32\EncDump.dll
2015-01-14 12:38 - 2014-12-08 20:42 - 00038264 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFaultSecure.exe
2015-01-14 12:38 - 2014-12-08 20:42 - 00033584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFaultSecure.exe
2015-01-14 12:38 - 2014-12-06 04:17 - 00360448 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncsi.dll
2015-01-14 12:38 - 2014-12-06 02:41 - 00391680 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlasvc.dll
2015-01-14 12:38 - 2014-12-06 02:35 - 00229888 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2015-01-14 12:38 - 2014-10-29 05:00 - 00465320 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe
2015-01-14 12:38 - 2014-10-29 05:00 - 00139984 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe
2015-01-14 12:38 - 2014-10-29 04:52 - 00500016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2015-01-14 12:38 - 2014-10-29 04:52 - 00482872 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2015-01-14 12:38 - 2014-10-29 04:52 - 00394120 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2015-01-14 12:38 - 2014-10-29 04:52 - 00272248 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2015-01-14 12:38 - 2014-10-29 04:12 - 00413136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe
2015-01-14 12:38 - 2014-10-29 04:12 - 00136296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe
2015-01-14 12:38 - 2014-10-29 04:07 - 00424544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2015-01-14 12:38 - 2014-10-29 04:07 - 00370424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2015-01-14 12:38 - 2014-10-29 04:07 - 00344536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll
2015-01-14 12:38 - 2014-10-29 03:44 - 00037888 _____ (Microsoft Corporation) C:\WINDOWS\system32\werdiagcontroller.dll
2015-01-14 12:38 - 2014-10-29 02:59 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werdiagcontroller.dll
2015-01-14 12:38 - 2014-10-29 02:24 - 00086016 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlaapi.dll
2015-01-14 12:38 - 2014-10-29 02:02 - 00911360 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2015-01-14 12:38 - 2014-10-29 02:01 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nlaapi.dll
2015-01-09 18:52 - 2015-01-26 15:07 - 00000000 ____D () C:\Users\Rike Volkmann\AppData\Roaming\Compatibility Verifier
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-01-26 15:05 - 2014-06-24 13:01 - 00000000 ____D () C:\Users\Rike Volkmann
2015-01-26 15:02 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-01-26 14:57 - 2014-06-24 13:12 - 01609208 _____ () C:\WINDOWS\WindowsUpdate.log
2015-01-26 14:40 - 2014-03-18 11:03 - 01780340 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-01-26 14:40 - 2014-03-18 10:25 - 00766620 _____ () C:\WINDOWS\system32\perfh007.dat
2015-01-26 14:40 - 2014-03-18 10:25 - 00159902 _____ () C:\WINDOWS\system32\perfc007.dat
2015-01-26 11:48 - 2013-01-12 20:11 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3189138124-3710648530-2942340369-1001
2015-01-26 11:36 - 2013-01-14 11:31 - 00000000 ____D () C:\ProgramData\Apple
2015-01-26 11:33 - 2014-09-22 08:02 - 00000000 ____D () C:\ProgramData\8c1ffd0d0da0099d
2015-01-26 11:18 - 2014-08-11 15:01 - 00000000 ___RD () C:\Users\Rike Volkmann\Dropbox
2015-01-26 11:18 - 2014-08-11 14:42 - 00000000 ____D () C:\Users\Rike Volkmann\AppData\Roaming\Dropbox
2015-01-25 23:13 - 2014-01-03 19:21 - 00000000 ____D () C:\Users\Rike Volkmann\Documents\FreundeFamilie
2015-01-25 18:12 - 2012-07-26 08:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2015-01-25 16:44 - 2013-01-24 18:11 - 00000000 ____D () C:\Users\Rike Volkmann\AppData\Local\Google
2015-01-25 16:44 - 2013-01-24 18:10 - 00000000 ____D () C:\Program Files (x86)\Google
2015-01-25 15:31 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2015-01-25 15:30 - 2014-03-18 02:50 - 00036492 _____ () C:\WINDOWS\PFRO.log
2015-01-25 15:30 - 2013-08-22 15:46 - 00306072 _____ () C:\WINDOWS\setupact.log
2015-01-25 15:30 - 2013-08-22 15:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-01-23 22:03 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\NDF
2015-01-21 17:20 - 2013-01-12 20:05 - 00000000 ____D () C:\Users\Rike Volkmann\AppData\Local\Packages
2015-01-19 22:32 - 2013-08-22 16:38 - 00714720 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-01-19 22:32 - 2013-08-22 16:38 - 00106976 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-16 17:15 - 2014-10-15 11:01 - 00000000 ____D () C:\Users\Rike Volkmann\Documents\Bluetooth Folder
2015-01-16 08:45 - 2013-07-29 10:53 - 00000000 ____D () C:\Users\Rike Volkmann\Desktop\Uni
2015-01-14 17:16 - 2013-09-04 09:41 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-01-14 17:09 - 2013-01-14 12:45 - 113365784 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-01-14 13:06 - 2013-08-22 14:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2015-01-14 10:44 - 2014-08-11 17:24 - 00275968 ___SH () C:\Users\Rike Volkmann\Downloads\Thumbs.db
2015-01-13 21:01 - 2014-02-17 17:58 - 00000000 ____D () C:\Users\Rike Volkmann\AppData\Roaming\Spotify
2015-01-13 15:11 - 2014-02-17 17:58 - 00000000 ____D () C:\Users\Rike Volkmann\AppData\Local\Spotify
2014-12-31 12:14 - 2013-01-14 12:45 - 00298120 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2014-12-30 15:56 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\rescache
2014-12-28 16:29 - 2013-01-12 20:06 - 00000000 ____D () C:\ProgramData\Atheros
==================== Files in the root of some directories =======
2014-11-22 22:29 - 2014-12-09 03:02 - 0004163 _____ () C:\Users\Rike Volkmann\AppData\Local\Citavi Picker Internet Explorer Protocol.txt
2013-12-16 19:39 - 2014-01-20 17:50 - 0004608 _____ () C:\Users\Rike Volkmann\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-01-25 16:25 - 2015-01-26 14:58 - 0000112 _____ () C:\ProgramData\8fAo0362.dat
2012-10-29 20:38 - 2012-10-29 20:38 - 0000119 _____ () C:\ProgramData\{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}.log
2012-10-29 20:34 - 2012-10-29 20:35 - 0000106 _____ () C:\ProgramData\{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}.log
2012-10-29 20:35 - 2012-10-29 20:36 - 0000111 _____ () C:\ProgramData\{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}.log
2012-10-29 20:33 - 2012-10-29 20:34 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
2012-10-29 20:36 - 2012-10-29 20:38 - 0000108 _____ () C:\ProgramData\{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}.log
Files to move or delete:
====================
C:\ProgramData\8fAo0362.dat
Some content of TEMP:
====================
C:\Users\Rike Volkmann\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpyvqmkj.dll
C:\Users\Rike Volkmann\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe
C:\Users\Rike Volkmann\AppData\Local\Temp\nsj8EBF.tmp.exe
C:\Users\Rike Volkmann\AppData\Local\Temp\optprosetup.exe
C:\Users\Rike Volkmann\AppData\Local\Temp\SkypeSetup.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-01-25 18:10
==================== End Of Log ============================
Code:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2015-01-26 15:14:16
Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\0000002e rev.A110 465,76GB
Running: Gmer-19357.exe; Driver: C:\Users\RIKEVO~1\AppData\Local\Temp\fgldqpob.sys
---- User code sections - GMER 2.1 ----
.text C:\Program Files\Windows Defender\MsMpEng.exe[1980] C:\WINDOWS\system32\psapi.dll!GetModuleBaseNameA + 506 00007ff9abb5169a 4 bytes [B5, AB, F9, 7F]
.text C:\Program Files\Windows Defender\MsMpEng.exe[1980] C:\WINDOWS\system32\psapi.dll!GetModuleBaseNameA + 514 00007ff9abb516a2 4 bytes [B5, AB, F9, 7F]
.text C:\Program Files\Windows Defender\MsMpEng.exe[1980] C:\WINDOWS\system32\psapi.dll!QueryWorkingSet + 118 00007ff9abb5181a 4 bytes [B5, AB, F9, 7F]
.text C:\Program Files\Windows Defender\MsMpEng.exe[1980] C:\WINDOWS\system32\psapi.dll!QueryWorkingSet + 142 00007ff9abb51832 4 bytes [B5, AB, F9, 7F]
.text C:\Program Files\Dell\QuickSet\quickset.exe[5904] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007ff9abb5169a 4 bytes [B5, AB, F9, 7F]
.text C:\Program Files\Dell\QuickSet\quickset.exe[5904] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007ff9abb516a2 4 bytes [B5, AB, F9, 7F]
.text C:\Program Files\Dell\QuickSet\quickset.exe[5904] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 118 00007ff9abb5181a 4 bytes [B5, AB, F9, 7F]
.text C:\Program Files\Dell\QuickSet\quickset.exe[5904] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 142 00007ff9abb51832 4 bytes [B5, AB, F9, 7F]
.text C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe[5232] C:\WINDOWS\SYSTEM32\WSOCK32.dll!setsockopt + 194 00007ff988231f6a 4 bytes [23, 88, F9, 7F]
.text C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe[5232] C:\WINDOWS\SYSTEM32\WSOCK32.dll!setsockopt + 218 00007ff988231f82 4 bytes [23, 88, F9, 7F]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1056] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007ff9abb5169a 4 bytes [B5, AB, F9, 7F]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1056] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007ff9abb516a2 4 bytes [B5, AB, F9, 7F]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1056] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 118 00007ff9abb5181a 4 bytes [B5, AB, F9, 7F]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1056] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 142 00007ff9abb51832 4 bytes [B5, AB, F9, 7F]
.text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[5848] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007ff9abb5169a 4 bytes [B5, AB, F9, 7F]
.text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[5848] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007ff9abb516a2 4 bytes [B5, AB, F9, 7F]
.text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[5848] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 118 00007ff9abb5181a 4 bytes [B5, AB, F9, 7F]
.text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[5848] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 142 00007ff9abb51832 4 bytes [B5, AB, F9, 7F]
.text C:\Windows\System32\igfxpers.exe[5368] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007ff9abb5169a 4 bytes [B5, AB, F9, 7F]
.text C:\Windows\System32\igfxpers.exe[5368] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007ff9abb516a2 4 bytes [B5, AB, F9, 7F]
.text C:\Windows\System32\igfxpers.exe[5368] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 118 00007ff9abb5181a 4 bytes [B5, AB, F9, 7F]
.text C:\Windows\System32\igfxpers.exe[5368] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 142 00007ff9abb51832 4 bytes [B5, AB, F9, 7F]
.text C:\Users\Rike Volkmann\Downloads\FRST64.exe[668] C:\WINDOWS\SYSTEM32\WSOCK32.dll!setsockopt + 194 00007ff988231f6a 4 bytes [23, 88, F9, 7F]
.text C:\Users\Rike Volkmann\Downloads\FRST64.exe[668] C:\WINDOWS\SYSTEM32\WSOCK32.dll!setsockopt + 218 00007ff988231f82 4 bytes [23, 88, F9, 7F]
.text C:\Users\Rike Volkmann\Downloads\FRST64.exe[668] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007ff9abb5169a 4 bytes [B5, AB, F9, 7F]
.text C:\Users\Rike Volkmann\Downloads\FRST64.exe[668] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007ff9abb516a2 4 bytes [B5, AB, F9, 7F]
.text C:\Users\Rike Volkmann\Downloads\FRST64.exe[668] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 118 00007ff9abb5181a 4 bytes [B5, AB, F9, 7F]
.text C:\Users\Rike Volkmann\Downloads\FRST64.exe[668] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 142 00007ff9abb51832 4 bytes [B5, AB, F9, 7F]
---- Threads - GMER 2.1 ----
Thread C:\WINDOWS\system32\csrss.exe [352:4760] fffff960008abb90
---- Processes - GMER 2.1 ----
Process C:\Users\Rike Volkmann\AppData\Roaming\Dropbox\bin\Dropbox.exe (*** suspicious ***) @ C:\Users\Rike Volkmann\AppData\Roaming\Dropbox\bin\Dropbox.exe [5324] (FILE NOT FOUND) 0000000000400000
Library C:\Users\Rike Volkmann\AppData\Roaming\Dropbox\bin\Qt5Widgets.dll (*** suspicious ***) @ C:\Users\Rike Volkmann\AppData\Roaming\Dropbox\bin\Dropbox.exe [5324] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2014-10-22 00:22:46) 000000006caf0000
Library C:\Users\Rike Volkmann\AppData\Roaming\Dropbox\bin\Qt5Gui.dll (*** suspicious ***) @ C:\Users\Rike Volkmann\AppData\Roaming\Dropbox\bin\Dropbox.exe [5324] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2014-10-22 00:22:38) 000000006c7f0000
Library C:\Users\Rike Volkmann\AppData\Roaming\Dropbox\bin\Qt5Core.dll (*** suspicious ***) @ C:\Users\Rike Volkmann\AppData\Roaming\Dropbox\bin\Dropbox.exe [5324] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2014-10-22 00:22:38) 000000006c400000
Library C:\Users\Rike Volkmann\AppData\Roaming\Dropbox\bin\libGLESv2.dll (*** suspicious ***) @ C:\Users\Rike Volkmann\AppData\Roaming\Dropbox\bin\Dropbox.exe [5324](2014-10-22 00:22:50) 000000006d150000
Library C:\Users\Rike Volkmann\AppData\Roaming\Dropbox\bin\icuin52.dll (*** suspicious ***) @ C:\Users\Rike Volkmann\AppData\Roaming\Dropbox\bin\Dropbox.exe [5324] (ICU I18N DLL/The ICU Project)(2014-10-22 00:22:50) 000000004a900000
Library C:\Users\Rike Volkmann\AppData\Roaming\Dropbox\bin\icuuc52.dll (*** suspicious ***) @ C:\Users\Rike Volkmann\AppData\Roaming\Dropbox\bin\Dropbox.exe [5324] (ICU Common DLL/The ICU Project)(2014-10-22 00:22:50) 0000000003fc0000
Library C:\Users\Rike Volkmann\AppData\Roaming\Dropbox\bin\icudt52.dll (*** suspicious ***) @ C:\Users\Rike Volkmann\AppData\Roaming\Dropbox\bin\Dropbox.exe [5324] (ICU Data DLL/The ICU Project)(2014-10-22 00:22:50) 000000004ad00000
Library c:\users\rikevo~1\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpyvqmkj.dll (*** suspicious ***) @ C:\Users\Rike Volkmann\AppData\Roaming\Dropbox\bin\Dropbox.exe [5324](2015-01-26 10:18:37) 0000000003a30000
Library C:\Users\Rike Volkmann\AppData\Roaming\Dropbox\bin\Qt5Network.dll (*** suspicious ***) @ C:\Users\Rike Volkmann\AppData\Roaming\Dropbox\bin\Dropbox.exe [5324] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2014-10-22 00:22:38) 000000006ab40000
Library C:\Users\Rike Volkmann\AppData\Roaming\Dropbox\bin\Qt5WebKit.dll (*** suspicious ***) @ C:\Users\Rike Volkmann\AppData\Roaming\Dropbox\bin\Dropbox.exe [5324] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2014-10-22 00:22:40) 0000000069b50000
Library C:\Users\Rike Volkmann\AppData\Roaming\Dropbox\bin\Qt5Quick.dll (*** suspicious ***) @ C:\Users\Rike Volkmann\AppData\Roaming\Dropbox\bin\Dropbox.exe [5324] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2014-10-22 00:22:40) 0000000069930000
Library C:\Users\Rike Volkmann\AppData\Roaming\Dropbox\bin\Qt5Qml.dll (*** suspicious ***) @ C:\Users\Rike Volkmann\AppData\Roaming\Dropbox\bin\Dropbox.exe [5324] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2014-10-22 00:22:40) 00000000696d0000
Library C:\Users\Rike Volkmann\AppData\Roaming\Dropbox\bin\Qt5Sql.dll (*** suspicious ***) @ C:\Users\Rike Volkmann\AppData\Roaming\Dropbox\bin\Dropbox.exe [5324] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2014-10-22 00:22:40) 00000000696a0000
Library C:\Users\Rike Volkmann\AppData\Roaming\Dropbox\bin\libEGL.dll (*** suspicious ***) @ C:\Users\Rike Volkmann\AppData\Roaming\Dropbox\bin\Dropbox.exe [5324](2014-10-22 00:22:50) 0000000069690000
Library C:\Users\Rike Volkmann\AppData\Roaming\Dropbox\bin\Qt5WebKitWidgets.dll (*** suspicious ***) @ C:\Users\Rike Volkmann\AppData\Roaming\Dropbox\bin\Dropbox.exe [5324] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2014-10-22 00:22:46) 0000000069660000
Library C:\Users\Rike Volkmann\AppData\Roaming\Dropbox\bin\Qt5OpenGL.dll (*** suspicious ***) @ C:\Users\Rike Volkmann\AppData\Roaming\Dropbox\bin\Dropbox.exe [5324] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2014-10-22 00:22:38) 0000000069620000
Library C:\Users\Rike Volkmann\AppData\Roaming\Dropbox\bin\Qt5PrintSupport.dll (*** suspicious ***) @ C:\Users\Rike Volkmann\AppData\Roaming\Dropbox\bin\Dropbox.exe [5324] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2014-10-22 00:22:38) 00000000695d0000
Library C:\Users\Rike Volkmann\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll (*** suspicious ***) @ C:\Users\Rike Volkmann\AppData\Roaming\Dropbox\bin\Dropbox.exe [5324](2014-10-22 00:22:48) 00000000694f0000
Library C:\Users\Rike Volkmann\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll (*** suspicious ***) @ C:\Users\Rike Volkmann\AppData\Roaming\Dropbox\bin\Dropbox.exe [5324](2014-10-22 00:22:46) 0000000069230000
---- Disk sectors - GMER 2.1 ----
Disk \Device\Harddisk0\DR0 unknown MBR code
---- EOF - GMER 2.1 ----
|
|
26.01.2015, 15:43
| #2 |
| /// the machine /// TB-Ausbilder    | Windows 8 - Audio-Werbung im Hintergrund! hi,
__________________Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
Downloade dir bitte  Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers
__________________ |
|
26.01.2015, 16:35
| #3 |
| | Windows 8 - Audio-Werbung im Hintergrund! Hey, vielen Dank schonmal!
__________________TDDS: Code:
ATTFilter 15:49:17.0343 0x1040 TDSS rootkit removing tool 3.0.0.44 Jan 22 2015 08:27:04
15:49:17.0343 0x1040 UEFI system
15:49:21.0013 0x1040 ============================================================
15:49:21.0013 0x1040 Current date / time: 2015/01/26 15:49:21.0013
15:49:21.0013 0x1040 SystemInfo:
15:49:21.0013 0x1040
15:49:21.0013 0x1040 OS Version: 6.3.9600 ServicePack: 0.0
15:49:21.0013 0x1040 Product type: Workstation
15:49:21.0013 0x1040 ComputerName: RIKES-LAPTOP
15:49:21.0013 0x1040 UserName: Friederike Volkmann
15:49:21.0013 0x1040 Windows directory: C:\WINDOWS
15:49:21.0013 0x1040 System windows directory: C:\WINDOWS
15:49:21.0013 0x1040 Running under WOW64
15:49:21.0013 0x1040 Processor architecture: Intel x64
15:49:21.0013 0x1040 Number of processors: 4
15:49:21.0013 0x1040 Page size: 0x1000
15:49:21.0013 0x1040 Boot type: Normal boot
15:49:21.0013 0x1040 ============================================================
15:49:23.0091 0x1040 KLMD registered as C:\WINDOWS\system32\drivers\05589223.sys
15:49:23.0373 0x1040 System UUID: {3DCE4480-2794-4203-10EE-46D4C85E2FCE}
15:49:24.0029 0x1040 Drive \Device\Harddisk0\DR0 - Size: 0x74709D0E00 ( 465.76 Gb ), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
15:49:24.0029 0x1040 Drive \Device\Harddisk1\DR1 - Size: 0x200000000 ( 8.00 Gb ), SectorSize: 0x200, Cylinders: 0x414, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
15:49:24.0045 0x1040 ============================================================
15:49:24.0045 0x1040 \Device\Harddisk0\DR0:
15:49:24.0045 0x1040 GPT partitions:
15:49:24.0045 0x1040 \Device\Harddisk0\DR0\Partition1: GPT, TypeGUID: {C12A7328-F81F-11D2-BA4B-00A0C93EC93B}, UniqueGUID: {30F4ECD4-85B0-4DA8-AE47-DF80FE188DE5}, Name: EFI system partition, StartLBA 0x800, BlocksNum 0xFA000
15:49:24.0045 0x1040 \Device\Harddisk0\DR0\Partition2: GPT, TypeGUID: {796BADD3-6BBF-4D9F-B631-466EB71A4965}, UniqueGUID: {00844F43-FBDE-49C8-8A72-C1B09A5430F0}, Name: Basic data partition, StartLBA 0xFA800, BlocksNum 0x14000
15:49:24.0045 0x1040 \Device\Harddisk0\DR0\Partition3: GPT, TypeGUID: {E3C9E316-0B5C-4DB8-817D-F92DF00215AE}, UniqueGUID: {6A145C9C-0A2D-4FC8-BF5A-4C88A52C412B}, Name: Microsoft reserved partition, StartLBA 0x10E800, BlocksNum 0x40000
15:49:24.0045 0x1040 \Device\Harddisk0\DR0\Partition4: GPT, TypeGUID: {DE94BBA4-06D1-4D40-A16A-BFD50179D6AC}, UniqueGUID: {8378B267-F9B4-493F-9CFB-D6BF51885265}, Name: Basic data partition, StartLBA 0x14E800, BlocksNum 0xFA000
15:49:24.0045 0x1040 \Device\Harddisk0\DR0\Partition5: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {791F6FFD-4F9C-4A50-972F-1E1EE6B0F0E6}, Name: Basic data partition, StartLBA 0x248800, BlocksNum 0x38897800
15:49:24.0045 0x1040 \Device\Harddisk0\DR0\Partition6: GPT, TypeGUID: {DE94BBA4-06D1-4D40-A16A-BFD50179D6AC}, UniqueGUID: {7EEC18D8-DFDF-480E-ACF5-1A2DDB1A46A1}, Name: , StartLBA 0x38AE0000, BlocksNum 0xE1000
15:49:24.0045 0x1040 \Device\Harddisk0\DR0\Partition7: GPT, TypeGUID: {DE94BBA4-06D1-4D40-A16A-BFD50179D6AC}, UniqueGUID: {5C9F5A57-B9EB-4294-AC76-E144DED5DA54}, Name: Microsoft recovery partition, StartLBA 0x38BC1000, BlocksNum 0x17C3687
15:49:24.0045 0x1040 MBR partitions:
15:49:24.0045 0x1040 \Device\Harddisk1\DR1:
15:49:24.0045 0x1040 GPT partitions:
15:49:24.0045 0x1040 \Device\Harddisk1\DR1\Partition1: GPT, TypeGUID: {D3BFE2DE-3DAF-11DF-BA40-E3A556D89593}, UniqueGUID: {63A6B471-6189-4D7D-85DC-91EF940C4FD3}, Name: Basic data partition, StartLBA 0x800, BlocksNum 0xFFF000
15:49:24.0045 0x1040 MBR partitions:
15:49:24.0045 0x1040 ============================================================
15:49:24.0045 0x1040 C: <-> \Device\Harddisk0\DR0\Partition5
15:49:24.0045 0x1040 ============================================================
15:49:24.0045 0x1040 Initialize success
15:49:24.0045 0x1040 ============================================================
15:49:34.0034 0x10d8 ============================================================
15:49:34.0034 0x10d8 Scan started
15:49:34.0034 0x10d8 Mode: Manual; SigCheck; TDLFS;
15:49:34.0034 0x10d8 ============================================================
15:49:34.0034 0x10d8 KSN ping started
15:49:36.0378 0x10d8 KSN ping finished: true
15:49:37.0565 0x10d8 ================ Scan system memory ========================
15:49:37.0565 0x10d8 System memory - ok
15:49:37.0565 0x10d8 ================ Scan services =============================
15:49:37.0706 0x10d8 [ E1832BD9FD7E0FC2DC9FA5935DE3E8C1, 41FF7418887AFC8B9C96EF21C5950DD342CC9E3C0D87AFD60A05B988C1D6CC23 ] 1394ohci C:\WINDOWS\System32\drivers\1394ohci.sys
15:49:37.0989 0x10d8 1394ohci - ok
15:49:38.0005 0x10d8 [ AD508A1A46EC21B740AB31C28EFDFDB1, 9B1046CF0B80723149BD359B55CC0B8B3ABBEAA9038469F542A4C345C503FB02 ] 3ware C:\WINDOWS\system32\drivers\3ware.sys
15:49:38.0021 0x10d8 3ware - ok
15:49:38.0052 0x10d8 [ 9539F7917B4B6D92C90F0FAA6B86C605, B4C284E8EECC2E7025053A3320EFDC9F47BCA9828853AD2A805DB826CA4AC27E ] ACPI C:\WINDOWS\system32\drivers\ACPI.sys
15:49:38.0083 0x10d8 ACPI - ok
15:49:38.0099 0x10d8 [ AC8279D229398BCF05C3154ADCA86813, 083E86CBE53244D24C334DB1511C77025133AE7875191845764B890A8CA5AFA9 ] acpiex C:\WINDOWS\system32\Drivers\acpiex.sys
15:49:38.0114 0x10d8 acpiex - ok
15:49:38.0114 0x10d8 [ A8970D9BF23CD309E0403978A1B58F3F, 9946C8477104EEC7DB197E2222F9905307F101C398CCED4B5FD0F86A5622C791 ] acpipagr C:\WINDOWS\System32\drivers\acpipagr.sys
15:49:38.0130 0x10d8 acpipagr - ok
15:49:38.0130 0x10d8 [ 111A89C99C5B4F1A7BCE5F643DD86F65, 41A2E49FF443927D05F7EF638518108227852984E68D4663C8761178C0B84A45 ] AcpiPmi C:\WINDOWS\System32\drivers\acpipmi.sys
15:49:38.0146 0x10d8 AcpiPmi - ok
15:49:38.0161 0x10d8 [ 5758387D68A20AE7D3245011B07E36E7, 77832E200E8B0D259552F6F60FE454A887E3EBBB9EA2F3590E6645289A04E293 ] acpitime C:\WINDOWS\System32\drivers\acpitime.sys
15:49:38.0161 0x10d8 acpitime - ok
15:49:38.0177 0x10d8 [ FC5B75CA6A1DA31EDD4F8D53F5540B98, CDC445F2790ADFC4C5568C40D4DA8BB95CD71991665B38AEC3D84571C99C3520 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
15:49:38.0208 0x10d8 AdobeARMservice - ok
15:49:38.0239 0x10d8 [ 7C1FDF1B48298CBA7CE4BDD4978951AD, 80F4D536E1231B30E836F72ADC8814AE6AA9FEC573FB5F3F965FAC8ABCCAF0F8 ] ADP80XX C:\WINDOWS\system32\drivers\ADP80XX.SYS
15:49:38.0271 0x10d8 ADP80XX - ok
15:49:38.0302 0x10d8 [ 0F17D49BE041B7EFF1D33BF1414E7AC6, F8B536B60903814DF88DAF535753288537EF0993E42AA4E734EDA8D68B24C7AB ] AeLookupSvc C:\WINDOWS\System32\aelupsvc.dll
15:49:38.0318 0x10d8 AeLookupSvc - ok
15:49:38.0333 0x10d8 [ 374E27295F0A9DCAA8FC96370F9BEEA5, 51C394E0C2322D7D093941A1B8766171B5D1F47DF2FE0834209492891EA7D999 ] AFD C:\WINDOWS\system32\drivers\afd.sys
15:49:38.0364 0x10d8 AFD - ok
15:49:38.0380 0x10d8 [ 7DFAEBA9AD62D20102B576D5CAC45EC8, 9FA5207335303D1E8E9A3C9E1FB82C09AD21B04382F69D777A67E48EE91D2093 ] agp440 C:\WINDOWS\system32\drivers\agp440.sys
15:49:38.0396 0x10d8 agp440 - ok
15:49:38.0396 0x10d8 [ F0CB6DB513CAC393D04A0FCE0A59E1BF, E6EE159D0E6B1F666946B1FE421874044E89BB2EB60A521BAA111A1229FA7B2D ] ahcache C:\WINDOWS\system32\DRIVERS\ahcache.sys
15:49:38.0427 0x10d8 ahcache - ok
15:49:38.0427 0x10d8 [ A91D8E1E433EFB32551BCE69037E1CE7, 41DFDD5B56918D19D09DFB3E4B07460AA85647A8647ABBBB906158D8D6653290 ] ALG C:\WINDOWS\System32\alg.exe
15:49:38.0443 0x10d8 ALG - ok
15:49:38.0458 0x10d8 [ 7589DE749DB6F71A68489DCE04158729, 5F35EDD50737985595C9D6703237CA2ADE49AA5443331020899698EB5114A0FB ] AmdK8 C:\WINDOWS\System32\drivers\amdk8.sys
15:49:38.0474 0x10d8 AmdK8 - ok
15:49:38.0489 0x10d8 [ B46D2D89AFF8A9490FA8C98C7A5616E3, BE0765B5423B690E0F097FECD9717FAA95BFDFFDC6CF1B93DE5A19A1B7797879 ] AmdPPM C:\WINDOWS\System32\drivers\amdppm.sys
15:49:38.0505 0x10d8 AmdPPM - ok
15:49:38.0505 0x10d8 [ D2BF2F94A47D332814910FD47C6BBCD2, FE273D77D119D958676E1197D9EA7B008E3B05C6192B1962A81D4223ED204C35 ] amdsata C:\WINDOWS\system32\drivers\amdsata.sys
15:49:38.0521 0x10d8 amdsata - ok
15:49:38.0536 0x10d8 [ A8E04943C7BBA7219AA50400272C3C6E, 794C0BD12DF0392654E9A37AE4A24B5BE2D83F1F24F74DD48A1A0BF3AB8B1FF8 ] amdsbs C:\WINDOWS\system32\drivers\amdsbs.sys
15:49:38.0552 0x10d8 amdsbs - ok
15:49:38.0552 0x10d8 [ CEA5F4F27CFC08E3A44D576811B35F50, 89DF64B81BD109BAABAE93A4603C1617241219F38DDAF325EFE6BD35FF6FD717 ] amdxata C:\WINDOWS\system32\drivers\amdxata.sys
15:49:38.0568 0x10d8 amdxata - ok
15:49:38.0583 0x10d8 [ 04951A9A937CBE28A2D3FEEA360B6D1F, D8AAF000BE4FE4B203DC2EB2A64F780A542E5238CE3F9952FD03277379B11529 ] AppID C:\WINDOWS\system32\drivers\appid.sys
15:49:38.0599 0x10d8 AppID - ok
15:49:38.0599 0x10d8 [ C0DC3F58214A227980AEB091CFD2F973, 0C3E8453C9F65ADA3E74C38C0E3AC3E0CBFD807B827097046265B38839E151E3 ] AppIDSvc C:\WINDOWS\System32\appidsvc.dll
15:49:38.0614 0x10d8 AppIDSvc - ok
15:49:38.0614 0x10d8 [ 034ED41F13D9C1845C1E081F05B640DB, E4E17BA0B22C464DE60A6BF68D4D035D1B838DE4F0361029DED1AE00503E135C ] Appinfo C:\WINDOWS\System32\appinfo.dll
15:49:38.0630 0x10d8 Appinfo - ok
15:49:38.0646 0x10d8 [ 650D03E40F93FAE323CB841F80368E5C, F67B97CFDCE2EE9294977725268EFDB0DD724BD16E7ED5BFCA45375AA8EBA5BB ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
15:49:38.0661 0x10d8 Apple Mobile Device - ok
15:49:38.0677 0x10d8 [ CB12C47647D8BDAFAA94C0856B14128B, 5590C98095357C92563EF94800107D3611AA6ECA1A70BE463C03B279E618A6C4 ] AppReadiness C:\WINDOWS\system32\AppReadiness.dll
15:49:38.0708 0x10d8 AppReadiness - ok
15:49:38.0755 0x10d8 [ F7529BD3FFAC9C33D15F6DE3B7353B03, 8EF0A84C9687A246B60939A326E498121039E9CC617A7ABBA933EDD327F3467E ] AppXSvc C:\WINDOWS\system32\appxdeploymentserver.dll
15:49:38.0802 0x10d8 AppXSvc - ok
15:49:38.0802 0x10d8 [ 65045784366F7EC5FB4E71BCF923187B, 53C215C64FF12E44B097F7CB88E8482438CE0ACBD3C68D8FD38BA0D0D8747FAA ] arcsas C:\WINDOWS\system32\drivers\arcsas.sys
15:49:38.0818 0x10d8 arcsas - ok
15:49:38.0833 0x10d8 [ 3DB7721F06BC2FEDB25029EA23AB27DA, 221861148C66FE53E4D6EE49C6E656479AB5804A2D348A280A1CD8093E8AB788 ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
15:49:38.0849 0x10d8 AsyncMac - ok
15:49:38.0849 0x10d8 [ 74B14192CF79A72F7536B27CB8814FBD, 0CF6BBB63FFE0C12777664D80B2797923844C8392D0FD81D7962EE5EE2C3C3D9 ] atapi C:\WINDOWS\system32\drivers\atapi.sys
15:49:38.0864 0x10d8 atapi - ok
15:49:38.0864 0x10d8 [ 8AEDB0F8258EBE71B5E8E0900E901295, BE40BF1D80ABAF316027008E2B0CE847D839A4E320480FA96C6238DC47AC0737 ] AthBTPort C:\WINDOWS\system32\DRIVERS\btath_flt.sys
15:49:38.0896 0x10d8 AthBTPort - ok
15:49:38.0896 0x10d8 [ 98DC5A892D6A8D64678531FB5698F5BE, 353ED9794326143850A0DFFE2024BCC9CDC9852ABCC3A7CD5A0CD3C78AC88C6E ] AtherosSvc C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe
15:49:38.0943 0x10d8 AtherosSvc - ok
15:49:39.0068 0x10d8 [ 2C7676F892E88FD190F08D98048C7C6C, 44C13C103F61DA4D1A3823D37344F8C9465A611A9560808CE928925FB69604F7 ] athr C:\WINDOWS\system32\DRIVERS\athw8x.sys
15:49:39.0208 0x10d8 athr - ok
15:49:39.0224 0x10d8 [ 8779FDAE68BC948B0FE152E758CC8DA7, 13070C2073F8E7546B48AE9CF54067B9BB75DFCD98F2987B90FFAD20D40D54CF ] AudioEndpointBuilder C:\WINDOWS\System32\AudioEndpointBuilder.dll
15:49:39.0255 0x10d8 AudioEndpointBuilder - ok
15:49:39.0302 0x10d8 [ 61EA45A645854FE81D8A924E2D93DFFE, 34F79532297F609CA93C380B68BB8B7B0F027F9C8F4FB8E02A9A43EA3D155F1B ] Audiosrv C:\WINDOWS\System32\Audiosrv.dll
15:49:39.0333 0x10d8 Audiosrv - ok
15:49:39.0349 0x10d8 [ 96E8CAF20FC4B6C31CAD7816A801EB78, E4870DB8FFBDCFEE98449338D0BDBF2DD0B5FEC75514E41C11A882BE6EB16833 ] AxInstSV C:\WINDOWS\System32\AxInstSV.dll
15:49:39.0364 0x10d8 AxInstSV - ok
15:49:39.0411 0x10d8 [ A4A73F631FE2AA2826FBE4A399B04DEF, 973AACE8DC8DA669D0DF20F17EFDEEABB90AA046AC980948D16A62D39A606A79 ] b06bdrv C:\WINDOWS\system32\drivers\bxvbda.sys
15:49:39.0458 0x10d8 b06bdrv - ok
15:49:39.0458 0x10d8 [ 8CC7F7E4AFCBA605921B137ED7992C68, 71406E6D6E9964740A6D90B05329D5492BB90AF40E0630CF2FBF4BA4BA14F2DD ] BasicDisplay C:\WINDOWS\System32\drivers\BasicDisplay.sys
15:49:39.0474 0x10d8 BasicDisplay - ok
15:49:39.0474 0x10d8 [ 38A82F4EE8C416A6744B6D30381ED768, 9EAAE5F43BA09359130AC04B1DCA0F5D4DF32ED89C02DC5CEB640918948847F7 ] BasicRender C:\WINDOWS\System32\drivers\BasicRender.sys
15:49:39.0489 0x10d8 BasicRender - ok
15:49:39.0505 0x10d8 [ C1ABB0F7E3BEA48A0417BDF6FF14AB21, 1CAC63A1A0FB9855A27EE977794576A860F6650C9EF7667FFB27F2A2FF721857 ] bcmfn2 C:\WINDOWS\System32\drivers\bcmfn2.sys
15:49:39.0505 0x10d8 bcmfn2 - ok
15:49:39.0521 0x10d8 [ E07C80468D0C599BFF01D9D4EC7AEDC3, F675F455924DEC3FF69AD816DFEB6E74C804AEC3D3BFF7515953DB9D79C9B2D0 ] BDESVC C:\WINDOWS\System32\bdesvc.dll
15:49:39.0552 0x10d8 BDESVC - ok
15:49:39.0552 0x10d8 [ EC19013E4CF87609534165DF897274D6, 8ED45537CF2D58D759A587CCBFDADD5580C7447B0C3B172CF19ECC7585E073FC ] Beep C:\WINDOWS\system32\drivers\Beep.sys
15:49:39.0568 0x10d8 Beep - ok
15:49:39.0599 0x10d8 [ 20FB137ADDE1255F15F265A7BD9579BE, 87B4D5C91EFEAD987AAC3491A4360F82824C46AFF958B6F4CAED7C12224EF159 ] BFE C:\WINDOWS\System32\bfe.dll
15:49:39.0630 0x10d8 BFE - ok
15:49:39.0677 0x10d8 [ 15225081966C785A9192782401643FD4, E2BA0C8D044556FDD9DD7A25F7F71553DE7A2924E78F9284413C2AC46F0BF4EB ] BITS C:\WINDOWS\System32\qmgr.dll
15:49:39.0958 0x10d8 BITS - ok
15:49:39.0989 0x10d8 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD, 17BFFC5DF609CE3B2F0CAB4BD6C118608C66A3AD86116A47E90B2BB7D8954122 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
15:49:40.0005 0x10d8 Bonjour Service - ok
15:49:40.0021 0x10d8 [ 6B4FFFDDC618FCF64473CAA86E305697, 29EA66071D5822920F5C50533673ADAB5204F8B25C11027AD27450D881F1142D ] bowser C:\WINDOWS\system32\DRIVERS\bowser.sys
15:49:40.0036 0x10d8 bowser - ok
15:49:40.0052 0x10d8 [ E325BCD68EC0CF2E2EDD0AB7CC17C698, 4DEDEF91F6BD1CC8DBE118AC28CA6BD874449A053B9CDE9FFEB1C7B98501D938 ] BrokerInfrastructure C:\WINDOWS\System32\bisrv.dll
15:49:40.0068 0x10d8 BrokerInfrastructure - ok
15:49:40.0083 0x10d8 [ 041A999E4FF9A7CDBE67357751881FB8, 356C52637EA715D6FA2B65BD311C9BF1635A582023434902EC2DE4A2448961F8 ] Browser C:\WINDOWS\System32\browser.dll
15:49:40.0099 0x10d8 Browser - ok
15:49:40.0114 0x10d8 [ 942F3F6286056D6BBB5B02ED2B7088BD, 9F187C480BD40815ECFFC208BD1B00ACDFAD16899B4C8BE79C803FE48E322EA0 ] BTATH_A2DP C:\WINDOWS\system32\drivers\btath_a2dp.sys
15:49:40.0130 0x10d8 BTATH_A2DP - ok
15:49:40.0130 0x10d8 [ 43C965027229D9FF6E52E4C71C03B09E, AF0E39EAD8B17A65F885272BEF12BF91578289C183FB39BB803183BE0E5547D1 ] btath_avdt C:\WINDOWS\system32\drivers\btath_avdt.sys
15:49:40.0146 0x10d8 btath_avdt - ok
15:49:40.0146 0x10d8 [ 23CEDCD7527A26B222732A158F76EB24, 5A45D7FC8DFB96A938EEB8604B79413A10C0C16A17D3139B712263211D8215E9 ] BTATH_BUS C:\WINDOWS\System32\drivers\btath_bus.sys
15:49:40.0161 0x10d8 BTATH_BUS - ok
15:49:40.0161 0x10d8 [ 3DD64966A764BCAFF07C9DC064BD410E, 456252339BCA224549E4CBCD5A0501AF10340211CFD567C577067ABF5DABB21F ] BTATH_HCRP C:\WINDOWS\System32\drivers\btath_hcrp.sys
15:49:40.0177 0x10d8 BTATH_HCRP - ok
15:49:40.0193 0x10d8 [ B68EE0721EAC305AB1C9C989CDF1AEFF, 3F7CE8E244836E23456E519E48E53E4B9331C9AD9BAF13C208C922404575638A ] BTATH_LWFLT C:\WINDOWS\system32\DRIVERS\btath_lwflt.sys
15:49:40.0193 0x10d8 BTATH_LWFLT - ok
15:49:40.0208 0x10d8 [ EC7BB341229E9E6B04349580F55218B2, 4227CE6787DD1432EB054B1EE85C399188A61B23E2E8B0B615DA101C4AABD6C0 ] BTATH_RCP C:\WINDOWS\System32\drivers\btath_rcp.sys
15:49:40.0208 0x10d8 BTATH_RCP - ok
15:49:40.0239 0x10d8 [ 239A81CC18170F3369D389DA65E74342, 5E26976176A6651B149784B1ED86ECCA133B7755EBB8B04361A8DDB705767AA3 ] BtFilter C:\WINDOWS\system32\DRIVERS\btfilter.sys
15:49:40.0271 0x10d8 BtFilter - ok
15:49:40.0286 0x10d8 [ 8F7A6409A76914E203423A384A4E1C11, 567D1B456F6457C2D2612D048B7E59C41504565E67BB7F349530249274BF3C3B ] BthA2DP C:\WINDOWS\system32\drivers\BthA2DP.sys
15:49:40.0302 0x10d8 BthA2DP - ok
15:49:40.0302 0x10d8 [ A8F23D453A424FF4DE04989C4727ECC7, AE4A9081395C7379F1C947EF8243F7609F90C843E086B8E77E1A2C06E36D4381 ] BthAvrcpTg C:\WINDOWS\System32\drivers\BthAvrcpTg.sys
15:49:40.0318 0x10d8 BthAvrcpTg - ok
15:49:40.0333 0x10d8 [ 131F1C8573E7BFB41C54FBF5309CCD94, DAFE51E3BADBD82A33B580F212B2D6520A120877C23F6D675521FEA2F4BA5A1F ] BthEnum C:\WINDOWS\System32\drivers\BthEnum.sys
15:49:40.0349 0x10d8 BthEnum - ok
15:49:40.0349 0x10d8 [ E4A1863A32606C95F993345F1D28C86C, 3BED422D932A22F0CB923FE7FFDA0A8EC6E01AD1FB8F616F39E016A19221AD6F ] BthHFAud C:\WINDOWS\system32\DRIVERS\BthHfAud.sys
15:49:40.0364 0x10d8 BthHFAud - ok
15:49:40.0364 0x10d8 [ 746B9F94214915AECDE4B7FEA5FF9664, EA2877D49DB4B7B9CE61653D63E8776DFF1CBCCAB12C14DB1D20DA44B8F06357 ] BthHFEnum C:\WINDOWS\System32\drivers\bthhfenum.sys
15:49:40.0380 0x10d8 BthHFEnum - ok
15:49:40.0396 0x10d8 [ 71FE2A48E4C93DDB9798C024880B6C07, 8E93DE29C61A5FA64216231228CB3C4A1A693FE87CAA2C070BCAD7BE2D8ED000 ] bthhfhid C:\WINDOWS\System32\drivers\BthHFHid.sys
15:49:40.0411 0x10d8 bthhfhid - ok
15:49:40.0427 0x10d8 [ 52AB4FA794AE775BDAF63BBF28ADE65D, DB8C9DA9A2F7E96110C793A35AC7CFA8E324173DAEDEFCC700A9652E389D46FE ] BthHFSrv C:\WINDOWS\System32\BthHFSrv.dll
15:49:40.0458 0x10d8 BthHFSrv - ok
15:49:40.0489 0x10d8 [ D30C67473A2E229662D21F27EAA9AAA5, D009C4836B0DFE963D8E3DEEDE611068838F2BBCAB146E6D70692FAB838E11F1 ] BthLEEnum C:\WINDOWS\system32\DRIVERS\BthLEEnum.sys
15:49:40.0536 0x10d8 BthLEEnum - ok
15:49:40.0552 0x10d8 [ 66B791F6B11DC4303DD18A224A501542, 502AE4D6FFC6B0FCED081B0E0F61F699F96F20DFEE737B53828F5DEE3BD0FCB1 ] BTHMODEM C:\WINDOWS\System32\drivers\bthmodem.sys
15:49:40.0599 0x10d8 BTHMODEM - ok
15:49:40.0615 0x10d8 [ 25BB93167DEF270188072603F92A1EF5, CE4637CE4B63420E218F53CAF89A8C85D036B879B80456FEF3C7C395590E26BB ] BthPan C:\WINDOWS\System32\drivers\bthpan.sys
15:49:40.0646 0x10d8 BthPan - ok
15:49:40.0708 0x10d8 [ 97B9076611291AE4C4C107BC915BD026, 0A77873AAF1ADB76CAB98A84D2242781E34E2699632E45EB92ED7DB20B2BE0C1 ] BTHPORT C:\WINDOWS\System32\Drivers\BTHport.sys
15:49:40.0771 0x10d8 BTHPORT - ok
15:49:40.0786 0x10d8 [ E5E48FEED73D463175EAB1542495191C, 0A8182F5BA7B694AB1DD3680F1194E4A568FE40DBA4BFDFF2EA09BAD045FFB29 ] bthserv C:\WINDOWS\system32\bthserv.dll
15:49:40.0802 0x10d8 bthserv - ok
15:49:40.0818 0x10d8 [ 23E75BED9076F856B36F5F934BBD5795, CCEB72B788522B7D52A6C07646005EBC68F9599D3714ECACF3A194CA47A1BE85 ] BTHUSB C:\WINDOWS\System32\Drivers\BTHUSB.sys
15:49:40.0833 0x10d8 BTHUSB - ok
15:49:40.0833 0x10d8 [ FE45300D6D7E13E6DC42536F6E09ADC7, 3640F3C8D83CB1FBEE4F02A8E8167AF86F06C3D2B6F6641132B8D6FE595AE59C ] btwavdt C:\WINDOWS\System32\drivers\btwavdt.sys
15:49:40.0849 0x10d8 btwavdt - ok
15:49:40.0865 0x10d8 [ 7341EAE45C2EA9FB7F887EC293A748B9, E539CFC3B53F9F67DE0B1D8D64BD0CA8CFA2C4A91A690D97787BD98FA21707D6 ] btwrchid C:\WINDOWS\System32\drivers\btwrchid.sys
15:49:40.0865 0x10d8 btwrchid - ok
15:49:40.0896 0x10d8 [ 2FA6510E33F7DEFEC03658B74101A9B9, 61C8C8E3F09B427711464C974EE22E1E01C48E10DB54A4EC9901F482FC36C978 ] cdfs C:\WINDOWS\system32\DRIVERS\cdfs.sys
15:49:40.0927 0x10d8 cdfs - ok
15:49:40.0927 0x10d8 [ C6796EA22B513E3457514D92DCDB1A3D, 2B893F3950C6B913B934C2089B69F3B0B77F229AE1820907E598455CBB78139C ] cdrom C:\WINDOWS\System32\drivers\cdrom.sys
15:49:40.0943 0x10d8 cdrom - ok
15:49:40.0958 0x10d8 [ AB285CE3431FF3D2ACE669245874C1C7, 6AF4C3E86EFA51F7FB6F8492CB2CCB807C7775EAE0508B87F07134FDAC679BD7 ] CertPropSvc C:\WINDOWS\System32\certprop.dll
15:49:40.0974 0x10d8 CertPropSvc - ok
15:49:40.0990 0x10d8 [ BE9936EDD3267FAAFF94A7835867F00B, 3CEEF2377D45ED38C7CD3CE4C746EC5EA7277EFEC728A5438F0EF5F62FC7C859 ] circlass C:\WINDOWS\System32\drivers\circlass.sys
15:49:41.0005 0x10d8 circlass - ok
15:49:41.0021 0x10d8 [ 179A41249055D5F039F1B6703F3B6D2B, 886CF715D9E85DB5C9B991EBCB9B12E27AA0EEE52528E222C80CA5B5B0A7AF52 ] CLFS C:\WINDOWS\system32\drivers\CLFS.sys
15:49:41.0036 0x10d8 CLFS - ok
15:49:41.0161 0x10d8 [ 7E526C5B4DD233EBCF1EA3EC211E2913, 9DC99F18454001AF5462C773C174E2D6E503316550C7E9D7824E9CBC503FCA3B ] ClickToRunSvc C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe
15:49:41.0240 0x10d8 ClickToRunSvc - ok
15:49:41.0271 0x10d8 [ 075CCE75090786F124573A788C8656E6, AA188CFF2F8EE2D9F50701AB2315D24E15D7715FD84F5054D3FC175D4BD35734 ] CLVirtualDrive C:\WINDOWS\system32\DRIVERS\CLVirtualDrive.sys
15:49:41.0286 0x10d8 CLVirtualDrive - ok
15:49:41.0286 0x10d8 [ EF6EF85DADC3184A10D8F2F7159973CB, 42FCB286CED95A5DEBC5C0C894FCBC4818A2C818BB71087142FB51A08A0BE96B ] CmBatt C:\WINDOWS\System32\drivers\CmBatt.sys
15:49:41.0302 0x10d8 CmBatt - ok
15:49:41.0318 0x10d8 [ 4E1207CE16E615B0B7A70DC889F4500E, 1778D5AC0AF5F5DD1551192F4CDBCCB9878995155CF337EBB03460A6FD5C6B78 ] CNG C:\WINDOWS\system32\Drivers\cng.sys
15:49:41.0349 0x10d8 CNG - ok
15:49:41.0365 0x10d8 [ 03AAED827C36F35D70900558B8274905, 8E44A23C6013FFAE7769F99CAA3B1D6288DE00A38937F9056903AC265B503AFA ] CompositeBus C:\WINDOWS\System32\drivers\CompositeBus.sys
15:49:41.0380 0x10d8 CompositeBus - ok
15:49:41.0380 0x10d8 COMSysApp - ok
15:49:41.0396 0x10d8 [ A1FF7DFBFBE164CF92603C651D304DD2, 470ACE5A75E64FC62C950037201199857E974803625DC73BEDBCF6FA4DDD496C ] condrv C:\WINDOWS\system32\drivers\condrv.sys
15:49:41.0411 0x10d8 condrv - ok
15:49:41.0411 0x10d8 CouponarificService64 - ok
15:49:41.0427 0x10d8 [ 0EFE4B5884A8032617826A4D76F80969, 083D296CC623C83D36A97AEE343ADF819B17E490F931DBE4D161BD1E8C289E02 ] CryptSvc C:\WINDOWS\system32\cryptsvc.dll
15:49:41.0443 0x10d8 CryptSvc - ok
15:49:41.0443 0x10d8 [ 315BA4BC19316D72B2E037534E048B93, 69613635DB23E6A935673B1025C2010ED3E195473D25368CF74234C4C36910BE ] dam C:\WINDOWS\system32\drivers\dam.sys
15:49:41.0458 0x10d8 dam - ok
15:49:41.0490 0x10d8 [ 81979817943D830BF24571B7C1B28A1A, 9584D8F1FB3E6CF17BD465670B208C723A8E8B06775A3DA44F75D7710404EEA6 ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
15:49:41.0521 0x10d8 DcomLaunch - ok
15:49:41.0536 0x10d8 [ D249C3A58A4FCF755EF4C94F7047E015, 68C044CE2DB93FB502F85F6E081EA164F6E6DCBA6B3EE2A5CBDA122065E522F8 ] defragsvc C:\WINDOWS\System32\defragsvc.dll
15:49:41.0568 0x10d8 defragsvc - ok
15:49:41.0583 0x10d8 [ 18B5C959CBE24D4D4C2381EFB87611DE, 57E974F13D316E1A89BDB93CEF8D790B499219A159277944644F533A5010AB23 ] DellDigitalDelivery c:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe
15:49:41.0615 0x10d8 DellDigitalDelivery - detected UnsignedFile.Multi.Generic ( 1 )
15:49:43.0990 0x10d8 Detect skipped due to KSN trusted
15:49:43.0990 0x10d8 DellDigitalDelivery - ok
15:49:44.0005 0x10d8 [ DC253191A553DACA7684CFB5B03A4268, 2D651A059F1334671E875EB4FC642383DCC00710809255DA29F96C41EC2C8205 ] DellRbtn C:\WINDOWS\System32\drivers\DellRbtn.sys
15:49:44.0037 0x10d8 DellRbtn - ok
15:49:44.0068 0x10d8 [ 8F387C2C99EE09C6E2AC316205F86A17, EC9E8AE72A21992AA118964E17090BA4503EB051273AD18185C95172F57328CE ] DeviceAssociationService C:\WINDOWS\system32\das.dll
15:49:44.0115 0x10d8 DeviceAssociationService - ok
15:49:44.0130 0x10d8 [ BC6849C62DB407573C6AD8CB1A4D2628, 5BDE0D60F85E4C27CEAD1B301155B54D841FB773BD5BB8AC5DDAEE31F8E94627 ] DeviceInstall C:\WINDOWS\system32\umpnpmgr.dll
15:49:44.0177 0x10d8 DeviceInstall - ok
15:49:44.0193 0x10d8 [ A03F362C5557E238CBFA914689C77248, BAD0A1124E6A384C15028FBE121ADF650F7716442555AD3737B9EA1F58A69246 ] Dfsc C:\WINDOWS\system32\Drivers\dfsc.sys
15:49:44.0224 0x10d8 Dfsc - ok
15:49:44.0240 0x10d8 [ 73BDD44A6088916964945886F9025409, 8E2ECC9AAEF3C6EBA2E61D25F657FDFCC72AB517CC4FD5FFF992E1F9EB942662 ] dg_ssudbus C:\WINDOWS\system32\DRIVERS\ssudbus.sys
15:49:44.0302 0x10d8 dg_ssudbus - ok
15:49:44.0333 0x10d8 [ 05DE04005CE0D84D0E6AD21CAEB369C6, E6704A2A685BCFD560796D7C328F8E53DF0793DBDA590598A492D9070D109298 ] Dhcp C:\WINDOWS\system32\dhcpcore.dll
15:49:44.0380 0x10d8 Dhcp - ok
15:49:44.0396 0x10d8 [ 4D40C9B33F738797CF50E77CB7C53E85, 7BA341342A47DEB15B51971C97A5237ACD8BDAD9033F63DF0000892BE43F8E13 ] disk C:\WINDOWS\system32\drivers\disk.sys
15:49:44.0412 0x10d8 disk - ok
15:49:44.0412 0x10d8 [ EB70A894708D1BC176AFD690FF06085F, 0DD2A97F5E1B38D1F7C0D44E50F09EA222B18B3B074CC9C8CD25A7526CB1A112 ] dmvsc C:\WINDOWS\System32\drivers\dmvsc.sys
15:49:44.0443 0x10d8 dmvsc - ok
15:49:44.0458 0x10d8 [ FE7656474448BE6A6C68E5C9BEB7CA94, 8B9F04CAA29A6EEFCA3D1E7BAFE340D5CCA8AF665474E69B1DF7E2A518B83A89 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
15:49:44.0474 0x10d8 Dnscache - ok
15:49:44.0490 0x10d8 [ 50288EA079BB520C2B8C8A154202D518, 8916A9180CA009D124FFDFB4CCF5FDFEF7FA2FD37CBCD49FAD4C68E051B4734D ] dot3svc C:\WINDOWS\System32\dot3svc.dll
15:49:44.0521 0x10d8 dot3svc - ok
15:49:44.0537 0x10d8 [ 281BEE07BA97E3E98D12A822D923D0D8, 6EB482B2D4D6048D145C3738B2B6FA27A90B5EA53E9167447820F9981B004E63 ] DPS C:\WINDOWS\system32\dps.dll
15:49:44.0568 0x10d8 DPS - ok
15:49:44.0583 0x10d8 [ DDC11A202207C0400CBE07315B8FDE5E, 3ED0CA3A714582D92001BA3BFF78BE082F4DC8021298D5A2632F3B2B0A1C09DC ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
15:49:44.0599 0x10d8 drmkaud - ok
15:49:44.0615 0x10d8 [ 5B074F14F5DD6418F46EE4CA2DEB7EA8, B8223D73C3DE123759101F7D5D45C60BD12B221F09D349575A1044CE3F43CBC5 ] DsmSvc C:\WINDOWS\System32\DeviceSetupManager.dll
15:49:44.0662 0x10d8 DsmSvc - ok
15:49:44.0740 0x10d8 [ 313DCE665B57000B18CB26C6B6A10DFE, 6C332D4AD13A316C192321AB7E7597E66AF8E1688101FFD851E06C52128DBA52 ] DXGKrnl C:\WINDOWS\System32\drivers\dxgkrnl.sys
15:49:44.0802 0x10d8 DXGKrnl - ok
15:49:44.0818 0x10d8 [ 6073537F250B45E1CB2A02E97F0FE1B2, 653F3F2F2019168EDF225944A88AFDBF8393B62AA076BD19980691778F3DB67D ] Eaphost C:\WINDOWS\System32\eapsvc.dll
15:49:44.0833 0x10d8 Eaphost - ok
15:49:45.0005 0x10d8 [ 114BCFDF367FF37C3F1B0A96AF542E4D, D385BC1D91BC1406091C8C3691C07A90BD60EDE05B1384E5AA3506FCB909C857 ] ebdrv C:\WINDOWS\system32\drivers\evbda.sys
15:49:45.0130 0x10d8 ebdrv - ok
15:49:45.0146 0x10d8 [ F6F209DDB94959BA104FC8FC87C53759, 8E862D41F4332EABF64BD034E2C0E3CC8109C7990CB4112C2B2880E8E6EDF2D3 ] EFS C:\WINDOWS\System32\lsass.exe
15:49:45.0162 0x10d8 EFS - ok
15:49:45.0162 0x10d8 [ 43531A5993380CC5113242C29D265FD9, EE0076D96F7F3CF29884AC7A67C08A429115A7201354A1FB5DE45FD63ABB4960 ] EhStorClass C:\WINDOWS\system32\drivers\EhStorClass.sys
15:49:45.0177 0x10d8 EhStorClass - ok
15:49:45.0177 0x10d8 [ 6F8E738A9505A388B1157FDDE7B3101B, 3696CA634102B41EEA11EB9DCA0B24439D8636AED4A7190C138C5E64A2EFB514 ] EhStorTcgDrv C:\WINDOWS\system32\drivers\EhStorTcgDrv.sys
15:49:45.0208 0x10d8 EhStorTcgDrv - ok
15:49:45.0208 0x10d8 [ DFFFAE1442BA4076E18EED5E406FA0D3, 329FC6FB8D14BEACDBE2A5D4C496EDEA485E838B1DF27566E278F8F8E0D8E82E ] ErrDev C:\WINDOWS\System32\drivers\errdev.sys
15:49:45.0224 0x10d8 ErrDev - ok
15:49:45.0240 0x10d8 [ 030CE75B7D8F75FAA7BA1EC6FD0EB5A3, 5264734F0572FAEDCCB008221C9982CCB7922C4FFC358605424EA413CDCDAE99 ] EventSystem C:\WINDOWS\system32\es.dll
15:49:45.0271 0x10d8 EventSystem - ok
15:49:45.0271 0x10d8 [ 7729D294A555C7AEB281ED8E4D0E01E4, 7269E79D72CCE477AC108294D0DDFB59CF533B03C587599C5AB0507C43A0B6D4 ] exfat C:\WINDOWS\system32\drivers\exfat.sys
15:49:45.0302 0x10d8 exfat - ok
15:49:45.0318 0x10d8 [ 7C4E0D5900B2A1D11EDD626D6DDB937B, 732F310F8F6016C56F432A81636B13CE0124A802FE8DD91287B618EED22C9A1D ] fastfat C:\WINDOWS\system32\drivers\fastfat.sys
15:49:45.0333 0x10d8 fastfat - ok
15:49:45.0365 0x10d8 [ 2BC8532ABF2B3756B78FA1DA54147DDE, DF65EE2AB0255A2CF3221085A6BE7C37E3DB6BFEED3BCADCDD69BB1049F6DCB1 ] Fax C:\WINDOWS\system32\fxssvc.exe
15:49:45.0412 0x10d8 Fax - ok
15:49:45.0412 0x10d8 [ 5D8402613E778B3BD45E687A8372710B, EE9EA10805168D309A609B9019AEC5961EE46D18207B5E0EA2DE4064A5770AF8 ] fdc C:\WINDOWS\System32\drivers\fdc.sys
15:49:45.0443 0x10d8 fdc - ok
15:49:45.0443 0x10d8 [ DC1A78BCCCB7EE53D6FD3BD615A8E222, EE16B6853185AAE779D7135035983938009901658F76A8856AAC12EBA15BB34E ] fdPHost C:\WINDOWS\system32\fdPHost.dll
15:49:45.0459 0x10d8 fdPHost - ok
15:49:45.0474 0x10d8 [ E5AD448F2DC84B1CF387FA7F2A3D1936, BBB29C79A085C503F5EFFB5144596D5DEC48A4EB34A049A4E7B38B27F6D92E0A ] FDResPub C:\WINDOWS\system32\fdrespub.dll
15:49:45.0490 0x10d8 FDResPub - ok
15:49:45.0490 0x10d8 [ 0046E0BD031213D37123876B0D0FA61C, A4FE17D56F0BAFB70D0D421ED9D1B6E50AF8ADAA4B59328A41AEC5B4C068A3CB ] fhsvc C:\WINDOWS\system32\fhsvc.dll
15:49:45.0505 0x10d8 fhsvc - ok
15:49:45.0521 0x10d8 [ BCFD8B149B3ADF92D0DB1E909CAF0265, 002B085C131473642450176B4B8359F3E5B04350AFB659B9C0F9EB587D1181E7 ] FileInfo C:\WINDOWS\system32\drivers\fileinfo.sys
15:49:45.0537 0x10d8 FileInfo - ok
15:49:45.0537 0x10d8 [ A1A66C4FDAFD6B0289523232AFB7D8AF, 0F5832F626BB62190D5F3A088CE6E048D8A400CCF9EA527F06973CAD96D3A81C ] Filetrace C:\WINDOWS\system32\drivers\filetrace.sys
15:49:45.0552 0x10d8 Filetrace - ok
15:49:45.0568 0x10d8 [ BE743083CF7063C486A4398E3AEFE59A, 85796D89943DD6FE3932C1ED6CF01470C1B4DFD243C390B07055FFDA3C231551 ] flpydisk C:\WINDOWS\System32\drivers\flpydisk.sys
15:49:45.0568 0x10d8 flpydisk - ok
15:49:45.0584 0x10d8 [ 6592D192E2823C043EDBC010E7774053, C025A0EC5517DC3BD5D6656DC0F0F19021FB3D2EE90EC6194E1BD74E638EBBDC ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
15:49:45.0615 0x10d8 FltMgr - ok
15:49:45.0662 0x10d8 [ 3FA6DC6B29717E32E211C1FD821F2C75, E467F3775427C93CC2B87327B0A45669631A5FC460C558F6796BA26002A8BBFC ] FontCache C:\WINDOWS\system32\FntCache.dll
15:49:45.0724 0x10d8 FontCache - ok
15:49:45.0740 0x10d8 [ 1C52387BF5A127F5F3BFB31288F30D93, 90D13F60170CD74304F3036A90D596AA3E1E134455A780310BDF67AC7815F2E7 ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
15:49:45.0755 0x10d8 FontCache3.0.0.0 - ok
15:49:45.0771 0x10d8 [ 35005534E600E993A90B036E4E599F2B, DA56FA3776FBD3D50276CB7410E0CB6F137DD8FCA84C0F3FEF8B1FEA5F6CA592 ] FsDepends C:\WINDOWS\system32\drivers\FsDepends.sys
15:49:45.0787 0x10d8 FsDepends - ok
15:49:45.0787 0x10d8 [ 09F460AFEDCA03F3BF6E07D1CCC9AC42, B832091BC9B2C2FE38A4BCA132ABB58251E851F21EC6F39636E73777AB9A5791 ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
15:49:45.0802 0x10d8 Fs_Rec - ok
15:49:45.0880 0x10d8 [ F152D55E497E12256290C43B31C7D0CE, FFC54B14CCFBC1548948C07FB3866E40A11D0C05AC352BD000E71CEF053F6A6E ] fvevol C:\WINDOWS\system32\DRIVERS\fvevol.sys
15:49:45.0927 0x10d8 fvevol - ok
15:49:45.0943 0x10d8 [ 9591D0B9351ED489EAFD9D1CE52A8015, AC64C236C3AE545FCE8ED44A4A87FB86265A453BA60026EC9A4DE2B631E99996 ] FxPPM C:\WINDOWS\System32\drivers\fxppm.sys
15:49:45.0959 0x10d8 FxPPM - ok
15:49:45.0990 0x10d8 [ FC3EF65EE20D39F8749C2218DBA681CA, 12980F1DE99B25E6920A33556F3ABDA5EC9BFE4757BE602130B5E939D8D25CE3 ] gagp30kx C:\WINDOWS\system32\drivers\gagp30kx.sys
15:49:46.0005 0x10d8 gagp30kx - ok
15:49:46.0021 0x10d8 [ 8E98D21EE06192492A5671A6144D092F, B8F656B34D361EA5AFB47F3A67AB2221580DADA59C8CD0CB83181E4AD8B562B4 ] GEARAspiWDM C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
15:49:46.0021 0x10d8 GEARAspiWDM - ok
15:49:46.0037 0x10d8 [ 0BF5CAD281E25F1418E5B8875DC5ADD1, 0929AD8437DD78234553D8B2CDF0D6838FD54ACDE1918AFEBE48684EB32A07A3 ] gencounter C:\WINDOWS\System32\drivers\vmgencounter.sys
15:49:46.0052 0x10d8 gencounter - ok
15:49:46.0068 0x10d8 [ 8DF1254093B5C354CE725EB6B9B0DE19, DE6C5661CC076DA44B8A5D044FDB7280EDCF38D322A98C14FDC82E25586B3014 ] GPIOClx0101 C:\WINDOWS\system32\Drivers\msgpioclx.sys
15:49:46.0084 0x10d8 GPIOClx0101 - ok
15:49:46.0162 0x10d8 [ 69DB09F0263C637DA8568D404842466A, D042194266978AAD31E04DAF7018CD50754077212DC74A4D8AFF6BFEE80CDD20 ] gpsvc C:\WINDOWS\System32\gpsvc.dll
15:49:46.0224 0x10d8 gpsvc - ok
15:49:46.0224 0x10d8 [ F172AD4E906D97ED8F071896FC6789DC, FC10B3CE3DB0D3BF84DFD28E900EB6A11EDAAE32AC50F23CB03AACC6AA496911 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
15:49:46.0240 0x10d8 gupdate - ok
15:49:46.0240 0x10d8 [ F172AD4E906D97ED8F071896FC6789DC, FC10B3CE3DB0D3BF84DFD28E900EB6A11EDAAE32AC50F23CB03AACC6AA496911 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
15:49:46.0255 0x10d8 gupdatem - ok
15:49:46.0255 0x10d8 [ C1B577B2169900F4CF7190C39F085794, 73E104B96A48F4C80D8C37254ECB0891D15C0D2F0C251B57C168F90D60316447 ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
15:49:46.0271 0x10d8 gusvc - ok
15:49:46.0334 0x10d8 [ D4B7ED39C7900384D9E5C1283F1E7926, F93F98858067B40F1C071EAD0F8E85442A78B95342BC692AF4D726540634923F ] HDAudBus C:\WINDOWS\System32\drivers\HDAudBus.sys
15:49:46.0349 0x10d8 HDAudBus - ok
15:49:46.0365 0x10d8 [ 10A70BC1871CD955D85CD88372724906, 2480A74854D0A89FF028EE9BA41224D4B2F9B0863066BFC43097920794FEE08D ] HidBatt C:\WINDOWS\System32\drivers\HidBatt.sys
15:49:46.0380 0x10d8 HidBatt - ok
15:49:46.0396 0x10d8 [ 1EA1B4FABB8CC348E73CA90DBA22E104, 5C18C6BD499272F216DD4626B5E8D38181AEAC9AD917FBEB614A75B70467B258 ] HidBth C:\WINDOWS\System32\drivers\hidbth.sys
15:49:46.0412 0x10d8 HidBth - ok
15:49:46.0427 0x10d8 [ C241A8BAFBBFC90176EA0F5240EACC17, 571E20B87818618BE9179986177D55739A240F04D1F740B3C1B7809B9427B767 ] hidi2c C:\WINDOWS\System32\drivers\hidi2c.sys
15:49:46.0443 0x10d8 hidi2c - ok
15:49:46.0459 0x10d8 [ 9BDDEE26255421017E161CCB9D5EDA95, B766FD5E31708F29384F69418FC33C4BCC6E3064AA553D5B1D30EE0B8B1BFB40 ] HidIr C:\WINDOWS\System32\drivers\hidir.sys
15:49:46.0474 0x10d8 HidIr - ok
15:49:46.0474 0x10d8 [ 449A20A674AA3FAA7F0DD4E33EE2DC20, 28B9BDA306456E8640C355718DE3477537B0FAF8C37F633C709129AAB64D9873 ] hidserv C:\WINDOWS\system32\hidserv.dll
15:49:46.0505 0x10d8 hidserv - ok
15:49:46.0505 0x10d8 [ 8DB8EAB9D0C6A5DF0BDCADEA239220B4, EDA23E6909EB83E5E148816DFB16CC29EA01BD6BD2F73AA46B3D820B85FB9C83 ] HidUsb C:\WINDOWS\System32\drivers\hidusb.sys
15:49:46.0521 0x10d8 HidUsb - ok
15:49:46.0537 0x10d8 [ 7BF3ADCBD021D4F4A84CF40EB49C71B5, 5758A51FD2EBE67E6DBE3A298D714D351910F9E01C428D0C1359457C9242B298 ] hkmsvc C:\WINDOWS\system32\kmsvc.dll
15:49:46.0552 0x10d8 hkmsvc - ok
15:49:46.0568 0x10d8 [ 6CD9C3819BE8C0A3DACC82AE5D3C4F18, 46BF4A968E506DE17CA401401D716B444CDC10A5C60EB081890DD4B886AEDF5F ] HomeGroupListener C:\WINDOWS\system32\ListSvc.dll
15:49:46.0599 0x10d8 HomeGroupListener - ok
15:49:46.0630 0x10d8 [ 1A4DA1D6287B99033D144B436C23B656, D4D1EEB372E61512EA36A33F095E68C225B8E6C72CC57ED8BD00533F88012F40 ] HomeGroupProvider C:\WINDOWS\system32\provsvc.dll
15:49:46.0662 0x10d8 HomeGroupProvider - ok
15:49:46.0662 0x10d8 [ A6AACEA4C785789BDA5912AD1FEDA80D, D197012A5DA6AB3F76FF298336DF0CF027C07ECC71267BAEF5912DE12893E096 ] HpSAMD C:\WINDOWS\system32\drivers\HpSAMD.sys
15:49:46.0677 0x10d8 HpSAMD - ok
15:49:46.0724 0x10d8 [ 9DDCA7F18983C5410DEFF79F819DF93C, CE97B4440377BFC5CA81BB600C3BD1DD9FB3951CA1EB70735F5E2050EBB74223 ] HTTP C:\WINDOWS\system32\drivers\HTTP.sys
15:49:46.0771 0x10d8 HTTP - ok
15:49:46.0787 0x10d8 [ 90656C0B3864804B090434EFC582404F, BDB60050B729AACB9E009AC7129BEBD6298BBD8A9DB14B817D02E8E13669BD6E ] hwpolicy C:\WINDOWS\system32\drivers\hwpolicy.sys
15:49:46.0787 0x10d8 hwpolicy - ok
15:49:46.0802 0x10d8 [ 6D6F9E3BF0484967E52F7E846BFF1CA1, C982966BDE6A3E6773D9441ADA7A3B08D13511DFC68D04DF303248B942423F38 ] hyperkbd C:\WINDOWS\System32\drivers\hyperkbd.sys
15:49:46.0802 0x10d8 hyperkbd - ok
15:49:46.0818 0x10d8 [ 907C870F8C31F8DDD6F090857B46AB25, 308664A31717383D06185875E76C6612407A9F04E7DB28404F574A5706C6715D ] HyperVideo C:\WINDOWS\system32\DRIVERS\HyperVideo.sys
15:49:46.0834 0x10d8 HyperVideo - ok
15:49:46.0834 0x10d8 [ 84CFC5EFA97D0C965EDE1D56F116A541, 0155EA62BF07D99D98D1C9B6559C8E3301B016A20D03DF1EF64B2FAB8C37403B ] i8042prt C:\WINDOWS\System32\drivers\i8042prt.sys
15:49:46.0849 0x10d8 i8042prt - ok
15:49:46.0865 0x10d8 [ 5D90E32E36CE5D4C535D17CE08AEAF05, 976A463343E8C8308AFBE9E64DF56C430D2241DE002430D00318AB065EB72E4A ] iaLPSSi_GPIO C:\WINDOWS\System32\drivers\iaLPSSi_GPIO.sys
15:49:46.0865 0x10d8 iaLPSSi_GPIO - ok
15:49:46.0880 0x10d8 [ DD05E7E80F52ADE9AEB292819920F32C, E71AB6A50B0F90C8F94569CE89F66F915A0A4A00D4AC091B2E5E750D88CFC334 ] iaLPSSi_I2C C:\WINDOWS\System32\drivers\iaLPSSi_I2C.sys
15:49:46.0880 0x10d8 iaLPSSi_I2C - ok
15:49:46.0912 0x10d8 [ 459016E8A4FA6426EDB5A9456A6E5E58, 92B73EE5559ABD8783EC5AF8A2B6EBDE0D937745B4BEDBEA6DF06DD8606AE56C ] iaStorA C:\WINDOWS\system32\drivers\iaStorA.sys
15:49:46.0943 0x10d8 iaStorA - ok
15:49:46.0974 0x10d8 [ 08BFE413B0B4AA8DFA4B5684CE06D3DC, 95DEEBB203E12EE6E191F5247A74C04AEC0E16DE981FADDC4D6C42EE41D8D079 ] iaStorAV C:\WINDOWS\system32\drivers\iaStorAV.sys
15:49:47.0005 0x10d8 iaStorAV - ok
15:49:47.0021 0x10d8 [ A2200C3033FA4EF249FC096A7A7D02A2, 5819F5C2020DE2EEE339B0C08CD4B1E3490EAFBBEA1277CE649DB5A5150986B0 ] iaStorV C:\WINDOWS\system32\drivers\iaStorV.sys
15:49:47.0052 0x10d8 iaStorV - ok
15:49:47.0052 0x10d8 IEEtwCollectorService - ok
15:49:47.0396 0x10d8 [ 87B67C33144BE5A68D20D9BE4D528E43, 7F8F0CF99541DD721ACAB8A709B6BA2418B2F79532BF252859012E43D83A3F5B ] igfx C:\WINDOWS\system32\DRIVERS\igdkmd64.sys
15:49:47.0771 0x10d8 igfx - ok
15:49:47.0834 0x10d8 [ DEA76F90F9777E3427D70E380222B23B, B917BA423896A12E45623E3D494CA03317A6FC612CA433C62C897524DC3E756B ] IKEEXT C:\WINDOWS\System32\ikeext.dll
15:49:47.0959 0x10d8 IKEEXT - ok
15:49:47.0974 0x10d8 [ FC7C456AF9B9811499EDBD10616832EE, CA2D8B0E672D3AE449C2FF0B9E142D74E8C72FD877D11162A9F7CC51AF58220F ] intaud_WaveExtensible C:\WINDOWS\system32\drivers\intelaud.sys
15:49:48.0021 0x10d8 intaud_WaveExtensible - ok
15:49:48.0052 0x10d8 [ F5495B38BFB9149925F54F65AB40EFBF, 7CBB72C41E2343DACBFB967A39CA04788561EDECB289C41BC2D6A06B80882AC4 ] IntcDAud C:\WINDOWS\system32\DRIVERS\IntcDAud.sys
15:49:48.0084 0x10d8 IntcDAud - ok
15:49:48.0099 0x10d8 [ 4E448FCFFD00E8D657CD9E48D3E47157, 4A958CF0BF8DAEAE5E008500BA67CE89B21388592811274331EE39CAC1043A00 ] intelide C:\WINDOWS\system32\drivers\intelide.sys
15:49:48.0115 0x10d8 intelide - ok
15:49:48.0115 0x10d8 [ A770340FC02B999EF0DE6C2A6BC8437C, 214567BE706B21BEA7EC13AF6B10FBFF658000511DBBA79BAA28D1D4EFD029A7 ] intelpep C:\WINDOWS\system32\drivers\intelpep.sys
15:49:48.0131 0x10d8 intelpep - ok
15:49:48.0146 0x10d8 [ 47E74A8E53C7C24DCE38311E1451C1D9, 79B06E37A552C8A847404D4C572CDB8CF525354D8AE3BEBC06892B7C3B330761 ] intelppm C:\WINDOWS\System32\drivers\intelppm.sys
15:49:48.0162 0x10d8 intelppm - ok
15:49:48.0177 0x10d8 [ 9DB76D7F9E4E53EFE5DD8C53DE837514, 07BA4EDA9BE9139A689A2C3EFC1D1A4F3D1216625ED145F313398292A2CD5703 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
15:49:48.0209 0x10d8 IpFilterDriver - ok
15:49:48.0240 0x10d8 [ ACFEE9487693C2BD573DFCA71D98E17C, A347FD476147CD3568EEE6993B46AFC05A66A4269094CA51572D0FD013FCB535 ] iphlpsvc C:\WINDOWS\System32\iphlpsvc.dll
15:49:48.0287 0x10d8 iphlpsvc - ok
15:49:48.0302 0x10d8 [ 9C096BF5E10CA8BFA56F32522A89FAF1, 6C1151160799338DA351C7237AB049926C6C15F24F5E154BBF5929B4A96C0B8D ] IPMIDRV C:\WINDOWS\System32\drivers\IPMIDrv.sys
15:49:48.0318 0x10d8 IPMIDRV - ok
15:49:48.0334 0x10d8 [ B7342B3C58E91107F6E946A93D9D4EFD, D5DA3C02C5C5A343785745EF6983CC9B5FBD3FB8D49FE9B450523E50212D1A32 ] IPNAT C:\WINDOWS\system32\drivers\ipnat.sys
15:49:48.0349 0x10d8 IPNAT - ok
15:49:48.0365 0x10d8 [ 7FAE5B6CDB18B0B2E81F32869F595022, D873A7EE94749E1700E8F6B8BB7B485AE1B0B83388D63BE06335720498D4794F ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
15:49:48.0412 0x10d8 iPod Service - ok
15:49:48.0412 0x10d8 [ AE44C526AB5F8A487D941CEB57B10C97, A783A2EAF7A6FF450FB3F189A5930036FA60D125C42171AC44B6FE2E3DBD6F7A ] IRENUM C:\WINDOWS\system32\drivers\irenum.sys
15:49:48.0427 0x10d8 IRENUM - ok
15:49:48.0443 0x10d8 [ 8AFEEA3955AA43616A60F133B1D25F21, E99359A4F1D653790133F145CF7C9F97399FD75C5E135AA7E5F989BB660789AF ] isapnp C:\WINDOWS\system32\drivers\isapnp.sys
15:49:48.0459 0x10d8 isapnp - ok
15:49:48.0474 0x10d8 [ D90AB68D0FAC9F357F663670FDBB511E, A82AAA5DF1B38EFBDCF834535A0C520D1BB2D7A4A906C18CFDD22BCF16BDB97D ] iScsiPrt C:\WINDOWS\System32\drivers\msiscsi.sys
15:49:48.0490 0x10d8 iScsiPrt - ok
15:49:48.0506 0x10d8 [ A90C843F4FDD7A07129BA73C6BE13976, A76DEA9F09E3B2F18D3B646A0DD39E2773EC62E2F3C55421BA61C12190D78C1C ] iwdbus C:\WINDOWS\System32\drivers\iwdbus.sys
15:49:48.0521 0x10d8 iwdbus - ok
15:49:48.0521 0x10d8 [ 8BE92376799B6B44D543E8D07CDCF885, 425B8BB1BAF62F735B3CB5A002E6055879F02E7207E55942BFD37F1784F5F368 ] kbdclass C:\WINDOWS\System32\drivers\kbdclass.sys
15:49:48.0537 0x10d8 kbdclass - ok
15:49:48.0537 0x10d8 [ FB6E47E569D4872ABEB506BE03A45FBA, 5C4056CADA8F67587A119D9AE2A0EFAB30387CF6298F4019FF68AC92E2F6F54B ] kbdhid C:\WINDOWS\System32\drivers\kbdhid.sys
15:49:48.0552 0x10d8 kbdhid - ok
15:49:48.0568 0x10d8 [ 813871C7D402A05F2E3A7075F9584A05, FF0C2F87EB083F8CE74C679D80C845CDFBFBBC70BE818F899F3336BBB54A3FFB ] kdnic C:\WINDOWS\system32\DRIVERS\kdnic.sys
15:49:48.0568 0x10d8 kdnic - ok
15:49:48.0584 0x10d8 [ F6F209DDB94959BA104FC8FC87C53759, 8E862D41F4332EABF64BD034E2C0E3CC8109C7990CB4112C2B2880E8E6EDF2D3 ] KeyIso C:\WINDOWS\system32\lsass.exe
15:49:48.0584 0x10d8 KeyIso - ok
15:49:48.0599 0x10d8 [ ADDECBCC777665BD113BED437E602AB0, B6283475A1219CE44E9F683DD3BEB8C42DA0943297E5C4699B22176AD8A6A7ED ] KSecDD C:\WINDOWS\system32\Drivers\ksecdd.sys
15:49:48.0615 0x10d8 KSecDD - ok
15:49:48.0615 0x10d8 [ 6D2EE96150E35B9EA49F2B481DE0369A, AC5915219FD81D89E444F6E86D71F7C495108FC35E7BD683321FC7006161AFE1 ] KSecPkg C:\WINDOWS\system32\Drivers\ksecpkg.sys
15:49:48.0631 0x10d8 KSecPkg - ok
15:49:48.0646 0x10d8 [ 11AFB527AA370B1DAFD5C36F35F6D45F, 757AD234284467ADB826F7CA0251F58D48866B91995BC867DEA4BAF676947163 ] ksthunk C:\WINDOWS\system32\drivers\ksthunk.sys
15:49:48.0662 0x10d8 ksthunk - ok
15:49:48.0677 0x10d8 [ 32B1A8351160F307A8C66BCB0F94A9C2, 52F1DEC2BBD4D5DDBB85ED20B99D96BBA7EB83304D76F183A11FDAFDA364E873 ] KtmRm C:\WINDOWS\system32\msdtckrm.dll
15:49:48.0740 0x10d8 KtmRm - ok
15:49:48.0756 0x10d8 [ 50AECF8C21AB2A6428A6E1E10549D8E5, 6BC7C60CF5E8AFB9972619EE1C78357756E9C0A3EC783C3056CEB600DCBB1555 ] L1C C:\WINDOWS\system32\DRIVERS\L1C63x64.sys
15:49:48.0802 0x10d8 L1C - ok
15:49:48.0818 0x10d8 [ 793EACA6BAE9F481C2059BCB3743EB4A, 2624905C6B6A1227BD1CAC7D4FE55A5F6543E1278DAB31EC553748472D180D1D ] LanmanServer C:\WINDOWS\system32\srvsvc.dll
15:49:48.0849 0x10d8 LanmanServer - ok
15:49:48.0865 0x10d8 [ D0D9C2ECA4D03A8F06DCD91236B90C98, E2D1144DC8040EA5FEB0602A20BA4CB920B4BC86AD5AD05FC0DF7D74DC95DC66 ] LanmanWorkstation C:\WINDOWS\System32\wkssvc.dll
15:49:48.0881 0x10d8 LanmanWorkstation - ok
15:49:48.0912 0x10d8 [ 626D19F1771E1AE72208AE9A8F3082F7, 78FDB64545ED2EAE9F51C08120E21D2C3285208F6846BD8BBA08CAA839E7A0C4 ] lfsvc C:\WINDOWS\System32\GeofenceMonitorService.dll
15:49:48.0943 0x10d8 lfsvc - ok
15:49:48.0943 0x10d8 [ C09010B3680860131631F53E8FE7BAD8, 35F2A06D5F29478D22ABDCC20DA893EF9D96504C65594A0CEA674D1C21B04FF8 ] lltdio C:\WINDOWS\system32\DRIVERS\lltdio.sys
15:49:48.0974 0x10d8 lltdio - ok
15:49:48.0974 0x10d8 [ 00E070FC0C673311AFD4B068D1242780, 50B0E0E625361145332C849709498FF444E46578DCAD2536E6D0289E0125580F ] lltdsvc C:\WINDOWS\System32\lltdsvc.dll
15:49:49.0006 0x10d8 lltdsvc - ok
15:49:49.0021 0x10d8 [ D113FAD71A5E67AA94B32A0F8828D265, 08DDB4BBDB570C59926DBF5E27FCF46DCDF8B8212BB9251E97837E0504516FB3 ] lmhosts C:\WINDOWS\System32\lmhsvc.dll
15:49:49.0037 0x10d8 lmhosts - ok
15:49:49.0037 0x10d8 [ C755AE4635457AA2A11F79C0DF857ABC, E03D1ACAC155287291FE1BD0B653953ADC94279A74D0152088D698FAA796460F ] LSI_SAS C:\WINDOWS\system32\drivers\lsi_sas.sys
15:49:49.0052 0x10d8 LSI_SAS - ok
15:49:49.0068 0x10d8 [ ADAC09CBE7A2040B7F68B5E5C9A75141, 7865DA7E91404F3642BC444B97F6B7AA42B9523D5EDD7F6365DA236B8EC3410F ] LSI_SAS2 C:\WINDOWS\system32\drivers\lsi_sas2.sys
15:49:49.0084 0x10d8 LSI_SAS2 - ok
15:49:49.0099 0x10d8 [ 04D1274BB9BBCCF12BD12374002AA191, 4B9618F8D25F2278DE1610A70ACAADB074D171D162C3AF27D464F5DC800A8E60 ] LSI_SAS3 C:\WINDOWS\system32\drivers\lsi_sas3.sys
15:49:49.0115 0x10d8 LSI_SAS3 - ok
15:49:49.0115 0x10d8 [ 327469EEF3833D0C584B7E88A76AEC0C, 3D88B5A2D68F93F01B39C6E3D8D5C7A2A20686EFC756086E66AFFF1BC3019B85 ] LSI_SSS C:\WINDOWS\system32\drivers\lsi_sss.sys
15:49:49.0131 0x10d8 LSI_SSS - ok
15:49:49.0162 0x10d8 [ 8EBB271E4588D835784A3FF7E80076A8, A508BE95F6F5063A76F4C8726D9425BB1F00DE803EFE73A0BE145DD9AB82FF0A ] LSM C:\WINDOWS\System32\lsm.dll
15:49:49.0193 0x10d8 LSM - ok
15:49:49.0209 0x10d8 [ DDEE191AB32DFC22C6465002ECDF5EE4, 190C3930A8449118F9FEDF43C482837EF1C255E6D67F9651156E66A1E2BC6553 ] luafv C:\WINDOWS\system32\drivers\luafv.sys
15:49:49.0224 0x10d8 luafv - ok
15:49:49.0224 0x10d8 [ EB5C03A070F30D64A6DF80E53B22F53F, 12051B6AEBDEE1E28F24364F25A52BA3A6E282ECF86D6290E34BD38E6D4E066D ] megasas C:\WINDOWS\system32\drivers\megasas.sys
15:49:49.0240 0x10d8 megasas - ok
15:49:49.0271 0x10d8 [ F6F13533196DE7A582D422B0241E4363, B3CD9B08937AFFF12141B38634AF3A56F5AC5FF3EF03941802B9841DEC559469 ] megasr C:\WINDOWS\system32\drivers\megasr.sys
15:49:49.0302 0x10d8 megasr - ok
15:49:49.0302 0x10d8 [ 772A1DEEDFDBC244183B5C805D1B7D85, 7D821B8DF1F174E5414FFDEAB5207DB687740E9842F7203600AEBA086945AFC9 ] MEIx64 C:\WINDOWS\System32\drivers\HECIx64.sys
15:49:49.0318 0x10d8 MEIx64 - ok
15:49:49.0318 0x10d8 Microsoft SharePoint Workspace Audit Service - ok
15:49:49.0334 0x10d8 [ FD788C2D96EA91469A3C1D13E80D7473, 7B14D4BFDE18CECC19FBFFAA5AFF5FD78BFB7FCDA6613990740A8A7DD9873D26 ] MMCSS C:\WINDOWS\system32\mmcss.dll
15:49:49.0349 0x10d8 MMCSS - ok
15:49:49.0349 0x10d8 [ 8B38C44F69259987C95135C9627E2378, E698B82D4EFFF56D66C7FC9866369BA5736FDBDBE2028CC421C51E70DEA74727 ] Modem C:\WINDOWS\system32\drivers\modem.sys
15:49:49.0365 0x10d8 Modem - ok
15:49:49.0365 0x10d8 [ 601589000CC90F0DF8DA2CC254A3CCC9, D1238A386C41B6C368D9A44B7C112C943995B5403E2A5B4B7346B266DDB0C5A0 ] monitor C:\WINDOWS\System32\drivers\monitor.sys
15:49:49.0381 0x10d8 monitor - ok
15:49:49.0381 0x10d8 [ CEAC6D40FE887CE8406C2393CF97DE06, 34E76908B802764FF0D7AB3AF89BE77BD35B44787983343FAD89891891C0A045 ] mouclass C:\WINDOWS\System32\drivers\mouclass.sys
15:49:49.0396 0x10d8 mouclass - ok
15:49:49.0412 0x10d8 [ 02D98BF804084E9A0D69D1C69B02CCA9, EC5BC5D87043DFFD035FD4DD27B3D94E03119063519E4151BCC3522B613E2D7F ] mouhid C:\WINDOWS\System32\drivers\mouhid.sys
15:49:49.0412 0x10d8 mouhid - ok
15:49:49.0427 0x10d8 [ 515549560D481138E6E21AF7C6998E56, C7E4B38D8CCAF15B9BDA63C8C8209F6193AD220DA02E1264F1B687AACD8F409F ] mountmgr C:\WINDOWS\system32\drivers\mountmgr.sys
15:49:49.0443 0x10d8 mountmgr - ok
15:49:49.0443 0x10d8 MozillaMaintenance - ok
15:49:49.0459 0x10d8 [ F170510BE94CF45E3C6274578F6204B2, 344C3DDE1D622607CA2ABECB2C47CB0166D2D258BD94A7960C45A5ADBB640566 ] mpsdrv C:\WINDOWS\system32\drivers\mpsdrv.sys
15:49:49.0474 0x10d8 mpsdrv - ok
15:49:49.0506 0x10d8 [ D186C5844393252147BE934F3871DB7A, 30160F8268B9F46E82C5CB536867E0CF280DC98074A481595072E3320200E343 ] MpsSvc C:\WINDOWS\system32\mpssvc.dll
15:49:49.0568 0x10d8 MpsSvc - ok
15:49:49.0584 0x10d8 [ DB32958F0E704EFBF7F15161A569E39F, 8A26448B954F8A16EE9BA72EF47F6C549A75B30BD13FEB5A29EB099A74D8F678 ] MRxDAV C:\WINDOWS\system32\drivers\mrxdav.sys
15:49:49.0631 0x10d8 MRxDAV - ok
15:49:49.0662 0x10d8 [ 7A1A3F213CDB3363D179D5014272025D, 6756F5B7D9FBF6839DB1FF4E94EA45B5499D7DF925E75581C96FBBA4BE131542 ] mrxsmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
15:49:49.0677 0x10d8 mrxsmb - ok
15:49:49.0693 0x10d8 [ 3E28B99198B514DFEB152EACF913025E, 6C1D8353DCD5F811F39C0C3CB5DF3D2457F0D17EE80FB06196AA169E3D19E9B2 ] mrxsmb10 C:\WINDOWS\system32\DRIVERS\mrxsmb10.sys
15:49:49.0724 0x10d8 mrxsmb10 - ok
15:49:49.0802 0x10d8 [ C910E5D18958914A66F0E45689D0B40A, AD7C91DD8A60A511E580DD56BACC97F85075A539E7C5D95040A8F870A621DAF4 ] mrxsmb20 C:\WINDOWS\system32\DRIVERS\mrxsmb20.sys
15:49:50.0037 0x10d8 mrxsmb20 - ok
15:49:50.0053 0x10d8 [ E0927EFA25D473367C3341B9F5969779, B77A162BD3334557623674373D8EC2BE7CC0B359DF06304E467ABFFEE0530271 ] MsBridge C:\WINDOWS\system32\DRIVERS\bridge.sys
15:49:50.0099 0x10d8 MsBridge - ok
15:49:50.0131 0x10d8 [ A082C17D14D0790E27D064EA4B138AE1, 9A565ED885782D9D5135C8399C11C356DBF9EBF3B8EB4B4504BD2604AD0B45E6 ] MSDTC C:\WINDOWS\System32\msdtc.exe
15:49:50.0178 0x10d8 MSDTC - ok
15:49:50.0193 0x10d8 [ D13329FBF8345B28AB30F44CC247DC08, 9C7EC2D4D65E6510EB5B9E61BB0D14F725D7E8FE98D65161C3971E43EF1AB6EB ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
15:49:50.0224 0x10d8 Msfs - ok
15:49:50.0240 0x10d8 [ C6B474E46F9E543B875981ED3FFE6ADD, E16687E52FB649C23D92159A1F036CB662202C1E58D961EECDAA528AA4FA669A ] msgpiowin32 C:\WINDOWS\System32\drivers\msgpiowin32.sys
15:49:50.0271 0x10d8 msgpiowin32 - ok
15:49:50.0271 0x10d8 [ 65C92EB9D08DB5C69F28C7FFD4E84E31, D709BA4723225321F665B1157A33A4AE230420752308EF535DA9A41CAC164628 ] mshidkmdf C:\WINDOWS\System32\drivers\mshidkmdf.sys
15:49:50.0303 0x10d8 mshidkmdf - ok
15:49:50.0349 0x10d8 [ 52299F086AC2DAFD100DD5DC4A8614BA, B36BE0FC96798E5EB8C193C318970E3906961E3ABC3BFAAD73138C76D9A95B0B ] mshidumdf C:\WINDOWS\System32\drivers\mshidumdf.sys
15:49:50.0381 0x10d8 mshidumdf - ok
15:49:50.0396 0x10d8 [ 36D92AF3343C3A3E57FEF11C449AEA4C, ECC85AA1E530DF55B4A4545798219F87F0FCA66DDD2E37BCEF0850D3C9129DD2 ] msisadrv C:\WINDOWS\system32\drivers\msisadrv.sys
15:49:50.0412 0x10d8 msisadrv - ok
15:49:50.0428 0x10d8 [ 810F8A0A0680662BB0CE44D0E2CEF90C, 5631B07911B7EF378CB1583A480A3C5715E59A5488B33A528F4D7A2F849B9113 ] MSiSCSI C:\WINDOWS\system32\iscsiexe.dll
15:49:50.0459 0x10d8 MSiSCSI - ok
15:49:50.0459 0x10d8 msiserver - ok
15:49:50.0474 0x10d8 [ A9BBBD2BAE6142253B9195E949AC2E8D, 599D2952D4E0B0B3E02D91E38A30F4900B1ADA330716B887B156A1CB9A3E6EE9 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
15:49:50.0474 0x10d8 MSKSSRV - ok
15:49:50.0490 0x10d8 [ 375E44168F2DFB91A68B8A3F619C5A7C, AC243E02E9A39D0B4DE9571F196941700EE6EB5E94F5B0BA8994FB551E73A7A8 ] MsLldp C:\WINDOWS\system32\DRIVERS\mslldp.sys
15:49:50.0506 0x10d8 MsLldp - ok
15:49:50.0506 0x10d8 [ 7B2128EB875DCBC006E6A913211006D6, 97BBD7FF770741FBFC0F181A609AD0954EA926DA203B742E8F08C89AD8FE476E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
15:49:50.0521 0x10d8 MSPCLOCK - ok
15:49:50.0521 0x10d8 [ 1E88171579B218115C7A772F8DE04BD8, B9EAA835D0BF8F9C4DF8403D95EF1400E8AE38F28F9DBA87657DE2129FEF02D2 ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
15:49:50.0537 0x10d8 MSPQM - ok
15:49:50.0553 0x10d8 [ BBE2A455053E63BECBF42C2F9B21FAE0, 7C5DF563499DF59DF9895A1581E47ADF5FD54C94ECEF6C886CDB60E5E95A6DAE ] MsRPC C:\WINDOWS\system32\drivers\MsRPC.sys
15:49:50.0584 0x10d8 MsRPC - ok
15:49:50.0584 0x10d8 [ 8D6B7D515C5CBCDB75B928A0B73C3C5E, 1EB4DC3DD21D2627C78EC3F9931D9E5D033169087E43B5D7C17BF1FF2A0028CD ] mssmbios C:\WINDOWS\System32\drivers\mssmbios.sys
15:49:50.0599 0x10d8 mssmbios - ok
15:49:50.0599 0x10d8 [ 115019AE01E0EB9C048530D2928AB4A2, 6E2275E85EACF2D0FC784792E0D72A165589D33CBAB3BCFA8E271CA09566C925 ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys
15:49:50.0615 0x10d8 MSTEE - ok
15:49:50.0615 0x10d8 [ 96D604A35070360F0DD4A7A8AF410B5E, F94DD1A3566C7C8D0A76D6E1E2530552A9B7F99C5DA0DE11829325EAB9F8B7ED ] MTConfig C:\WINDOWS\System32\drivers\MTConfig.sys
15:49:50.0631 0x10d8 MTConfig - ok
15:49:50.0646 0x10d8 [ 619CA29326B82372621DB2C0964D8365, 4091F08E266DB45A6E33A4A8B1CE9FA78BB294B3111526AA9E3868620F30AFDF ] Mup C:\WINDOWS\system32\Drivers\mup.sys
15:49:50.0646 0x10d8 Mup - ok
15:49:50.0662 0x10d8 [ B8C35C94DCB2DFEAF03BB42131F2F77F, F0FCF367CA8F722D6ABCF7F363CD406D890D71452E91C3FC6677B47AD74D6324 ] mvumis C:\WINDOWS\system32\drivers\mvumis.sys
15:49:50.0678 0x10d8 mvumis - ok
15:49:50.0693 0x10d8 [ 41A45D2A75494EABF2806EA051E00376, EB2497561C8E33A4297C044604C717FF854C7F046882A9E4A400AE7679BF5467 ] napagent C:\WINDOWS\system32\qagentRT.dll
15:49:50.0724 0x10d8 napagent - ok
15:49:50.0740 0x10d8 [ 26ACA481FAFEC59FE311D719E3027BBA, 16A24CCA95A38BDFE970580159F6ACAA13FF1B74CF2290B1B020D909F90D3347 ] NativeWifiP C:\WINDOWS\system32\DRIVERS\nwifi.sys
15:49:50.0771 0x10d8 NativeWifiP - ok
15:49:50.0787 0x10d8 [ 71E3C0100AA19D11373CCEB2F51A6008, 58FBF35F5FE19BEABE483C11E9996BE93D76721C8C34465350FA98B465CA3672 ] NcaSvc C:\WINDOWS\System32\ncasvc.dll
15:49:50.0803 0x10d8 NcaSvc - ok
15:49:50.0803 0x10d8 [ 51DF09CAB2CAC64FEE3E371D9028ED01, 9B81604D0D0359AF8F54FED6DA7116FFD2F40407895028EAD99FF1D7CFDC2D14 ] NcbService C:\WINDOWS\System32\ncbservice.dll
15:49:50.0818 0x10d8 NcbService - ok
15:49:50.0834 0x10d8 [ 2586C4C167499210DCBF3ECFD8CCE210, D8129FEDE9918BF4FB0057CC58700D4E08457060E810B9CC25CA0F598506ADB8 ] NcdAutoSetup C:\WINDOWS\System32\NcdAutoSetup.dll
15:49:50.0849 0x10d8 NcdAutoSetup - ok
15:49:50.0912 0x10d8 [ E4B4BE2D7750849C07589DA0B0AABA01, BB5AA727BA018A94B5DE2C4E0B594DD2E7A2B3457885446EE568F3A1E18AB3B0 ] NDIS C:\WINDOWS\system32\drivers\ndis.sys
15:49:50.0974 0x10d8 NDIS - ok
15:49:50.0974 0x10d8 [ C6BB12BC35D1637CA17AE16D3A4725EB, 01C1D9FA738886A195166F88207EEB6715A1DE0608978ED6C5DC738AF5C02513 ] NdisCap C:\WINDOWS\system32\DRIVERS\ndiscap.sys
15:49:50.0990 0x10d8 NdisCap - ok
15:49:51.0006 0x10d8 [ B1AA3B19A2E596A59224F893E01A5A75, E08696CA5E087E51AC3E64D4FB8490EEADD612DDF30C9A94DD1BD1BA124B71B7 ] NdisImPlatform C:\WINDOWS\system32\DRIVERS\NdisImPlatform.sys
15:49:51.0021 0x10d8 NdisImPlatform - ok
15:49:51.0037 0x10d8 [ 9423421E735BD5394351E0C47C76BB92, 763E5D06F896C0EF8AD52515464F28BA85DB7A1560E451857AC9AA68FAFCBC66 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
15:49:51.0053 0x10d8 NdisTapi - ok
15:49:51.0053 0x10d8 [ B832B35055BA2B7B4181861FF94D8E59, 2E60E5D503E88D27E35ECFEE265D51328E93A9C7B9B931F86D9CBC947636BB00 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
15:49:51.0068 0x10d8 Ndisuio - ok
15:49:51.0068 0x10d8 [ 1F58E48EF75F34C35D8E93A0DC535CFE, D65619A6C4B1747F8B05DA08A44EF0E46B5CC384880E04E4755A2BA6CDB3C4EA ] NdisVirtualBus C:\WINDOWS\System32\drivers\NdisVirtualBus.sys
15:49:51.0084 0x10d8 NdisVirtualBus - ok
15:49:51.0099 0x10d8 [ DEC29080202D4F9F17F55E18BCFCC41A, F7E543741B1F4F637A99C40543D6AEC6EBF893F74359BBA769D1F882E0AFB571 ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
15:49:51.0115 0x10d8 NdisWan - ok
15:49:51.0131 0x10d8 [ DEC29080202D4F9F17F55E18BCFCC41A, F7E543741B1F4F637A99C40543D6AEC6EBF893F74359BBA769D1F882E0AFB571 ] NdisWanLegacy C:\WINDOWS\system32\DRIVERS\ndiswan.sys
15:49:51.0146 0x10d8 NdisWanLegacy - ok
15:49:51.0146 0x10d8 [ A5BD69A8812FA79D1A487691DD3FB244, 67B5EDE101943E0E8B8041DB2353D20C8B9F2D253E77964761CFE8F136C0BBC7 ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
15:49:51.0178 0x10d8 NDProxy - ok
15:49:51.0193 0x10d8 [ 5A072F0B90C29C5233D78BE33EF5ED78, B32ED76A674B1FC743361FB7BBD4C915A78B14132AB056AADD445D5995AD4F32 ] Ndu C:\WINDOWS\system32\drivers\Ndu.sys
15:49:51.0209 0x10d8 Ndu - ok
15:49:51.0224 0x10d8 [ A83D67D347A684F10B7D3019C8A6380C, 2B86832967981C8C786BF24C1CF8E13E01745ACE3333CF5C821DD93D623B96E4 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
15:49:51.0240 0x10d8 NetBIOS - ok
15:49:51.0256 0x10d8 [ 0217532E19A748F0E5D569307363D5FD, C40C2E7AFA276057E7327A7BB173122689D6CEC9AE443C3850C3F94AF03DFBF5 ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
15:49:51.0271 0x10d8 NetBT - ok
15:49:51.0271 0x10d8 [ 92C2F52519BAB29EA135DF7ED65FFC83, 6C0C5743A7B977B787E584A947948ADC6782DD3F339DD68FEC95E0B93B7E43D5 ] netfilter64 C:\WINDOWS\system32\drivers\netfilter64.sys
15:49:51.0303 0x10d8 netfilter64 - ok
15:49:51.0303 0x10d8 [ F6F209DDB94959BA104FC8FC87C53759, 8E862D41F4332EABF64BD034E2C0E3CC8109C7990CB4112C2B2880E8E6EDF2D3 ] Netlogon C:\WINDOWS\system32\lsass.exe
15:49:51.0318 0x10d8 Netlogon - ok
15:49:51.0334 0x10d8 [ B7AD851A21FEBA3BA214972627614207, 29605320CCC3DAAD062CAECF0009DACBC2F6D28ED4E8AF7CE76132129F5572A0 ] Netman C:\WINDOWS\System32\netman.dll
15:49:51.0365 0x10d8 Netman - ok
15:49:51.0381 0x10d8 [ F0F0A372C2EF6358399C4936F91B6131, CE596C71EB4D1A5E104D3148F2D0D8789882C59FD198DCF33CCAC7A08B50E4EE ] netprofm C:\WINDOWS\System32\netprofmsvc.dll
15:49:51.0412 0x10d8 netprofm - ok
15:49:51.0428 0x10d8 [ 1092B3190E69E0C5ECBCE90F171DE047, C16106EEFC324EE80E5F659CB71A5DD69FA800D36D829F5B0E6AD3393BD1BAF7 ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:49:51.0443 0x10d8 NetTcpPortSharing - ok
15:49:51.0459 0x10d8 [ 70414DB660BFBB7BD58FCE8EA4364E1B, 6DFB3897CD55E22BA1EDF0AE672F4D7A6A1F512F8A0A26AF106765E6B1CF65AC ] netvsc C:\WINDOWS\system32\DRIVERS\netvsc63.sys
15:49:51.0474 0x10d8 netvsc - ok
15:49:51.0490 0x10d8 [ E94EB2A95D7D016E119C4D6868788831, 3E4A925D23262FBA0A6432DD635FBE94B0CEF76BD9BB323254B66977497FEE2A ] NlaSvc C:\WINDOWS\System32\nlasvc.dll
15:49:51.0506 0x10d8 NlaSvc - ok
15:49:51.0521 0x10d8 [ 8F44A2F57C9F1A19AC9C6288C10FB351, 310274DDBAC0FE4BE54ECD3B90C97D82A0F9F5CFCA7A35711A36164DE4B94074 ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
15:49:51.0537 0x10d8 Npfs - ok
15:49:51.0537 0x10d8 [ CBDB4F0871C88DF930FC0E8588CA67FC, 7E4AA3EA81A9D532F236FD7896744F07ED07CA9B37A9F18A9778BCCCC67490F2 ] npsvctrig C:\WINDOWS\System32\drivers\npsvctrig.sys
15:49:51.0553 0x10d8 npsvctrig - ok
15:49:51.0553 0x10d8 [ 6E2271ED0C3E95B8E29F3752B91B9E84, 44026AD9757EA82967D7F7578455802FAD7FE0057EAC088E0AE207C15F594B86 ] nsi C:\WINDOWS\system32\nsisvc.dll
15:49:51.0568 0x10d8 nsi - ok
15:49:51.0584 0x10d8 [ E490B459978CB87779E84C761D22B827, 1E5CA38626E41618E4CA16DD0C70EB2FA86E986F0CF21A749BDE2A17015DEEC6 ] nsiproxy C:\WINDOWS\system32\drivers\nsiproxy.sys
15:49:51.0584 0x10d8 nsiproxy - ok
15:49:51.0693 0x10d8 [ 038C77D577900EE39410662478BB0D50, A33AAFD5750245C17A47EC71F3C6EAD2E0925CAD34C65AB3E6CEE44756C668E6 ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
15:49:51.0787 0x10d8 Ntfs - ok
15:49:51.0787 0x10d8 [ EF1B290FC9F0E47CC0B537292BEE5904, DBC07BBC54EBC2D2E576B23A4CE116B3DA988577AD0D96CB7289A6748A60F9EA ] Null C:\WINDOWS\system32\drivers\Null.sys
15:49:51.0803 0x10d8 Null - ok
15:49:51.0818 0x10d8 [ BC6B5942AFF25EBAF62DE43C3807EDF8, CB0FA194084B8C309039D571B5760FDA800E9531B8660C499B4F9977BA5C36D5 ] nvraid C:\WINDOWS\system32\drivers\nvraid.sys
15:49:51.0834 0x10d8 nvraid - ok
15:49:51.0834 0x10d8 [ 1F43ABFFAC3D6CA356851D517392966E, 6FD7621F67BA94B0E1D8F43BEC2951DBCDEEA1E848BB265AC169E27C01DA68F2 ] nvstor C:\WINDOWS\system32\drivers\nvstor.sys
15:49:51.0849 0x10d8 nvstor - ok
15:49:51.0865 0x10d8 [ 6934A936A7369DFE37B7DBA93F5E5E49, 0900FEEB0CE8D09F0FC60630B5B986034A8BCD3882ED66E47170810C32492892 ] nv_agp C:\WINDOWS\system32\drivers\nv_agp.sys
15:49:51.0881 0x10d8 nv_agp - ok
15:49:51.0881 0x10d8 [ 30B5F9FB0C35AE6B4A0851D24CE2EE8B, 0340E77E8EC2ADC21B8DDD9C9CC95B3F4BCAFD54618A333C72D7D9587D593B83 ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
15:49:51.0904 0x10d8 ose - ok
15:49:52.0091 0x10d8 [ 61BFFB5F57AD12F83AB64B7181829B34, 1DD0DD35E4158F95765EE6639F217DF03A0A19E624E020DBA609268C08A13846 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
15:49:52.0310 0x10d8 osppsvc - ok
15:49:52.0341 0x10d8 [ E287F157F7A0011D93179C64EF8ADCF2, C16FB92C7B18D634BB1344238D35B3111494C243FBD5853F05376F5051480D83 ] p2pimsvc C:\WINDOWS\system32\pnrpsvc.dll
15:49:52.0372 0x10d8 p2pimsvc - ok
15:49:52.0388 0x10d8 [ 2A57A937BC5B1B2D6AFE6A8C5925F50B, 00D84EFED5A7129AAD86945940030474795905C32D65CBD5B1A3EBADCED8F873 ] p2psvc C:\WINDOWS\system32\p2psvc.dll
15:49:52.0419 0x10d8 p2psvc - ok
15:49:52.0419 0x10d8 [ 764B1121867B2D9B31C491668AC72B2B, 32C04B6FCE1DDD09697B81473A23BDCED8BEEFBCD0D2D58DDC9A11A33C756967 ] Parport C:\WINDOWS\System32\drivers\parport.sys
15:49:52.0435 0x10d8 Parport - ok
15:49:52.0451 0x10d8 [ EF0C1749C9A8CEE9A457473D433CC00F, A5FDAB5AD47471640D697C6CFBA6C67730878ABBA47D394EAA47C9733EDCE1F3 ] partmgr C:\WINDOWS\system32\drivers\partmgr.sys
15:49:52.0451 0x10d8 partmgr - ok
15:49:52.0482 0x10d8 [ 9A5309EF92F39346CFD5A4C2C3D1BFAD, 5908E0C9562F9CB24784491BD9AE7983A33A6BDF81AFA0A08045518A0C9BB2B1 ] PcaSvc C:\WINDOWS\System32\pcasvc.dll
15:49:52.0497 0x10d8 PcaSvc - ok
15:49:52.0513 0x10d8 [ 91ED124E261EA8FAA1C0FFDF2A71B0C4, 20E41A38067395D03184938983A9BE459717A1941352972DBC28D83D542319EC ] pci C:\WINDOWS\system32\drivers\pci.sys
15:49:52.0544 0x10d8 pci - ok
15:49:52.0544 0x10d8 [ 346E38FCC6859A727DD28AFAD1F0AFF4, FF3DA26F79B3BC3A5B8A8AA0B9139B9EF70297F4EA1203B1E68FB5A212C3AA58 ] pciide C:\WINDOWS\system32\drivers\pciide.sys
15:49:52.0560 0x10d8 pciide - ok
15:49:52.0576 0x10d8 [ 4D3BDCC1C7B40C9D7B6AD990E6DEC397, 27A7AF2127B699F4579CB77936F38DC102211E26E5E2947DB808756FE06FC98E ] pcmcia C:\WINDOWS\system32\drivers\pcmcia.sys
15:49:52.0591 0x10d8 pcmcia - ok
15:49:52.0591 0x10d8 [ BF28771D1436C88BE1D297D3098B0F7D, 5F7630916A76A8CF31289E9C577F522B999C74C39E541CD40E62BD53004BEF74 ] pcw C:\WINDOWS\system32\drivers\pcw.sys
15:49:52.0607 0x10d8 pcw - ok
15:49:52.0607 0x10d8 [ 24A8DFC07E4BAF29AEA26E383D4CC886, 1B903FE52CD816662D37A8113930B4B7019B6996D49F1982D8F42933A3525A67 ] pdc C:\WINDOWS\system32\drivers\pdc.sys
15:49:52.0622 0x10d8 pdc - ok
15:49:52.0654 0x10d8 [ 0ECEE590F2E2EF969FB74A6FC583A1E6, 1C611D9225C863CF32125F684B324C58BDE1942F4F283F5674133200AC505D44 ] PEAUTH C:\WINDOWS\system32\drivers\peauth.sys
15:49:52.0701 0x10d8 PEAUTH - ok
15:49:52.0747 0x10d8 [ 8E3C640FFF5A963F570233AE99C0FFF3, 3DE978B005BF2E88BA858CE37D9E27BD3584642B8412E22C300A1E739743838A ] PerfHost C:\WINDOWS\SysWow64\perfhost.exe
15:49:52.0794 0x10d8 PerfHost - ok
15:49:52.0888 0x10d8 [ 928061178CD9856CA6B67FFFCE6BA766, 71DE3C7CA7F83EAAA550CD8A68FB67DE042B0AE51BFACB1ECB8852D502E11F50 ] pla C:\WINDOWS\system32\pla.dll
15:49:52.0951 0x10d8 pla - ok
15:49:52.0966 0x10d8 [ BC6849C62DB407573C6AD8CB1A4D2628, 5BDE0D60F85E4C27CEAD1B301155B54D841FB773BD5BB8AC5DDAEE31F8E94627 ] PlugPlay C:\WINDOWS\system32\umpnpmgr.dll
15:49:52.0982 0x10d8 PlugPlay - ok
15:49:52.0982 0x10d8 [ 045EB4F260606A03BE340D09DEAF3BA4, 6F34B8D414F7F69F4388F2F8A86E0F3AD179E423126990AF3E1EC4DCCB8E7693 ] PNRPAutoReg C:\WINDOWS\system32\pnrpauto.dll
15:49:52.0997 0x10d8 PNRPAutoReg - ok
15:49:53.0013 0x10d8 [ E287F157F7A0011D93179C64EF8ADCF2, C16FB92C7B18D634BB1344238D35B3111494C243FBD5853F05376F5051480D83 ] PNRPsvc C:\WINDOWS\system32\pnrpsvc.dll
15:49:53.0044 0x10d8 PNRPsvc - ok
15:49:53.0060 0x10d8 [ C16097D77A232A288D65F299E2E01105, 5CE4B44B06FD26569C0F92FF1D3991D0128D8444AE7BC9EBEF5A33811D721BE8 ] PolicyAgent C:\WINDOWS\System32\ipsecsvc.dll
15:49:53.0091 0x10d8 PolicyAgent - ok
15:49:53.0091 0x10d8 [ 00E08B30E7F7C13ECE2CDF4F46A77311, 1807C0A64C1794E572C86730816C01DCF4D8F773ADE9CAEA3AC0658F7BD71A4E ] Power C:\WINDOWS\system32\umpo.dll
15:49:53.0107 0x10d8 Power - ok
15:49:53.0122 0x10d8 [ E075CC071022BD4E9BE7C024717C0E0A, BE65A8C1082AE8DF8C37CA06B2BCC521478AC153EA7388B03F7FAE3913920E75 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
15:49:53.0138 0x10d8 PptpMiniport - ok
15:49:53.0247 0x10d8 [ 3C96A45CA3403A276B0F045C448EC27B, C0011DB8C5A85817CAF815CC0095EE2C1CDD5964DCD8EAF4C35A2495D6A873CC ] PrintNotify C:\WINDOWS\system32\spool\drivers\x64\3\PrintConfig.dll
15:49:53.0404 0x10d8 PrintNotify - ok
15:49:53.0419 0x10d8 [ ECD373F9571C745894367CC2635EA44F, E08B2A1017DAE1BF10B986DAFAD14BDE20D79703E0EF3A8C700A3753908C1392 ] Processor C:\WINDOWS\System32\drivers\processr.sys
15:49:53.0435 0x10d8 Processor - ok
15:49:53.0435 0x10d8 [ 19424364D8C03B990C4281BE53963FD0, 958FC8436E6B754858E20BC48B0D4B269991E8CA94C15C2761BF04ED52591907 ] ProfSvc C:\WINDOWS\system32\profsvc.dll
15:49:53.0451 0x10d8 ProfSvc - ok
15:49:53.0466 0x10d8 [ 8528BB05E4D4E25945F78B00B2555FB7, FF8E0D4580F93CD348080967F52FE6C2C68B56DAEACAE2EAEF04E19412A953AE ] Psched C:\WINDOWS\system32\DRIVERS\pacer.sys
15:49:53.0482 0x10d8 Psched - ok
15:49:53.0497 0x10d8 [ AF90BB44C99D6820BE52C9BBAA523283, 9772D9CC1666959EC8EE4ED740A5179473CE4F38762109F1123DD68010D20EA1 ] QWAVE C:\WINDOWS\system32\qwave.dll
15:49:53.0529 0x10d8 QWAVE - ok
15:49:53.0529 0x10d8 [ 3FB466684609A4329858CF2EBD62E0FD, CFC8FBAB1436948F9D34CE6A2D6DE2F86F3E93E50B86851CED979C8CCE609798 ] QWAVEdrv C:\WINDOWS\system32\drivers\qwavedrv.sys
15:49:53.0544 0x10d8 QWAVEdrv - ok
15:49:53.0560 0x10d8 [ 2C56F0EE27E4EF70CA4B4983D3638905, AFFDD686886CE982424B644D9168D61C6F86A5244FF97BC644DF75B321E415E5 ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
15:49:53.0576 0x10d8 RasAcd - ok
15:49:53.0576 0x10d8 [ 674A4702E4E144E8710ED1A2EC6DD049, 613A921101A6815C9185D5EF3E251A592604E56FADE945BB7E256885CAD473BC ] RasAgileVpn C:\WINDOWS\system32\DRIVERS\AgileVpn.sys
15:49:53.0591 0x10d8 RasAgileVpn - ok
15:49:53.0607 0x10d8 [ 5F061AC45266841A2860C1858ED863B8, 9E0D52BAC8A50225C32D0397C35350601B996443E2481C808CC59D3B0763FEF0 ] RasAuto C:\WINDOWS\System32\rasauto.dll
15:49:53.0622 0x10d8 RasAuto - ok
15:49:53.0622 0x10d8 [ BBB6272B7F46C4640A8CDB8A70C3450F, 4266C3ABD0D1D0219F715EA0F155744F7C1E3A7B722BE863831B57AE785419A2 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
15:49:53.0638 0x10d8 Rasl2tp - ok
15:49:53.0669 0x10d8 [ 5C7B86EE33505E36026AFAAB62DA6364, 903BB1A355AC746BF09C2A7C87B068168648DB79DEF39AB1DC710B6A7A5F6556 ] RasMan C:\WINDOWS\System32\rasmans.dll
15:49:53.0701 0x10d8 RasMan - ok
15:49:53.0701 0x10d8 [ 5247F308C4103CDC4FE12AE1D235800A, E567CD33CA1897D53795E071B7AFBAF98B2C8F725F8BED0BA90F5EF611520E48 ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
15:49:53.0716 0x10d8 RasPppoe - ok
15:49:53.0732 0x10d8 [ 2B0F1677CDD08967005F34488559BC6F, FFF168EBD171C0B85A448AD1A04F66534E889AE1DC128F68EA3F35D5996C8D39 ] RasSstp C:\WINDOWS\system32\DRIVERS\rassstp.sys
15:49:53.0747 0x10d8 RasSstp - ok
15:49:53.0763 0x10d8 [ A1A5E79C0D1352AFDC08328A623DA051, 01546DDE6F1FF159A7EB7F2BF104910445D3D863F1F37DEA695579BA60D84280 ] rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
15:49:53.0779 0x10d8 rdbss - ok
15:49:53.0794 0x10d8 [ 6B21EBF892CD8CACB71669B35AB5DE32, 0AD8E14FEF16FB2559F5FC8AFBC9D49E4E24F43CF65F480DBF9FAB593269B419 ] rdpbus C:\WINDOWS\System32\drivers\rdpbus.sys
15:49:53.0810 0x10d8 rdpbus - ok
15:49:53.0810 0x10d8 [ 680C1DAE268B6FB67FA21B389A8B79EF, 856911F77BDD8830C3D683EBE8AF399FB3A54C7D8D0B34EA37D903377F0A39BD ] RDPDR C:\WINDOWS\system32\drivers\rdpdr.sys
15:49:53.0826 0x10d8 RDPDR - ok
15:49:53.0841 0x10d8 [ 9F08A6608F98B5407E7DDBCF306573EF, 92812F97CFDB2EC128BC48143DE215B7D012B15D3FB4D2199222AD8C31DA5016 ] RdpVideoMiniport C:\WINDOWS\system32\drivers\rdpvideominiport.sys
15:49:53.0857 0x10d8 RdpVideoMiniport - ok
15:49:53.0857 0x10d8 [ A26AEC49F318FEE141DDDB2C5F99B3E6, 246AD79FF27E79DEDCB0AAA7C22A8EA6349DEDAC863413A1E378E68FD94C9C4F ] rdyboost C:\WINDOWS\system32\drivers\rdyboost.sys
15:49:53.0888 0x10d8 rdyboost - ok
15:49:53.0919 0x10d8 [ E515A287C8FAE901EB8FB42F168E14F2, 9AE8D608587713FD18BB728BADD402C86FFF06A67359B22ED9431705522BC310 ] ReFS C:\WINDOWS\system32\drivers\ReFS.sys
15:49:53.0982 0x10d8 ReFS - ok
15:49:54.0013 0x10d8 [ BFFB40FBE6D2C3469F8D06EE5E4934AB, 5B6763F973A740DCD53CEA75156926457BED8B075965033C484877DDA8B97F39 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
15:49:54.0029 0x10d8 RemoteAccess - ok
15:49:54.0044 0x10d8 [ 4DCCABE03D06955ED61BABBD8EF9F30F, 531CD60315AAF283B73E0F6CF77D4DE093B809E73C44D2AC43B7247500B3485E ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
15:49:54.0076 0x10d8 RemoteRegistry - ok
15:49:54.0091 0x10d8 [ 0527EF6E23B9FAB37DDCBC479C6CFA28, C004CE600074AC434F8B24A3383F8C0ACFA5476D9E3B1493B40911C78B028D64 ] RFCOMM C:\WINDOWS\System32\drivers\rfcomm.sys
15:49:54.0107 0x10d8 RFCOMM - ok
15:49:54.0123 0x10d8 [ 41DDCF1ADD1FB7DE23DCF671740DDBE6, 87ECB5C883CEFF76D126A5B4D92E069C9298FA5B62CC981870F9ECCA13C074F1 ] RichVideo C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
15:49:54.0154 0x10d8 RichVideo - ok
15:49:54.0154 0x10d8 [ D894CBD7DA753C881EE8D5E33B583225, DA4472A85F10A3DF8CE969F731E67FE7C75EE6095908AB8AC2C44851DC5A3F8B ] RpcEptMapper C:\WINDOWS\System32\RpcEpMap.dll
15:49:54.0185 0x10d8 RpcEptMapper - ok
15:49:54.0185 0x10d8 [ 5CAE8F47B31D5CFC322B5B898C19E0FE, FDB5F0B6EA36403E031D9147AB0519011FAAD3AC8190DE5B1F17FB5472D79D47 ] RpcLocator C:\WINDOWS\system32\locator.exe
15:49:54.0201 0x10d8 RpcLocator - ok
15:49:54.0232 0x10d8 [ 81979817943D830BF24571B7C1B28A1A, 9584D8F1FB3E6CF17BD465670B208C723A8E8B06775A3DA44F75D7710404EEA6 ] RpcSs C:\WINDOWS\system32\rpcss.dll
15:49:54.0263 0x10d8 RpcSs - ok
15:49:54.0279 0x10d8 [ 2D05A5508F4685412F2B89E8C2189ABC, 82F12B4E0E73411A121EFD35FBD3B44CBBC0AE96ACFBB45D8C3C3777E2EA320D ] rspndr C:\WINDOWS\system32\DRIVERS\rspndr.sys
15:49:54.0294 0x10d8 rspndr - ok
15:49:54.0310 0x10d8 [ 8EB6DCEB7473C232D8BC9A886E3183AC, D81B089443306AD9D89F59DBC5F9C2F5B6A86112B4AB59316B97EE7D8B97D2FA ] RSUSBVSTOR C:\WINDOWS\System32\Drivers\RtsUVStor.sys
15:49:54.0341 0x10d8 RSUSBVSTOR - ok
15:49:54.0341 0x10d8 [ 1A063730F221B2746FF00457AE17E4F0, 39A3C258CBFE3BC566C63528C9020A3BC9409736AE5289C08A7BA471D8409263 ] s3cap C:\WINDOWS\System32\drivers\vms3cap.sys
15:49:54.0373 0x10d8 s3cap - ok
15:49:54.0373 0x10d8 [ F6F209DDB94959BA104FC8FC87C53759, 8E862D41F4332EABF64BD034E2C0E3CC8109C7990CB4112C2B2880E8E6EDF2D3 ] SamSs C:\WINDOWS\system32\lsass.exe
15:49:54.0404 0x10d8 SamSs - ok
15:49:54.0419 0x10d8 [ C624A1B32211C3166EDB3F4AB02A30B7, 6B2A4607DB52D74242787ED9DF9067058983D310431D8612D2B0236E6201E681 ] sbp2port C:\WINDOWS\system32\drivers\sbp2port.sys
15:49:54.0435 0x10d8 sbp2port - ok
15:49:54.0466 0x10d8 [ 47C497FA4DDEA908633CAA60CEBE6805, 4DF5742D4C99D3F7B6A5671AEDB1E5E47D3399D36B28BA19C105FA604D8D5A1C ] SCardSvr C:\WINDOWS\System32\SCardSvr.dll
15:49:54.0513 0x10d8 SCardSvr - ok
15:49:54.0529 0x10d8 [ E76C4E98302AE39CC6FA5D20FC8B5438, B6B6B59CF427515087689285797F4A5763103440EBE5D87A61FA74F80F895BD0 ] ScDeviceEnum C:\WINDOWS\System32\ScDeviceEnum.dll
15:49:54.0576 0x10d8 ScDeviceEnum - ok
15:49:54.0591 0x10d8 [ ABD0237B15DBD2B4695F4B7D734A58F7, D6831921F0CD3E03CBF1CA3ED5824EE0C75127842D12D4E897E74EC72B0792EB ] scfilter C:\WINDOWS\system32\DRIVERS\scfilter.sys
15:49:54.0623 0x10d8 scfilter - ok
15:49:54.0685 0x10d8 [ D3AE5DB16EAF913860EC28654CE00E6B, AD76B6044F7247C6E86F6DCB7CFD6B25BCA2B9F09A97A419F043A999E66726A2 ] Schedule C:\WINDOWS\system32\schedsvc.dll
15:49:54.0748 0x10d8 Schedule - ok
15:49:54.0748 0x10d8 [ AB285CE3431FF3D2ACE669245874C1C7, 6AF4C3E86EFA51F7FB6F8492CB2CCB807C7775EAE0508B87F07134FDAC679BD7 ] SCPolicySvc C:\WINDOWS\System32\certprop.dll
15:49:54.0779 0x10d8 SCPolicySvc - ok
15:49:54.0794 0x10d8 [ 7B7C482CF48E6EE33664340D1A78E6FE, CE5077C4B0372F4F9F02B0B37AE58C0DAEFCA9D242065731A23F072506430575 ] sdbus C:\WINDOWS\System32\drivers\sdbus.sys
15:49:54.0810 0x10d8 sdbus - ok
15:49:54.0826 0x10d8 [ 0B1E929D11A8E358106955603FAC65E8, A5EC91BFC0873EC6AB1D0DB4E91654BD35339BD680E7E82DA2DC64996B4AE515 ] sdstor C:\WINDOWS\System32\drivers\sdstor.sys
15:49:54.0841 0x10d8 sdstor - ok
15:49:54.0841 0x10d8 [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv C:\WINDOWS\system32\drivers\secdrv.sys
15:49:54.0857 0x10d8 secdrv - ok
15:49:54.0857 0x10d8 [ C49009F897BA4F2F4F31043663AA1485, 48C8BE1E3A4F150662AD012AF4E0357ABA792AD1147AB90EFF6CB2630E2501B6 ] seclogon C:\WINDOWS\system32\seclogon.dll
15:49:54.0873 0x10d8 seclogon - ok
15:49:54.0888 0x10d8 [ A88882E64BDC1D8E8D6E727B71CCCC53, 12D2235F54D0CEEED8AA268C17CDE44020269F4FEFC70CE957DBBF99AF7F553D ] SENS C:\WINDOWS\System32\sens.dll
15:49:54.0904 0x10d8 SENS - ok
15:49:54.0919 0x10d8 [ E66A7C8CE7ED22DED6DF1CA479FB4790, ADEB076F131E7A8C3AD96022B09BB33EB9AB26C9C831503B8C6960AA763B8975 ] SensrSvc C:\WINDOWS\system32\sensrsvc.dll
15:49:54.0951 0x10d8 SensrSvc - ok
15:49:54.0951 0x10d8 [ DB2FF24CE0BDD15FE75870AFE312BA89, 7DB0D978C92CD0A0A81F7AB46FE323B4929CEA01585B0F330921E6DFA7DE1B85 ] SerCx C:\WINDOWS\system32\drivers\SerCx.sys
15:49:54.0966 0x10d8 SerCx - ok
15:49:54.0982 0x10d8 [ 0044B31F93946D5D41982314381FE431, 95B8A94BA9EF770F29ACD5B23D447EC2B6CF1CB3D0030343BA1550AC31F6E2A5 ] SerCx2 C:\WINDOWS\system32\drivers\SerCx2.sys
15:49:54.0998 0x10d8 SerCx2 - ok
15:49:55.0044 0x10d8 [ 3CD600C089C1251BEEB4CD4CD5164F9E, D9F81951B4454B24E821E33ACA53A851A61F3135E8EC6FBE6761A1A3E1CDCBE2 ] Serenum C:\WINDOWS\System32\drivers\serenum.sys
15:49:55.0076 0x10d8 Serenum - ok
15:49:55.0076 0x10d8 [ D864381BC9C725FAB01D94C060660166, 132FED95222BBE3B0B25B3F1F0EFC5903D04564BD047BA4D2042AD51E3FDA724 ] Serial C:\WINDOWS\System32\drivers\serial.sys
15:49:55.0091 0x10d8 Serial - ok
15:49:55.0107 0x10d8 [ 0BD2B65DCE756FDE95A2E5CCCBF7705D, F13FAFEC8FCF3E796196562717C433CE359A74A3E5876AB070647C717AF74028 ] sermouse C:\WINDOWS\System32\drivers\sermouse.sys
15:49:55.0123 0x10d8 sermouse - ok
15:49:55.0154 0x10d8 [ D5C3776CBD8BC307DCCA3FD4CE667A37, 98E4253B770C25914C91A6148E2EA15ED0EF37ADCB042A47252DBA135972BF74 ] SessionEnv C:\WINDOWS\system32\sessenv.dll
15:49:55.0185 0x10d8 SessionEnv - ok
15:49:55.0185 0x10d8 [ 472B7A5AC181C050888DB454663DD764, C950A8615D57BFD455E18880398350642B2E1D6B951EC9754FD8D429F3418835 ] sfloppy C:\WINDOWS\System32\drivers\sfloppy.sys
15:49:55.0201 0x10d8 sfloppy - ok
15:49:55.0232 0x10d8 [ F4414F57DF2CECB8FC969AA43A6B0D50, AD09A6E1294721507DD6BE82B91F2EEB0FF0151B9BC14A75840CD657DBFDECEC ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
15:49:55.0263 0x10d8 SharedAccess - ok
15:49:55.0294 0x10d8 [ 0D190D8B4B20446BE6299AC734DFADF1, 6551095971F99820BBFC5FED8FAB9591A3F8ABFA0F027887F3B71B79325FF6D9 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
15:49:55.0341 0x10d8 ShellHWDetection - ok
15:49:55.0341 0x10d8 [ 2F518D13DD6F3053837FE606F1A2EA1F, 64109296CE95BD233525688A350D575CF97B9464659AA07CF78B307B6ADBC835 ] SiSRaid2 C:\WINDOWS\system32\drivers\SiSRaid2.sys
15:49:55.0373 0x10d8 SiSRaid2 - ok
15:49:55.0373 0x10d8 [ 1AC9A200A9C49C4508F04AAFFCA34A3F, 972BCB2A39169155F74111FAC74ACCD8F50E34EADCF087833B0980827627BBF4 ] SiSRaid4 C:\WINDOWS\system32\drivers\sisraid4.sys
15:49:55.0388 0x10d8 SiSRaid4 - ok
15:49:55.0404 0x10d8 [ 070E4053E3426BAD7B21937F3F0275EB, 92ACCE7E0F5A2EEC2AF931E6677885FBA8548B2876A59EBC827F569300E71631 ] SmbDrv C:\WINDOWS\System32\drivers\Smb_driver_AMDASF.sys
15:49:55.0435 0x10d8 SmbDrv - ok
15:49:55.0435 0x10d8 [ E5D300C2193B0131E26B94FD4C68E160, A07D2EB8204B6C319660964D6882847A21447A6DC991A5B4C0F2CFA3D3F0F6EF ] SmbDrvI C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys
15:49:55.0466 0x10d8 SmbDrvI - ok
15:49:55.0513 0x10d8 [ 587ACA15210D1B01FBF272E07A08F91A, 1F3C13C218C5EA329C6E33E4AE7CFE88DAD59DA40F59FDE09D733AFD2E489000 ] smphost C:\WINDOWS\System32\smphost.dll
15:49:55.0544 0x10d8 smphost - ok
15:49:55.0576 0x10d8 [ 49EEB92DE930B8566EF615D600781DB4, 0B7C929D24FAFC34F95BB4AA77DCBA29DDD8F1977EB42713B64228677D1FBFD3 ] SNMPTRAP C:\WINDOWS\System32\snmptrap.exe
15:49:55.0607 0x10d8 SNMPTRAP - ok
15:49:55.0654 0x10d8 [ 240C5C3793206725AA05665851E8C214, 96ADFB85EB1623EB00C251C1C6A1F441A1795F0EBFD10B17DD1CA58E3AE8A90D ] spaceport C:\WINDOWS\system32\drivers\spaceport.sys
15:49:55.0716 0x10d8 spaceport - ok
15:49:55.0732 0x10d8 [ F337BE11071818FC3F5DC2940B6BDE34, D5CFF00E5DF37045F71AEE101AC9B270EBB29F372F404757B58600E9966C7E4D ] SpbCx C:\WINDOWS\system32\drivers\SpbCx.sys
15:49:55.0748 0x10d8 SpbCx - ok
15:49:55.0779 0x10d8 [ 42FEA9E0BA9761D9E65A4F167D91515B, 9A34CE83F3ACD50608671BDABE5E475F8E0C8335D3B8B7B3D7E84B2A319FA29F ] Spooler C:\WINDOWS\System32\spoolsv.exe
15:49:55.0826 0x10d8 Spooler - ok
15:49:56.0123 0x10d8 [ C993A0B97BECD3AAF5158E3869878465, 8B86F37DEFCBE55DE507D830EC4980EBB39B3CCA30C2B3E76B588AAB282A50FC ] sppsvc C:\WINDOWS\system32\sppsvc.exe
15:49:56.0404 0x10d8 sppsvc - ok
15:49:56.0435 0x10d8 [ 6416E79A58A8FCC33A447A4DDDD3BF04, 839E3107ACCD520C309BD6C8324DF7A8EB724EAD442AB1F1CACB0D83F84BE488 ] srv C:\WINDOWS\system32\DRIVERS\srv.sys
15:49:56.0482 0x10d8 srv - ok
15:49:56.0513 0x10d8 [ 5BED3AB69797C8786EF70AEA8C33748B, 0474EE6C43D437CBA9848BCF25D1341B122D7E9F371A0FF3C62C83D14B2CB095 ] srv2 C:\WINDOWS\system32\DRIVERS\srv2.sys
15:49:56.0560 0x10d8 srv2 - ok
15:49:56.0576 0x10d8 [ D047CD668E6277FD80F0C613946F034C, BD0209E7FD89F9295D4DE48C9652DF2A2990277C16AFA473B96704B1CBD2F338 ] srvnet C:\WINDOWS\system32\DRIVERS\srvnet.sys
15:49:56.0623 0x10d8 srvnet - ok
15:49:56.0638 0x10d8 [ BB9ED3EDD8E85008215A7250D325A72E, D3404E31B7706B25CDEA7CB4260C343B5F090E8CCB9A5FA203B0F94A9112F1B3 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
15:49:56.0670 0x10d8 SSDPSRV - ok
15:49:56.0670 0x10d8 [ 3911418AFDE10EA6823B7799E4815524, A73517C4C1271E666B2B3A747756070098E923742B41572AA16573170440AA07 ] SstpSvc C:\WINDOWS\system32\sstpsvc.dll
15:49:56.0701 0x10d8 SstpSvc - ok
15:49:56.0701 0x10d8 [ 5252D7BC56E5E0ED715AEA8FE173A455, 1408B3E98B35A449434718777EE70595F0D306197A428279C6281D2F1953F259 ] ssudmdm C:\WINDOWS\system32\DRIVERS\ssudmdm.sys
15:49:56.0732 0x10d8 ssudmdm - ok
15:49:56.0748 0x10d8 [ 97F839E8AEC48EE271509BF4BC764C24, 7B9B791E987ADC8991C128CD52CB253F295E41DF502BF8933DF388994E84560D ] STacSV C:\Program Files\IDT\WDM\STacSV64.exe
15:49:56.0763 0x10d8 STacSV - detected UnsignedFile.Multi.Generic ( 1 )
15:49:59.0140 0x10d8 Detect skipped due to KSN trusted
15:49:59.0140 0x10d8 STacSV - ok
15:49:59.0156 0x10d8 [ 366DEA74BBA65B362BCCFC6FC2ADFD8B, 4D28122AB9D8DAB724021E6513B4474BD34FCEDF47769B1D27AC7551FCA002F8 ] stexstor C:\WINDOWS\system32\drivers\stexstor.sys
15:49:59.0187 0x10d8 stexstor - ok
15:49:59.0234 0x10d8 [ 7E89F65EB250463EE8665CFE19566FC3, 45849BAFA62E72A97103C5F02962D346D3F79DE9DB07297D1073FF355A506D9C ] STHDA C:\WINDOWS\system32\DRIVERS\stwrt64.sys
15:49:59.0297 0x10d8 STHDA - ok
15:49:59.0328 0x10d8 [ D638904FE86A5FE542A1BA13A9D68E5C, 89A956F932316BC50DD99B54BAF4E2809DCAA084DBB04CB84D11E5470BEAF251 ] stisvc C:\WINDOWS\System32\wiaservc.dll
15:49:59.0375 0x10d8 stisvc - ok
15:49:59.0375 0x10d8 [ 0ED2E318ABB68C1A35A8B8038BDB4C90, 5C3ABC245F4BCFE64E646D9C0E2F5E211244956C84D03084C71FF6A7E0CDED30 ] storahci C:\WINDOWS\system32\drivers\storahci.sys
15:49:59.0390 0x10d8 storahci - ok
15:49:59.0406 0x10d8 [ 7A08CEE1535F5A448215634C5EA74E50, 41529CDC08A3956F8FE9D5759B147E2E56E3305149EA415EB200249F7CD32094 ] storflt C:\WINDOWS\system32\DRIVERS\vmstorfl.sys
15:49:59.0406 0x10d8 storflt - ok
15:49:59.0422 0x10d8 [ 6B06E2D11E604BE2B1A406C4CB3B90DE, 2DDEA1568A85AD64FCE5D10D348304FCD9BE6E96C2313353EF70A2933306D188 ] stornvme C:\WINDOWS\system32\drivers\stornvme.sys
15:49:59.0437 0x10d8 stornvme - ok
15:49:59.0437 0x10d8 [ 3118058E3D07021A55324A943C6D722B, 0B255DF1977DADD2B9766EEEA814B464F0ABFA34D6439F3C453083850C121F16 ] StorSvc C:\WINDOWS\system32\storsvc.dll
15:49:59.0453 0x10d8 StorSvc - ok
15:49:59.0453 0x10d8 [ 548759755BC73DAD663250239D7E0B9F, D31A05A8CE800B539420B6E545F1F4BF6E4B02EAF8366DE89CAF13A83C6CA48D ] storvsc C:\WINDOWS\system32\drivers\storvsc.sys
15:49:59.0468 0x10d8 storvsc - ok
15:49:59.0484 0x10d8 [ D8E1AE075AB3E8AD56F69C44AA978596, CAFF5116DE7F0EEFFEBE38724BCEE7D11B44153AD35EE43E314C56D5E210758A ] svsvc C:\WINDOWS\system32\svsvc.dll
15:49:59.0500 0x10d8 svsvc - ok
15:49:59.0500 0x10d8 [ 84E0F5D41C138C5CC975137A2A98F6D3, 1E36CED05E4F4365C2AB020CAF920E3959995D7F89F3FABD7B2FB05985F85F38 ] swenum C:\WINDOWS\System32\drivers\swenum.sys
15:49:59.0515 0x10d8 swenum - ok
15:49:59.0547 0x10d8 [ 850EBB87584484DC16F917E7B6F4A304, C253D1DFFCDFB018432063602FB01DBCBDDD6E03458E5C366AABD4670F114B0C ] swprv C:\WINDOWS\System32\swprv.dll
15:49:59.0578 0x10d8 swprv - ok
15:49:59.0593 0x10d8 [ 3675657B3A4A2868A2C2B2A160E4A3C9, 1E2D115D2454596B139360815B24574CF331920513E71EA151324DC2922BC59B ] SynTP C:\WINDOWS\system32\DRIVERS\SynTP.sys
15:49:59.0640 0x10d8 SynTP - ok
15:49:59.0672 0x10d8 [ 3DA26652B12E9AB43FD04976AC6DFD33, DEFE220D86197949E97342FE3487CD6A07DD2FFAF6D17A7C65419C2C1B9D1AB5 ] SysMain C:\WINDOWS\system32\sysmain.dll
15:49:59.0719 0x10d8 SysMain - ok
15:49:59.0734 0x10d8 [ FD4EA8E9232ADD51DC31C295DDEF2768, 3EA40D7376AB5AA5DA2BCF4745C79F7BF819363466967ECC3CD15ADECBFD7244 ] SystemEventsBroker C:\WINDOWS\System32\SystemEventsBrokerServer.dll
15:49:59.0765 0x10d8 SystemEventsBroker - ok
15:49:59.0765 0x10d8 [ BA6DD39266A5E15515C8C14DA2DA3E5C, 5BC917BA4E7281A67CC6CEF2F4D1972DF04DECBEFB6DED0B08FFBD06E15D4B4F ] TabletInputService C:\WINDOWS\System32\TabSvc.dll
15:49:59.0781 0x10d8 TabletInputService - ok
15:49:59.0797 0x10d8 [ B517410F157693043DACA21B19B258A6, 2224EECEB575CEA811036C43BB5B0A408DE5F59BC97235AB948968E4C3E438F2 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
15:49:59.0828 0x10d8 TapiSrv - ok
15:49:59.0890 0x10d8 [ CCB3A2BB60FE5073F2DEA63FE83CF8FE, 02982136236DD595D8974E6645A008D663B4DD3BC3824721E4DE4377B97887C7 ] Tcpip C:\WINDOWS\system32\drivers\tcpip.sys
15:50:00.0000 0x10d8 Tcpip - ok
15:50:00.0062 0x10d8 [ CCB3A2BB60FE5073F2DEA63FE83CF8FE, 02982136236DD595D8974E6645A008D663B4DD3BC3824721E4DE4377B97887C7 ] TCPIP6 C:\WINDOWS\system32\DRIVERS\tcpip.sys
15:50:00.0156 0x10d8 TCPIP6 - ok
15:50:00.0172 0x10d8 [ 41CF802064F72E55F50CA0A221FD36D4, 70ABCDF9E96611E8C83042C581575E26649FE479475E8E118CD3FF6CB1C84C3F ] tcpipreg C:\WINDOWS\system32\drivers\tcpipreg.sys
15:50:00.0187 0x10d8 tcpipreg - ok
15:50:00.0203 0x10d8 [ FFF28F9F6823EB1756C60F1649560BBF, 208DFF8BF0329D0D4761C7E31527AEED7FF5F3C36C5005953D01477F35408D5C ] tdx C:\WINDOWS\system32\DRIVERS\tdx.sys
15:50:00.0219 0x10d8 tdx - ok
15:50:00.0219 0x10d8 [ 232D185D2337F141311D0CF1983E1431, 02EB56D3F26174AF1741C1A444CE30DE84D5BAF583C1A52C7A953BCC52445547 ] terminpt C:\WINDOWS\System32\drivers\terminpt.sys
15:50:00.0234 0x10d8 terminpt - ok
15:50:00.0265 0x10d8 [ 3D748E5558FD9A9F03182CB2330698DC, 70B2069AB7912EB49AB3ABD18D4B42CB94AC99CA6DE3F63F4888B8EAAC78AAA2 ] TermService C:\WINDOWS\System32\termsrv.dll
15:50:00.0344 0x10d8 TermService - ok
15:50:00.0359 0x10d8 [ 05FBE1F7C13E87AF7A414CDF288B1F62, 24079E1A6B2E33A1A8E76A77F73473B93DD6B379E44C982CE50D6CEED9747838 ] Themes C:\WINDOWS\system32\themeservice.dll
15:50:00.0390 0x10d8 Themes - ok
15:50:00.0390 0x10d8 [ FD788C2D96EA91469A3C1D13E80D7473, 7B14D4BFDE18CECC19FBFFAA5AFF5FD78BFB7FCDA6613990740A8A7DD9873D26 ] THREADORDER C:\WINDOWS\system32\mmcss.dll
15:50:00.0406 0x10d8 THREADORDER - ok
15:50:00.0422 0x10d8 [ 347A3E49CE18402305B8119A6EC7CFEB, 6768B20EE577880B0353FE84B980D4A18D323929A63FAE41F7A55123BBFC8DBA ] TimeBroker C:\WINDOWS\System32\TimeBrokerServer.dll
15:50:00.0453 0x10d8 TimeBroker - ok
15:50:00.0469 0x10d8 [ 82F909359600D3603FE852DB7F135626, 2EB2BB9D81AC9A2E432B2628E296B7B21F1C82EAE8009300EEF1B8596A9F418D ] TPM C:\WINDOWS\system32\drivers\tpm.sys
15:50:00.0500 0x10d8 TPM - ok
15:50:00.0500 0x10d8 [ C97E14BB6A196B0554D6EB67D8818175, C00588C94988F10507F84584DFA4C0A43B8648AD1AD35E9BAE14CDD21FCF7B90 ] TrkWks C:\WINDOWS\System32\trkwks.dll
15:50:00.0531 0x10d8 TrkWks - ok
15:50:00.0531 0x10d8 [ 887CC44830D3F367CAD17A0CA7CCA5C8, D4022A76433A11FD66D0F41A1EB4D6893BC5B22317E7E9E021739109EB493B44 ] TrustedInstaller C:\WINDOWS\servicing\TrustedInstaller.exe
15:50:00.0547 0x10d8 TrustedInstaller - ok
15:50:00.0562 0x10d8 [ BF8F54CA37E9C9D6582C31C5761F8C93, 337C566792F6FB9B7FD5D1D4384B767CFE4CF5DBB2E4688CCC36CBB018A0DD0F ] TsUsbFlt C:\WINDOWS\system32\drivers\tsusbflt.sys
15:50:00.0578 0x10d8 TsUsbFlt - ok
15:50:00.0578 0x10d8 [ E0088068DCE2EE82897027DDB8E05254, FA9C201D3C885DAD2ABE6A23343EDCC83CFB342EFF9E3005FA50B1D88B21D203 ] TsUsbGD C:\WINDOWS\System32\drivers\TsUsbGD.sys
15:50:00.0594 0x10d8 TsUsbGD - ok
15:50:00.0609 0x10d8 [ C8E0E78B5D284C2FF59BDFFDAF997242, BA1576C491A1246EF9866762426D110F4570F9DB42A68C174943C7D5020FE3E2 ] tunnel C:\WINDOWS\system32\DRIVERS\tunnel.sys
15:50:00.0640 0x10d8 tunnel - ok
15:50:00.0640 0x10d8 [ F6EEAD052943B5A3104C1405BB856C54, FE422813E6C1012E9F392EFF2AE4C6D3A4DBD9CB2BD5E6A5CAB57D4E89A29468 ] uagp35 C:\WINDOWS\system32\drivers\uagp35.sys
15:50:00.0656 0x10d8 uagp35 - ok
15:50:00.0672 0x10d8 [ FE6067B1FD4E63650C667B33D080565B, 2C330ED00E49BA55E25564230E0DFB8A35F2B5320EB18D4AF7CAACFA9A449044 ] UASPStor C:\WINDOWS\System32\drivers\uaspstor.sys
15:50:00.0687 0x10d8 UASPStor - ok
15:50:00.0703 0x10d8 [ B034A41891A36457B994307DFA772293, CA5E6500764A9777AE0E15B2AFB6F05982C90F01374E3F6DDC6DF3852282C66B ] UCX01000 C:\WINDOWS\System32\drivers\ucx01000.sys
15:50:00.0734 0x10d8 UCX01000 - ok
15:50:00.0750 0x10d8 [ 1EC649F112896FAE33250F0B97AC5D0B, 0C0A1C2C7615DEB298AD3073340FD1BF91FEBE611F133E3B48D994A6EAA8369F ] udfs C:\WINDOWS\system32\DRIVERS\udfs.sys
15:50:00.0781 0x10d8 udfs - ok
15:50:00.0781 0x10d8 [ 9578691F297E1B1F519970FE6D47CB21, 080C352AAF22A16A4F3C4AB4DCEA5BFA656457C73F735CEBA30516FDACCF6301 ] UEFI C:\WINDOWS\System32\drivers\UEFI.sys
15:50:00.0797 0x10d8 UEFI - ok
15:50:00.0797 0x10d8 [ 320878AFECDBBD61BBE98624A6CAAC08, 15C090EA32A24D976B5FCB1373B1281DCC2295C075299C814345D694AEB47CB9 ] UI0Detect C:\WINDOWS\system32\UI0Detect.exe
15:50:00.0828 0x10d8 UI0Detect - ok
15:50:00.0828 0x10d8 [ 5EAB5117DDB24FC4D39E6FFFCF1837B9, 2BC709240867F161E94BE6625A04F478EAAA3EEE7BC7C37ED0DFA9EEA5928E98 ] uliagpkx C:\WINDOWS\system32\drivers\uliagpkx.sys
15:50:00.0844 0x10d8 uliagpkx - ok
15:50:00.0844 0x10d8 [ DA34C39A18E60E7C3FA0630566408034, 2F162504214053894C72760D9933D01DBF3578609FE5E2376C3272818599FE32 ] umbus C:\WINDOWS\System32\drivers\umbus.sys
15:50:00.0859 0x10d8 umbus - ok
15:50:00.0859 0x10d8 [ AE8294875E5446E359B1E8035D40C05E, AE0357BAB47C07C3576BC76951CD258C009BC5A1B93259D2122A841BD9CDA8FA ] UmPass C:\WINDOWS\System32\drivers\umpass.sys
15:50:00.0875 0x10d8 UmPass - ok
15:50:00.0890 0x10d8 [ E3DDF7D43E05784FAA5E042605EEE528, 8E20E880FAB09AF4FF5C438BF9EAE9970D46C05167870110869B744E498FD761 ] UmRdpService C:\WINDOWS\System32\umrdp.dll
15:50:00.0906 0x10d8 UmRdpService - ok
15:50:00.0984 0x10d8 [ 4A2FFDAC45F317E17DF642C7160EB633, F1AB762912FAA5F469F322407DA37C91556086C42D1643AD27516C12A84F74D0 ] upnphost C:\WINDOWS\System32\upnphost.dll
15:50:01.0062 0x10d8 upnphost - ok
15:50:01.0062 0x10d8 [ 5C3BE22E485B9BF11FCEFDC676C728D0, F55061066ECF6920D56518A677BB538C18B7F1BB150ED6DB3591408F44E8D53A ] USBAAPL64 C:\WINDOWS\System32\Drivers\usbaapl64.sys
15:50:01.0094 0x10d8 USBAAPL64 - ok
15:50:01.0109 0x10d8 [ FF78D053A05E5A394F4E3C1816CC65A8, 5DAE02414271231F5FDBB751AFEB99874779B467947020815D4AE54432D4269D ] usbccgp C:\WINDOWS\System32\drivers\usbccgp.sys
15:50:01.0125 0x10d8 usbccgp - ok
15:50:01.0172 0x10d8 [ B3D6457D841A0CAEF4C52D88621715F2, CBDD76A8A28379B107B1FB530757B477B8AB74CD01F9F3CEDC7B1BA0C6E5A990 ] usbcir C:\WINDOWS\System32\drivers\usbcir.sys
15:50:01.0203 0x10d8 usbcir - ok
15:50:01.0234 0x10d8 [ 48BA326A3DBA5B5BEB5F2777F4618696, B9EC8155F11A3A7644BD9DC8910681B46AE44AE3BF53F052DF50E9C5555E3229 ] usbehci C:\WINDOWS\System32\drivers\usbehci.sys
15:50:01.0250 0x10d8 usbehci - ok
15:50:01.0281 0x10d8 [ FEF0BC107812B36849741C3211BA6B60, B3EF738BE1E6B6027F29C9713CD3F367EA067D2BE46580AFBC0FB58046EF6BBD ] usbhub C:\WINDOWS\System32\drivers\usbhub.sys
15:50:01.0312 0x10d8 usbhub - ok
15:50:01.0328 0x10d8 [ 65392F3F3F65E4C6CC82A0F4F8A0B051, C11B662A28D95820717DFFC6B76DBB755E4876009A2342E5E3992DE32D6BFF61 ] USBHUB3 C:\WINDOWS\System32\drivers\UsbHub3.sys
15:50:01.0375 0x10d8 USBHUB3 - ok
15:50:01.0375 0x10d8 [ 3019097FB6C985EF24C058090FF3BDBD, 24AC518D34E338D94BF3D5B3F72E53F8A1369BAA7F32FEA3EDBCF928C4FF1D17 ] usbohci C:\WINDOWS\System32\drivers\usbohci.sys
15:50:01.0390 0x10d8 usbohci - ok
15:50:01.0390 0x10d8 [ 4D655E3B684BE9B0F7FFD8A2935C348C, 3A7FC1748C5AEA8CFE0E7C22ADC77E3DCA475455FC16D9C6A5C16EB5E949A516 ] usbprint C:\WINDOWS\System32\drivers\usbprint.sys
15:50:01.0406 0x10d8 usbprint - ok
15:50:01.0406 0x10d8 [ F04D164C4168701A4E7835607722E5F1, 6F743CF2CF73945B4A4B1C4402744BC2FE1624F1346C194493AD2F7110F9EB35 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
15:50:01.0437 0x10d8 usbscan - ok
15:50:01.0453 0x10d8 [ 66732C13628BDB1AB0D6FD46027327C2, B582C0F348D8F79419CA5A58F10CA151E06D7CA3BE162344CADA46D9D7FED97C ] USBSTOR C:\WINDOWS\System32\drivers\USBSTOR.SYS
15:50:01.0469 0x10d8 USBSTOR - ok
15:50:01.0469 0x10d8 [ 064260B3A5868AC894A4943543BC7AB7, D3534E98B34C4AC9A430D7E0AB301A0E5E1511E3117C2FEA392636B0DE2C38E2 ] usbuhci C:\WINDOWS\System32\drivers\usbuhci.sys
15:50:01.0484 0x10d8 usbuhci - ok
15:50:01.0500 0x10d8 [ 18F744E8CCEB2670040EBAF7AD77B8C6, C5E2DF4EA0D946B4DA67DE29FA9D0F079DED35EC59B98E532C4C2D5F8E86DA0A ] usbvideo C:\WINDOWS\System32\Drivers\usbvideo.sys
15:50:01.0531 0x10d8 usbvideo - ok
15:50:01.0562 0x10d8 [ 48430B0313FC1CFE3D2400553F1A93CD, 92994DE6B131E904AFF2C9C4FBB4E6B0D58525A1539763327373DA18C9F08193 ] USBXHCI C:\WINDOWS\System32\drivers\USBXHCI.SYS
15:50:01.0578 0x10d8 USBXHCI - ok
15:50:01.0594 0x10d8 [ F6F209DDB94959BA104FC8FC87C53759, 8E862D41F4332EABF64BD034E2C0E3CC8109C7990CB4112C2B2880E8E6EDF2D3 ] VaultSvc C:\WINDOWS\system32\lsass.exe
15:50:01.0594 0x10d8 VaultSvc - ok
15:50:01.0609 0x10d8 [ FEB26E3B8345A7E8D62F945C4AE86562, 3AAFE87C402FC8E92542DFE60EC9540559863065F88D429A16D7B1BF829223FF ] vdrvroot C:\WINDOWS\system32\drivers\vdrvroot.sys
15:50:01.0625 0x10d8 vdrvroot - ok
15:50:01.0672 0x10d8 [ E3EF58D4123B5AA29C8E19825AF84A5E, FB1046722BC643E955DBC3B1459DBF2A6D575EBA2BCF7B20A0FA51E3993835E2 ] vds C:\WINDOWS\System32\vds.exe
15:50:01.0734 0x10d8 vds - ok
15:50:01.0734 0x10d8 [ A026EDEAA5EECAE0B08E2748B616D4BD, 2525A54DC7F49DDFBB999C22BF3FAB6D9E9F70C0806E58D81E90AC59F9F46089 ] VerifierExt C:\WINDOWS\system32\drivers\VerifierExt.sys
15:50:01.0750 0x10d8 VerifierExt - ok
15:50:01.0781 0x10d8 [ 52E483A3701A5A61A75A06993720347D, 689E812755E485DF6960D1E049740FBAFB812467D23B673DCAA40C03FEBB544F ] vhdmp C:\WINDOWS\System32\drivers\vhdmp.sys
15:50:01.0875 0x10d8 vhdmp - ok
15:50:01.0875 0x10d8 [ 06D38968028E9AB19DE9B618C7B6D199, 62022297A47F440D1C82CA0B0E57C0C8E9D5033D83DD3B40492B218DF65EBF68 ] viaide C:\WINDOWS\system32\drivers\viaide.sys
15:50:01.0890 0x10d8 viaide - ok
15:50:01.0906 0x10d8 [ C6305BDFC4F7CE51F72BB072C03D4ACE, 73E62869CA3104F48CC3B0C45E69CE9BF4F8D7D06E29C2F049B9347ABB50554D ] vmbus C:\WINDOWS\system32\drivers\vmbus.sys
15:50:01.0922 0x10d8 vmbus - ok
15:50:01.0937 0x10d8 [ DA40BEA0A863CE768C940CA9723BF81F, 567C0C3F422325635808B0CF76E05D3B6187F96845C33F85F92F98C9FE53A5B8 ] VMBusHID C:\WINDOWS\System32\drivers\VMBusHID.sys
15:50:01.0953 0x10d8 VMBusHID - ok
15:50:01.0969 0x10d8 [ 9067880BBB1C18703DBFF27D731D7ECA, 0044246249F4B945D72BBC0FEF9BF3C31E62F57CBF77615A95213B36A29F0C71 ] vmicguestinterface C:\WINDOWS\System32\ICSvc.dll
15:50:02.0015 0x10d8 vmicguestinterface - ok
15:50:02.0031 0x10d8 [ 9067880BBB1C18703DBFF27D731D7ECA, 0044246249F4B945D72BBC0FEF9BF3C31E62F57CBF77615A95213B36A29F0C71 ] vmicheartbeat C:\WINDOWS\System32\ICSvc.dll
15:50:02.0047 0x10d8 vmicheartbeat - ok
15:50:02.0078 0x10d8 [ 9067880BBB1C18703DBFF27D731D7ECA, 0044246249F4B945D72BBC0FEF9BF3C31E62F57CBF77615A95213B36A29F0C71 ] vmickvpexchange C:\WINDOWS\System32\ICSvc.dll
15:50:02.0094 0x10d8 vmickvpexchange - ok
15:50:02.0109 0x10d8 [ 9067880BBB1C18703DBFF27D731D7ECA, 0044246249F4B945D72BBC0FEF9BF3C31E62F57CBF77615A95213B36A29F0C71 ] vmicrdv C:\WINDOWS\System32\ICSvc.dll
15:50:02.0141 0x10d8 vmicrdv - ok
15:50:02.0156 0x10d8 [ 9067880BBB1C18703DBFF27D731D7ECA, 0044246249F4B945D72BBC0FEF9BF3C31E62F57CBF77615A95213B36A29F0C71 ] vmicshutdown C:\WINDOWS\System32\ICSvc.dll
15:50:02.0187 0x10d8 vmicshutdown - ok
15:50:02.0203 0x10d8 [ 9067880BBB1C18703DBFF27D731D7ECA, 0044246249F4B945D72BBC0FEF9BF3C31E62F57CBF77615A95213B36A29F0C71 ] vmictimesync C:\WINDOWS\System32\ICSvc.dll
15:50:02.0234 0x10d8 vmictimesync - ok
15:50:02.0250 0x10d8 [ 9067880BBB1C18703DBFF27D731D7ECA, 0044246249F4B945D72BBC0FEF9BF3C31E62F57CBF77615A95213B36A29F0C71 ] vmicvss C:\WINDOWS\System32\ICSvc.dll
15:50:02.0281 0x10d8 vmicvss - ok
15:50:02.0281 0x10d8 [ 55D7D963DE85162F1C49721E502F9744, 5AD34D6DB707EF3E5242BD8CA67B21D6258EE7E7FC477D5227BD15500AE7F45F ] volmgr C:\WINDOWS\system32\drivers\volmgr.sys
15:50:02.0297 0x10d8 volmgr - ok
15:50:02.0375 0x10d8 [ CCB9E901F7254BF96D28EB1B0E5329B7, F0E3CA4EFA544CDAEF4092284CF3EC7DF07F806A770285E281816457AD8813F5 ] volmgrx C:\WINDOWS\system32\drivers\volmgrx.sys
15:50:02.0422 0x10d8 volmgrx - ok
15:50:02.0453 0x10d8 [ 64CA2B4A49A8EAF495E435623ECCE7DB, 81151F295A54DE2B8B88C7F48C86BF58CDFF96F98493509C06D6F41484594386 ] volsnap C:\WINDOWS\system32\drivers\volsnap.sys
15:50:02.0484 0x10d8 volsnap - ok
15:50:02.0484 0x10d8 [ 01355C98B5C3ED1EC446743CDA848FCE, B9FCF558C20E05DD0F53FFB70BBEF873EA57801E13A16701E636128D625C4B67 ] vpci C:\WINDOWS\System32\drivers\vpci.sys
15:50:02.0500 0x10d8 vpci - ok
15:50:02.0516 0x10d8 [ 4539F45F9F4C9757A86A56C949421E07, DEC362314B2C66414F39354AFE79C02B18BF4EEF90787FB58307F6EB62237E2C ] vsmraid C:\WINDOWS\system32\drivers\vsmraid.sys
15:50:02.0531 0x10d8 vsmraid - ok
15:50:02.0578 0x10d8 [ E369C59F2C0852DDD090C07E0DDE0051, 4FAC94458EAAEED4F84A86FBAB8FBB332D0AF85BD528E63C0C058A2DA8E3011D ] VSS C:\WINDOWS\system32\vssvc.exe
15:50:02.0641 0x10d8 VSS - ok
15:50:02.0656 0x10d8 [ 0849B7260F26FE05EA56DED0672E2F4B, 7EAC0E7988F45CB4133A15932955B7B03CE715C967A3BAC9999D81543EBCAEC5 ] VSTXRAID C:\WINDOWS\system32\drivers\vstxraid.sys
15:50:02.0672 0x10d8 VSTXRAID - ok
15:50:02.0672 0x10d8 vulsrsebjh64 - ok
15:50:02.0687 0x10d8 [ BE970C369E43B509C1EDA2B8FA7CECB0, 18951F2AA842A0795AA79A4E164EE925A35E6270EBE4C4CDB19D0A891830E383 ] vwifibus C:\WINDOWS\System32\drivers\vwifibus.sys
15:50:02.0687 0x10d8 vwifibus - ok
15:50:02.0703 0x10d8 [ 35BF5C5F5E3C9902C98978C7640574DA, C61E50B04000DCEC72365723F0C0725C2E005529DAF2777A59E624C14DA29E55 ] vwififlt C:\WINDOWS\system32\DRIVERS\vwififlt.sys
15:50:02.0719 0x10d8 vwififlt - ok
15:50:02.0719 0x10d8 [ 65ED7B9CFEA893DF7748D5FF692690DE, 73AB9D8BB928B3247BDFC7BB47AD7FCA763B375DC250C251DB4E0573531040E8 ] vwifimp C:\WINDOWS\system32\DRIVERS\vwifimp.sys
15:50:02.0734 0x10d8 vwifimp - ok
15:50:02.0781 0x10d8 [ 7599E582CA3A6AAA95A18FFE1172D339, A0410778FBBC4302EA91CF24B944427410B4706535F1192504D4F34C3ED4503E ] W32Time C:\WINDOWS\system32\w32time.dll
15:50:02.0844 0x10d8 W32Time - ok
15:50:02.0844 0x10d8 [ 0910AB9ED404C1434E2D0376C2AD5D8B, 62585CA5F1375BDA440D28D5DF1ADDC9DE3DDFA196D49BBFF3456A5A09EE1C6B ] WacomPen C:\WINDOWS\System32\drivers\wacompen.sys
15:50:02.0859 0x10d8 WacomPen - ok
15:50:02.0875 0x10d8 [ AFCD4054D61BD708B82991348ED1C763, EBDAC0E218F1DFC405DB3C8A2F014D20A17B0690EA381C750BED5C2AFCDFEBE3 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
15:50:02.0891 0x10d8 Wanarp - ok
15:50:02.0891 0x10d8 [ AFCD4054D61BD708B82991348ED1C763, EBDAC0E218F1DFC405DB3C8A2F014D20A17B0690EA381C750BED5C2AFCDFEBE3 ] Wanarpv6 C:\WINDOWS\system32\DRIVERS\wanarp.sys
15:50:02.0906 0x10d8 Wanarpv6 - ok
15:50:02.0969 0x10d8 [ 61692DB39AD3DF2F29392D68EAA7BB93, 854D4B9C7DD1676968598ED973500650ECEC02C420E44C0B3957C24F073AA5FB ] wbengine C:\WINDOWS\system32\wbengine.exe
15:50:03.0047 0x10d8 wbengine - ok
15:50:03.0094 0x10d8 [ 3BC1D1D56637A32CD91C8AE08E2484AA, 9EE1BD3FB0D289E25F3DDD0D8F67DC1C701A6B1D5418FADF348D0E642B1DEBEB ] WbioSrvc C:\WINDOWS\System32\wbiosrvc.dll
15:50:03.0109 0x10d8 WbioSrvc - ok
15:50:03.0156 0x10d8 [ A07CFC4B593D15B6BF06813C3B5B33BF, B57BD918E2AFF9943B51A24B95E0C4D3482B4DF73C0E2421E8CC67C2BC7A4C70 ] Wcmsvc C:\WINDOWS\System32\wcmsvc.dll
15:50:03.0203 0x10d8 Wcmsvc - ok
15:50:03.0219 0x10d8 [ D2726823DF7E19F213F4805A9D6D145F, A7F582C99918D204264D3B374F70D75984BDA5805203041E3DECB8153D16E102 ] wcncsvc C:\WINDOWS\System32\wcncsvc.dll
15:50:03.0266 0x10d8 wcncsvc - ok
15:50:03.0266 0x10d8 [ 846C02A8B48CBD921A3D6AB521AA0DC4, B07573A774A6C65D24E5718DC25DF378270EB5B40221CA5A53B21D47838381D3 ] WcsPlugInService C:\WINDOWS\System32\WcsPlugInService.dll
15:50:03.0297 0x10d8 WcsPlugInService - ok
15:50:03.0297 0x10d8 [ 0359607177E5E9F6041136CC0A5CB0B6, 16687BE2639648CF46E8768BA1798030472C525612C629BF134D053240E2195B ] WdBoot C:\WINDOWS\system32\drivers\WdBoot.sys
15:50:03.0312 0x10d8 WdBoot - ok
15:50:03.0359 0x10d8 [ CB6C63FF8342B467E2EF76E98D5B934D, BE017CE91E3BAB293DE6ECF143797CCE3F33CC63024437472B4E38C6961AD884 ] Wdf01000 C:\WINDOWS\system32\drivers\Wdf01000.sys
15:50:03.0391 0x10d8 Wdf01000 - ok
15:50:03.0422 0x10d8 [ DE8D12B4C3F55FA2C5E9774314F6C58A, C3E835DC066A94E1431BCDC90D7EA27AAC6F82826F4A5527B37D865241D7A366 ] WdFilter C:\WINDOWS\system32\drivers\WdFilter.sys
15:50:03.0437 0x10d8 WdFilter - ok
15:50:03.0500 0x10d8 [ 40C67D1A4891120874767F6E6604D6C5, 4D9DD658566DE711ADF4D6C33FCB31DA351EE050E3ED188664D04526CCAAEEF5 ] WdiServiceHost C:\WINDOWS\system32\wdi.dll
15:50:03.0547 0x10d8 WdiServiceHost - ok
15:50:03.0562 0x10d8 [ 40C67D1A4891120874767F6E6604D6C5, 4D9DD658566DE711ADF4D6C33FCB31DA351EE050E3ED188664D04526CCAAEEF5 ] WdiSystemHost C:\WINDOWS\system32\wdi.dll
15:50:03.0594 0x10d8 WdiSystemHost - ok
15:50:03.0609 0x10d8 [ 4AD874CDC812EC156265E451B6B09DAB, 6E3E05B8301841425E9BB0D54B35EF386B78EEB307B5A6153FD1F366D30F23FA ] WdNisDrv C:\WINDOWS\system32\Drivers\WdNisDrv.sys
15:50:03.0625 0x10d8 WdNisDrv - ok
15:50:03.0641 0x10d8 WdNisSvc - ok
15:50:03.0656 0x10d8 [ 91B18D7A1702ED589E67C6C81052B955, 5D1DA8B86106A28E50BBCCB36527CC130D41201F5BE1D3DC5F1D6F7ECCF807BA ] WebClient C:\WINDOWS\System32\webclnt.dll
15:50:03.0687 0x10d8 WebClient - ok
15:50:03.0703 0x10d8 [ 3274312F263882B51B964329FAF49734, 99A020377ACF0762BE5ECD2D68EB5E1497B9D59963247E725F7F96FB5DF41FAD ] Wecsvc C:\WINDOWS\system32\wecsvc.dll
15:50:03.0734 0x10d8 Wecsvc - ok
15:50:03.0750 0x10d8 [ 7CDD84E0023A0C5C230B06A7965EC65E, 6EC7DC18C76D66CF9A893C3DD20F9BE3ADD76546F9A9BA42CE4F24854709F9D9 ] WEPHOSTSVC C:\WINDOWS\system32\wephostsvc.dll
15:50:03.0766 0x10d8 WEPHOSTSVC - ok
15:50:03.0781 0x10d8 [ 959534ACF085C137D2D094384EF89C45, D029F440789FE170A1C46217C6DE6D78DC0188A5CF33FCCC17FA65D3BC80C2B7 ] wercplsupport C:\WINDOWS\System32\wercplsupport.dll
15:50:03.0797 0x10d8 wercplsupport - ok
15:50:03.0812 0x10d8 [ 82BCCF5FBE47AC9E8CBA2020994DFB3F, EA96C6BD98A701B465D0780EC10BDA92E45FE636D60C1385813AA3B456D8B931 ] WerSvc C:\WINDOWS\System32\WerSvc.dll
15:50:03.0844 0x10d8 WerSvc - ok
15:50:03.0875 0x10d8 [ BFBE1C5F57FE7A885673A1962D5532B7, F0BD05B257108699FE6AB32EF11F927C31932F27062A705B3FEFA4F5B4C0D8C3 ] WFPLWFS C:\WINDOWS\system32\DRIVERS\wfplwfs.sys
15:50:03.0891 0x10d8 WFPLWFS - ok
15:50:03.0906 0x10d8 [ E06AFE2F94BA7CFA2FE4FD2A449E60E2, 99A81E16366E9E77905D873B0246E4C11B383FE1E99E0E1D9A07FAD4E52EA9E4 ] WiaRpc C:\WINDOWS\System32\wiarpc.dll
15:50:03.0922 0x10d8 WiaRpc - ok
15:50:03.0922 0x10d8 [ 867BCC69ED9C31C501465EB0E8BA9DFA, 678B7FF4D4E8624514301956CDA7FB451159BBFC83FF2E4E5E7DADAE3C7AB2EC ] WIMMount C:\WINDOWS\system32\drivers\wimmount.sys
15:50:03.0937 0x10d8 WIMMount - ok
15:50:03.0953 0x10d8 WinDefend - ok
15:50:04.0031 0x10d8 [ DD079EC8F44DCA3A176B345C6ADEFB66, 6CD9371B83EA23D2181891FAE1DB285BC111A78C35F374E57666ED09860C91A9 ] WinHttpAutoProxySvc C:\WINDOWS\system32\winhttp.dll
15:50:04.0187 0x10d8 WinHttpAutoProxySvc - ok
15:50:04.0250 0x10d8 [ 9DB490F3E823C5C3C070644B96CB9D59, 81937D0B331E43C7C61514E60B3AD51370C5201F7B4D12F8534840D91EDC32DD ] Winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
15:50:04.0297 0x10d8 Winmgmt - ok
15:50:04.0453 0x10d8 [ 9CE162EB9057CF079736F4DD00FC0D6C, 412C34557866D2A3B3CDAFA5A03B87C01AACF75E349802E511098B20137028D9 ] WinRM C:\WINDOWS\system32\WsmSvc.dll
15:50:04.0594 0x10d8 WinRM - ok
15:50:04.0609 0x10d8 [ AC263C2F66405589528995AA41040599, 81B46E551D6130A2C3D113EC3B563CEDB5A06BB340986C0E03136CE5BE729481 ] WinUsb C:\WINDOWS\system32\DRIVERS\WinUsb.sys
15:50:04.0625 0x10d8 WinUsb - ok
15:50:04.0688 0x10d8 [ 3F5EF31C6AA204B099EE76497DF80A26, CBE648A4E7E1D98A3D8C72582C1CB3C2FD2329EAA24EE4DCAD271AAA6F4D82CE ] WlanSvc C:\WINDOWS\System32\wlansvc.dll
15:50:04.0766 0x10d8 WlanSvc - ok
15:50:04.0813 0x10d8 [ 5F56C0DE776C7AE43AF749845BFAA1EF, 837993C5853B7E682C7FB8401B7F5D951FFD15E5659EBB1B01DC3F5719ACEE19 ] wlidsvc C:\WINDOWS\system32\wlidsvc.dll
15:50:04.0875 0x10d8 wlidsvc - ok
15:50:04.0891 0x10d8 [ 2834D9D3B4F554A39C72F00EA3F0E128, D10124343C67FE9A0B711AD569BB8080495FCEA0ECEF9AC3F3FBD6865F436A44 ] WmiAcpi C:\WINDOWS\System32\drivers\wmiacpi.sys
15:50:04.0891 0x10d8 WmiAcpi - ok
15:50:04.0906 0x10d8 [ 7AFAC828F52D62F304A911EC32F42EEE, 4EDCF4149069413A166169F2E23F7505F47B39B7EC319E1EF6D2C46CD140AA24 ] wmiApSrv C:\WINDOWS\system32\wbem\WmiApSrv.exe
15:50:04.0922 0x10d8 wmiApSrv - ok
15:50:04.0938 0x10d8 WMPNetworkSvc - ok
15:50:04.0953 0x10d8 [ 7FC5667DF73D4B04AA457CC3A4180E09, CB7B014945DCA16B6D120DBE0E5876C4C867A4ACD3C3536AEADC14B908613D4E ] Wof C:\WINDOWS\system32\drivers\Wof.sys
15:50:04.0969 0x10d8 Wof - ok
15:50:05.0031 0x10d8 [ 61BF52E9FFAB27A0B6D621BE26088373, 81291D52C381360E69D51E7DEB05CFAC651A7E9EF781CA23062C0583D0C94708 ] workfolderssvc C:\WINDOWS\system32\workfolderssvc.dll
15:50:05.0109 0x10d8 workfolderssvc - ok
15:50:05.0125 0x10d8 [ 182561A14F2E93E81E66FE3700D17A5A, FB9A06058A8BCCEDCDC5BF8899D9B2FBA5752C262C5FC6D2B8338884F3303D12 ] wpcfltr C:\WINDOWS\system32\DRIVERS\wpcfltr.sys
15:50:05.0141 0x10d8 wpcfltr - ok
15:50:05.0141 0x10d8 [ 4E6A0F60DA7EF050D3D26417CD4D24E9, E6B3BFB007B641D41F8532ED086F92CB3D86E210023DBFAA9AD8152A9FD33CCA ] WPCSvc C:\WINDOWS\System32\wpcsvc.dll
15:50:05.0156 0x10d8 WPCSvc - ok
15:50:05.0156 0x10d8 [ 618A19EB31ECA7B7F2AA0207BAF598A5, CB18CF9B781EAB3D775F8201F294A7135E058D6C963D2CC759DCA14D95EED538 ] WPDBusEnum C:\WINDOWS\system32\wpdbusenum.dll
15:50:05.0188 0x10d8 WPDBusEnum - ok
15:50:05.0188 0x10d8 [ 9F2904B55F6CECCD1A8D986B5CE2609A, E19ED4DD3CEF3A22C058FC324824604FB3FC98A029C94E6C2A3389F938D680B6 ] WpdUpFltr C:\WINDOWS\system32\drivers\WpdUpFltr.sys
15:50:05.0203 0x10d8 WpdUpFltr - ok
15:50:05.0203 0x10d8 [ AE072B0339D0A18E455DC21666CAD572, AB1DAEA25E2C7AD610818D4B4783F6D4190D85EBB3963BBAD410E8CEA7899EDB ] ws2ifsl C:\WINDOWS\system32\drivers\ws2ifsl.sys
15:50:05.0219 0x10d8 ws2ifsl - ok
15:50:05.0234 0x10d8 [ 9654DE19551093CD73874281E1573C94, 5E3513EC0CB180D90904BE8970AB64A4434279E8C467AE2CF693254E47B1D11E ] wscsvc C:\WINDOWS\System32\wscsvc.dll
15:50:05.0266 0x10d8 wscsvc - ok
15:50:05.0266 0x10d8 [ F586F3F1BF962FE9AE4316E0D896B22F, 8D0AD48D79294567123D943D0F5B6D5A32D7A82B129A24DC821D3095AFAA100B ] WSDPrintDevice C:\WINDOWS\System32\drivers\WSDPrint.sys
15:50:05.0281 0x10d8 WSDPrintDevice - ok
15:50:05.0281 0x10d8 [ D38297814FB6E33655342D869996E617, 3701892EEF87D1BF0E73322B90678802B6EA4AFA9CBF6111F39611C79DBA96C7 ] WSDScan C:\WINDOWS\system32\DRIVERS\WSDScan.sys
15:50:05.0313 0x10d8 WSDScan - ok
15:50:05.0313 0x10d8 WSearch - ok
15:50:05.0484 0x10d8 [ 95B6670E6933E1DEE19686C55BE709A0, 4B9EB8F1712B7959A71F6DA445D29BD09B25EEFC6B30D736EFE30163D79B233E ] WSService C:\WINDOWS\System32\WSService.dll
15:50:05.0656 0x10d8 WSService - ok
15:50:05.0844 0x10d8 [ DCD090318EC800CF6275C6835900B0C6, 9E72762EEE46CC0606B909850E6D22E9C8E5C88E82F7C974B2B7C1E5160BEBA7 ] wuauserv C:\WINDOWS\system32\wuaueng.dll
15:50:05.0969 0x10d8 wuauserv - ok
15:50:05.0984 0x10d8 [ D537815E450A149752C15868392AD1F3, 8788CE493349299DB36E409C8CC3C6EA08301FA492C95D9D556E00BC13A05F13 ] WudfPf C:\WINDOWS\system32\drivers\WudfPf.sys
15:50:06.0000 0x10d8 WudfPf - ok
15:50:06.0016 0x10d8 [ 7CCBBCEE408A5DBE3FE47297DB5A6CFC, FB44B65B37B1C1A12C618E16BEF195EF861A87179B9216E43024C671C3AE052C ] WUDFRd C:\WINDOWS\System32\drivers\WUDFRd.sys
15:50:06.0031 0x10d8 WUDFRd - ok
15:50:06.0063 0x10d8 [ 7CCBBCEE408A5DBE3FE47297DB5A6CFC, FB44B65B37B1C1A12C618E16BEF195EF861A87179B9216E43024C671C3AE052C ] WUDFSensorLP C:\WINDOWS\system32\DRIVERS\WUDFRd.sys
15:50:06.0078 0x10d8 WUDFSensorLP - ok
15:50:06.0078 0x10d8 [ 9CDC2059A23E3C9B57696178508777E7, B680A2E2EDA5C8C6A547E7D9B2F2F8E6407C3EA0A01B82A4B88D48A27913A597 ] wudfsvc C:\WINDOWS\System32\WUDFSvc.dll
15:50:06.0109 0x10d8 wudfsvc - ok
15:50:06.0109 0x10d8 [ 7CCBBCEE408A5DBE3FE47297DB5A6CFC, FB44B65B37B1C1A12C618E16BEF195EF861A87179B9216E43024C671C3AE052C ] WUDFWpdFs C:\WINDOWS\system32\DRIVERS\WUDFRd.sys
15:50:06.0141 0x10d8 WUDFWpdFs - ok
15:50:06.0172 0x10d8 [ 7CCBBCEE408A5DBE3FE47297DB5A6CFC, FB44B65B37B1C1A12C618E16BEF195EF861A87179B9216E43024C671C3AE052C ] WUDFWpdMtp C:\WINDOWS\system32\DRIVERS\WUDFRd.sys
15:50:06.0188 0x10d8 WUDFWpdMtp - ok
15:50:06.0219 0x10d8 [ 2FA9794CA36147756F3FDFD6CA29B46F, 4B86DC38C2411C281686E9A4E64DA6FB2992E39391371F78E012D6D8BB85123F ] WwanSvc C:\WINDOWS\System32\wwansvc.dll
15:50:06.0266 0x10d8 WwanSvc - ok
15:50:06.0281 0x10d8 [ E89D788563184852A4F33BA5BBF2DEA2, 27D70425C68565FAFDE0098BEDBB095DB6C3663B2E405D534E34A86B178FC1D0 ] ZAtheros Wlan Agent C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe
15:50:06.0313 0x10d8 ZAtheros Wlan Agent - detected UnsignedFile.Multi.Generic ( 1 )
15:50:08.0703 0x10d8 Detect skipped due to KSN trusted
15:50:08.0703 0x10d8 ZAtheros Wlan Agent - ok
15:50:08.0735 0x10d8 ================ Scan global ===============================
15:50:08.0797 0x10d8 [ C89780A6F58D113C28A96D85D1261DC5, 185114F33A60916C7904E4A0F278CA43258454343E614F01F0DAFA98BAC981B1 ] C:\WINDOWS\system32\basesrv.dll
15:50:08.0813 0x10d8 [ 00DD4D2ACC2E72155A8AAA82018BEC0D, 9D7CA68B4A81240477FCC85A3CC11EF986093F9D6228A6C5AC608EDAD664068C ] C:\WINDOWS\system32\winsrv.dll
15:50:08.0844 0x10d8 [ 9C1833ABD62876856836C5AE55C7CE86, 0A21E2C8B2FF3B0438C86DA7151A548F9C6F5C62CD402CBBEDB435994C8508F1 ] C:\WINDOWS\system32\sxssrv.dll
15:50:08.0875 0x10d8 [ 067CB90C277DB4A737D5DEABA3055972, C681BF013170F2D92A3FC4D783FC3F200CDC0C8173373B7ECC27FCF32A03CCBD ] C:\WINDOWS\system32\services.exe
15:50:08.0891 0x10d8 [ Global ] - ok
15:50:08.0891 0x10d8 ================ Scan MBR ==================================
15:50:08.0891 0x10d8 [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk0\DR0
15:50:09.0125 0x10d8 \Device\Harddisk0\DR0 - ok
15:50:09.0141 0x10d8 [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk1\DR1
15:50:09.0172 0x10d8 \Device\Harddisk1\DR1 - ok
15:50:09.0172 0x10d8 ================ Scan VBR ==================================
15:50:09.0172 0x10d8 [ 7FE97A5404EBF62FB5A7BC16E9910032 ] \Device\Harddisk0\DR0\Partition1
15:50:09.0188 0x10d8 \Device\Harddisk0\DR0\Partition1 - ok
15:50:09.0188 0x10d8 [ 241C43513C813F861C2D0D547328B28F ] \Device\Harddisk0\DR0\Partition2
15:50:09.0188 0x10d8 \Device\Harddisk0\DR0\Partition2 - ok
15:50:09.0203 0x10d8 [ 4A81D78345FD299BE7B1AB7E82338690 ] \Device\Harddisk0\DR0\Partition3
15:50:09.0203 0x10d8 \Device\Harddisk0\DR0\Partition3 - ok
15:50:09.0203 0x10d8 [ A854FB8757506A725147CF8DBE173924 ] \Device\Harddisk0\DR0\Partition4
15:50:09.0235 0x10d8 \Device\Harddisk0\DR0\Partition4 - ok
15:50:09.0235 0x10d8 [ CCA1561B3712D6A40049392163C947D4 ] \Device\Harddisk0\DR0\Partition5
15:50:09.0250 0x10d8 \Device\Harddisk0\DR0\Partition5 - ok
15:50:09.0266 0x10d8 [ 905B1D890362E89794E872495A1F1F18 ] \Device\Harddisk0\DR0\Partition6
15:50:09.0266 0x10d8 \Device\Harddisk0\DR0\Partition6 - ok
15:50:09.0266 0x10d8 [ E97D6EA708153C90A6306E4E7E9C6A2E ] \Device\Harddisk0\DR0\Partition7
15:50:09.0282 0x10d8 \Device\Harddisk0\DR0\Partition7 - ok
15:50:09.0282 0x10d8 [ B1E27AA018409DE6BFD73F8AFB883A65 ] \Device\Harddisk1\DR1\Partition1
15:50:09.0282 0x10d8 \Device\Harddisk1\DR1\Partition1 - ok
15:50:09.0282 0x10d8 ================ Scan generic autorun ======================
15:50:09.0469 0x10d8 [ 18B40C7AF31127F4F0DD8BE2F8C79AFA, 6F1870E66CBAA36A2660A036B5606FC2686240286F0750F57203EE58E7D2232D ] c:\Program Files\Dell\QuickSet\QuickSet.exe
15:50:09.0625 0x10d8 QuickSet - ok
15:50:09.0657 0x10d8 [ FC71FB03F1BD0E51FBCC77A8655645F0, 5B905DD997FC512DA120B81753C5CE304ACDEAA1F3C75D94C39C166BFF7F2555 ] C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtTray.exe
15:50:09.0688 0x10d8 BtTray - ok
15:50:09.0703 0x10d8 [ 3EA77ED754529075DE4A1D39A030B35C, 6A012207C4E864A8069759DC0AB88B99D71F996DB3E83B7AC799B229100DDF02 ] C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe
15:50:09.0703 0x10d8 BtvStack - ok
15:50:09.0703 0x10d8 SynTPEnh - ok
15:50:09.0766 0x10d8 [ 94BFCE236D6340011721470E394056E3, 42A7808F6C53C268354E9E47F0689FE2B4717F61E97CBAA0ABF33E0275B908EF ] C:\Program Files\IDT\WDM\sttray64.exe
15:50:09.0844 0x10d8 SysTrayApp - detected UnsignedFile.Multi.Generic ( 1 )
15:50:12.0235 0x10d8 Detect skipped due to KSN trusted
15:50:12.0235 0x10d8 SysTrayApp - ok
15:50:12.0250 0x10d8 [ F69A96518013653C7E59FDC8A63F05FC, 9A70F75B4C949B7AAD9D62051868213FB73DF3F721F67AD4587DD8AA949267A5 ] C:\WINDOWS\system32\igfxtray.exe
15:50:12.0266 0x10d8 IgfxTray - ok
15:50:12.0297 0x10d8 [ 40FFF3AD7A1607CB26C26CA362AD6FBE, 8A00149A979D435615BBE02F6E67E898C45E78903CF0D60B90BC7F9312CF4CE7 ] C:\WINDOWS\system32\hkcmd.exe
15:50:12.0313 0x10d8 HotKeysCmds - ok
15:50:12.0329 0x10d8 [ 117D15A423DE6D2142D2ADBBC82432A4, 35ABAF86996215D9146641931AC5A0634B604199390184CBA78B934B97E89E27 ] C:\WINDOWS\system32\igfxpers.exe
15:50:12.0360 0x10d8 Persistence - ok
15:50:12.0360 0x10d8 [ 724CB7A116F7E1A67009D751BCF86586, F0C4BE7451C5573AD584F5EF125C0702841E30D928909B5B3EA702831EF2FD9B ] C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
15:50:12.0375 0x10d8 CLMLServer_For_P2G8 - ok
15:50:12.0391 0x10d8 [ 3A632F4EA3386DFEE9D8FDE68C34EFE0, 481B3732D47E3738F74C073CEA41CAD3AF64F702FD42ECCE6551B53AFDAE72AD ] C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe
15:50:12.0422 0x10d8 CLVirtualDrive - ok
15:50:12.0422 0x10d8 [ 9388FBA0B9985B18B3693A32B530A16B, F3C3DCDB4D66433EB33C7BA3BD1B8B80E8E67E6B3614DDF37EE77FEA143015B3 ] C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
15:50:12.0438 0x10d8 RemoteControl10 - ok
15:50:12.0438 0x10d8 APSDaemon - ok
15:50:12.0454 0x10d8 [ 187F4C75A89E3F412322C94526320074, D78FA7EF93C8C7B4326A5B6DB04A92ADD091DF00658FA8731D07C5D3BE29ED04 ] C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe
15:50:12.0469 0x10d8 BCSSync - ok
15:50:12.0485 0x10d8 [ 0EF0822810009D58118CCDFD098FA9F4, 9FAA263057898BCDBCB0A064C463F48D149474AA339A3C4C47626CC118750D2D ] C:\Program Files (x86)\iTunes\iTunesHelper.exe
15:50:12.0500 0x10d8 iTunesHelper - ok
15:50:12.0516 0x10d8 [ E8405C87CD06FF5D69BC6F3B24D766D0, C82171BEDBFE593A04D09C2E20B0528AA3CEC722D6919F8A5C70C6EFFB9EFEAE ] C:\Users\Rike Volkmann\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe
15:50:12.0532 0x10d8 AmazonMP3DownloaderHelper - ok
15:50:12.0625 0x10d8 [ 08DFA176E4FC0E63ACD8EC854449D2B0, B8CA204C3F318CD9D12F61CDDA5C66184A48D6206F019AD11DB2605FDBEB288D ] C:\Users\Rike Volkmann\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
15:50:12.0688 0x10d8 Spotify Web Helper - ok
15:50:12.0688 0x10d8 Waiting for KSN requests completion. In queue: 91
15:50:13.0704 0x10d8 Waiting for KSN requests completion. In queue: 91
15:50:14.0719 0x10d8 Waiting for KSN requests completion. In queue: 10
15:50:15.0751 0x10d8 AV detected via SS2: Windows Defender, C:\Program Files\Windows Defender\MSASCui.exe ( 4.6.305.0 ), 0x61100 ( enabled : updated )
15:50:15.0751 0x10d8 Win FW state via NFP2: enabled
15:50:18.0188 0x10d8 ============================================================
15:50:18.0188 0x10d8 Scan finished
15:50:18.0188 0x10d8 ============================================================
15:50:18.0188 0x11b4 Detected object count: 0
15:50:18.0188 0x11b4 Actual detected object count: 0
16:13:53.0010 0x02fc Deinitialize success
Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.08.3.1004
www.malwarebytes.org
Database version:
main: v2015.01.26.06
rootkit: v2015.01.14.01
Windows 8.1 x64 NTFS
Internet Explorer 11.0.9600.17498
Friederike Volkmann :: RIKES-LAPTOP [administrator]
26.01.2015 15:55:56
mbar-log-2015-01-26 (15-55-56).txt
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 373488
Time elapsed: 14 minute(s), 45 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 1
C:\ProgramData\374311380 (Rogue.Multiple) -> Delete on reboot. [b44a6398711891a5f1beac85f90ab54b]
Files Detected: 0
(No malicious items detected)
Physical Sectors Detected: 0
(No malicious items detected)
(end)
Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.08.3.1004
www.malwarebytes.org
Database version:
main: v2015.01.26.06
rootkit: v2015.01.14.01
Windows 8.1 x64 NTFS
Internet Explorer 11.0.9600.17498
Friederike Volkmann :: RIKES-LAPTOP [administrator]
26.01.2015 16:14:42
mbar-log-2015-01-26 (16-14-42).txt
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 373336
Time elapsed: 11 minute(s), 33 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
Physical Sectors Detected: 0
(No malicious items detected)
(end)
|
|
26.01.2015, 18:28
| #4 |
| /// the machine /// TB-Ausbilder | Windows 8 - Audio-Werbung im Hintergrund! Downloade Dir bitte  Malwarebytes Anti-Malware
Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
26.01.2015, 20:44
| #5 |
| | Windows 8 - Audio-Werbung im Hintergrund! Als erstes mbam: Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: 26.01.2015 Suchlauf-Zeit: 20:14:28 Logdatei: mbam.txt Administrator: Ja Version: 2.00.4.1028 Malware Datenbank: v2015.01.26.07 Rootkit Datenbank: v2015.01.14.01 Lizenz: Kostenlos Malware Schutz: Deaktiviert Bösartiger Webseiten Schutz: Deaktiviert Selbstschutz: Deaktiviert Betriebssystem: Windows 8.1 CPU: x64 Dateisystem: NTFS Benutzer: Friederike Volkmann Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 373422 Verstrichene Zeit: 8 Min, 33 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Deaktiviert Heuristik: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 1 PUP.Optional.AdPeak.A, C:\Program Files\005\vulsrsebjh64.exe, 1836, Löschen bei Neustart, [b7485e9d6f1a78be30b23547867f8779] Module: 0 (Keine schädliche Elemente erkannt) Registrierungsschlüssel: 10 PUP.Optional.AdPeak.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\vulsrsebjh64, In Quarantäne, [b7485e9d6f1a78be30b23547867f8779], PUP.Optional.CouponArific.A, HKLM\SOFTWARE\couponarific, In Quarantäne, [12ed8675fb8e0036376a6d1922e1f10f], PUP.Optional.Adpeak.A, HKLM\SOFTWARE\WOW6432NODE\AllDaySavings, In Quarantäne, [29d62dce2366d75f885352460bf8ac54], PUP.Optional.CouponArific.A, HKLM\SOFTWARE\WOW6432NODE\couponarific, In Quarantäne, [2bd4b843c2c777bf831eb4d21be81ee2], PUP.Optional.CouponArific.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\CouponarificService64, In Quarantäne, [79866893c1c8cb6b980b6e185da66c94], PUP.Optional.CouponArific.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\couponarific, In Quarantäne, [f708f407ddac33035b45622417ecef11], PUP.Optional.Cinema.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\HC-inemA4, In Quarantäne, [4eb1e31893f6092d37abee0cc73ddf21], PUP.Optional.CrossRider.A, HKU\S-1-5-21-3189138124-3710648530-2942340369-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Crossrider, In Quarantäne, [9d6237c4a0e99f97cdaf07e4df2539c7], PUP.Optional.GlobalUpdate.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\GOOGLEUPDATE.EXE, In Quarantäne, [f50a9c5fb8d1ca6c3ac0d7838c776a96], PUP.Optional.GlobalUpdate.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\GOOGLEUPDATE.EXE, In Quarantäne, [f50a9c5fb8d1ca6c3ac0d7838c776a96], Registrierungswerte: 0 (Keine schädliche Elemente erkannt) Registrierungsdaten: 0 (Keine schädliche Elemente erkannt) Ordner: 5 PUP.Optional.CompatibilityVerifier.A, C:\Users\Rike Volkmann\AppData\Roaming\Compatibility Verifier, In Quarantäne, [be410feced9cca6ca5cff18bc340718f], PUP.Optional.CompatibilityVerifier.A, C:\Users\Rike Volkmann\AppData\Roaming\Compatibility Verifier\locales, In Quarantäne, [be410feced9cca6ca5cff18bc340718f], PUP.Optional.GlobalUpdate.A, C:\Users\Rike Volkmann\AppData\Local\Temp\comh.419476, In Quarantäne, [f50a9c5fb8d1ca6c3ac0d7838c776a96], PUP.Optional.GenesisOffers, C:\Users\Rike Volkmann\AppData\Local\Genesis_08231206, In Quarantäne, [0df2c6350d7c67cf28d36ff33dc6e719], PUP.Optional.SharkManCoupon.A, C:\ProgramData\SharkManCoupon, In Quarantäne, [c13ecf2ca9e09e9859fdb3bcaa5919e7], Dateien: 31 PUP.Optional.AdPeak.A, C:\Program Files\005\vulsrsebjh64.exe, Löschen bei Neustart, [b7485e9d6f1a78be30b23547867f8779], PUP.Optional.AllDaySavings.A, C:\Users\Rike Volkmann\AppData\Local\Temp\n4474\alldaysavings_1007-31e96496.exe, In Quarantäne, [30cff00bb0d96ec896d2607af70bfb05], PUP.Optional.AppInstaller, C:\Users\Rike Volkmann\AppData\Local\Temp\n4474\FLVMPlayerSetup-c45490cb.exe, In Quarantäne, [bc43817ad3b6b383e47c6e37dc25b34d], PUP.Optional.NSXgen, C:\Users\Rike Volkmann\AppData\Local\Temp\n4474\HQVideo-DEInstaller.exe, In Quarantäne, [d92662993e4b74c284ccbc10649d6a96], PUP.Optional.BundleInstaller.A, C:\Users\Rike Volkmann\AppData\Local\Temp\n4474\s4474.exe, In Quarantäne, [8e71d82344453ef8d9c18cc3867ab848], PUP.Optional.CompatibilityVerifier.A, C:\Users\Rike Volkmann\AppData\Roaming\Compatibility Verifier\cef.pak, In Quarantäne, [be410feced9cca6ca5cff18bc340718f], PUP.Optional.CompatibilityVerifier.A, C:\Users\Rike Volkmann\AppData\Roaming\Compatibility Verifier\cef_100_percent.pak, In Quarantäne, [be410feced9cca6ca5cff18bc340718f], PUP.Optional.CompatibilityVerifier.A, C:\Users\Rike Volkmann\AppData\Roaming\Compatibility Verifier\cef_200_percent.pak, In Quarantäne, [be410feced9cca6ca5cff18bc340718f], PUP.Optional.CompatibilityVerifier.A, C:\Users\Rike Volkmann\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe, In Quarantäne, [be410feced9cca6ca5cff18bc340718f], PUP.Optional.CompatibilityVerifier.A, C:\Users\Rike Volkmann\AppData\Roaming\Compatibility Verifier\compatibilitychecksvc.exe, In Quarantäne, [be410feced9cca6ca5cff18bc340718f], PUP.Optional.CompatibilityVerifier.A, C:\Users\Rike Volkmann\AppData\Roaming\Compatibility Verifier\d3dcompiler_46.dll, In Quarantäne, [be410feced9cca6ca5cff18bc340718f], PUP.Optional.CompatibilityVerifier.A, C:\Users\Rike Volkmann\AppData\Roaming\Compatibility Verifier\debug.log, In Quarantäne, [be410feced9cca6ca5cff18bc340718f], PUP.Optional.CompatibilityVerifier.A, C:\Users\Rike Volkmann\AppData\Roaming\Compatibility Verifier\ffmpegsumo.dll, In Quarantäne, [be410feced9cca6ca5cff18bc340718f], PUP.Optional.CompatibilityVerifier.A, C:\Users\Rike Volkmann\AppData\Roaming\Compatibility Verifier\icudtl.dat, In Quarantäne, [be410feced9cca6ca5cff18bc340718f], PUP.Optional.CompatibilityVerifier.A, C:\Users\Rike Volkmann\AppData\Roaming\Compatibility Verifier\libEGL.dll, In Quarantäne, [be410feced9cca6ca5cff18bc340718f], PUP.Optional.CompatibilityVerifier.A, C:\Users\Rike Volkmann\AppData\Roaming\Compatibility Verifier\libGLESv2.dll, In Quarantäne, [be410feced9cca6ca5cff18bc340718f], PUP.Optional.CompatibilityVerifier.A, C:\Users\Rike Volkmann\AppData\Roaming\Compatibility Verifier\NPSWF32_15_0_0_189.dll, In Quarantäne, [be410feced9cca6ca5cff18bc340718f], PUP.Optional.CompatibilityVerifier.A, C:\Users\Rike Volkmann\AppData\Roaming\Compatibility Verifier\vcredist_x86.exe, In Quarantäne, [be410feced9cca6ca5cff18bc340718f], PUP.Optional.MindSpark.A, C:\Users\Rike Volkmann\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_internetspeedtracker.dl.tb.ask.com_0.localstorage, In Quarantäne, [5aa505f63455300640f0892328dbf20e], PUP.Optional.MindSpark.A, C:\Users\Rike Volkmann\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_internetspeedtracker.dl.tb.ask.com_0.localstorage-journal, In Quarantäne, [629d64977f0ae55142ee1597f70cad53], PUP.Optional.GlobalUpdate.A, C:\Users\Rike Volkmann\AppData\Local\Temp\comh.419476\GoogleCrashHandler.exe, In Quarantäne, [f50a9c5fb8d1ca6c3ac0d7838c776a96], PUP.Optional.GlobalUpdate.A, C:\Users\Rike Volkmann\AppData\Local\Temp\comh.419476\GoogleUpdate.exe, In Quarantäne, [f50a9c5fb8d1ca6c3ac0d7838c776a96], PUP.Optional.GlobalUpdate.A, C:\Users\Rike Volkmann\AppData\Local\Temp\comh.419476\GoogleUpdateBroker.exe, In Quarantäne, [f50a9c5fb8d1ca6c3ac0d7838c776a96], PUP.Optional.GlobalUpdate.A, C:\Users\Rike Volkmann\AppData\Local\Temp\comh.419476\GoogleUpdateHelper.msi, In Quarantäne, [f50a9c5fb8d1ca6c3ac0d7838c776a96], PUP.Optional.GlobalUpdate.A, C:\Users\Rike Volkmann\AppData\Local\Temp\comh.419476\GoogleUpdateOnDemand.exe, In Quarantäne, [f50a9c5fb8d1ca6c3ac0d7838c776a96], PUP.Optional.GlobalUpdate.A, C:\Users\Rike Volkmann\AppData\Local\Temp\comh.419476\goopdate.dll, In Quarantäne, [f50a9c5fb8d1ca6c3ac0d7838c776a96], PUP.Optional.GlobalUpdate.A, C:\Users\Rike Volkmann\AppData\Local\Temp\comh.419476\goopdateres_en.dll, In Quarantäne, [f50a9c5fb8d1ca6c3ac0d7838c776a96], PUP.Optional.GlobalUpdate.A, C:\Users\Rike Volkmann\AppData\Local\Temp\comh.419476\npGoogleUpdate4.dll, In Quarantäne, [f50a9c5fb8d1ca6c3ac0d7838c776a96], PUP.Optional.GlobalUpdate.A, C:\Users\Rike Volkmann\AppData\Local\Temp\comh.419476\psmachine.dll, In Quarantäne, [f50a9c5fb8d1ca6c3ac0d7838c776a96], PUP.Optional.GlobalUpdate.A, C:\Users\Rike Volkmann\AppData\Local\Temp\comh.419476\psuser.dll, In Quarantäne, [f50a9c5fb8d1ca6c3ac0d7838c776a96], PUP.Optional.SharkManCoupon.A, C:\ProgramData\SharkManCoupon\SharkManCoupon.exe, In Quarantäne, [c13ecf2ca9e09e9859fdb3bcaa5919e7], Physische Sektoren: 0 (Keine schädliche Elemente erkannt) (end) Code:
ATTFilter # AdwCleaner v4.109 - Bericht erstellt am 26/01/2015 um 20:31:12
# Aktualisiert 24/01/2015 von Xplode
# Database : 2015-01-25.1 [Live]
# Betriebssystem : Windows 8.1 (64 bits)
# Benutzername : Friederike Volkmann - RIKES-LAPTOP
# Gestartet von : C:\Users\Rike Volkmann\Downloads\AdwCleaner_4.109.exe
# Option : Löschen
***** [ Dienste ] *****
Dienst Gelöscht : netfilter64
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\ProgramData\SmartuComppaare
Ordner Gelöscht : C:\ProgramData\tOpbuyeer
Ordner Gelöscht : C:\ProgramData\8c1ffd0d0da0099d
Ordner Gelöscht : C:\Users\Rike Volkmann\AppData\Local\globalUpdate
Ordner Gelöscht : C:\Users\Rike Volkmann\AppData\Roaming\dvdvideosoftiehelpers
Datei Gelöscht : C:\WINDOWS\System32\drivers\netfilter64.sys
***** [ Tasks ] *****
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\superfish.com
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.superfish.com
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\SmmarrtCOmpare.SmmarrtCOmpare
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\SmmarrtCOmpare.SmmarrtCOmpare.4.41
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\topbuYeEr.topbuYeEr
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\topbuYeEr.topbuYeEr.4.1
Schlüssel Gelöscht : HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{2945EC95-9086-FC49-50CF-25CCD92333F6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{ED232A29-2F98-780E-3E6C-3F7F5FB395D7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2945EC95-9086-FC49-50CF-25CCD92333F6}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2945EC95-9086-FC49-50CF-25CCD92333F6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{2945EC95-9086-FC49-50CF-25CCD92333F6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{ED232A29-2F98-780E-3E6C-3F7F5FB395D7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{2945EC95-9086-FC49-50CF-25CCD92333F6}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{ED232A29-2F98-780E-3E6C-3F7F5FB395D7}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKCU\Software\genesis
Schlüssel Gelöscht : HKCU\Software\GlobalUpdate
Schlüssel Gelöscht : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Schlüssel Gelöscht : HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}
Schlüssel Gelöscht : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Schlüssel Gelöscht : HKLM\SOFTWARE\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Schlüssel Gelöscht : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Schlüssel Gelöscht : HKLM\SOFTWARE\{77D46E27-0E41-4478-87A6-AABE6FBCF252}
Schlüssel Gelöscht : HKLM\SOFTWARE\GlobalUpdate
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{FE139F4C-CE5B-121A-8A2D-191FA2226094}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\AllDaySavings
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\calcitapp.info
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\movshare.net
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\websearch.calcitapp.info
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.movshare.net
Daten Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - *.local
***** [ Browser ] *****
-\\ Internet Explorer v11.0.9600.17416
-\\ Mozilla Firefox v
[e5w1e129.default-1410297490929\prefs.js] - Zeile gelöscht : user_pref("extensions.81HjSdtU0OQ8gNBp.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1url.indexOf(\"warnalert11.com\")>-1url.indexOf(\[...]
[e5w1e129.default-1410297490929\prefs.js] - Zeile gelöscht : user_pref("extensions.8Lz2Stn.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1url.indexOf(\"warnalert11.com\")>-1url.indexOf(\"sumorobo[...]
[e5w1e129.default-1410297490929\prefs.js] - Zeile gelöscht : user_pref("extensions.D513IGci9fVRp5c9.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1url.indexOf(\"warnalert11.com\")>-1url.indexOf(\[...]
[e5w1e129.default-1410297490929\prefs.js] - Zeile gelöscht : user_pref("extensions.J6Nv0Mlt20NBGZ8Y.scode", "try{(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1url.indexOf(\"warnalert11.com\")>-1url.index[...]
[e5w1e129.default-1410297490929\prefs.js] - Zeile gelöscht : user_pref("extensions.PQG0meIHcjDTCmxE.scode", "try{(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1url.indexOf(\"warnalert11.com\")>-1url.index[...]
[e5w1e129.default-1410297490929\prefs.js] - Zeile gelöscht : user_pref("extensions.i5dtBZ64hKDc8OIA.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1url.indexOf(\"warnalert11.com\")>-1url.indexOf(\[...]
[e5w1e129.default-1410297490929\prefs.js] - Zeile gelöscht : user_pref("extensions.m4fUAlhXbfNNoPt6.scode", "try{(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1url.indexOf(\"warnalert11.com\")>-1url.index[...]
[e5w1e129.default-1410297490929\prefs.js] - Zeile gelöscht : user_pref("extensions.plA90MYP3na6t33V.scode", "try{(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1url.indexOf(\"warnalert11.com\")>-1url.index[...]
[e5w1e129.default-1410297490929\prefs.js] - Zeile gelöscht : user_pref("extensions.q2Iiq.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1url.indexOf(\"warnalert11.com\")>-1url.indexOf(\"sumorobo.n[...]
-\\ Google Chrome v40.0.2214.91
*************************
AdwCleaner[R0].txt - [7374 octets] - [26/01/2015 20:29:17]
AdwCleaner[S0].txt - [7125 octets] - [26/01/2015 20:31:12]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [7185 octets] ##########
Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.1 (12.28.2014:1)
OS: Windows 8.1 x64
Ran by Friederike Volkmann on 26.01.2015 at 20:34:40,37
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
~~~ Files
~~~ Folders
Successfully deleted: [Folder] "C:\ProgramData\pcdr"
Successfully deleted: [Folder] "C:\Users\Rike Volkmann\AppData\Roaming\fixcleaner"
Successfully deleted: [Folder] "C:\Program Files (x86)\fixcleaner"
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 26.01.2015 at 20:38:01,07
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-01-2015 01
Ran by Friederike Volkmann (administrator) on RIKES-LAPTOP on 26-01-2015 20:40:39
Running from C:\Users\Rike Volkmann\Downloads
Loaded Profiles: Friederike Volkmann (Available profiles: Friederike Volkmann)
Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AdminService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(Atheros) C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
(Qualcomm Atheros) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtTray.exe
(Atheros Communications) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
() C:\Users\Rike Volkmann\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe
(Spotify Ltd) C:\Users\Rike Volkmann\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Audible, Inc.) C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(Dropbox, Inc.) C:\Users\Rike Volkmann\AppData\Roaming\Dropbox\bin\Dropbox.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [QuickSet] => c:\Program Files\Dell\QuickSet\QuickSet.exe [3759504 2012-07-20] (Dell Inc.)
HKLM\...\Run: [BtTray] => C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtTray.exe [763520 2012-08-01] (Qualcomm Atheros)
HKLM\...\Run: [BtvStack] => C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe [127616 2012-08-01] (Atheros Communications)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2916152 2012-08-15] (Synaptics Incorporated)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1425408 2012-07-24] (IDT, Inc.)
HKLM-x32\...\Run: [CLMLServer_For_P2G8] => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111120 2012-06-08] (CyberLink)
HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491120 2012-07-04] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [143888 2012-06-02] (CyberLink Corp.)
HKLM-x32\...\Run: [APSDaemon] => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3189138124-3710648530-2942340369-1001\...\Run: [AmazonMP3DownloaderHelper] => C:\Users\Rike Volkmann\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe [400704 2013-05-22] ()
HKU\S-1-5-21-3189138124-3710648530-2942340369-1001\...\Run: [Spotify Web Helper] => C:\Users\Rike Volkmann\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1676344 2015-01-13] (Spotify Ltd)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Audible Download Manager.lnk
ShortcutTarget: Audible Download Manager.lnk -> C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe (Audible, Inc.)
Startup: C:\Users\Rike Volkmann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Rike Volkmann\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Rike Volkmann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=MSE1
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=MSE1
HKU\S-1-5-21-3189138124-3710648530-2942340369-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://t.de.msn.com/
HKU\S-1-5-21-3189138124-3710648530-2942340369-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=MSE1
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3189138124-3710648530-2942340369-1001 -> {C60BBC6C-479C-412A-8EC3-E49FD91564AF} URL =
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Citavi Picker -> {609D670F-B735-4da7-AC6D-F3BD358E325E} -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: deaal4me -> {b9d6317b-646f-4e9e-85fd-dcf04ac1d4d0} -> C:\ProgramData\deaal4me\VjTf1AW77z5IuY.x64.dll No File
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: Citavi Picker -> {609D670F-B735-4da7-AC6D-F3BD358E325E} -> C:\WINDOWS\SysWOW64\mscoree.dll (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
FireFox:
========
FF ProfilePath: C:\Users\Rike Volkmann\AppData\Roaming\Mozilla\Firefox\Profiles\e5w1e129.default-1410297490929
FF Homepage: hxxp://www.ecosia.org/
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3503.0728 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3189138124-3710648530-2942340369-1001: amazon.com/AmazonMP3DownloaderPlugin -> C:\Users\Rike Volkmann\AppData\Local\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10181.dll (Amazon.com, Inc.)
FF Extension: Adblock Plus - C:\Users\Rike Volkmann\AppData\Roaming\Mozilla\Firefox\Profiles\e5w1e129.default-1410297490929\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-09-23]
FF HKLM-x32\...\Firefox\Extensions: [{8AA36F4F-6DC7-4c06-77AF-5035170634FE}] - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox
FF Extension: Citavi Picker - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox [2014-11-10]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [Not Found]
Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR StartupUrls: Default -> "hxxp://www.ecosia.de/"
CHR Profile: C:\Users\Rike Volkmann\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Präsentationen) - C:\Users\Rike Volkmann\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-01-25]
CHR Extension: (Google Docs) - C:\Users\Rike Volkmann\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-01-25]
CHR Extension: (Google Drive) - C:\Users\Rike Volkmann\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-01-25]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Rike Volkmann\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-01-25]
CHR Extension: (YouTube) - C:\Users\Rike Volkmann\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-01-25]
CHR Extension: (Google-Suche) - C:\Users\Rike Volkmann\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-01-25]
CHR Extension: (Google Tabellen) - C:\Users\Rike Volkmann\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-01-25]
CHR Extension: (Google Wallet) - C:\Users\Rike Volkmann\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-01-25]
CHR Extension: (Google Mail) - C:\Users\Rike Volkmann\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-01-25]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AtherosSvc; C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe [207488 2012-08-01] (Qualcomm Atheros Commnucations)
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [321024 2013-08-22] (Microsoft Corporation)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2449592 2014-11-12] (Microsoft Corporation)
S2 DellDigitalDelivery; c:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe [173056 2012-06-19] (Dell Products, LP.) [File not signed]
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [254512 2012-04-25] ()
R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [321536 2012-07-24] (IDT, Inc.) [File not signed]
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation)
R2 ZAtheros Wlan Agent; C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe [77824 2012-07-23] (Atheros) [File not signed]
S3 MozillaMaintenance; "C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe" [X]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [76952 2012-08-01] (Qualcomm Atheros)
S3 BthA2DP; C:\Windows\system32\drivers\BthA2DP.sys [131584 2013-08-22] (Microsoft Corporation)
S3 BthHFAud; C:\Windows\system32\DRIVERS\BthHfAud.sys [32640 2013-08-22] (Microsoft Corporation)
S3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-03-18] (Microsoft Corporation)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
S3 DellRbtn; C:\Windows\System32\drivers\DellRbtn.sys [10752 2012-08-05] (OSR Open Systems Resources, Inc.)
S3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [129752 2015-01-26] (Malwarebytes Corporation)
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [41272 2012-08-15] (Synaptics Incorporated)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [43832 2012-08-15] (Synaptics Incorporated)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-01-26 20:38 - 2015-01-26 20:38 - 00000836 _____ () C:\Users\Rike Volkmann\Desktop\JRT.txt
2015-01-26 20:34 - 2015-01-26 20:34 - 01707939 _____ (Thisisu) C:\Users\Rike Volkmann\Downloads\JRT.exe
2015-01-26 20:34 - 2015-01-26 20:34 - 00000000 ____D () C:\WINDOWS\ERUNT
2015-01-26 20:33 - 2015-01-26 20:33 - 00007289 _____ () C:\Users\Rike Volkmann\Desktop\AdwCleaner[S0].txt
2015-01-26 20:29 - 2015-01-26 20:31 - 00000000 ____D () C:\AdwCleaner
2015-01-26 20:28 - 2015-01-26 20:28 - 02194432 _____ () C:\Users\Rike Volkmann\Downloads\AdwCleaner_4.109.exe
2015-01-26 20:28 - 2015-01-26 20:28 - 00008531 _____ () C:\Users\Rike Volkmann\Desktop\mbam.txt
2015-01-26 20:13 - 2015-01-26 20:13 - 00001120 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-01-26 20:13 - 2015-01-26 20:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2015-01-26 20:13 - 2015-01-26 20:13 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2015-01-26 20:13 - 2014-11-21 06:14 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2015-01-26 20:13 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2015-01-26 20:11 - 2015-01-26 20:11 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Rike Volkmann\Downloads\mbam-setup-2.0.4.1028.exe
2015-01-26 15:55 - 2015-01-26 20:26 - 00129752 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-01-26 15:55 - 2015-01-26 20:13 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-01-26 15:55 - 2015-01-26 16:27 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-01-26 15:54 - 2015-01-26 16:27 - 00000000 ____D () C:\Users\Rike Volkmann\Desktop\mbar
2015-01-26 15:54 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-01-26 15:53 - 2015-01-26 15:54 - 16466552 _____ (Malwarebytes Corp.) C:\Users\Rike Volkmann\Downloads\mbar-1.08.3.1004.exe
2015-01-26 15:47 - 2015-01-26 15:48 - 00289296 _____ () C:\WINDOWS\Minidump\012615-12093-01.dmp
2015-01-26 15:47 - 2015-01-26 15:47 - 724865585 _____ () C:\WINDOWS\MEMORY.DMP
2015-01-26 15:47 - 2015-01-26 15:47 - 00000000 ____D () C:\WINDOWS\Minidump
2015-01-26 15:44 - 2015-01-26 15:44 - 04197016 _____ (Kaspersky Lab ZAO) C:\Users\Rike Volkmann\Downloads\tdsskiller.exe
2015-01-26 15:14 - 2015-01-26 15:14 - 00015772 _____ () C:\Users\Rike Volkmann\Desktop\gmer.log
2015-01-26 15:10 - 2015-01-26 15:10 - 00380416 _____ () C:\Users\Rike Volkmann\Downloads\Gmer-19357.exe
2015-01-26 15:10 - 2015-01-26 15:10 - 00050477 _____ () C:\Users\Rike Volkmann\Downloads\Defogger (1).exe
2015-01-26 15:09 - 2015-01-26 15:09 - 00032269 _____ () C:\Users\Rike Volkmann\Desktop\Addition.txt
2015-01-26 15:09 - 2015-01-26 15:09 - 00028730 _____ () C:\Users\Rike Volkmann\Desktop\FRST.txt
2015-01-26 15:08 - 2015-01-26 15:09 - 00032269 _____ () C:\Users\Rike Volkmann\Downloads\Addition.txt
2015-01-26 15:07 - 2015-01-26 20:40 - 00016211 _____ () C:\Users\Rike Volkmann\Downloads\FRST.txt
2015-01-26 15:07 - 2015-01-26 20:40 - 00000000 ____D () C:\FRST
2015-01-26 15:06 - 2015-01-26 15:07 - 02129920 _____ (Farbar) C:\Users\Rike Volkmann\Downloads\FRST64.exe
2015-01-26 15:06 - 2015-01-26 15:06 - 01120768 _____ (Farbar) C:\Users\Rike Volkmann\Downloads\FRST.exe
2015-01-26 15:05 - 2015-01-26 15:16 - 00000500 _____ () C:\Users\Rike Volkmann\Downloads\defogger_disable.log
2015-01-26 15:05 - 2015-01-26 15:05 - 00050477 _____ () C:\Users\Rike Volkmann\Downloads\Defogger.exe
2015-01-26 15:05 - 2015-01-26 15:05 - 00000000 _____ () C:\Users\Rike Volkmann\defogger_reenable
2015-01-26 11:21 - 2015-01-26 11:21 - 00001286 _____ () C:\Users\Rike Volkmann\Desktop\Revo Uninstaller.lnk
2015-01-26 11:21 - 2015-01-26 11:21 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2015-01-26 11:20 - 2015-01-26 11:20 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Rike Volkmann\Downloads\revosetup95.exe
2015-01-26 11:16 - 2015-01-26 11:16 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Macromedia
2015-01-26 11:16 - 2015-01-26 11:16 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Adobe
2015-01-26 11:16 - 2015-01-26 11:16 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Macromedia
2015-01-26 11:16 - 2015-01-26 11:16 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Adobe
2015-01-25 16:44 - 2015-01-25 16:44 - 00002273 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-01-25 16:44 - 2015-01-25 16:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-01-25 16:39 - 2015-01-26 20:32 - 00001158 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-25 16:39 - 2015-01-26 17:44 - 00001162 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-25 16:39 - 2015-01-25 16:39 - 00004134 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2015-01-25 16:39 - 2015-01-25 16:39 - 00003898 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2015-01-25 16:38 - 2015-01-25 16:38 - 00880784 _____ (Google Inc.) C:\Users\Rike Volkmann\Downloads\ChromeSetup.exe
2015-01-25 16:25 - 2015-01-26 15:39 - 00000112 _____ () C:\ProgramData\8fAo0362.dat
2015-01-14 12:38 - 2014-12-19 07:26 - 00140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxdav.sys
2015-01-14 12:38 - 2014-12-12 03:04 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWbPrxy.exe
2015-01-14 12:38 - 2014-12-12 01:51 - 00075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ahcache.sys
2015-01-14 12:38 - 2014-12-09 02:50 - 00225280 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2015-01-14 12:38 - 2014-12-08 20:42 - 00535640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2015-01-14 12:38 - 2014-12-08 20:42 - 00531616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2015-01-14 12:38 - 2014-12-08 20:42 - 00448792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2015-01-14 12:38 - 2014-12-08 20:42 - 00413248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll
2015-01-14 12:38 - 2014-12-08 20:42 - 00372408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll
2015-01-14 12:38 - 2014-12-08 20:42 - 00108944 _____ (Microsoft Corporation) C:\WINDOWS\system32\EncDump.dll
2015-01-14 12:38 - 2014-12-08 20:42 - 00038264 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFaultSecure.exe
2015-01-14 12:38 - 2014-12-08 20:42 - 00033584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFaultSecure.exe
2015-01-14 12:38 - 2014-12-06 04:17 - 00360448 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncsi.dll
2015-01-14 12:38 - 2014-12-06 02:41 - 00391680 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlasvc.dll
2015-01-14 12:38 - 2014-12-06 02:35 - 00229888 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2015-01-14 12:38 - 2014-10-29 05:00 - 00465320 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe
2015-01-14 12:38 - 2014-10-29 05:00 - 00139984 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe
2015-01-14 12:38 - 2014-10-29 04:52 - 00500016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2015-01-14 12:38 - 2014-10-29 04:52 - 00482872 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2015-01-14 12:38 - 2014-10-29 04:52 - 00394120 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2015-01-14 12:38 - 2014-10-29 04:52 - 00272248 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2015-01-14 12:38 - 2014-10-29 04:12 - 00413136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe
2015-01-14 12:38 - 2014-10-29 04:12 - 00136296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe
2015-01-14 12:38 - 2014-10-29 04:07 - 00424544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2015-01-14 12:38 - 2014-10-29 04:07 - 00370424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2015-01-14 12:38 - 2014-10-29 04:07 - 00344536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll
2015-01-14 12:38 - 2014-10-29 03:44 - 00037888 _____ (Microsoft Corporation) C:\WINDOWS\system32\werdiagcontroller.dll
2015-01-14 12:38 - 2014-10-29 02:59 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werdiagcontroller.dll
2015-01-14 12:38 - 2014-10-29 02:24 - 00086016 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlaapi.dll
2015-01-14 12:38 - 2014-10-29 02:02 - 00911360 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2015-01-14 12:38 - 2014-10-29 02:01 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nlaapi.dll
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-01-26 20:40 - 2013-01-12 20:11 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3189138124-3710648530-2942340369-1001
2015-01-26 20:38 - 2014-03-18 11:03 - 01780340 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-01-26 20:38 - 2014-03-18 10:25 - 00766620 _____ () C:\WINDOWS\system32\perfh007.dat
2015-01-26 20:38 - 2014-03-18 10:25 - 00159902 _____ () C:\WINDOWS\system32\perfc007.dat
2015-01-26 20:33 - 2014-06-24 13:12 - 01861512 _____ () C:\WINDOWS\WindowsUpdate.log
2015-01-26 20:32 - 2014-08-11 15:01 - 00000000 ___RD () C:\Users\Rike Volkmann\Dropbox
2015-01-26 20:32 - 2014-08-11 14:42 - 00000000 ____D () C:\Users\Rike Volkmann\AppData\Roaming\Dropbox
2015-01-26 20:32 - 2014-03-18 02:50 - 00049774 _____ () C:\WINDOWS\PFRO.log
2015-01-26 20:32 - 2013-08-22 15:46 - 00306303 _____ () C:\WINDOWS\setupact.log
2015-01-26 20:32 - 2013-08-22 15:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-01-26 20:31 - 2013-08-22 14:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2015-01-26 20:24 - 2014-08-23 13:06 - 00000000 ____D () C:\Program Files\005
2015-01-26 20:24 - 2014-06-24 13:01 - 00000000 ____D () C:\Users\Rike Volkmann
2015-01-26 20:09 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-01-26 16:20 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\NDF
2015-01-26 15:59 - 2014-08-11 17:24 - 00275968 ___SH () C:\Users\Rike Volkmann\Downloads\Thumbs.db
2015-01-26 11:36 - 2013-01-14 11:31 - 00000000 ____D () C:\ProgramData\Apple
2015-01-25 23:13 - 2014-01-03 19:21 - 00000000 ____D () C:\Users\Rike Volkmann\Documents\FreundeFamilie
2015-01-25 18:12 - 2012-07-26 08:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2015-01-25 16:44 - 2013-01-24 18:11 - 00000000 ____D () C:\Users\Rike Volkmann\AppData\Local\Google
2015-01-25 16:44 - 2013-01-24 18:10 - 00000000 ____D () C:\Program Files (x86)\Google
2015-01-25 15:31 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2015-01-21 17:20 - 2013-01-12 20:05 - 00000000 ____D () C:\Users\Rike Volkmann\AppData\Local\Packages
2015-01-19 22:32 - 2013-08-22 16:38 - 00714720 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-01-19 22:32 - 2013-08-22 16:38 - 00106976 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-16 17:15 - 2014-10-15 11:01 - 00000000 ____D () C:\Users\Rike Volkmann\Documents\Bluetooth Folder
2015-01-16 08:45 - 2013-07-29 10:53 - 00000000 ____D () C:\Users\Rike Volkmann\Desktop\Uni
2015-01-14 17:16 - 2013-09-04 09:41 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-01-14 17:09 - 2013-01-14 12:45 - 113365784 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-01-13 21:01 - 2014-02-17 17:58 - 00000000 ____D () C:\Users\Rike Volkmann\AppData\Roaming\Spotify
2015-01-13 15:11 - 2014-02-17 17:58 - 00000000 ____D () C:\Users\Rike Volkmann\AppData\Local\Spotify
2014-12-31 12:14 - 2013-01-14 12:45 - 00298120 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2014-12-30 15:56 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\rescache
2014-12-28 16:29 - 2013-01-12 20:06 - 00000000 ____D () C:\ProgramData\Atheros
==================== Files in the root of some directories =======
2014-11-22 22:29 - 2014-12-09 03:02 - 0004163 _____ () C:\Users\Rike Volkmann\AppData\Local\Citavi Picker Internet Explorer Protocol.txt
2013-12-16 19:39 - 2014-01-20 17:50 - 0004608 _____ () C:\Users\Rike Volkmann\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-01-25 16:25 - 2015-01-26 15:39 - 0000112 _____ () C:\ProgramData\8fAo0362.dat
2012-10-29 20:38 - 2012-10-29 20:38 - 0000119 _____ () C:\ProgramData\{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}.log
2012-10-29 20:34 - 2012-10-29 20:35 - 0000106 _____ () C:\ProgramData\{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}.log
2012-10-29 20:35 - 2012-10-29 20:36 - 0000111 _____ () C:\ProgramData\{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}.log
2012-10-29 20:33 - 2012-10-29 20:34 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
2012-10-29 20:36 - 2012-10-29 20:38 - 0000108 _____ () C:\ProgramData\{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}.log
Files to move or delete:
====================
C:\ProgramData\8fAo0362.dat
Some content of TEMP:
====================
C:\Users\Rike Volkmann\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpvyc1we.dll
C:\Users\Rike Volkmann\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe
C:\Users\Rike Volkmann\AppData\Local\Temp\nsj8EBF.tmp.exe
C:\Users\Rike Volkmann\AppData\Local\Temp\optprosetup.exe
C:\Users\Rike Volkmann\AppData\Local\Temp\Quarantine.exe
C:\Users\Rike Volkmann\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Rike Volkmann\AppData\Local\Temp\sqlite3.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-01-26 16:11
==================== End Of Log ============================
--- --- --- |
|
27.01.2015, 07:34
| #6 |
| /// the machine /// TB-Ausbilder | Windows 8 - Audio-Werbung im Hintergrund!ESET Online Scanner
Downloade Dir bitte  SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme? 
__________________ --> Windows 8 - Audio-Werbung im Hintergrund! |
|
27.01.2015, 14:49
| #7 |
| | Windows 8 - Audio-Werbung im Hintergrund! Hi, also der ESET Scanner hat 8 Bedrohungen gefunden. Ich habe auf fertigstellen geklickt, sind die damit weg? Hier die Datei dazu: Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=a8e6d9da1bea6342a70522a3b76e217e
# engine=22167
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-01-27 11:16:17
# local_time=2015-01-27 12:16:17 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1031
# osver=6.2.9200 NT
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 81431 12661696 0 0
# scanned=217169
# found=8
# cleaned=0
# scan_time=6845
sh=F74F36F049D03694536313E1908E72E8ED1DA665 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Users\Rike Volkmann\AppData\Local\Google\Chrome\User Data\Guest Profile\Extensions\ehigjigpolmdglippjafhnpngmaeepkp\207\rU0U0OEKZ.js"
sh=EBF1D052C13B9F415AFE09541BDAB68F37429922 ft=1 fh=c9dedb6e21153ace vn="Mehrere Bedrohungen" ac=I fn="C:\Users\Rike Volkmann\AppData\Local\Temp\optprosetup.exe"
sh=F3244CED9E174DEB4232C4517BE14F5EF2BDF21B ft=1 fh=23dcaa93e780676c vn="Variante von Win32/AdSuproot Trojaner" ac=I fn="C:\Users\Rike Volkmann\AppData\Local\Temp\aaccee\aabbcc.exe"
sh=F2D5E0DA72AD7588D5BF2AD6AC933294D8A0BCCF ft=1 fh=95ef0be1076ea9db vn="Variante von Win32/AdWare.NaviPromo.AZ Anwendung" ac=I fn="C:\Users\Rike Volkmann\AppData\Local\Temp\n4474\GenesisInstaller.exe"
sh=96DC47BD107B7FC0F318753BA35D553628ABDE79 ft=1 fh=02df876bf306c613 vn="Variante von Win32/AdWare.SpeedingUpMyPC.N Anwendung" ac=I fn="C:\Users\Rike Volkmann\AppData\Local\Temp\n4474\OptimizerPro.exe"
sh=D7542BAECF0506352B9FDBC212FCA65E97808859 ft=1 fh=7677dfb07a472f78 vn="Mehrere Bedrohungen" ac=I fn="C:\Windows\Temp\0892CCEA-3029-46F2-BD98-F3177431F5F8n.exe"
sh=40943BBEF6EB8DB24A2E9992B2738E800A1DD817 ft=1 fh=ef4af3541a9ac90b vn="Variante von Win32/TrojanDownloader.Agent.SEQ Trojaner" ac=I fn="C:\Windows\Temp\db25.exe"
sh=F3244CED9E174DEB4232C4517BE14F5EF2BDF21B ft=1 fh=23dcaa93e780676c vn="Variante von Win32/AdSuproot Trojaner" ac=I fn="C:\Windows\Temp\aaccee\aabbcc.exe"
Code:
ATTFilter Results of screen317's Security Check version 0.99.95
x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Windows Defender
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
Java 64-bit 8 Update 31
Adobe Reader XI
Google Chrome (40.0.2214.91)
````````Process Check: objlist.exe by Laurent````````
Windows Defender MSMpEng.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: %
````````````````````End of Log``````````````````````
FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-01-2015 01
Ran by Friederike Volkmann (administrator) on RIKES-LAPTOP on 27-01-2015 14:47:45
Running from C:\Users\Rike Volkmann\Downloads
Loaded Profiles: Friederike Volkmann (Available profiles: Friederike Volkmann)
Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AdminService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(Atheros) C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Qualcomm Atheros) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtTray.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Atheros Communications) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
() C:\Users\Rike Volkmann\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe
(Spotify Ltd) C:\Users\Rike Volkmann\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Audible, Inc.) C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Dropbox, Inc.) C:\Users\Rike Volkmann\AppData\Roaming\Dropbox\bin\Dropbox.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Users\Rike Volkmann\Downloads\SecurityCheck.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [QuickSet] => c:\Program Files\Dell\QuickSet\QuickSet.exe [3759504 2012-07-20] (Dell Inc.)
HKLM\...\Run: [BtTray] => C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtTray.exe [763520 2012-08-01] (Qualcomm Atheros)
HKLM\...\Run: [BtvStack] => C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe [127616 2012-08-01] (Atheros Communications)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2916152 2012-08-15] (Synaptics Incorporated)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1425408 2012-07-24] (IDT, Inc.)
HKLM-x32\...\Run: [CLMLServer_For_P2G8] => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111120 2012-06-08] (CyberLink)
HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491120 2012-07-04] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [143888 2012-06-02] (CyberLink Corp.)
HKLM-x32\...\Run: [APSDaemon] => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3189138124-3710648530-2942340369-1001\...\Run: [AmazonMP3DownloaderHelper] => C:\Users\Rike Volkmann\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe [400704 2013-05-22] ()
HKU\S-1-5-21-3189138124-3710648530-2942340369-1001\...\Run: [Spotify Web Helper] => C:\Users\Rike Volkmann\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1676344 2015-01-13] (Spotify Ltd)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Audible Download Manager.lnk
ShortcutTarget: Audible Download Manager.lnk -> C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe (Audible, Inc.)
Startup: C:\Users\Rike Volkmann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Rike Volkmann\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Rike Volkmann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=MSE1
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=MSE1
HKU\S-1-5-21-3189138124-3710648530-2942340369-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://t.de.msn.com/
HKU\S-1-5-21-3189138124-3710648530-2942340369-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=MSE1
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3189138124-3710648530-2942340369-1001 -> {C60BBC6C-479C-412A-8EC3-E49FD91564AF} URL =
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Citavi Picker -> {609D670F-B735-4da7-AC6D-F3BD358E325E} -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: deaal4me -> {b9d6317b-646f-4e9e-85fd-dcf04ac1d4d0} -> C:\ProgramData\deaal4me\VjTf1AW77z5IuY.x64.dll No File
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: Citavi Picker -> {609D670F-B735-4da7-AC6D-F3BD358E325E} -> C:\WINDOWS\SysWOW64\mscoree.dll (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
FireFox:
========
FF ProfilePath: C:\Users\Rike Volkmann\AppData\Roaming\Mozilla\Firefox\Profiles\e5w1e129.default-1410297490929
FF Homepage: hxxp://www.ecosia.org/
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3503.0728 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3189138124-3710648530-2942340369-1001: amazon.com/AmazonMP3DownloaderPlugin -> C:\Users\Rike Volkmann\AppData\Local\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10181.dll (Amazon.com, Inc.)
FF Extension: Adblock Plus - C:\Users\Rike Volkmann\AppData\Roaming\Mozilla\Firefox\Profiles\e5w1e129.default-1410297490929\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-09-23]
FF HKLM-x32\...\Firefox\Extensions: [{8AA36F4F-6DC7-4c06-77AF-5035170634FE}] - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox
FF Extension: Citavi Picker - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox [2014-11-10]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [Not Found]
Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR StartupUrls: Default -> "hxxp://www.ecosia.de/"
CHR Profile: C:\Users\Rike Volkmann\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Präsentationen) - C:\Users\Rike Volkmann\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-01-25]
CHR Extension: (Google Docs) - C:\Users\Rike Volkmann\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-01-25]
CHR Extension: (Google Drive) - C:\Users\Rike Volkmann\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-01-25]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Rike Volkmann\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-01-25]
CHR Extension: (YouTube) - C:\Users\Rike Volkmann\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-01-25]
CHR Extension: (Google-Suche) - C:\Users\Rike Volkmann\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-01-25]
CHR Extension: (Google Tabellen) - C:\Users\Rike Volkmann\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-01-25]
CHR Extension: (Google Wallet) - C:\Users\Rike Volkmann\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-01-25]
CHR Extension: (Google Mail) - C:\Users\Rike Volkmann\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-01-25]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AtherosSvc; C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe [207488 2012-08-01] (Qualcomm Atheros Commnucations)
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [321024 2013-08-22] (Microsoft Corporation)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2449592 2014-11-12] (Microsoft Corporation)
S2 DellDigitalDelivery; c:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe [173056 2012-06-19] (Dell Products, LP.) [File not signed]
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [254512 2012-04-25] ()
R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [321536 2012-07-24] (IDT, Inc.) [File not signed]
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation)
R2 ZAtheros Wlan Agent; C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe [77824 2012-07-23] (Atheros) [File not signed]
S3 MozillaMaintenance; "C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe" [X]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [76952 2012-08-01] (Qualcomm Atheros)
S3 BthA2DP; C:\Windows\system32\drivers\BthA2DP.sys [131584 2013-08-22] (Microsoft Corporation)
S3 BthHFAud; C:\Windows\system32\DRIVERS\BthHfAud.sys [32640 2013-08-22] (Microsoft Corporation)
S3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-03-18] (Microsoft Corporation)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
S3 DellRbtn; C:\Windows\System32\drivers\DellRbtn.sys [10752 2012-08-05] (OSR Open Systems Resources, Inc.)
S3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [129752 2015-01-26] (Malwarebytes Corporation)
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [41272 2012-08-15] (Synaptics Incorporated)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [43832 2012-08-15] (Synaptics Incorporated)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-01-27 14:46 - 2015-01-27 14:46 - 00852573 _____ () C:\Users\Rike Volkmann\Downloads\SecurityCheck.exe
2015-01-27 14:01 - 2015-01-27 14:01 - 00000000 ____D () C:\ProgramData\PCDr
2015-01-27 10:19 - 2015-01-27 10:19 - 00000000 ____D () C:\Program Files (x86)\ESET
2015-01-27 10:18 - 2015-01-27 10:18 - 02347384 _____ (ESET) C:\Users\Rike Volkmann\Downloads\esetsmartinstaller_deu.exe
2015-01-26 20:38 - 2015-01-26 20:38 - 00000836 _____ () C:\Users\Rike Volkmann\Desktop\JRT.txt
2015-01-26 20:34 - 2015-01-26 20:34 - 01707939 _____ (Thisisu) C:\Users\Rike Volkmann\Downloads\JRT.exe
2015-01-26 20:34 - 2015-01-26 20:34 - 00000000 ____D () C:\WINDOWS\ERUNT
2015-01-26 20:33 - 2015-01-26 20:33 - 00007289 _____ () C:\Users\Rike Volkmann\Desktop\AdwCleaner[S0].txt
2015-01-26 20:29 - 2015-01-26 20:31 - 00000000 ____D () C:\AdwCleaner
2015-01-26 20:28 - 2015-01-26 20:28 - 02194432 _____ () C:\Users\Rike Volkmann\Downloads\AdwCleaner_4.109.exe
2015-01-26 20:28 - 2015-01-26 20:28 - 00008531 _____ () C:\Users\Rike Volkmann\Desktop\mbam.txt
2015-01-26 20:13 - 2015-01-26 20:13 - 00001120 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-01-26 20:13 - 2015-01-26 20:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2015-01-26 20:13 - 2015-01-26 20:13 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2015-01-26 20:13 - 2014-11-21 06:14 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2015-01-26 20:13 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2015-01-26 20:11 - 2015-01-26 20:11 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Rike Volkmann\Downloads\mbam-setup-2.0.4.1028.exe
2015-01-26 15:55 - 2015-01-26 20:26 - 00129752 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-01-26 15:55 - 2015-01-26 20:13 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-01-26 15:55 - 2015-01-26 16:27 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-01-26 15:54 - 2015-01-26 16:27 - 00000000 ____D () C:\Users\Rike Volkmann\Desktop\mbar
2015-01-26 15:54 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-01-26 15:53 - 2015-01-26 15:54 - 16466552 _____ (Malwarebytes Corp.) C:\Users\Rike Volkmann\Downloads\mbar-1.08.3.1004.exe
2015-01-26 15:47 - 2015-01-26 15:48 - 00289296 _____ () C:\WINDOWS\Minidump\012615-12093-01.dmp
2015-01-26 15:47 - 2015-01-26 15:47 - 724865585 _____ () C:\WINDOWS\MEMORY.DMP
2015-01-26 15:47 - 2015-01-26 15:47 - 00000000 ____D () C:\WINDOWS\Minidump
2015-01-26 15:44 - 2015-01-26 15:44 - 04197016 _____ (Kaspersky Lab ZAO) C:\Users\Rike Volkmann\Downloads\tdsskiller.exe
2015-01-26 15:14 - 2015-01-26 15:14 - 00015772 _____ () C:\Users\Rike Volkmann\Desktop\gmer.log
2015-01-26 15:10 - 2015-01-26 15:10 - 00380416 _____ () C:\Users\Rike Volkmann\Downloads\Gmer-19357.exe
2015-01-26 15:10 - 2015-01-26 15:10 - 00050477 _____ () C:\Users\Rike Volkmann\Downloads\Defogger (1).exe
2015-01-26 15:09 - 2015-01-26 15:09 - 00032269 _____ () C:\Users\Rike Volkmann\Desktop\Addition.txt
2015-01-26 15:09 - 2015-01-26 15:09 - 00028730 _____ () C:\Users\Rike Volkmann\Desktop\FRST.txt
2015-01-26 15:08 - 2015-01-26 15:09 - 00032269 _____ () C:\Users\Rike Volkmann\Downloads\Addition.txt
2015-01-26 15:07 - 2015-01-27 14:47 - 00016493 _____ () C:\Users\Rike Volkmann\Downloads\FRST.txt
2015-01-26 15:07 - 2015-01-27 14:47 - 00000000 ____D () C:\FRST
2015-01-26 15:06 - 2015-01-26 15:07 - 02129920 _____ (Farbar) C:\Users\Rike Volkmann\Downloads\FRST64.exe
2015-01-26 15:06 - 2015-01-26 15:06 - 01120768 _____ (Farbar) C:\Users\Rike Volkmann\Downloads\FRST.exe
2015-01-26 15:05 - 2015-01-26 15:16 - 00000500 _____ () C:\Users\Rike Volkmann\Downloads\defogger_disable.log
2015-01-26 15:05 - 2015-01-26 15:05 - 00050477 _____ () C:\Users\Rike Volkmann\Downloads\Defogger.exe
2015-01-26 15:05 - 2015-01-26 15:05 - 00000000 _____ () C:\Users\Rike Volkmann\defogger_reenable
2015-01-26 11:21 - 2015-01-26 11:21 - 00001286 _____ () C:\Users\Rike Volkmann\Desktop\Revo Uninstaller.lnk
2015-01-26 11:21 - 2015-01-26 11:21 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2015-01-26 11:20 - 2015-01-26 11:20 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Rike Volkmann\Downloads\revosetup95.exe
2015-01-26 11:16 - 2015-01-26 11:16 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Macromedia
2015-01-26 11:16 - 2015-01-26 11:16 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Adobe
2015-01-26 11:16 - 2015-01-26 11:16 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Macromedia
2015-01-26 11:16 - 2015-01-26 11:16 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Adobe
2015-01-25 16:44 - 2015-01-25 16:44 - 00002273 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-01-25 16:44 - 2015-01-25 16:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-01-25 16:39 - 2015-01-27 14:44 - 00001162 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-25 16:39 - 2015-01-27 10:17 - 00001158 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-25 16:39 - 2015-01-25 16:39 - 00004134 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2015-01-25 16:39 - 2015-01-25 16:39 - 00003898 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2015-01-25 16:38 - 2015-01-25 16:38 - 00880784 _____ (Google Inc.) C:\Users\Rike Volkmann\Downloads\ChromeSetup.exe
2015-01-25 16:25 - 2015-01-26 15:39 - 00000112 _____ () C:\ProgramData\8fAo0362.dat
2015-01-14 12:38 - 2014-12-19 07:26 - 00140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxdav.sys
2015-01-14 12:38 - 2014-12-12 03:04 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWbPrxy.exe
2015-01-14 12:38 - 2014-12-12 01:51 - 00075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ahcache.sys
2015-01-14 12:38 - 2014-12-09 02:50 - 00225280 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2015-01-14 12:38 - 2014-12-08 20:42 - 00535640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2015-01-14 12:38 - 2014-12-08 20:42 - 00531616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2015-01-14 12:38 - 2014-12-08 20:42 - 00448792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2015-01-14 12:38 - 2014-12-08 20:42 - 00413248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll
2015-01-14 12:38 - 2014-12-08 20:42 - 00372408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll
2015-01-14 12:38 - 2014-12-08 20:42 - 00108944 _____ (Microsoft Corporation) C:\WINDOWS\system32\EncDump.dll
2015-01-14 12:38 - 2014-12-08 20:42 - 00038264 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFaultSecure.exe
2015-01-14 12:38 - 2014-12-08 20:42 - 00033584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFaultSecure.exe
2015-01-14 12:38 - 2014-12-06 04:17 - 00360448 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncsi.dll
2015-01-14 12:38 - 2014-12-06 02:41 - 00391680 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlasvc.dll
2015-01-14 12:38 - 2014-12-06 02:35 - 00229888 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2015-01-14 12:38 - 2014-10-29 05:00 - 00465320 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe
2015-01-14 12:38 - 2014-10-29 05:00 - 00139984 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe
2015-01-14 12:38 - 2014-10-29 04:52 - 00500016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2015-01-14 12:38 - 2014-10-29 04:52 - 00482872 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2015-01-14 12:38 - 2014-10-29 04:52 - 00394120 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2015-01-14 12:38 - 2014-10-29 04:52 - 00272248 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2015-01-14 12:38 - 2014-10-29 04:12 - 00413136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe
2015-01-14 12:38 - 2014-10-29 04:12 - 00136296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe
2015-01-14 12:38 - 2014-10-29 04:07 - 00424544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2015-01-14 12:38 - 2014-10-29 04:07 - 00370424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2015-01-14 12:38 - 2014-10-29 04:07 - 00344536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll
2015-01-14 12:38 - 2014-10-29 03:44 - 00037888 _____ (Microsoft Corporation) C:\WINDOWS\system32\werdiagcontroller.dll
2015-01-14 12:38 - 2014-10-29 02:59 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werdiagcontroller.dll
2015-01-14 12:38 - 2014-10-29 02:24 - 00086016 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlaapi.dll
2015-01-14 12:38 - 2014-10-29 02:02 - 00911360 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2015-01-14 12:38 - 2014-10-29 02:01 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nlaapi.dll
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-01-27 14:11 - 2014-06-24 13:12 - 02032030 _____ () C:\WINDOWS\WindowsUpdate.log
2015-01-27 14:02 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-01-27 10:20 - 2014-03-18 11:03 - 01780340 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-01-27 10:20 - 2014-03-18 10:25 - 00766620 _____ () C:\WINDOWS\system32\perfh007.dat
2015-01-27 10:20 - 2014-03-18 10:25 - 00159902 _____ () C:\WINDOWS\system32\perfc007.dat
2015-01-27 10:17 - 2014-08-11 15:01 - 00000000 ___RD () C:\Users\Rike Volkmann\Dropbox
2015-01-27 10:17 - 2014-08-11 14:42 - 00000000 ____D () C:\Users\Rike Volkmann\AppData\Roaming\Dropbox
2015-01-26 20:56 - 2013-01-12 20:11 - 00003600 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3189138124-3710648530-2942340369-1001
2015-01-26 20:32 - 2014-03-18 02:50 - 00049774 _____ () C:\WINDOWS\PFRO.log
2015-01-26 20:32 - 2013-08-22 15:46 - 00306303 _____ () C:\WINDOWS\setupact.log
2015-01-26 20:32 - 2013-08-22 15:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-01-26 20:31 - 2013-08-22 14:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2015-01-26 20:24 - 2014-08-23 13:06 - 00000000 ____D () C:\Program Files\005
2015-01-26 20:24 - 2014-06-24 13:01 - 00000000 ____D () C:\Users\Rike Volkmann
2015-01-26 16:20 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\NDF
2015-01-26 15:59 - 2014-08-11 17:24 - 00275968 ___SH () C:\Users\Rike Volkmann\Downloads\Thumbs.db
2015-01-26 11:36 - 2013-01-14 11:31 - 00000000 ____D () C:\ProgramData\Apple
2015-01-25 23:13 - 2014-01-03 19:21 - 00000000 ____D () C:\Users\Rike Volkmann\Documents\FreundeFamilie
2015-01-25 18:12 - 2012-07-26 08:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2015-01-25 16:44 - 2013-01-24 18:11 - 00000000 ____D () C:\Users\Rike Volkmann\AppData\Local\Google
2015-01-25 16:44 - 2013-01-24 18:10 - 00000000 ____D () C:\Program Files (x86)\Google
2015-01-25 15:31 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2015-01-21 17:20 - 2013-01-12 20:05 - 00000000 ____D () C:\Users\Rike Volkmann\AppData\Local\Packages
2015-01-19 22:32 - 2013-08-22 16:38 - 00714720 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-01-19 22:32 - 2013-08-22 16:38 - 00106976 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-16 17:15 - 2014-10-15 11:01 - 00000000 ____D () C:\Users\Rike Volkmann\Documents\Bluetooth Folder
2015-01-16 08:45 - 2013-07-29 10:53 - 00000000 ____D () C:\Users\Rike Volkmann\Desktop\Uni
2015-01-14 17:16 - 2013-09-04 09:41 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-01-14 17:09 - 2013-01-14 12:45 - 113365784 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-01-13 21:01 - 2014-02-17 17:58 - 00000000 ____D () C:\Users\Rike Volkmann\AppData\Roaming\Spotify
2015-01-13 15:11 - 2014-02-17 17:58 - 00000000 ____D () C:\Users\Rike Volkmann\AppData\Local\Spotify
2014-12-31 12:14 - 2013-01-14 12:45 - 00298120 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2014-12-30 15:56 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\rescache
2014-12-28 16:29 - 2013-01-12 20:06 - 00000000 ____D () C:\ProgramData\Atheros
==================== Files in the root of some directories =======
2014-11-22 22:29 - 2014-12-09 03:02 - 0004163 _____ () C:\Users\Rike Volkmann\AppData\Local\Citavi Picker Internet Explorer Protocol.txt
2013-12-16 19:39 - 2014-01-20 17:50 - 0004608 _____ () C:\Users\Rike Volkmann\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-01-25 16:25 - 2015-01-26 15:39 - 0000112 _____ () C:\ProgramData\8fAo0362.dat
2012-10-29 20:38 - 2012-10-29 20:38 - 0000119 _____ () C:\ProgramData\{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}.log
2012-10-29 20:34 - 2012-10-29 20:35 - 0000106 _____ () C:\ProgramData\{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}.log
2012-10-29 20:35 - 2012-10-29 20:36 - 0000111 _____ () C:\ProgramData\{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}.log
2012-10-29 20:33 - 2012-10-29 20:34 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
2012-10-29 20:36 - 2012-10-29 20:38 - 0000108 _____ () C:\ProgramData\{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}.log
Files to move or delete:
====================
C:\ProgramData\8fAo0362.dat
Some content of TEMP:
====================
C:\Users\Rike Volkmann\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpdodiyv.dll
C:\Users\Rike Volkmann\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe
C:\Users\Rike Volkmann\AppData\Local\Temp\nsj8EBF.tmp.exe
C:\Users\Rike Volkmann\AppData\Local\Temp\optprosetup.exe
C:\Users\Rike Volkmann\AppData\Local\Temp\Quarantine.exe
C:\Users\Rike Volkmann\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Rike Volkmann\AppData\Local\Temp\sqlite3.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-01-27 12:16
==================== End Of Log ============================
Gerade tauchen keine Probleme auf, ich bin sehr zufrieden!  |
|
27.01.2015, 20:15
| #8 |
| /// the machine /// TB-Ausbilder | Windows 8 - Audio-Werbung im Hintergrund! Revo Uninstaller - Download - Filepony damit Chrome deinstallieren, keine Daten behalten, Reste entfernen lassen, neu installieren. Dann: https://support.google.com/chrome/answer/3296214?hl=de Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter C:\Users\Rike Volkmann\AppData\Local\Google\Chrome\User Data\Guest Profile\Extensions\ehigjigpolmdglippjafhnpngmaeepkp\207\rU0U0OEKZ.js
C:\Users\Rike Volkmann\AppData\Local\Temp\optprosetup.exe
C:\Users\Rike Volkmann\AppData\Local\Temp\aaccee\aabbcc.exe
C:\Users\Rike Volkmann\AppData\Local\Temp\n4474\GenesisInstaller.exe
C:\Users\Rike Volkmann\AppData\Local\Temp\n4474\OptimizerPro.exe
C:\Windows\Temp\0892CCEA-3029-46F2-BD98-F3177431F5F8n.exe
C:\Windows\Temp\db25.exe
C:\Windows\Temp\aaccee\aabbcc.exe
Emptytemp:
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Fertig Die Reihenfolge ist hier entscheidend.
Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun Hier noch ein paar Tipps zur Absicherung deines Systems. Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
Anti- Viren Software
Zusätzlicher Schutz
Sicheres Browsen
Alternative Browser Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
Performance Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC Halte dich fern von jedlichen Registry Cleanern. Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links Miekemoes Blogspot ( MVP ) Bill Castner ( MVP ) Don'ts
Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
27.01.2015, 21:36
| #9 |
| | Windows 8 - Audio-Werbung im Hintergrund! Auf ein letztes! 1000 Dank für die Hilfe :-) Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 24-01-2015 01
Ran by Friederike Volkmann at 2015-01-27 21:29:34 Run:1
Running from C:\Users\Rike Volkmann\Downloads
Loaded Profiles: Friederike Volkmann (Available profiles: Friederike Volkmann)
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
C:\Users\Rike Volkmann\AppData\Local\Google\Chrome\User Data\Guest Profile\Extensions\ehigjigpolmdglippjafhnpngmaeepkp\207\rU0U0OEKZ.js
C:\Users\Rike Volkmann\AppData\Local\Temp\optprosetup.exe
C:\Users\Rike Volkmann\AppData\Local\Temp\aaccee\aabbcc.exe
C:\Users\Rike Volkmann\AppData\Local\Temp\n4474\GenesisInstaller.exe
C:\Users\Rike Volkmann\AppData\Local\Temp\n4474\OptimizerPro.exe
C:\Windows\Temp\0892CCEA-3029-46F2-BD98-F3177431F5F8n.exe
C:\Windows\Temp\db25.exe
C:\Windows\Temp\aaccee\aabbcc.exe
Emptytemp:
*****************
"C:\Users\Rike Volkmann\AppData\Local\Google\Chrome\User Data\Guest Profile\Extensions\ehigjigpolmdglippjafhnpngmaeepkp\207\rU0U0OEKZ.js" => File/Directory not found.
C:\Users\Rike Volkmann\AppData\Local\Temp\optprosetup.exe => Moved successfully.
C:\Users\Rike Volkmann\AppData\Local\Temp\aaccee\aabbcc.exe => Moved successfully.
C:\Users\Rike Volkmann\AppData\Local\Temp\n4474\GenesisInstaller.exe => Moved successfully.
C:\Users\Rike Volkmann\AppData\Local\Temp\n4474\OptimizerPro.exe => Moved successfully.
C:\Windows\Temp\0892CCEA-3029-46F2-BD98-F3177431F5F8n.exe => Moved successfully.
C:\Windows\Temp\db25.exe => Moved successfully.
C:\Windows\Temp\aaccee\aabbcc.exe => Moved successfully.
EmptyTemp: => Removed 1.4 GB temporary data.
The system needed a reboot.
==== End of Fixlog 21:31:02 ====
|
|
28.01.2015, 10:40
| #10 |
| /// the machine /// TB-Ausbilder | Windows 8 - Audio-Werbung im Hintergrund! Gern Geschehen
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
| Themen zu Windows 8 - Audio-Werbung im Hintergrund! |
| .dll, adware, browser, computer, converter, cpu, defender, desktop, dvdvideosoft ltd., explorer, helper, homepage, installation, office 365, onedrive, problem, programm, revo uninstaller, scan, security, server, services.exe, software, svchost.exe, temp, updates, windows, winlogon.exe, wlan |
Linear-Darstellung
