| |
| |||||||
Log-Analyse und Auswertung: Windows 7, Adware eingefangen (Digisaver etc.)Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
02.03.2015, 09:02
| #1 |
 |  Windows 7, Adware eingefangen (Digisaver etc.) Guten Morgen, Meine Frau hat sich beim DL einiges eingefangen, seither ist das surfen sehr unerfreulich (ständige Pop-ups, Banner, Werbetabs). Ich würde mich über fachkundige Unterstützung sehr freuen. Vielen Dank. Hier die Logs.: DEFOGGER defogger_disable by jpshortstuff (23.02.10.1) Log created at 07:55 on 02/03/2015 (Sonja) Checking for autostart values... HKCU\~\Run values retrieved. HKLM\~\Run values retrieved. Checking for services/drivers... -=E.O.F=- FRST Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 29-02-2015 Ran by Sonja (administrator) on PC on 02-03-2015 08:04:44 Running from C:\Users\Sonja\Desktop Loaded Profiles: UpdatusUser & Sonja (Available profiles: UpdatusUser & Sonja) Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe () C:\Users\Sonja\AppData\Roaming\38FAE90D-1424287507-E111-9C39-DC0EA126DAF4\jnsb2E1C.tmp (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe () C:\Users\Sonja\AppData\Roaming\38FAE90D-1424287507-E111-9C39-DC0EA126DAF4\nsrFB92.tmpfs (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe () C:\Program Files (x86)\Lidl_Fotos\dd.exe (Hewlett-Packard Co.) C:\Program Files\HP\HP Photosmart 5520 series\Bin\ScanToPCActivationApp.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe () C:\Users\Sonja\AppData\Local\Amazon Music\Amazon Music Helper.exe (Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe (Dolby Laboratories Inc.) C:\Dolby PCEE4\pcee4.exe (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe () C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe (Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe (PC Utilities Software Limited) C:\ProgramData\{dc73b5bd-2ead-65a6-dc73-3b5bd2ead6f4}\OptimizerProInstaller.exe (Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe (Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe (Acer Incorporated) C:\Program Files\Acer\Acer Updater\UpdaterService.exe (Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe (NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe (pdfforge GmbH) C:\Program Files (x86)\PDF Architect\HelperService.exe (pdfforge GmbH) C:\Program Files (x86)\PDF Architect\ConversionService.exe (Secunia) C:\Program Files (x86)\Secunia\PSI\psia.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Intel Corporation) C:\Windows\System32\igfxext.exe (Intel Corporation) C:\Windows\System32\igfxsrvc.exe (Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe (Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE (Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Hewlett-Packard Co.) C:\Program Files\HP\HP Photosmart 5520 series\Bin\HPNetworkCommunicator.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2280232 2010-07-29] (Synaptics Incorporated) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12673128 2011-08-16] (Realtek Semiconductor) HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2277480 2011-08-16] (Realtek Semiconductor) HKLM\...\Run: [Power Management] => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [1831016 2011-08-02] (Acer Incorporated) HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1332296 2015-01-30] (Microsoft Corporation) HKLM-x32\...\Run: [Norton Online Backup] => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [1155928 2010-06-01] (Symantec Corporation) HKLM-x32\...\Run: [BackupManagerTray] => C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe [297280 2011-04-24] (NTI Corporation) HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [1103440 2011-07-01] (Dritek System Inc.) HKLM-x32\...\Run: [Dolby Advanced Audio v2] => C:\Dolby PCEE4\pcee4.exe [506712 2011-06-01] (Dolby Laboratories Inc.) HKLM-x32\...\Run: [SuiteTray] => C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe [341360 2011-09-20] (Egis Technology Inc.) HKLM-x32\...\Run: [ZoneAlarm Installer] => "C:\Program Files (x86)\CheckPoint\Install\Launcher.exe" "C:\Program Files (x86)\CheckPoint\Install\Install.exe" /r config /c "C:\Program Files (x86)\CheckPoint\Install\Install.xml" /w HKLM-x32\...\Run: [Download Protect] => C:\ProgramData\dlprotect.exe HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [450560 2014-02-14] (DivX, LLC) HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1861968 2014-01-10] () HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard) HKLM-x32\...\Run: [] => [X] Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKU\S-1-5-19\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid} HKU\S-1-5-20\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid} HKU\S-1-5-21-608024502-4260226369-3383888787-1000\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid} HKU\S-1-5-21-608024502-4260226369-3383888787-1001\...\Run: [Device Detection] => C:\Program Files (x86)\Lidl_Fotos\dd.exe [860528 2014-11-26] () HKU\S-1-5-21-608024502-4260226369-3383888787-1001\...\Run: [HP Photosmart 5520 series (NET)] => C:\Program Files\HP\HP Photosmart 5520 series\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.) HKU\S-1-5-21-608024502-4260226369-3383888787-1001\...\Run: [GoogleDriveSync] => "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart HKU\S-1-5-21-608024502-4260226369-3383888787-1001\...\Run: [Amazon Music] => C:\Users\Sonja\AppData\Local\Amazon Music\Amazon Music Helper.exe [6281536 2014-09-06] () HKU\S-1-5-21-608024502-4260226369-3383888787-1001\...\MountPoints2: {4de48eaf-5099-11e4-b39d-dc0ea126daf4} - E:\LaunchU3.exe -a HKU\S-1-5-21-608024502-4260226369-3383888787-1001\...\MountPoints2: {922ab83d-3cc3-11e1-9100-806e6f6e6963} - D:\start.exe HKU\S-1-5-21-608024502-4260226369-3383888787-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\System32\Acer.scr [450048 2011-09-13] () HKU\S-1-5-18\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid} AppInit_DLLs-x32: c:\windows\syswow64\nvinit.dll => c:\windows\syswow64\nvinit.dll [141336 2013-09-05] (NVIDIA Corporation) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia) Startup: C:\Users\Sonja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Die Prinzen Millionar.mp3.lnk ShortcutTarget: Die Prinzen Millionar.mp3.lnk -> C:\ProgramData\{b11f671d-3060-98e6-b11f-f671d3069c74}\Die Prinzen Millionar.mp3.exe () Startup: C:\Users\Sonja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\die prinzen kssen verboten.lnk ShortcutTarget: die prinzen kssen verboten.lnk -> C:\ProgramData\{d075ee4c-e609-54bb-d075-5ee4ce60b933}\die prinzen kssen verboten.exe () Startup: C:\Users\Sonja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> C:\Users\Sonja\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) Startup: C:\Users\Sonja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OptimizerProInstaller.lnk ShortcutTarget: OptimizerProInstaller.lnk -> C:\ProgramData\{dc73b5bd-2ead-65a6-dc73-3b5bd2ead6f4}\OptimizerProInstaller.exe (PC Utilities Software Limited) ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Sonja\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Sonja\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Sonja\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Sonja\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Sonja\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Sonja\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Sonja\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.) CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox SearchScopes: HKLM -> {0b4d26f6-61a8-4463-99dd-5f2fe0400fa6} URL = SearchScopes: HKLM-x32 -> {BB82DE59-BC4C-4172-9AC4-73315F71CFFE} URL = hxxp://websearch.look-for-it.info/?l=1&q={searchTerms}&pid=21773&r=2015/02/18&hid=9910709190815872974&lg=EN&cc=DE&unqvl=82 SearchScopes: HKU\S-1-5-21-608024502-4260226369-3383888787-1001 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = SearchScopes: HKU\S-1-5-21-608024502-4260226369-3383888787-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.mystartsearch.com/web/?utm_source=b&utm_medium=fun&utm_campaign=install_ie&utm_content=ds&from=fun&uid=WDCXWD3200BPVT-22JJ5T0_WD-WXL1EA1CZAURCZAUR&ts=1424282613&type=default&q={searchTerms} SearchScopes: HKU\S-1-5-21-608024502-4260226369-3383888787-1001 -> {0b4d26f6-61a8-4463-99dd-5f2fe0400fa6} URL = hxxp://www.mystartsearch.com/web/?utm_source=b&utm_medium=fun&utm_campaign=install_ie&utm_content=ds&from=fun&uid=WDCXWD3200BPVT-22JJ5T0_WD-WXL1EA1CZAURCZAUR&ts=1424282613&type=default&q={searchTerms} SearchScopes: HKU\S-1-5-21-608024502-4260226369-3383888787-1001 -> {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = hxxp://binkiland.com/results.php?f=4&q={searchTerms}&a=bnk_cmi_15_08&cd=2XzuyEtN2Y1L1Qzu0D0CtD0E0AtCtByC0D0A0FyEyDyB0CyBtN0D0Tzu0StCtCyEyEtN1L2XzutAtFyBtFyBtFtCtDtN1L1Czut CyEtBzytDyD1V1BtAtN1L1G1B1V1N2Y1L1Qzu2SyEzytBzyzytAtC0EtG0EyDyE0FtGzytB0F0BtGtDyE0C0BtGyE0AtCyByByEtAyE0BtDtCzy2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyEtB0A0CzyyCz zyEtG0B0ByBtBtGyE0DyD0CtGzzyCyB0FtGtCzyyEyC0AzyyBtByEtDtA0E2Q&cr=1557713063&ir= SearchScopes: HKU\S-1-5-21-608024502-4260226369-3383888787-1001 -> {36622CCB-325B-421B-BB6C-17C608131E27} URL = hxxp://www.mystartsearch.com/web/?utm_source=b&utm_medium=fun&utm_campaign=install_ie&utm_content=ds&from=fun&uid=WDCXWD3200BPVT-22JJ5T0_WD-WXL1EA1CZAURCZAUR&ts=1424282613&type=default&q={searchTerms} SearchScopes: HKU\S-1-5-21-608024502-4260226369-3383888787-1001 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.mystartsearch.com/web/?utm_source=b&utm_medium=fun&utm_campaign=install_ie&utm_content=ds&from=fun&uid=WDCXWD3200BPVT-22JJ5T0_WD-WXL1EA1CZAURCZAUR&ts=1424282613&type=default&q={searchTerms} SearchScopes: HKU\S-1-5-21-608024502-4260226369-3383888787-1001 -> {AFDBDDAA-5D3F-42EE-B79C-185A7020515B} URL = hxxp://www.mystartsearch.com/web/?utm_source=b&utm_medium=fun&utm_campaign=install_ie&utm_content=ds&from=fun&uid=WDCXWD3200BPVT-22JJ5T0_WD-WXL1EA1CZAURCZAUR&ts=1424282613&type=default&q={searchTerms} SearchScopes: HKU\S-1-5-21-608024502-4260226369-3383888787-1001 -> {BB82DE59-BC4C-4172-9AC4-73315F71CFFE} URL = hxxp://www.mystartsearch.com/web/?utm_source=b&utm_medium=fun&utm_campaign=install_ie&utm_content=ds&from=fun&uid=WDCXWD3200BPVT-22JJ5T0_WD-WXL1EA1CZAURCZAUR&ts=1424282613&type=default&q={searchTerms} SearchScopes: HKU\S-1-5-21-608024502-4260226369-3383888787-1001 -> {D1B3EBCF-ABF1-4CB2-B438-75B5E741640D} URL = hxxp://www.mystartsearch.com/web/?utm_source=b&utm_medium=fun&utm_campaign=install_ie&utm_content=ds&from=fun&uid=WDCXWD3200BPVT-22JJ5T0_WD-WXL1EA1CZAURCZAUR&ts=1424282613&type=default&q={searchTerms} SearchScopes: HKU\S-1-5-21-608024502-4260226369-3383888787-1001 -> {E733165D-CBCF-4FDA-883E-ADEF965B476C} URL = hxxp://www.mystartsearch.com/web/?utm_source=b&utm_medium=fun&utm_campaign=install_ie&utm_content=ds&from=fun&uid=WDCXWD3200BPVT-22JJ5T0_WD-WXL1EA1CZAURCZAUR&ts=1424282613&type=default&q={searchTerms} BHO: DealuExpress -> {1e4361b4-a697-4478-a3da-21a5c48d2af8} -> C:\Program Files (x86)\DealuExpress\lKKpUnz2d5pRII.x64.dll () BHO: CouPExtenssiion -> {6c513787-fbff-4851-99af-e19f3ea0d41e} -> C:\Program Files (x86)\CouPExtenssiion\r6yNPHvj7FN2vj.x64.dll () BHO-x32: DealuExpress -> {1e4361b4-a697-4478-a3da-21a5c48d2af8} -> C:\Program Files (x86)\DealuExpress\lKKpUnz2d5pRII.dll () BHO-x32: CouPExtenssiion -> {6c513787-fbff-4851-99af-e19f3ea0d41e} -> C:\Program Files (x86)\CouPExtenssiion\r6yNPHvj7FN2vj.dll () Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation) Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation) Winsock: Catalog9 01 C:\Windows\SysWOW64\abengine.dll [318608] (Abengine) Winsock: Catalog9 02 C:\Windows\SysWOW64\abengine.dll [318608] (Abengine) Winsock: Catalog9 03 C:\Windows\SysWOW64\abengine.dll [318608] (Abengine) Winsock: Catalog9 04 C:\Windows\SysWOW64\abengine.dll [318608] (Abengine) Winsock: Catalog9 15 C:\Windows\SysWOW64\abengine.dll [318608] (Abengine) Winsock: Catalog9-x64 01 C:\Windows\system32\abengine64.dll [363992] (Abengine) Winsock: Catalog9-x64 02 C:\Windows\system32\abengine64.dll [363992] (Abengine) Winsock: Catalog9-x64 03 C:\Windows\system32\abengine64.dll [363992] (Abengine) Winsock: Catalog9-x64 04 C:\Windows\system32\abengine64.dll [363992] (Abengine) Winsock: Catalog9-x64 15 C:\Windows\system32\abengine64.dll [363992] (Abengine) Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 StartMenuInternet: IEXPLORE.EXE - iexplore.exe FireFox: ======== FF ProfilePath: C:\Users\Sonja\AppData\Roaming\Mozilla\Firefox\Profiles\rajhh0q2.default-1409765728724 FF DefaultSearchEngine,S: WebSearch FF DefaultSearchUrl: hxxp://websearch.look-for-it.info/?pid=21773&r=2015/02/18&hid=9910709190815872974&lg=EN&cc=DE&unqvl=82&l=1&q= FF SearchEngineOrder.1: WebSearch FF SearchEngineOrder.1,S: WebSearch FF SelectedSearchEngine: mystartsearch FF SelectedSearchEngine,S: WebSearch FF Homepage: about:home FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll () FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll () FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX, LLC) FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll (Foxit Corporation) FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll (Foxit Corporation) FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @mcafee.com/SAFFPlugin -> C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll No File FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5 -> C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll (RocketLife, LLP) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.1.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-608024502-4260226369-3383888787-1001: amazon.com/AmazonMP3DownloaderPlugin -> C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10174.dll No File FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.) FF SearchPlugin: C:\Users\Sonja\AppData\Roaming\Mozilla\Firefox\Profiles\rajhh0q2.default-1409765728724\searchplugins\google-images.xml FF SearchPlugin: C:\Users\Sonja\AppData\Roaming\Mozilla\Firefox\Profiles\rajhh0q2.default-1409765728724\searchplugins\google-maps.xml FF Extension: DiGiSSaverr - C:\Users\Sonja\AppData\Roaming\Mozilla\Firefox\Profiles\rajhh0q2.default-1409765728724\Extensions\jA8B8ktNN@lj.org [2015-02-18] FF Extension: SavveNewaAppz - C:\Users\Sonja\AppData\Roaming\Mozilla\Firefox\Profiles\rajhh0q2.default-1409765728724\Extensions\v@Nk.net [2015-02-18] FF Extension: Adblock Plus - C:\Users\Sonja\AppData\Roaming\Mozilla\Firefox\Profiles\rajhh0q2.default-1409765728724\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-02-21] FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2015-01-26] Chrome: ======= CHR dev: Chrome dev build detected! <======= ATTENTION CHR Profile: C:\Users\Sonja\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Secure Downloader) - C:\Users\Sonja\AppData\Local\Google\Chrome\User Data\Default\Extensions\njbcfghpoodhahbegndmbojmgkibhiol [2015-02-18] CHR Extension: (FinduBesutDeaal) - C:\ProgramData\kfdklpogcdiepbhfmgklkebjdcnhoojl\ [] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 bujixodo; C:\Users\Sonja\AppData\Roaming\38FAE90D-1424287507-E111-9C39-DC0EA126DAF4\jnsb2E1C.tmp [132096 2015-02-18] () [File not signed] R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation) R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation) R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2015-01-30] (Microsoft Corporation) R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366512 2015-01-30] (Microsoft Corporation) R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-01] (Symantec Corporation) R2 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [256832 2011-04-24] (NTI Corporation) R2 PDF Architect Helper Service; C:\Program Files (x86)\PDF Architect\HelperService.exe [1320496 2013-04-08] (pdfforge GmbH) R2 PDF Architect Service; C:\Program Files (x86)\PDF Architect\ConversionService.exe [799280 2013-04-08] (pdfforge GmbH) R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1228504 2013-11-04] (Secunia) R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [660184 2013-11-04] (Secunia) S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) R2 dibudyzy; C:\Users\Sonja\AppData\Roaming\38FAE90D-1424287507-E111-9C39-DC0EA126DAF4\nsrFB92.tmpfs [X] S2 e47f97f2; "C:\Windows\system32\rundll32.exe" "c:\Program Files (x86)\SystemPower\SystemPower.dll",serv S2 HPSLPSVC; C:\Users\Sonja\AppData\Local\Temp\7zS1AA1\hpslpsvc64.dll [X] S2 McAfee SiteAdvisor Service; c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe [X] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S1 acedrv06; C:\Windows\system32\drivers\acedrv06.sys [147456 2012-10-09] () [File not signed] R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [274696 2014-11-15] (Microsoft Corporation) R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124560 2014-11-15] (Microsoft Corporation) R3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2013-11-04] (Secunia) U3 ugldapow; \??\C:\Users\Sonja\AppData\Local\Temp\ugldapow.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-03-02 08:01 - 2015-03-02 08:04 - 00036665 _____ () C:\Users\Sonja\Desktop\Addition.txt 2015-03-02 07:59 - 2015-03-02 08:04 - 00025662 _____ () C:\Users\Sonja\Desktop\FRST.txt 2015-03-02 07:58 - 2015-03-02 08:04 - 00000000 ____D () C:\FRST 2015-03-02 07:54 - 2015-03-02 07:55 - 00000472 _____ () C:\Users\Sonja\Desktop\defogger_disable.log 2015-03-02 07:54 - 2015-03-02 07:54 - 00000000 _____ () C:\Users\Sonja\defogger_reenable 2015-03-02 07:49 - 2015-03-02 07:49 - 00380416 _____ () C:\Users\Sonja\Desktop\Gmer-19357.exe 2015-03-02 07:46 - 2015-03-02 07:46 - 02092544 _____ (Farbar) C:\Users\Sonja\Desktop\FRST64.exe 2015-03-02 07:39 - 2015-03-02 07:39 - 00050477 _____ () C:\Users\Sonja\Desktop\Defogger.exe 2015-02-25 21:06 - 2015-01-09 00:44 - 00419936 _____ () C:\Windows\SysWOW64\locale.nls 2015-02-25 21:06 - 2015-01-09 00:43 - 00419936 _____ () C:\Windows\system32\locale.nls 2015-02-20 08:01 - 2015-02-20 08:01 - 00840312 _____ (App Web ) C:\Users\Sonja\Downloads\adobe_flash_setup.exe 2015-02-18 22:13 - 2015-02-18 22:13 - 00000002 _____ () C:\END 2015-02-18 22:13 - 2015-02-06 02:05 - 00318608 _____ (Abengine) C:\Windows\SysWOW64\abengine.dll 2015-02-18 22:12 - 2015-02-06 02:05 - 00363992 _____ (Abengine) C:\Windows\system32\abengine64.dll 2015-02-18 20:38 - 2015-02-18 20:38 - 00000042 _____ () C:\Users\Sonja\AppData\Roaming\WB.CFG 2015-02-18 20:37 - 2015-02-27 09:22 - 00000000 ____D () C:\ProgramData\e49f0d02000023f9 2015-02-18 20:23 - 2015-02-18 20:23 - 00000000 ____D () C:\ProgramData\kfdklpogcdiepbhfmgklkebjdcnhoojl 2015-02-18 20:23 - 2015-02-18 20:23 - 00000000 ____D () C:\Program Files (x86)\Secure Downloader 2015-02-18 20:23 - 2015-02-18 20:23 - 00000000 ____D () C:\Program Files (x86)\SavveNewaAppz 2015-02-18 20:23 - 2015-02-18 20:23 - 00000000 ____D () C:\Program Files (x86)\FinduBesutDeaal 2015-02-18 20:23 - 2015-02-18 20:23 - 00000000 ____D () C:\Program Files (x86)\DiGiSSaverr 2015-02-18 20:23 - 2015-02-18 20:23 - 00000000 ____D () C:\Program Files (x86)\DealuExpress 2015-02-18 20:23 - 2015-02-18 20:23 - 00000000 ____D () C:\Program Files (x86)\CouPExtenssiion 2015-02-18 20:06 - 2015-02-18 20:06 - 00003140 _____ () C:\Windows\System32\Tasks\{8F3DEAAE-1ECC-4362-B02C-A4F771F9C2C7} 2015-02-18 19:41 - 2015-02-18 19:41 - 00613057 _____ (CMI Limited) C:\Users\Sonja\AppData\Local\nsk1212.tmp 2015-02-18 19:41 - 2015-02-18 19:41 - 00000000 __SHD () C:\Users\Sonja\AppData\Roaming\AnyProtectEx 2015-02-18 19:41 - 2015-02-18 19:41 - 00000000 __SHD () C:\Users\Sonja\AppData\Local\EmieUserList 2015-02-18 19:41 - 2015-02-18 19:41 - 00000000 __SHD () C:\Users\Sonja\AppData\Local\EmieSiteList 2015-02-18 19:41 - 2015-02-18 19:41 - 00000000 __SHD () C:\Users\Sonja\AppData\Local\EmieBrowserModeList 2015-02-18 19:41 - 2015-02-18 19:41 - 00000000 ____D () C:\Windows\SysWOW64\Flash 2015-02-18 19:41 - 2015-02-18 19:41 - 00000000 ____D () C:\Program Files (x86)\AnyProtectEx 2015-02-18 19:39 - 2015-02-18 19:39 - 00000000 ____D () C:\Users\Sonja\Documents\Optimizer Pro 2015-02-18 19:38 - 2015-02-18 21:32 - 00000000 ____D () C:\Users\Sonja\AppData\Local\SmartWeb 2015-02-18 19:33 - 2015-02-18 19:49 - 00000000 ____D () C:\ProgramData\{dc73b5bd-2ead-65a6-dc73-3b5bd2ead6f4} 2015-02-18 19:31 - 2015-02-18 19:31 - 00000000 ____D () C:\shoplog 2015-02-18 19:25 - 2015-02-18 19:25 - 00000000 ____D () C:\Users\Sonja\AppData\Roaming\38FAE90D-1424287507-E111-9C39-DC0EA126DAF4 2015-02-18 19:24 - 2015-02-18 19:24 - 00000000 ____D () C:\Program Files (x86)\predm 2015-02-18 19:10 - 2015-02-18 19:29 - 00000000 ____D () C:\ProgramData\{d075ee4c-e609-54bb-d075-5ee4ce60b933} 2015-02-18 19:01 - 2015-02-18 19:01 - 00003088 _____ () C:\Windows\System32\Tasks\zufap3002 2015-02-18 19:01 - 2015-02-18 19:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\clean2PC 2015-02-18 19:01 - 2015-02-18 19:01 - 00000000 ____D () C:\Program Files (x86)\download Manager 2015-02-18 19:01 - 2015-02-18 19:01 - 00000000 ____D () C:\Program Files (x86)\clean2PC 2015-02-18 18:59 - 2015-03-02 07:28 - 00001336 _____ () C:\Windows\Tasks\IVFLS.job 2015-02-18 18:59 - 2015-03-02 06:38 - 00001330 _____ () C:\Windows\Tasks\SX.job 2015-02-18 18:59 - 2015-02-18 21:32 - 00000000 ____D () C:\Program Files (x86)\globalUpdate 2015-02-18 18:59 - 2015-02-18 18:59 - 00004350 _____ () C:\Windows\System32\Tasks\IVFLS 2015-02-18 18:59 - 2015-02-18 18:59 - 00004344 _____ () C:\Windows\System32\Tasks\SX 2015-02-18 18:59 - 2015-02-18 18:59 - 00000000 ____D () C:\Users\Sonja\AppData\Local\globalUpdate 2015-02-18 18:56 - 2015-02-18 18:56 - 00000000 ____D () C:\Program Files (x86)\UNiDeals i 2015-02-18 18:56 - 2015-02-18 18:56 - 00000000 ____D () C:\Program Files (x86)\Chrome Notepad 2015-02-18 18:55 - 2015-02-18 20:23 - 00000000 ____D () C:\ProgramData\14550590384833052901 2015-02-18 18:55 - 2015-02-18 19:29 - 00000000 ____D () C:\ProgramData\{b11f671d-3060-98e6-b11f-f671d3069c74} 2015-02-18 18:55 - 2015-02-18 18:55 - 00000000 ____D () C:\Program Files (x86)\UniDeealusi 2015-02-18 18:54 - 2015-02-18 18:54 - 00000000 ____D () C:\ProgramData\{2048d42c-81cc-fdba-2048-8d42c81c50b2} 2015-02-18 18:22 - 2015-01-09 04:14 - 00950272 _____ (Microsoft Corporation) C:\Windows\system32\perftrack.dll 2015-02-18 18:22 - 2015-01-09 04:14 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\wdi.dll 2015-02-18 18:22 - 2015-01-09 04:14 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\powertracker.dll 2015-02-18 18:22 - 2015-01-09 03:48 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdi.dll 2015-02-12 19:32 - 2015-01-23 05:42 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2015-02-12 19:32 - 2015-01-23 05:41 - 06041600 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2015-02-12 19:32 - 2015-01-23 04:43 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2015-02-12 19:32 - 2015-01-23 04:17 - 04300800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2015-02-11 19:43 - 2015-01-10 07:48 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2015-02-11 19:43 - 2015-01-10 07:48 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2015-02-11 19:43 - 2015-01-10 07:48 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll 2015-02-11 19:43 - 2015-01-10 07:48 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll 2015-02-11 19:43 - 2015-01-10 07:48 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll 2015-02-11 19:43 - 2015-01-10 07:48 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll 2015-02-11 19:43 - 2015-01-10 07:48 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll 2015-02-11 19:43 - 2015-01-10 07:27 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll 2015-02-11 19:43 - 2015-01-10 07:27 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll 2015-02-11 19:43 - 2015-01-10 07:27 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2015-02-11 19:43 - 2015-01-10 07:27 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll 2015-02-11 19:43 - 2015-01-10 07:27 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll 2015-02-11 19:43 - 2015-01-10 07:27 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll 2015-02-11 19:43 - 2015-01-10 07:27 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll 2015-02-11 19:43 - 2015-01-09 03:03 - 03201536 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2015-02-11 19:42 - 2015-01-14 06:47 - 00389808 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2015-02-11 19:42 - 2015-01-14 06:09 - 00342712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2015-02-11 19:42 - 2015-01-12 04:09 - 25056256 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2015-02-11 19:42 - 2015-01-12 04:05 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2015-02-11 19:42 - 2015-01-12 04:05 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2015-02-11 19:42 - 2015-01-12 03:49 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2015-02-11 19:42 - 2015-01-12 03:48 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2015-02-11 19:42 - 2015-01-12 03:48 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2015-02-11 19:42 - 2015-01-12 03:48 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2015-02-11 19:42 - 2015-01-12 03:47 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2015-02-11 19:42 - 2015-01-12 03:40 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2015-02-11 19:42 - 2015-01-12 03:39 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2015-02-11 19:42 - 2015-01-12 03:36 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2015-02-11 19:42 - 2015-01-12 03:34 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2015-02-11 19:42 - 2015-01-12 03:34 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2015-02-11 19:42 - 2015-01-12 03:25 - 19740160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2015-02-11 19:42 - 2015-01-12 03:25 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2015-02-11 19:42 - 2015-01-12 03:21 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2015-02-11 19:42 - 2015-01-12 03:21 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2015-02-11 19:42 - 2015-01-12 03:13 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2015-02-11 19:42 - 2015-01-12 03:08 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2015-02-11 19:42 - 2015-01-12 03:08 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2015-02-11 19:42 - 2015-01-12 03:07 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2015-02-11 19:42 - 2015-01-12 03:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2015-02-11 19:42 - 2015-01-12 03:07 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2015-02-11 19:42 - 2015-01-12 03:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2015-02-11 19:42 - 2015-01-12 03:04 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2015-02-11 19:42 - 2015-01-12 03:02 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2015-02-11 19:42 - 2015-01-12 03:00 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2015-02-11 19:42 - 2015-01-12 02:59 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2015-02-11 19:42 - 2015-01-12 02:57 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2015-02-11 19:42 - 2015-01-12 02:55 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2015-02-11 19:42 - 2015-01-12 02:48 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2015-02-11 19:42 - 2015-01-12 02:48 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2015-02-11 19:42 - 2015-01-12 02:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2015-02-11 19:42 - 2015-01-12 02:46 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2015-02-11 19:42 - 2015-01-12 02:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2015-02-11 19:42 - 2015-01-12 02:43 - 14401024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2015-02-11 19:42 - 2015-01-12 02:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2015-02-11 19:42 - 2015-01-12 02:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2015-02-11 19:42 - 2015-01-12 02:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2015-02-11 19:42 - 2015-01-12 02:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2015-02-11 19:42 - 2015-01-12 02:27 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2015-02-11 19:42 - 2015-01-12 02:23 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2015-02-11 19:42 - 2015-01-12 02:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2015-02-11 19:42 - 2015-01-12 02:22 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2015-02-11 19:42 - 2015-01-12 02:14 - 12829184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2015-02-11 19:42 - 2015-01-12 02:14 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2015-02-11 19:42 - 2015-01-12 02:02 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2015-02-11 19:42 - 2015-01-12 02:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2015-02-11 19:42 - 2015-01-12 01:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2015-02-11 19:42 - 2015-01-12 01:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2015-02-11 19:41 - 2015-01-15 09:14 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys 2015-02-11 19:41 - 2015-01-15 09:14 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys 2015-02-11 19:41 - 2015-01-15 09:09 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2015-02-11 19:41 - 2015-01-15 09:09 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll 2015-02-11 19:41 - 2015-01-15 09:09 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe 2015-02-11 19:41 - 2015-01-15 09:09 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll 2015-02-11 19:41 - 2015-01-15 09:09 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll 2015-02-11 19:41 - 2015-01-15 09:08 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe 2015-02-11 19:41 - 2015-01-15 09:06 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll 2015-02-11 19:41 - 2015-01-15 09:06 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll 2015-02-11 19:41 - 2015-01-15 09:04 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll 2015-02-11 19:41 - 2015-01-15 08:42 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe 2015-02-11 19:41 - 2015-01-15 08:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2015-02-11 19:41 - 2015-01-15 08:41 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll 2015-02-11 19:41 - 2015-01-15 08:39 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll 2015-02-11 19:41 - 2015-01-15 08:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll 2015-02-11 19:41 - 2015-01-15 08:37 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll 2015-02-11 19:41 - 2015-01-15 05:22 - 00458824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys 2015-02-11 19:41 - 2015-01-13 04:10 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll 2015-02-11 19:41 - 2015-01-13 03:49 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll 2015-02-11 19:40 - 2015-01-14 07:09 - 05554112 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2015-02-11 19:40 - 2015-01-14 07:05 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll 2015-02-11 19:40 - 2015-01-14 07:05 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll 2015-02-11 19:40 - 2015-01-14 07:04 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe 2015-02-11 19:40 - 2015-01-14 06:44 - 03972544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe 2015-02-11 19:40 - 2015-01-14 06:44 - 03917760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe 2015-02-11 19:40 - 2015-01-14 06:41 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll 2015-02-11 19:40 - 2014-12-12 06:31 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll 2015-02-11 19:40 - 2014-12-12 06:07 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll 2015-02-11 19:40 - 2014-12-08 04:09 - 00406528 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll 2015-02-11 19:40 - 2014-12-08 03:46 - 00308224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scesrv.dll 2015-02-11 19:40 - 2014-11-26 04:53 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll 2015-02-11 19:40 - 2014-11-26 04:32 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-03-02 07:54 - 2012-06-20 20:21 - 00000000 ____D () C:\Users\Sonja 2015-03-02 07:49 - 2009-07-14 05:45 - 00016752 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-03-02 07:49 - 2009-07-14 05:45 - 00016752 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-03-02 07:44 - 2012-01-12 03:20 - 01677378 _____ () C:\Windows\WindowsUpdate.log 2015-03-02 07:35 - 2014-11-27 18:45 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-03-02 07:35 - 2014-09-10 20:43 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-03-02 07:29 - 2013-11-30 08:49 - 00000338 _____ () C:\Windows\Tasks\HP Photo Creations Communicator.job 2015-03-01 18:35 - 2014-09-10 20:43 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-03-01 09:41 - 2013-02-01 09:32 - 00000000 ____D () C:\NotenBox 7 2015-02-28 15:30 - 2013-03-10 08:25 - 00000000 ___RD () C:\Users\Sonja\Dropbox 2015-02-28 15:26 - 2013-03-10 08:24 - 00000000 ____D () C:\Users\Sonja\AppData\Roaming\Dropbox 2015-02-28 15:23 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2015-02-28 15:23 - 2009-07-14 05:51 - 00139465 _____ () C:\Windows\setupact.log 2015-02-26 18:40 - 2009-07-14 06:08 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2015-02-20 18:36 - 2012-01-12 12:12 - 00700118 _____ () C:\Windows\system32\perfh007.dat 2015-02-20 18:36 - 2012-01-12 12:12 - 00149968 _____ () C:\Windows\system32\perfc007.dat 2015-02-20 18:36 - 2009-07-14 06:13 - 01622228 _____ () C:\Windows\system32\PerfStringBackup.INI 2015-02-20 07:51 - 2010-11-21 04:47 - 00454632 _____ () C:\Windows\PFRO.log 2015-02-19 22:07 - 2014-09-03 22:17 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-02-19 21:57 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\PLA 2015-02-18 22:10 - 2011-10-14 04:42 - 00000000 ____D () C:\Windows\ca 2015-02-18 20:11 - 2012-06-20 20:39 - 00001051 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2015-02-18 20:11 - 2012-06-20 20:39 - 00001039 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk 2015-02-18 20:11 - 2012-06-20 20:24 - 00001425 _____ () C:\Users\Sonja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2015-02-18 19:45 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\tracing 2015-02-18 19:38 - 2012-10-15 08:21 - 00000000 ____D () C:\Users\Sonja\AppData\Local\Adobe 2015-02-18 19:11 - 2012-07-10 19:37 - 00000000 ____D () C:\Users\Sonja\AppData\Roaming\vlc 2015-02-15 20:32 - 2012-10-09 10:50 - 00000000 ____D () C:\Users\Sonja\AppData\Roaming\Skype 2015-02-13 19:33 - 2014-01-10 18:25 - 00001768 _____ () C:\Windows\wininit.ini 2015-02-13 19:33 - 2013-03-10 08:25 - 00001015 _____ () C:\Users\Sonja\Desktop\Dropbox.lnk 2015-02-13 19:33 - 2013-03-10 08:24 - 00000000 ____D () C:\Users\Sonja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox 2015-02-11 21:25 - 2009-07-14 05:45 - 00312256 _____ () C:\Windows\system32\FNTCACHE.DAT 2015-02-11 20:19 - 2013-11-23 21:17 - 00001912 _____ () C:\Windows\epplauncher.mif 2015-02-11 20:18 - 2013-11-23 21:17 - 00002121 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk 2015-02-11 20:18 - 2013-11-23 21:17 - 00000000 ____D () C:\Program Files\Microsoft Security Client 2015-02-11 20:18 - 2013-11-23 21:17 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client 2015-02-11 20:18 - 2013-08-14 08:22 - 00000000 ____D () C:\Windows\system32\MRT 2015-02-11 20:12 - 2012-07-03 18:37 - 116773704 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2015-02-06 18:30 - 2014-09-10 20:43 - 00004106 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2015-02-06 18:30 - 2014-09-10 20:43 - 00003854 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2015-02-05 18:35 - 2014-11-27 18:45 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2015-02-05 18:35 - 2014-11-27 18:45 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2015-02-05 18:35 - 2014-11-27 18:45 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2015-02-03 18:46 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\registration 2015-02-03 10:29 - 2012-07-03 19:31 - 00000000 ____D () C:\Users\Sonja\Documents\Schule ==================== Files in the root of some directories ======= 2015-01-25 17:12 - 2015-01-25 17:12 - 0001248 _____ () C:\Users\Sonja\AppData\Roaming\IVFLS 2015-01-25 17:12 - 2015-01-25 17:12 - 0002086 _____ () C:\Users\Sonja\AppData\Roaming\SX 2015-02-18 20:38 - 2015-02-18 20:38 - 0000042 _____ () C:\Users\Sonja\AppData\Roaming\WB.CFG 2015-02-18 19:41 - 2015-02-18 19:41 - 0613057 _____ (CMI Limited) C:\Users\Sonja\AppData\Local\nsk1212.tmp 2013-04-02 09:54 - 2013-04-02 09:54 - 0000057 _____ () C:\ProgramData\Ament.ini 2012-01-12 03:47 - 2012-01-12 03:49 - 0015230 _____ () C:\ProgramData\ArcadeDeluxe5.log 2012-08-03 21:19 - 2012-08-03 21:20 - 0000317 _____ () C:\ProgramData\hpzinstall.log 2014-06-09 18:47 - 2014-06-09 18:50 - 0000032 _____ () C:\ProgramData\PS.log Some content of TEMP: ==================== C:\Users\Sonja\AppData\Local\Temp\0502B502-151A-7CB0-2E62-422D93C0AAE8.exe C:\Users\Sonja\AppData\Local\Temp\37B0.exe C:\Users\Sonja\AppData\Local\Temp\6D18.exe C:\Users\Sonja\AppData\Local\Temp\C08.exe C:\Users\Sonja\AppData\Local\Temp\Checkupdate.exe C:\Users\Sonja\AppData\Local\Temp\die prinzen deutschland__10924_i1469660184_il683626.exe C:\Users\Sonja\AppData\Local\Temp\DivXSetup.exe C:\Users\Sonja\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpgk75zr.dll C:\Users\Sonja\AppData\Local\Temp\F782B5A2-71B2-89A6-14AD-F38D7E753104.dll C:\Users\Sonja\AppData\Local\Temp\F782B5A2-71B2-89A6-14AD-F38D7E753104.exe C:\Users\Sonja\AppData\Local\Temp\Foxit Reader Updater.exe C:\Users\Sonja\AppData\Local\Temp\Foxit Updater.exe C:\Users\Sonja\AppData\Local\Temp\gcapi_dll.dll C:\Users\Sonja\AppData\Local\Temp\gtapi_signed.dll C:\Users\Sonja\AppData\Local\Temp\optprosetup.exe C:\Users\Sonja\AppData\Local\Temp\setup.exe C:\Users\Sonja\AppData\Local\Temp\SkypeSetup.exe C:\Users\Sonja\AppData\Local\Temp\SpOrder.dll C:\Users\Sonja\AppData\Local\Temp\System.Data.SQLite.dll C:\Users\Sonja\AppData\Local\Temp\System.Data.SQLitedce95dfc-47ca-4223-9f86-8a98ca3de56d.dll C:\Users\Sonja\AppData\Local\Temp\vlc-2.1.2-win32.exe C:\Users\Sonja\AppData\Local\Temp\vlc-2.1.3-win32.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-01-11 16:28 ==================== End Of Log ============================ ADDITION aAdditional scan result of Farbar Recovery Scan Tool (x64) Version: 29-02-2015 Ran by Sonja at 2015-03-02 08:05:14 Running from C:\Users\Sonja\Desktop Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A} AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov) Acer Backup Manager (HKLM-x32\...\InstallShield_{0B61BBD5-DA3C-409A-8730-0C3DC3B0F270}) (Version: 3.0.0.99 - NTI Corporation) Acer Crystal Eye Webcam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 1.0.1904 - CyberLink Corp.) Acer Crystal Eye Webcam (x32 Version: 1.0.1904 - CyberLink Corp.) Hidden Acer ePower Management (HKLM-x32\...\{3DB0448D-AD82-4923-B305-D001E521A964}) (Version: 6.00.3008 - Acer Incorporated) Acer eRecovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 5.00.3504 - Acer Incorporated) Acer Registration (HKLM-x32\...\Acer Registration) (Version: 1.04.3504 - Acer Incorporated) Acer ScreenSaver (HKLM-x32\...\Acer Screensaver) (Version: 1.1.0913.2011 - Acer Incorporated) Acer Updater (HKLM-x32\...\{EE171732-BEB4-4576-887D-CB62727F01CA}) (Version: 1.02.3502 - Acer Incorporated) Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 15.0.0.293 - Adobe Systems Incorporated) Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated) Adobe Reader XI (11.0.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated) Amazon MP3-Downloader 1.0.17 (HKLM-x32\...\Amazon MP3-Downloader) (Version: 1.0.17 - Amazon Services LLC) Amazon Music (HKU\S-1-5-21-608024502-4260226369-3383888787-1001\...\Amazon Amazon Music) (Version: 3.4.0.628 - Amazon Services LLC) AudibleManager (HKLM-x32\...\AudibleManager) (Version: 2002402558.48.56.35851634 - Audible, Inc.) AWIN NotenBox 7 (HKLM-x32\...\NotenBox7_is1) (Version: 7 - AWIN Software) Backup Manager V3 (x32 Version: 3.0.0.99 - NTI Corporation) Hidden Broadcom Card Reader Driver Installer (HKLM\...\{4710662C-8204-4334-A977-B1AC9E547819}) (Version: 14.8.2.2 - Broadcom Corporation) Broadcom NetLink Controller (HKLM\...\{C91DCB72-F5BB-410D-A91A-314F5D1B4284}) (Version: 14.8.4.1 - Broadcom Corporation) Chrome Notepad (HKLM-x32\...\{AD11DADE-C597-45D9-D8C5-1D2EB0B89613}) (Version: - ) <==== ATTENTION clear.fi Client (HKLM-x32\...\{43AAE145-83CF-4C96-9A5E-756CEFCE879F}) (Version: 1.00.3500 - Acer Incorporated) D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden DivX-Setup (HKLM-x32\...\DivX Setup) (Version: 2.6.1.100 - DivX, LLC) Dolby Advanced Audio v2 (HKLM-x32\...\{B9E70C7A-9F85-4A39-A4A3-BFA3C3BF7613}) (Version: 7.2.7000.7 - Dolby Laboratories Inc) Dropbox (HKU\S-1-5-21-608024502-4260226369-3383888787-1001\...\Dropbox) (Version: 3.2.6 - Dropbox, Inc.) Evernote v. 4.5.1 (HKLM-x32\...\{28921580-E4BB-11E0-9FD7-1CC1DEF07CBE}) (Version: 4.5.1.5451 - Evernote Corp.) File Type Assistant (HKLM-x32\...\Trusted Software Assistant_is1) (Version: - Trusted Software) <==== ATTENTION Fotogalerija Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 6.2.1.618 - Foxit Corporation) Galeria de Fotografias do Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Galería fotográfica de Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Galeria fotogràfica del Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Galeria fotografii usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Galerie foto Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden Google+ Auto Backup (HKLM-x32\...\{D1D4D7EA-62B8-4665-9FF7-02A91B925CC9}) (Version: 1.0.18.74 - Google) HP FWUpdateEDO2 (HKLM-x32\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard) HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.16432 - HP) HP Photosmart 5520 series - Grundlegende Software für das Gerät (HKLM\...\{4F396B08-301D-4E53-A372-95A7E93ABD04}) (Version: 28.0.1315.0 - Hewlett-Packard Co.) HP Photosmart 5520 series Hilfe (HKLM-x32\...\{640A03B3-4E6B-4440-A350-E6A8D6348F12}) (Version: 27.0.0 - Hewlett Packard) HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard) HPDiagnosticAlert (x32 Version: 1.00.0000 - Microsoft) Hidden Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3501 - Acer Incorporated) Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation) Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation) Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2418 - Intel Corporation) Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.5.0.1026 - Intel Corporation) IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.37 - Irfan Skiljan) Java 7 Update 71 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217071FF}) (Version: 7.0.710 - Oracle) JavaFX 2.1.1 (HKLM-x32\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation) Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Launch Manager (HKLM-x32\...\LManager) (Version: 5.1.7 - Acer Inc.) Lidl-Fotos (HKLM-x32\...\Lidl-Fotos_is1) (Version: - ) Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation) Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation) Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation) Microsoft Office Klick-und-Los 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation) Microsoft Office Starter 2010 - Deutsch (HKLM-x32\...\{90140011-0066-0407-0000-0000000FF1CE}) (Version: 14.0.5128.5002 - Microsoft Corporation) Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.7.205.0 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 (HKLM-x32\...\{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}) (Version: 9.0.30411 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Mozilla Firefox 35.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 35.0.1 (x86 de)) (Version: 35.0.1 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 33.0 - Mozilla) MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation) MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation) MyWinLocker (Version: 4.0.14.27 - Egis Technology Inc.) Hidden MyWinLocker 4 (x32 Version: 4.0.14.27 - Egis Technology Inc.) Hidden MyWinLocker Suite (HKLM-x32\...\InstallShield_{17DF9714-60C9-43C9-A9C2-32BCAED44CBE}) (Version: 4.0.14.19 - Egis Technology Inc.) MyWinLocker Suite (x32 Version: 4.0.14.19 - Egis Technology Inc.) Hidden Norton Online Backup (HKLM-x32\...\{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}) (Version: 2.1.17869 - Symantec Corporation) NTI Media Maker 9 (HKLM-x32\...\InstallShield_{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}) (Version: 9.0.2.9002 - NTI Corporation) NTI Media Maker 9 (x32 Version: 9.0.2.9002 - NTI Corporation) Hidden NVIDIA Grafiktreiber 327.02 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 327.02 - NVIDIA Corporation) NVIDIA PhysX (HKLM-x32\...\{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}) (Version: 9.10.0514 - NVIDIA Corporation) NVIDIA Update 1.14.17 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.14.17 - NVIDIA Corporation) OpenOffice 4.1.1 (HKLM-x32\...\{ACD0FFF9-6B35-43C1-82DB-9FF6990E8602}) (Version: 4.11.9775 - Apache Software Foundation) PDF Architect (HKLM-x32\...\{064A929A-4DE8-40CF-A901-BD40C14E4D25}) (Version: 1.1.83.9982 - pdfforge GmbH) PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.7.1 - pdfforge) Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.) Poczta usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Podstawowe programy Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Pošta Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Raccolta foto di Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6438 - Realtek Semiconductor Corp.) Secunia PSI (3.0.0.9015) (HKLM-x32\...\Secunia PSI) (Version: 3.0.0.9015 - Secunia) Shredder (Version: 2.0.8.9 - Egis Technology Inc.) Hidden Shredder (x32 Version: 2.0.8.9 - Egis Technology Inc.) Hidden Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation) Skype™ 6.21 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.21.104 - Skype Technologies S.A.) Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.1.6.0 - Synaptics Incorporated) TrueType-Font Klee 1.0 (HKLM-x32\...\{17350614-D988-4250-A77A-445361799829}_is1) (Version: 1.0 - Schroedel) UNiDeals i (HKLM-x32\...\{11F6D5AB-263F-388E-74DE-E3DECD390E3F}) (Version: - ) <==== ATTENTION VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN) Welcome Center (HKLM-x32\...\Acer Welcome Center) (Version: 1.02.3504 - Acer Incorporated) Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation) Συλλογή φωτογραφιών του Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Основные компоненты Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Почта Windows Live (x32 Version: 15.4.3502.0922 - Корпорация Майкрософт) Hidden Фотоальбом Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Фотогалерия на Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden גלריית התמונות של Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden بريد Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden معرض صور Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) CustomCLSID: HKU\S-1-5-21-608024502-4260226369-3383888787-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Sonja\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-608024502-4260226369-3383888787-1001_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Sonja\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-608024502-4260226369-3383888787-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Sonja\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-608024502-4260226369-3383888787-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Sonja\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-608024502-4260226369-3383888787-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Sonja\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-608024502-4260226369-3383888787-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Sonja\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-608024502-4260226369-3383888787-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Sonja\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-608024502-4260226369-3383888787-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Sonja\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-608024502-4260226369-3383888787-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Sonja\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-608024502-4260226369-3383888787-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Sonja\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) ==================== Restore Points ========================= 03-02-2015 10:01:13 Windows Update 06-02-2015 18:37:31 Windows Update 09-02-2015 20:25:21 Windows Update 11-02-2015 20:09:23 Windows Update 13-02-2015 08:31:29 Windows Update 16-02-2015 19:31:24 Windows Update 18-02-2015 19:42:15 Windows Update 22-02-2015 08:20:52 Windows Update 25-02-2015 20:30:45 Windows Update 25-02-2015 21:05:24 Windows Update 01-03-2015 09:56:15 Windows Update ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {195A5721-6A23-4CE0-8113-9878DD75A4A0} - System32\Tasks\{407D971C-04EC-456A-BCC4-881D1C970198} => pcalua.exe -a C:\Users\Sonja\Downloads\epson325180eu.exe -d "C:\Program Files (x86)\Mozilla Firefox" Task: {5742E6FE-5CC1-4C0F-9402-56BB2A58E5C2} - System32\Tasks\IVFLS => C:\Users\Sonja\AppData\Roaming\IVFLS.exe <==== ATTENTION Task: {58CEF53C-7FCA-41D0-8E2C-021BE8885ECE} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-05] (Adobe Systems Incorporated) Task: {63E62CCB-BADF-4BC6-AB5A-4708FCEBF699} - \ProgramUpdateCheck No Task File <==== ATTENTION Task: {6451398E-B85E-4FDC-BB8D-1EB1C4EEA9E0} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-09-10] (Google Inc.) Task: {980ADF53-B406-4D41-8CB5-2603E7881D2A} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated) Task: {A34191F8-4E11-4817-98A5-91CBC33333A2} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-09-10] (Google Inc.) Task: {A91987FC-C65E-498E-BB84-210A453E2942} - System32\Tasks\zufap3002 => C:\PROGRA~2\TabNav\zufap3002.exe Task: {C2BA7755-19CB-4322-B7CA-266626AB8E6D} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc Task: {CDCFD08D-4211-4E9D-AEF4-CAEB4101F5BA} - System32\Tasks\{636BF6D6-54F3-4F1D-BA55-DA06D9D27D78} => pcalua.exe -a "C:\Users\Sonja\Local Settings\Application Data\Bundled software uninstaller\biclient.exe" -c /initurl hxxp://bi.bisrv.com/:affid:/:sid:/:uid:? /affid uninstall /id uninstall /name "Bundled software uninstaller" Task: {D391597B-F761-43B1-93DF-15F76CD3BDAA} - System32\Tasks\{8F3DEAAE-1ECC-4362-B02C-A4F771F9C2C7} => pcalua.exe -a C:\Users\Sonja\AppData\Roaming\mystartsearch\UninstallManager.exe -c -ptid=fun Task: {D8ECF086-9117-499E-8648-7B59F207D22C} - System32\Tasks\SX => C:\Users\Sonja\AppData\Roaming\SX.exe <==== ATTENTION Task: {DC71D38E-FD1D-4064-913E-BED58D441B56} - System32\Tasks\{1FB4DF18-0C49-4EEB-A899-7B7C7E8EE1C7} => pcalua.exe -a C:\Users\Sonja\Downloads\epson325180eu(1).exe -d C:\Users\Sonja\Downloads Task: {EAB27FFA-A3EE-4BAF-B6D5-616B2D83C1A9} - System32\Tasks\HP Photo Creations Communicator => C:\ProgramData\HP Photo Creations\Communicator.exe [2014-12-05] () Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\HP Photo Creations Communicator.job => C:\ProgramData\HP Photo Creations\Communicator.exe Task: C:\Windows\Tasks\IVFLS.job => C:\Users\Sonja\AppData\Roaming\IVFLS.exe <==== ATTENTION Task: C:\Windows\Tasks\SX.job => C:\Users\Sonja\AppData\Roaming\SX.exe <==== ATTENTION ==================== Loaded Modules (whitelisted) ============== 2012-01-12 03:27 - 2013-08-29 23:43 - 00097568 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll 2015-02-18 19:25 - 2015-02-18 19:25 - 00132096 _____ () C:\Users\Sonja\AppData\Roaming\38FAE90D-1424287507-E111-9C39-DC0EA126DAF4\jnsb2E1C.tmp 2015-02-18 19:25 - 2015-02-18 19:25 - 00223744 _____ () C:\Users\Sonja\AppData\Roaming\38FAE90D-1424287507-E111-9C39-DC0EA126DAF4\nsrFB92.tmpfs 2011-10-14 04:57 - 2011-06-10 18:36 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll 2012-12-03 13:42 - 2014-11-26 15:14 - 00860528 _____ () C:\Program Files (x86)\Lidl_Fotos\dd.exe 2014-09-27 19:43 - 2014-09-06 01:54 - 06281536 _____ () C:\Users\Sonja\AppData\Local\Amazon Music\Amazon Music Helper.exe 2014-01-10 06:26 - 2014-01-10 06:26 - 01861968 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe 2011-04-24 02:29 - 2011-04-24 02:29 - 00465640 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\sqlite3.dll 2014-01-10 06:28 - 2014-01-10 06:28 - 00100688 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll 2011-04-24 02:29 - 2011-04-24 02:29 - 01081664 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\ACE.dll 2011-04-24 02:29 - 2011-04-24 02:29 - 00125760 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\MailConverter32.dll 2014-10-16 20:20 - 2014-10-16 20:20 - 00172544 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\c152a64e30c5b94894d75ac86aa7aad2\IsdiInterop.ni.dll 2011-10-14 04:15 - 2011-04-30 08:28 - 00059904 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll 2015-01-26 18:37 - 2015-01-26 18:38 - 03925104 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll 2015-02-05 18:35 - 2015-02-05 18:35 - 16852144 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\abengine => ""="service" ==================== EXE Association (whitelisted) =============== (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-608024502-4260226369-3383888787-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Sonja\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg DNS Servers: 192.168.178.1 ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) ==================== Accounts: ============================= Administrator (S-1-5-21-608024502-4260226369-3383888787-500 - Administrator - Disabled) Gast (S-1-5-21-608024502-4260226369-3383888787-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-608024502-4260226369-3383888787-1003 - Limited - Enabled) Sonja (S-1-5-21-608024502-4260226369-3383888787-1001 - Administrator - Enabled) => C:\Users\Sonja UpdatusUser (S-1-5-21-608024502-4260226369-3383888787-1000 - Limited - Enabled) => C:\Users\UpdatusUser ==================== Faulty Device Manager Devices ============= Name: Teredo Tunneling Pseudo-Interface Description: Microsoft-Teredo-Tunneling-Adapter Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: tunnel Problem: : This device cannot start. (Code10) Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device. On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard. ==================== Event log errors: ========================= Application errors: ================== Error: (02/28/2015 03:25:07 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (02/27/2015 06:49:35 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (02/27/2015 09:19:36 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (02/27/2015 08:56:39 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (02/26/2015 06:42:11 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (02/25/2015 08:55:04 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (02/25/2015 08:54:30 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (02/25/2015 08:43:46 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (02/25/2015 08:43:02 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (02/25/2015 06:38:01 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 System errors: ============= Error: (02/28/2015 03:35:23 PM) (Source: Service Control Manager) (EventID: 7006) (User: ) Description: Der Aufruf "ScRegSetValueExW" ist für "FailureCommand" aufgrund folgenden Fehlers fehlgeschlagen: %%5 Error: (02/28/2015 03:34:49 PM) (Source: Service Control Manager) (EventID: 7006) (User: ) Description: Der Aufruf "ScRegSetValueExW" ist für "Start" aufgrund folgenden Fehlers fehlgeschlagen: %%5 Error: (02/28/2015 03:31:18 PM) (Source: Service Control Manager) (EventID: 7022) (User: ) Description: Der Dienst "NVIDIA Update Service Daemon" wurde nicht richtig gestartet. Error: (02/28/2015 03:27:48 PM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: Der Dienst "HP Network Devices Support" wurde mit folgendem Fehler beendet: %%126 Error: (02/28/2015 03:25:26 PM) (Source: Service Control Manager) (EventID: 7026) (User: ) Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: acedrv06 Error: (02/28/2015 03:24:31 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "McAfee SiteAdvisor Service" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error: (02/28/2015 03:24:29 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst SystemPower erreicht. Error: (02/27/2015 06:59:16 PM) (Source: Service Control Manager) (EventID: 7006) (User: ) Description: Der Aufruf "ScRegSetValueExW" ist für "FailureCommand" aufgrund folgenden Fehlers fehlgeschlagen: %%5 Error: (02/27/2015 06:59:01 PM) (Source: Service Control Manager) (EventID: 7006) (User: ) Description: Der Aufruf "ScRegSetValueExW" ist für "Start" aufgrund folgenden Fehlers fehlgeschlagen: %%5 Error: (02/27/2015 06:56:07 PM) (Source: Service Control Manager) (EventID: 7022) (User: ) Description: Der Dienst "NVIDIA Update Service Daemon" wurde nicht richtig gestartet. Microsoft Office Sessions: ========================= Error: (02/28/2015 03:25:07 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (02/27/2015 06:49:35 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (02/27/2015 09:19:36 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (02/27/2015 08:56:39 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (02/26/2015 06:42:11 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (02/25/2015 08:55:04 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (02/25/2015 08:54:30 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (02/25/2015 08:43:46 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (02/25/2015 08:43:02 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (02/25/2015 06:38:01 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 CodeIntegrity Errors: =================================== Date: 2015-02-28 15:22:43.983 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\drivers\acedrv06.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2015-02-28 15:22:43.890 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\drivers\acedrv06.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2015-02-27 18:47:12.253 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\drivers\acedrv06.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2015-02-27 18:47:12.160 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\drivers\acedrv06.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2015-02-27 09:17:07.191 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\drivers\acedrv06.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2015-02-27 09:17:07.097 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\drivers\acedrv06.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2015-02-27 08:54:04.612 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\drivers\acedrv06.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2015-02-27 08:54:04.534 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\drivers\acedrv06.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2015-02-26 18:40:05.426 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\drivers\acedrv06.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2015-02-26 18:40:05.364 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\drivers\acedrv06.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. ==================== Memory info =========================== Processor: Intel(R) Core(TM) i3-2350M CPU @ 2.30GHz Percentage of memory in use: 50% Total physical RAM: 3947.86 MB Available physical RAM: 1947.72 MB Total Pagefile: 7893.91 MB Available Pagefile: 5556.13 MB Total Virtual: 8192 MB Available Virtual: 8191.8 MB ==================== Drives ================================ Drive c: (Acer) (Fixed) (Total:279.99 GB) (Free:45.92 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 554FC5C8) Partition 1: (Not Active) - (Size=18 GB) - (Type=27) Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=280 GB) - (Type=07 NTFS) ==================== End Of Log ============================ GMER GMER 2.1.19357 - hxxp://www.gmer.net Rootkit scan 2015-03-02 08:49:50 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD32 rev.01.0 298,09GB Running: Gmer-19357.exe; Driver: C:\Users\Sonja\AppData\Local\Temp\ugldapow.sys ---- User code sections - GMER 2.1 ---- .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2856] C:\Windows\system32\kernel32.dll!SetFileCompletionNotificationModes 00000000774c0880 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Users\Sonja\AppData\Local\Amazon Music\Amazon Music Helper.exe[3016] C:\Windows\syswow64\kernel32.dll!SetFileCompletionNotificationModes 00000000773eb2fe 5 bytes JMP 0000000100778f20 .text C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[2824] C:\Windows\syswow64\kernel32.dll!SetFileCompletionNotificationModes 00000000773eb2fe 5 bytes JMP 0000000102048f20 .text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[3124] C:\Windows\syswow64\kernel32.dll!SetFileCompletionNotificationModes 00000000773eb2fe 5 bytes JMP 00000001035f8f20 .text C:\ProgramData\{dc73b5bd-2ead-65a6-dc73-3b5bd2ead6f4}\OptimizerProInstaller.exe[3264] C:\Windows\syswow64\kernel32.dll!SetFileCompletionNotificationModes 00000000773eb2fe 5 bytes JMP 0000000100928f20 .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[5872] C:\Windows\syswow64\kernel32.dll!SetFileCompletionNotificationModes 00000000773eb2fe 5 bytes JMP 0000000100c78f20 .text C:\Program Files\HP\HP Photosmart 5520 series\Bin\HPNetworkCommunicator.exe[5880] C:\Windows\system32\kernel32.dll!SetFileCompletionNotificationModes 00000000774c0880 14 bytes {JMP QWORD [RIP+0x0]} ---- Threads - GMER 2.1 ---- Thread C:\Windows\system32\services.exe [832:4736] 0000000000a8ef60 Thread C:\Windows\system32\services.exe [832:4204] 0000000000a8ef60 Thread C:\Windows\system32\services.exe [832:4856] 0000000000a8ef60 Thread C:\Windows\system32\services.exe [832:4860] 0000000000a8ef60 Thread C:\Windows\system32\svchost.exe [344:460] 000000000025ef60 Thread C:\Windows\system32\svchost.exe [344:504] 000000000025ef60 Thread C:\Windows\system32\svchost.exe [344:496] 000000000025ef60 Thread C:\Windows\system32\svchost.exe [344:508] 000000000025ef60 Thread c:\Program Files\Microsoft Security Client\MsMpEng.exe [568:5376] 000000000c3fef60 Thread c:\Program Files\Microsoft Security Client\MsMpEng.exe [568:3064] 000000000c3fef60 Thread c:\Program Files\Microsoft Security Client\MsMpEng.exe [568:5300] 000000000c3fef60 Thread c:\Program Files\Microsoft Security Client\MsMpEng.exe [568:2788] 000000000c3fef60 Thread C:\Windows\system32\svchost.exe [904:1408] 000000000101ef60 Thread C:\Windows\system32\svchost.exe [904:1412] 000000000101ef60 Thread C:\Windows\system32\svchost.exe [904:1416] 000000000101ef60 Thread C:\Windows\system32\svchost.exe [904:1420] 000000000101ef60 Thread C:\Windows\System32\spoolsv.exe [1436:1824] 0000000001d0ef60 Thread C:\Windows\System32\spoolsv.exe [1436:1828] 0000000001d0ef60 Thread C:\Windows\System32\spoolsv.exe [1436:1832] 0000000001d0ef60 Thread C:\Windows\System32\spoolsv.exe [1436:1836] 0000000001d0ef60 Thread C:\Windows\system32\svchost.exe [1488:1680] 000000000127ef60 Thread C:\Windows\system32\svchost.exe [1488:1684] 000000000127ef60 Thread C:\Windows\system32\svchost.exe [1488:1688] 000000000127ef60 Thread C:\Windows\system32\svchost.exe [1488:1692] 000000000127ef60 Thread C:\Windows\Explorer.EXE [1892:7768] 00000000046bef60 Thread C:\Windows\Explorer.EXE [1892:2960] 00000000046bef60 Thread C:\Windows\Explorer.EXE [1892:4668] 00000000046bef60 Thread C:\Windows\Explorer.EXE [1892:8716] 00000000046bef60 Thread C:\Windows\Explorer.EXE [1892:6604] 00000000046de310 Thread C:\Windows\Explorer.EXE [1892:8860] 00000000046de310 Thread C:\Windows\system32\svchost.exe [5744:5840] 000000000059ef60 Thread C:\Windows\system32\svchost.exe [5744:5844] 000000000059ef60 Thread C:\Windows\system32\svchost.exe [5744:5848] 000000000059ef60 Thread C:\Windows\system32\svchost.exe [5744:5852] 000000000059ef60 Thread C:\Windows\System32\svchost.exe [1384:5724] 000000000065ef60 Thread C:\Windows\System32\svchost.exe [1384:5700] 000000000065ef60 Thread C:\Windows\System32\svchost.exe [1384:5696] 000000000065ef60 Thread C:\Windows\System32\svchost.exe [1384:5792] 000000000065ef60 Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [5528:1880] 000000000102ef60 Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [5528:5540] 000000000102ef60 Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [5528:5592] 000000000102ef60 Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [5528:796] 000000000102ef60 Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [5528:5560] 000000000104e310 Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [5528:6092] 000000000104e310 ---- Processes - GMER 2.1 ---- Process C:\Users\Sonja\AppData\Roaming\38FAE90D-1424287507-E111-9C39-DC0EA126DAF4\jnsb2E1C.tmp (*** suspicious ***) @ C:\Users\Sonja\AppData\Roaming\38FAE90D-1424287507-E111-9C39-DC0EA126DAF4\jnsb2E1C.tmp [2012](2015-02-18 18:25:40) 0000000000aa0000 Process C:\Users\Sonja\AppData\Roaming\38FAE90D-1424287507-E111-9C39-DC0EA126DAF4\nsrFB92.tmpfs (*** suspicious ***) @ C:\Users\Sonja\AppData\Roaming\38FAE90D-1424287507-E111-9C39-DC0EA126DAF4\nsrFB92.tmpfs [2164](2015-02-18 18:25:27) 00000000008e0000 ---- EOF - GMER 2.1 ---- Im Taskmanager habe ich kürzlich zwei Prozesse gesehen, die da nicht hingehören (die heißen wie zwei Songs von den Prinzen), da hat sich meine Frau wohl ihre "Infektion" abgeholt... Vielen Dank für Eure Zeit. Fanou |
|
02.03.2015, 09:10
| #2 |
| /// the machine /// TB-Ausbilder    | Windows 7, Adware eingefangen (Digisaver etc.) hi,
__________________ So funktioniert es:Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
Downloade dir bitte  Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ |
|
03.03.2015, 22:25
| #3 |
| | Windows 7, Adware eingefangen (Digisaver etc.) Guten Abend,
__________________Vielen Dank, schrauber, für die schnelle Antwort. Ich habe mir die Tools heruntergeladen, der MB-Scan läuft gerade. Danke auch für den Code:
ATTFilter Hinweis
Logfiles kommen asap. Hier das MBAR-LOG, TDSS mach ich gleich: Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.09.1.1004
www.malwarebytes.org
Database version:
main: v2015.03.03.06
rootkit: v2015.02.25.01
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.17633
Sonja :: PC [administrator]
03.03.2015 22:18:00
mbar-log-2015-03-03 (22-18-00).txt
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 395341
Time elapsed: 43 minute(s), 30 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
Physical Sectors Detected: 0
(No malicious items detected)
(end)
Code:
ATTFilter 23:17:13.0231 0x0f5c TDSS rootkit removing tool 3.0.0.44 Jan 22 2015 08:27:04
23:17:20.0481 0x0f5c ============================================================
23:17:20.0481 0x0f5c Current date / time: 2015/03/03 23:17:20.0481
23:17:20.0481 0x0f5c SystemInfo:
23:17:20.0481 0x0f5c
23:17:20.0481 0x0f5c OS Version: 6.1.7601 ServicePack: 1.0
23:17:20.0481 0x0f5c Product type: Workstation
23:17:20.0481 0x0f5c ComputerName: PC
23:17:20.0481 0x0f5c UserName: Sonja
23:17:20.0481 0x0f5c Windows directory: C:\Windows
23:17:20.0481 0x0f5c System windows directory: C:\Windows
23:17:20.0481 0x0f5c Running under WOW64
23:17:20.0481 0x0f5c Processor architecture: Intel x64
23:17:20.0481 0x0f5c Number of processors: 4
23:17:20.0481 0x0f5c Page size: 0x1000
23:17:20.0481 0x0f5c Boot type: Normal boot
23:17:20.0481 0x0f5c ============================================================
23:17:20.0801 0x0f5c KLMD registered as C:\Windows\system32\drivers\52590260.sys
23:17:21.0911 0x0f5c System UUID: {0DA0F262-08EE-2711-F97B-1C91E59548AD}
23:17:22.0821 0x0f5c Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 ( 298.09 Gb ), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
23:17:22.0821 0x0f5c ============================================================
23:17:22.0821 0x0f5c \Device\Harddisk0\DR0:
23:17:22.0821 0x0f5c MBR partitions:
23:17:22.0821 0x0f5c \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2400800, BlocksNum 0x32000
23:17:22.0821 0x0f5c \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x2432800, BlocksNum 0x22FFB800
23:17:22.0821 0x0f5c ============================================================
23:17:22.0931 0x0f5c C: <-> \Device\Harddisk0\DR0\Partition2
23:17:22.0931 0x0f5c ============================================================
23:17:22.0931 0x0f5c Initialize success
23:17:22.0931 0x0f5c ============================================================
23:18:27.0751 0x14a0 ============================================================
23:18:27.0751 0x14a0 Scan started
23:18:27.0751 0x14a0 Mode: Manual; SigCheck; TDLFS;
23:18:27.0751 0x14a0 ============================================================
23:18:27.0751 0x14a0 KSN ping started
23:18:42.0171 0x14a0 KSN ping finished: true
23:18:43.0101 0x14a0 ================ Scan system memory ========================
23:18:43.0101 0x14a0 System memory - ok
23:18:43.0101 0x14a0 ================ Scan services =============================
23:18:43.0331 0x14a0 [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
23:18:43.0501 0x14a0 1394ohci - ok
23:18:43.0641 0x14a0 [ C8030D922511A926D0AA06B78C4B87A9, 6D093CE1F43249839D4A2C3D832A57A8358203F6F6BA9349AB1E7806701A9E1D ] acedrv06 C:\Windows\system32\drivers\acedrv06.sys
23:18:43.0691 0x14a0 acedrv06 - detected UnsignedFile.Multi.Generic ( 1 )
23:18:46.0061 0x14a0 Detect skipped due to KSN trusted
23:18:46.0061 0x14a0 acedrv06 - ok
23:18:46.0141 0x14a0 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI C:\Windows\system32\drivers\ACPI.sys
23:18:46.0161 0x14a0 ACPI - ok
23:18:46.0261 0x14a0 [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
23:18:46.0341 0x14a0 AcpiPmi - ok
23:18:46.0641 0x14a0 [ FC5B75CA6A1DA31EDD4F8D53F5540B98, CDC445F2790ADFC4C5568C40D4DA8BB95CD71991665B38AEC3D84571C99C3520 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
23:18:46.0651 0x14a0 AdobeARMservice - ok
23:18:46.0901 0x14a0 [ 080255CDCB878813B481B8C348D47D8E, 75808821FBC732D0504795B8F85852E4C01D3B412989A1E597E1295CFF7B7A45 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
23:18:46.0921 0x14a0 AdobeFlashPlayerUpdateSvc - ok
23:18:47.0021 0x14a0 [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
23:18:47.0051 0x14a0 adp94xx - ok
23:18:47.0111 0x14a0 [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci C:\Windows\system32\drivers\adpahci.sys
23:18:47.0131 0x14a0 adpahci - ok
23:18:47.0141 0x14a0 [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
23:18:47.0161 0x14a0 adpu320 - ok
23:18:47.0191 0x14a0 [ 4B78B431F225FD8624C5655CB1DE7B61, 198A5AF2125C7C41F531A652D200C083A55A97DC541E3C0B5B253C7329949156 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
23:18:47.0321 0x14a0 AeLookupSvc - ok
23:18:47.0431 0x14a0 [ FA886682CFC5D36718D3E436AACF10B9, F80AB4F91AA6B5C7ECCB000D8E1BC2CF776DC3D69B3D9EBC2558C19035A6B3AB ] AFD C:\Windows\system32\drivers\afd.sys
23:18:47.0491 0x14a0 AFD - ok
23:18:47.0561 0x14a0 [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440 C:\Windows\system32\drivers\agp440.sys
23:18:47.0571 0x14a0 agp440 - ok
23:18:47.0591 0x14a0 [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG C:\Windows\System32\alg.exe
23:18:47.0671 0x14a0 ALG - ok
23:18:47.0741 0x14a0 [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide C:\Windows\system32\drivers\aliide.sys
23:18:47.0751 0x14a0 aliide - ok
23:18:47.0801 0x14a0 [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide C:\Windows\system32\drivers\amdide.sys
23:18:47.0811 0x14a0 amdide - ok
23:18:47.0841 0x14a0 [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
23:18:47.0881 0x14a0 AmdK8 - ok
23:18:47.0881 0x14a0 [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys
23:18:47.0901 0x14a0 AmdPPM - ok
23:18:47.0931 0x14a0 [ D4121AE6D0C0E7E13AA221AA57EF2D49, 626F43C099BD197BE56648C367B711143C2BCCE96496BBDEF19F391D52FA01D0 ] amdsata C:\Windows\system32\drivers\amdsata.sys
23:18:47.0941 0x14a0 amdsata - ok
23:18:47.0961 0x14a0 [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
23:18:47.0981 0x14a0 amdsbs - ok
23:18:48.0011 0x14a0 [ 540DAF1CEA6094886D72126FD7C33048, 296578572A93F5B74E1AD443E000B79DC99D1CBD25082E02704800F886A3065F ] amdxata C:\Windows\system32\drivers\amdxata.sys
23:18:48.0021 0x14a0 amdxata - ok
23:18:48.0101 0x14a0 [ 80B9412C4DE09147581FC935FB4C97AB, 0C9661F7B5EF7F9D61981790B7AB64E3375BD117962166619D0CC546A2D014D3 ] AppID C:\Windows\system32\drivers\appid.sys
23:18:48.0151 0x14a0 AppID - ok
23:18:48.0171 0x14a0 [ F71CA01C24FC3798A717B5A6F682F9AD, 8CF1C209E7BBBAD02D6D087293C0B681CDA3170AF119CA2916C2708D8801E749 ] AppIDSvc C:\Windows\System32\appidsvc.dll
23:18:48.0201 0x14a0 AppIDSvc - ok
23:18:48.0271 0x14a0 [ 9D2A2369AB4B08A4905FE72DB104498F, D6FA1705018BABABFA2362E05691A0D6408D14DE7B76129B16D0A1DAD6378E58 ] Appinfo C:\Windows\System32\appinfo.dll
23:18:48.0331 0x14a0 Appinfo - ok
23:18:48.0351 0x14a0 [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc C:\Windows\system32\drivers\arc.sys
23:18:48.0361 0x14a0 arc - ok
23:18:48.0371 0x14a0 [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas C:\Windows\system32\drivers\arcsas.sys
23:18:48.0381 0x14a0 arcsas - ok
23:18:48.0571 0x14a0 [ 9A262EDD17F8473B91B333D6B031A901, 05DFBD3A7D83FDE1D062EA719ACA9EC48CB7FD42D17DDD88B82E5D25469ADD23 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
23:18:48.0591 0x14a0 aspnet_state - ok
23:18:48.0641 0x14a0 [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
23:18:48.0711 0x14a0 AsyncMac - ok
23:18:48.0781 0x14a0 [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi C:\Windows\system32\drivers\atapi.sys
23:18:48.0801 0x14a0 atapi - ok
23:18:48.0961 0x14a0 [ 956BC6EB96AA09478BD897AF8DF55A62, 07221CE77A08BF44AEEC5B65BD9991920853DD69592FFEAF86A63B70DB988796 ] athr C:\Windows\system32\DRIVERS\athrx.sys
23:18:49.0151 0x14a0 athr - ok
23:18:49.0241 0x14a0 [ DE3E38431B00C2EA247C53675DCF01A0, 8965192096C94203A1F16689DCDA45FE0EDF3A6FB75B70FC378C2008E8E71C9B ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
23:18:49.0341 0x14a0 AudioEndpointBuilder - ok
23:18:49.0361 0x14a0 [ DE3E38431B00C2EA247C53675DCF01A0, 8965192096C94203A1F16689DCDA45FE0EDF3A6FB75B70FC378C2008E8E71C9B ] AudioSrv C:\Windows\System32\Audiosrv.dll
23:18:49.0391 0x14a0 AudioSrv - ok
23:18:49.0461 0x14a0 [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV C:\Windows\System32\AxInstSV.dll
23:18:49.0561 0x14a0 AxInstSV - ok
23:18:49.0661 0x14a0 [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
23:18:49.0721 0x14a0 b06bdrv - ok
23:18:49.0801 0x14a0 [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
23:18:49.0841 0x14a0 b57nd60a - ok
23:18:49.0921 0x14a0 [ A424CB46A145E5AABF15621550976DF2, B6CA183FD5ED72237D2DC1F599FD04A066C06A717A2CF63AF08D3AA0A227D7BA ] b57xdbd C:\Windows\system32\DRIVERS\b57xdbd.sys
23:18:49.0931 0x14a0 b57xdbd - ok
23:18:50.0011 0x14a0 [ BE4E6FD5A898812B85D5817AD9754A9F, 46A7C80283BE53F43A0D73DA3338461024DD002A7CF43660F9C7D640E0C72876 ] b57xdmp C:\Windows\system32\DRIVERS\b57xdmp.sys
23:18:50.0021 0x14a0 b57xdmp - ok
23:18:50.0091 0x14a0 [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC C:\Windows\System32\bdesvc.dll
23:18:50.0151 0x14a0 BDESVC - ok
23:18:50.0161 0x14a0 [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep C:\Windows\system32\drivers\Beep.sys
23:18:50.0221 0x14a0 Beep - ok
23:18:50.0301 0x14a0 [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE C:\Windows\System32\bfe.dll
23:18:50.0391 0x14a0 BFE - ok
23:18:50.0441 0x14a0 [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS C:\Windows\System32\qmgr.dll
23:18:50.0631 0x14a0 BITS - ok
23:18:50.0691 0x14a0 [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys
23:18:50.0731 0x14a0 blbdrive - ok
23:18:50.0801 0x14a0 [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
23:18:50.0821 0x14a0 bowser - ok
23:18:50.0871 0x14a0 [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
23:18:50.0911 0x14a0 BrFiltLo - ok
23:18:50.0921 0x14a0 [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
23:18:50.0941 0x14a0 BrFiltUp - ok
23:18:50.0981 0x14a0 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser C:\Windows\System32\browser.dll
23:18:51.0031 0x14a0 Browser - ok
23:18:51.0061 0x14a0 [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid C:\Windows\System32\Drivers\Brserid.sys
23:18:51.0121 0x14a0 Brserid - ok
23:18:51.0131 0x14a0 [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
23:18:51.0161 0x14a0 BrSerWdm - ok
23:18:51.0171 0x14a0 [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
23:18:51.0191 0x14a0 BrUsbMdm - ok
23:18:51.0201 0x14a0 [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
23:18:51.0211 0x14a0 BrUsbSer - ok
23:18:51.0291 0x14a0 [ 0970D8B7151E9113BF8D44CE2E954DF7, D467DFFA1668F3BE29620154A13867568C25211ED823BE6A220D2DEE7E3A1278 ] bScsiMSa C:\Windows\system32\DRIVERS\bScsiMSa.sys
23:18:51.0301 0x14a0 bScsiMSa - ok
23:18:51.0391 0x14a0 [ 0C1EEE5AF32402D306874B110DE237EC, B0FE0F3B6A1E2C003E6F4B6330601C43126881262B328D7DD93AC2C0B714DC86 ] bScsiSDa C:\Windows\system32\DRIVERS\bScsiSDa.sys
23:18:51.0401 0x14a0 bScsiSDa - ok
23:18:51.0431 0x14a0 [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
23:18:51.0471 0x14a0 BTHMODEM - ok
23:18:51.0541 0x14a0 [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv C:\Windows\system32\bthserv.dll
23:18:51.0601 0x14a0 bthserv - ok
23:18:51.0881 0x14a0 [ 9AB06ED83F55D6918D6118ED75E0BC13, 3718BCF333BA7EBA4773971C73047B39A52C2E15B5873ED102C79DE17A0ACE01 ] bujixodo C:\Users\Sonja\AppData\Roaming\38FAE90D-1424287507-E111-9C39-DC0EA126DAF4\jnsb2E1C.tmp
23:18:51.0891 0x14a0 bujixodo - detected UnsignedFile.Multi.Generic ( 1 )
23:18:54.0381 0x14a0 Detect turned to UDS exact due to KSN untrusted
23:18:54.0481 0x14a0 bujixodo ( UDS:DangerousObject.Multi.Generic ) - infected
23:18:54.0481 0x14a0 Force sending object to P2P due to detect: bujixodo
23:18:56.0981 0x14a0 Object send P2P result: true
23:18:59.0591 0x14a0 [ 1F79342D9EB530A48742F651E570983A, 99E0B613C23FA8591E248DFA6FF2D3EE19E262BE6E070A0E43E256B69687017F ] c2cautoupdatesvc C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
23:18:59.0651 0x14a0 c2cautoupdatesvc - ok
23:18:59.0781 0x14a0 [ E4938E0A376CF0B9D989EE5C0A146891, 9DF6AB5781CD60862D9664CA9A8AF0696A1FB6D09D804CD8DE9630F40DE59E90 ] c2cpnrsvc C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
23:18:59.0851 0x14a0 c2cpnrsvc - ok
23:18:59.0901 0x14a0 [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
23:18:59.0961 0x14a0 cdfs - ok
23:19:00.0021 0x14a0 [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
23:19:00.0061 0x14a0 cdrom - ok
23:19:00.0121 0x14a0 [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc C:\Windows\System32\certprop.dll
23:19:00.0161 0x14a0 CertPropSvc - ok
23:19:00.0221 0x14a0 [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass C:\Windows\system32\drivers\circlass.sys
23:19:00.0251 0x14a0 circlass - ok
23:19:00.0291 0x14a0 [ FE1EC06F2253F691FE36217C592A0206, B9F122DB5E665ECDF29A5CB8BB6B531236F31A54A95769D6C5C1924C87FE70CE ] CLFS C:\Windows\system32\CLFS.sys
23:19:00.0311 0x14a0 CLFS - ok
23:19:00.0381 0x14a0 [ F13EC8A783E0CB0D6DC26A3CA848B7B8, 0809E3B71709F1343086EEB6C820543C1A7119E74EEF8AC1AEE1F81093ABEC66 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
23:19:00.0391 0x14a0 clr_optimization_v2.0.50727_32 - ok
23:19:00.0431 0x14a0 [ B4D73F04E9BC076F7CDAC4327DF636BB, 1ADED20D5A0D0A76E2F85CB778FD06BAB814868D35F8532E17D67045FF4770C2 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
23:19:00.0441 0x14a0 clr_optimization_v2.0.50727_64 - ok
23:19:00.0581 0x14a0 [ E87213F37A13E2B54391E40934F071D0, 7EB221127EFB5BF158FB03D18EFDA2C55FB6CE3D1A1FE69C01D70DBED02C87E5 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
23:19:00.0591 0x14a0 clr_optimization_v4.0.30319_32 - ok
23:19:00.0651 0x14a0 [ 4AEDAB50F83580D0B4D6CF78191F92AA, D113C47013B018B45161911B96E93AF96A2F3B34FA47061BF6E7A71FBA03194A ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
23:19:00.0681 0x14a0 clr_optimization_v4.0.30319_64 - ok
23:19:00.0741 0x14a0 [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt C:\Windows\system32\drivers\CmBatt.sys
23:19:00.0771 0x14a0 CmBatt - ok
23:19:00.0811 0x14a0 [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide C:\Windows\system32\drivers\cmdide.sys
23:19:00.0821 0x14a0 cmdide - ok
23:19:00.0881 0x14a0 [ E45CDE1C8340DFEDF1D6724263F39E5B, 8B8091D0A8FF08170F34DA01A4201DAE7C3D026226BC77B5C2EC67657C670168 ] CNG C:\Windows\system32\Drivers\cng.sys
23:19:00.0951 0x14a0 CNG - ok
23:19:01.0031 0x14a0 [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt C:\Windows\system32\drivers\compbatt.sys
23:19:01.0041 0x14a0 Compbatt - ok
23:19:01.0101 0x14a0 [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
23:19:01.0141 0x14a0 CompositeBus - ok
23:19:01.0171 0x14a0 COMSysApp - ok
23:19:01.0201 0x14a0 [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
23:19:01.0211 0x14a0 crcdisk - ok
23:19:01.0261 0x14a0 [ 19D511CC455C19DE1ADF60E6C39C85B6, 2A05DD5EF3D0BEC2C9F4EA186E0E2D0F7BE0BF6A473D51194B09D33773AC7FAA ] CryptSvc C:\Windows\system32\cryptsvc.dll
23:19:01.0311 0x14a0 CryptSvc - ok
23:19:01.0521 0x14a0 [ FD557A50A65E44041CD2FCEF4BEB04DB, 746D5958F7198895D35A23566D3736D993D57726BF59D91421D8091C48926A26 ] cvhsvc C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
23:19:01.0551 0x14a0 cvhsvc - ok
23:19:01.0601 0x14a0 [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] DcomLaunch C:\Windows\system32\rpcss.dll
23:19:01.0691 0x14a0 DcomLaunch - ok
23:19:01.0741 0x14a0 [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc C:\Windows\System32\defragsvc.dll
23:19:01.0801 0x14a0 defragsvc - ok
23:19:01.0871 0x14a0 [ 9BB2EF44EAA163B29C4A4587887A0FE4, 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F ] DfsC C:\Windows\system32\Drivers\dfsc.sys
23:19:01.0921 0x14a0 DfsC - ok
23:19:02.0031 0x14a0 [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp C:\Windows\system32\dhcpcore.dll
23:19:02.0131 0x14a0 Dhcp - ok
23:19:02.0261 0x14a0 [ D6EDA3363C9C9D2CE5753FE104C5C24E, 0209735581858E583EDB1F94ED154C4519ACF740FD8CF2D1FFE9C20E5089683C ] dibudyzy C:\Users\Sonja\AppData\Roaming\38FAE90D-1424287507-E111-9C39-DC0EA126DAF4\nsrFB92.tmpfs
23:19:02.0291 0x14a0 dibudyzy - detected UnsignedFile.Multi.Generic ( 1 )
23:19:04.0981 0x14a0 dibudyzy ( UnsignedFile.Multi.Generic ) - warning
23:19:07.0361 0x14a0 [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache C:\Windows\system32\drivers\discache.sys
23:19:07.0411 0x14a0 discache - ok
23:19:07.0501 0x14a0 [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk C:\Windows\system32\drivers\disk.sys
23:19:07.0511 0x14a0 Disk - ok
23:19:07.0601 0x14a0 [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache C:\Windows\System32\dnsrslvr.dll
23:19:07.0621 0x14a0 Dnscache - ok
23:19:07.0651 0x14a0 [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc C:\Windows\System32\dot3svc.dll
23:19:07.0731 0x14a0 dot3svc - ok
23:19:07.0781 0x14a0 [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS C:\Windows\system32\dps.dll
23:19:07.0821 0x14a0 DPS - ok
23:19:07.0921 0x14a0 [ 9B19F34400D24DF84C858A421C205754, 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
23:19:07.0951 0x14a0 drmkaud - ok
23:19:08.0101 0x14a0 [ 9DD3A22F804697606C2B7FF9E912FF6B, BBE2FC0D554030BA9E3A96CC4A360D61DBCCAA1D81BD7547809F29A3AF0B3A25 ] DsiWMIService C:\Program Files (x86)\Launch Manager\dsiwmis.exe
23:19:08.0121 0x14a0 DsiWMIService - ok
23:19:08.0201 0x14a0 [ 87CE5C8965E101CCCED1F4675557E868, 077D98F0F130B2FC710208BA34016EF2B2506EE2BD71740B228145E34A3046F1 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
23:19:08.0271 0x14a0 DXGKrnl - ok
23:19:08.0341 0x14a0 [ DD81D91FF3B0763C392422865C9AC12E, F5691B8F200E3196E6808E932630E862F8F26F31CD949981373F23C9D87DB8B9 ] e47f97f2 C:\Windows\system32\rundll32.exe
23:19:08.0371 0x14a0 e47f97f2 - ok
23:19:08.0451 0x14a0 [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost C:\Windows\System32\eapsvc.dll
23:19:08.0511 0x14a0 EapHost - ok
23:19:08.0661 0x14a0 [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv C:\Windows\system32\drivers\evbda.sys
23:19:08.0811 0x14a0 ebdrv - ok
23:19:08.0861 0x14a0 [ E0105F3B5B1C4B0F5B3D788A13504EC6, 16C094BC098E4606239C8A54F2E4B92BABB68215CCB43C161661B1A664A0C7A0 ] EFS C:\Windows\System32\lsass.exe
23:19:08.0891 0x14a0 EFS - ok
23:19:08.0971 0x14a0 [ 5332EC2BA1C112BD4BB1F38127848FEF, 156585CE4011546B20EDD20D04E639A0788B1DE6455B23B94E2CD31BA725FE3C ] EgisTec Ticket Service C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe
23:19:08.0981 0x14a0 EgisTec Ticket Service - ok
23:19:09.0081 0x14a0 [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
23:19:09.0181 0x14a0 ehRecvr - ok
23:19:09.0241 0x14a0 [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched C:\Windows\ehome\ehsched.exe
23:19:09.0271 0x14a0 ehSched - ok
23:19:09.0351 0x14a0 [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor C:\Windows\system32\drivers\elxstor.sys
23:19:09.0381 0x14a0 elxstor - ok
23:19:09.0511 0x14a0 [ 48425C93B6F36529707206E4FA680CF3, 328BD59DEDFAD359EF79CCFBC2AD3E9C95657EC616AE0611F5EFEB34B810692A ] ePowerSvc C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
23:19:09.0541 0x14a0 ePowerSvc - ok
23:19:09.0551 0x14a0 [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev C:\Windows\system32\drivers\errdev.sys
23:19:09.0581 0x14a0 ErrDev - ok
23:19:09.0671 0x14a0 [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem C:\Windows\system32\es.dll
23:19:09.0761 0x14a0 EventSystem - ok
23:19:09.0781 0x14a0 [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat C:\Windows\system32\drivers\exfat.sys
23:19:09.0851 0x14a0 exfat - ok
23:19:09.0881 0x14a0 [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat C:\Windows\system32\drivers\fastfat.sys
23:19:09.0921 0x14a0 fastfat - ok
23:19:10.0011 0x14a0 [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax C:\Windows\system32\fxssvc.exe
23:19:10.0091 0x14a0 Fax - ok
23:19:10.0121 0x14a0 [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc C:\Windows\system32\drivers\fdc.sys
23:19:10.0151 0x14a0 fdc - ok
23:19:10.0201 0x14a0 [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost C:\Windows\system32\fdPHost.dll
23:19:10.0251 0x14a0 fdPHost - ok
23:19:10.0291 0x14a0 [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub C:\Windows\system32\fdrespub.dll
23:19:10.0321 0x14a0 FDResPub - ok
23:19:10.0351 0x14a0 [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
23:19:10.0371 0x14a0 FileInfo - ok
23:19:10.0391 0x14a0 [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
23:19:10.0441 0x14a0 Filetrace - ok
23:19:10.0541 0x14a0 [ BB0667B0171B632B97EA759515476F07, 07A123B2182D5813D2898928C231638353CF086606E9D5A5AF4A2A73E17CEC27 ] FLEXnet Licensing Service C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
23:19:10.0581 0x14a0 FLEXnet Licensing Service - ok
23:19:10.0631 0x14a0 [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
23:19:10.0661 0x14a0 flpydisk - ok
23:19:10.0721 0x14a0 [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
23:19:10.0741 0x14a0 FltMgr - ok
23:19:10.0821 0x14a0 [ C4C183E6551084039EC862DA1C945E3D, 0874A2ACDD24D64965AA9A76E9C818E216880AE4C9A2E07ED932EE404585CEE6 ] FontCache C:\Windows\system32\FntCache.dll
23:19:10.0941 0x14a0 FontCache - ok
23:19:10.0991 0x14a0 [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
23:19:11.0001 0x14a0 FontCache3.0.0.0 - ok
23:19:11.0021 0x14a0 [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
23:19:11.0031 0x14a0 FsDepends - ok
23:19:11.0061 0x14a0 [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
23:19:11.0071 0x14a0 Fs_Rec - ok
23:19:11.0151 0x14a0 [ 8F6322049018354F45F05A2FD2D4E5E0, 73BF0FB4EBD7887E992DDEBB79E906958D6678F8D1107E8C368F5A0514D80359 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
23:19:11.0171 0x14a0 fvevol - ok
23:19:11.0241 0x14a0 [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
23:19:11.0251 0x14a0 gagp30kx - ok
23:19:11.0311 0x14a0 [ 277BBC7E1AA1EE957F573A10ECA7EF3A, 2EE60B924E583E847CC24E78B401EF95C69DB777A5B74E1EC963E18D47B94D24 ] gpsvc C:\Windows\System32\gpsvc.dll
23:19:11.0401 0x14a0 gpsvc - ok
23:19:11.0501 0x14a0 [ C9B2D1D3F86FD3673EF847DEF73B6F9E, 9D3822A6464F685F770F8D02A8AE623A676888F135E8425C3BAF1CC077429A7F ] GREGService C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
23:19:11.0511 0x14a0 GREGService - ok
23:19:11.0711 0x14a0 [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
23:19:11.0721 0x14a0 gupdate - ok
23:19:11.0761 0x14a0 [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
23:19:11.0771 0x14a0 gupdatem - ok
23:19:11.0821 0x14a0 [ C1B577B2169900F4CF7190C39F085794, 73E104B96A48F4C80D8C37254ECB0891D15C0D2F0C251B57C168F90D60316447 ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
23:19:11.0831 0x14a0 gusvc - ok
23:19:11.0861 0x14a0 [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
23:19:11.0921 0x14a0 hcw85cir - ok
23:19:11.0991 0x14a0 [ 975761C778E33CD22498059B91E7373A, 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
23:19:12.0051 0x14a0 HdAudAddService - ok
23:19:12.0111 0x14a0 [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
23:19:12.0131 0x14a0 HDAudBus - ok
23:19:12.0221 0x14a0 [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
23:19:12.0251 0x14a0 HidBatt - ok
23:19:12.0251 0x14a0 [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth C:\Windows\system32\drivers\hidbth.sys
23:19:12.0331 0x14a0 HidBth - ok
23:19:12.0341 0x14a0 [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr C:\Windows\system32\drivers\hidir.sys
23:19:12.0361 0x14a0 HidIr - ok
23:19:12.0401 0x14a0 [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv C:\Windows\system32\hidserv.dll
23:19:12.0471 0x14a0 hidserv - ok
23:19:12.0551 0x14a0 [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb C:\Windows\system32\drivers\hidusb.sys
23:19:12.0571 0x14a0 HidUsb - ok
23:19:12.0601 0x14a0 [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc C:\Windows\system32\kmsvc.dll
23:19:12.0671 0x14a0 hkmsvc - ok
23:19:12.0701 0x14a0 [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
23:19:12.0761 0x14a0 HomeGroupListener - ok
23:19:12.0791 0x14a0 [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
23:19:12.0861 0x14a0 HomeGroupProvider - ok
23:19:12.0921 0x14a0 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
23:19:12.0931 0x14a0 HpSAMD - ok
23:19:13.0221 0x14a0 HPSLPSVC - ok
23:19:13.0311 0x14a0 [ 0EA7DE1ACB728DD5A369FD742D6EEE28, 21C489412EB33A12B22290EB701C19BA57006E8702E76F730954F0784DDE9779 ] HTTP C:\Windows\system32\drivers\HTTP.sys
23:19:13.0421 0x14a0 HTTP - ok
23:19:13.0461 0x14a0 [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
23:19:13.0481 0x14a0 hwpolicy - ok
23:19:13.0551 0x14a0 [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
23:19:13.0571 0x14a0 i8042prt - ok
23:19:13.0611 0x14a0 [ 26CF4275034214ECEDD8EC17B0A18A99, 95A08C63971C28F1BC97040C0ADA247E3B43DE7D937B14E33A394B955D0AC8B7 ] iaStor C:\Windows\system32\drivers\iaStor.sys
23:19:13.0641 0x14a0 iaStor - ok
23:19:13.0721 0x14a0 [ E79A8E33BD136D14BAE1FA20EB2EF124, 54AD784570282FEF21021BE76C57EE878EC6FF6423CE2FFC3A4372AF6C3112D4 ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
23:19:13.0731 0x14a0 IAStorDataMgrSvc - ok
23:19:13.0811 0x14a0 [ AAAF44DB3BD0B9D1FB6969B23ECC8366, 805AA4A9464002D1AB3832E4106B2AAA1331F4281367E75956062AAE99699385 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
23:19:13.0831 0x14a0 iaStorV - ok
23:19:13.0911 0x14a0 [ C98A5B9D932430AD8EEBD3EF73756EF7, DF7E1D391A0F3345AD61154363922C27BD557DEEACE395A6A8A8A16BFD1BB9A8 ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
23:19:13.0961 0x14a0 idsvc - ok
23:19:13.0971 0x14a0 IEEtwCollectorService - ok
23:19:14.0441 0x14a0 [ 9937600A1584FF00565D5379EB4C9EDB, CF03333E9E7BD940B27194A9CF21ED8A6A10B698B545A898291976F650FC2675 ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
23:19:14.0961 0x14a0 igfx - ok
23:19:15.0041 0x14a0 [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp C:\Windows\system32\drivers\iirsp.sys
23:19:15.0051 0x14a0 iirsp - ok
23:19:15.0131 0x14a0 [ 344789398EC3EE5A4E00C52B31847946, 3DA5F08E4B46F4E63456AA588D49E39A6A09A97D0509880C00F327623DB6122D ] IKEEXT C:\Windows\System32\ikeext.dll
23:19:15.0181 0x14a0 IKEEXT - ok
23:19:15.0361 0x14a0 [ CB7DADEF3D83FE2C12655A0BDCBA99F2, AD55A578986F008ED01635D3BB26414D71F418640099BFA92D9CABAB6A88E01D ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
23:19:15.0481 0x14a0 IntcAzAudAddService - ok
23:19:15.0571 0x14a0 [ FC727061C0F47C8059E88E05D5C8E381, C7A3782F5D86C7FDE57AA1F2EE81638C5FC3072ACC6E572BA2EC7B3CFF389800 ] IntcDAud C:\Windows\system32\DRIVERS\IntcDAud.sys
23:19:15.0601 0x14a0 IntcDAud - ok
23:19:15.0641 0x14a0 [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide C:\Windows\system32\drivers\intelide.sys
23:19:15.0651 0x14a0 intelide - ok
23:19:15.0711 0x14a0 [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
23:19:15.0751 0x14a0 intelppm - ok
23:19:15.0791 0x14a0 [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum C:\Windows\system32\ipbusenum.dll
23:19:15.0841 0x14a0 IPBusEnum - ok
23:19:15.0871 0x14a0 [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
23:19:15.0901 0x14a0 IpFilterDriver - ok
23:19:15.0961 0x14a0 [ 08C2957BB30058E663720C5606885653, E13EDF6701512E2A9977A531454932CA5023087CB50E1D2F416B8BCDD92B67BE ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
23:19:16.0031 0x14a0 iphlpsvc - ok
23:19:16.0051 0x14a0 [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
23:19:16.0071 0x14a0 IPMIDRV - ok
23:19:16.0081 0x14a0 [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT C:\Windows\system32\drivers\ipnat.sys
23:19:16.0121 0x14a0 IPNAT - ok
23:19:16.0171 0x14a0 [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM C:\Windows\system32\drivers\irenum.sys
23:19:16.0211 0x14a0 IRENUM - ok
23:19:16.0211 0x14a0 [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp C:\Windows\system32\drivers\isapnp.sys
23:19:16.0221 0x14a0 isapnp - ok
23:19:16.0271 0x14a0 [ 96BB922A0981BC7432C8CF52B5410FE6, 236C05509B1040059B15021CBBDBDAF3B9C0F00910142BE5887B2C7561BAAFBA ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
23:19:16.0281 0x14a0 iScsiPrt - ok
23:19:16.0371 0x14a0 [ 455B75C19BF3F1F2EE3AC10E1169826C, C8CE6DE48E0B4621F2851A994261FA787556A27F9868A8859E5E8A8354028257 ] k57nd60a C:\Windows\system32\DRIVERS\k57nd60a.sys
23:19:16.0391 0x14a0 k57nd60a - ok
23:19:16.0451 0x14a0 [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
23:19:16.0461 0x14a0 kbdclass - ok
23:19:16.0501 0x14a0 [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
23:19:16.0531 0x14a0 kbdhid - ok
23:19:16.0551 0x14a0 [ E0105F3B5B1C4B0F5B3D788A13504EC6, 16C094BC098E4606239C8A54F2E4B92BABB68215CCB43C161661B1A664A0C7A0 ] KeyIso C:\Windows\system32\lsass.exe
23:19:16.0561 0x14a0 KeyIso - ok
23:19:16.0591 0x14a0 [ C60C6B9A2E50B0404F6789C62B428C03, 0DFFAACBA038FB3D994049E7BBC8E0C63CB8B4A68C4AB770AD995B66B017C25B ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
23:19:16.0611 0x14a0 KSecDD - ok
23:19:16.0641 0x14a0 [ 78D152A9FD5747FF6AA89C79F0346F62, 69138077E84E5324751E3C8B80D05BE58EDF03CEC84F69B734537F10F6998F3B ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
23:19:16.0661 0x14a0 KSecPkg - ok
23:19:16.0681 0x14a0 [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
23:19:16.0711 0x14a0 ksthunk - ok
23:19:16.0741 0x14a0 [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm C:\Windows\system32\msdtckrm.dll
23:19:16.0791 0x14a0 KtmRm - ok
23:19:16.0871 0x14a0 [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer C:\Windows\system32\srvsvc.dll
23:19:16.0931 0x14a0 LanmanServer - ok
23:19:17.0031 0x14a0 [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
23:19:17.0091 0x14a0 LanmanWorkstation - ok
23:19:17.0191 0x14a0 [ 93B73DED2BC688F140C6AE2FBAD45789, B6859BC5D309B99BCCDC3717108B714497AAE9C5B26CE5B201344A41FC4CFF9D ] Live Updater Service C:\Program Files\Acer\Acer Updater\UpdaterService.exe
23:19:17.0201 0x14a0 Live Updater Service - ok
23:19:17.0261 0x14a0 [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
23:19:17.0321 0x14a0 lltdio - ok
23:19:17.0351 0x14a0 [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc C:\Windows\System32\lltdsvc.dll
23:19:17.0411 0x14a0 lltdsvc - ok
23:19:17.0441 0x14a0 [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts C:\Windows\System32\lmhsvc.dll
23:19:17.0491 0x14a0 lmhosts - ok
23:19:17.0591 0x14a0 [ 50C7CE53EF461870410355F1F2E7D515, D6E84C63D74E4603D37FD7CC88BF51DE23CD17DB1D1AD4ADBED62F949F3C470C ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
23:19:17.0611 0x14a0 LMS - ok
23:19:17.0681 0x14a0 [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
23:19:17.0701 0x14a0 LSI_FC - ok
23:19:17.0701 0x14a0 [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
23:19:17.0721 0x14a0 LSI_SAS - ok
23:19:17.0721 0x14a0 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
23:19:17.0741 0x14a0 LSI_SAS2 - ok
23:19:17.0751 0x14a0 [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
23:19:17.0761 0x14a0 LSI_SCSI - ok
23:19:17.0821 0x14a0 [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv C:\Windows\system32\drivers\luafv.sys
23:19:17.0871 0x14a0 luafv - ok
23:19:17.0901 0x14a0 McAfee SiteAdvisor Service - ok
23:19:17.0941 0x14a0 [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
23:19:17.0951 0x14a0 Mcx2Svc - ok
23:19:17.0961 0x14a0 [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas C:\Windows\system32\drivers\megasas.sys
23:19:17.0971 0x14a0 megasas - ok
23:19:18.0081 0x14a0 [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
23:19:18.0111 0x14a0 MegaSR - ok
23:19:18.0171 0x14a0 [ A6518DCC42F7A6E999BB3BEA8FD87567, 8A9AE992F93F37E0723761EA271A7E1AA8172702C471041A17324474FC96B9BC ] MEIx64 C:\Windows\system32\DRIVERS\HECIx64.sys
23:19:18.0181 0x14a0 MEIx64 - ok
23:19:18.0241 0x14a0 [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS C:\Windows\system32\mmcss.dll
23:19:18.0311 0x14a0 MMCSS - ok
23:19:18.0311 0x14a0 [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem C:\Windows\system32\drivers\modem.sys
23:19:18.0371 0x14a0 Modem - ok
23:19:18.0391 0x14a0 [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
23:19:18.0401 0x14a0 monitor - ok
23:19:18.0421 0x14a0 [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
23:19:18.0431 0x14a0 mouclass - ok
23:19:18.0441 0x14a0 [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid C:\Windows\system32\drivers\mouhid.sys
23:19:18.0491 0x14a0 mouhid - ok
23:19:18.0541 0x14a0 [ 32E7A3D591D671A6DF2DB515A5CBE0FA, 47CED0B9067AE8BF5EEF60B17ADEE5906BEDCC56E4CB460B7BFBC12BB9A69E63 ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
23:19:18.0551 0x14a0 mountmgr - ok
23:19:18.0651 0x14a0 [ 345477F02C308B7480702767218C86A2, 98AFB5CF35BD82BA44B8F52CBC5FA3760506ADD7892C2AA1A77E8DF71FC8523F ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
23:19:18.0671 0x14a0 MozillaMaintenance - ok
23:19:18.0711 0x14a0 [ FBA4CDA6B3B00D7A116DCC2B5C7E9790, FE909159323290555971F031E7911DCCD035B873E630A230A660C13D57719206 ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys
23:19:18.0731 0x14a0 MpFilter - ok
23:19:18.0741 0x14a0 [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio C:\Windows\system32\drivers\mpio.sys
23:19:18.0751 0x14a0 mpio - ok
23:19:18.0831 0x14a0 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
23:19:18.0881 0x14a0 mpsdrv - ok
23:19:18.0941 0x14a0 [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc C:\Windows\system32\mpssvc.dll
23:19:19.0021 0x14a0 MpsSvc - ok
23:19:19.0071 0x14a0 [ AE3334958D8F631FF14A0AEB3D7EFB3A, F5FD6B61F896104C20DFC43FEE2FCE6930B73F78DF876BD19A333EABB9139C6D ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
23:19:19.0131 0x14a0 MRxDAV - ok
23:19:19.0151 0x14a0 [ A5D9106A73DC88564C825D317CAC68AC, 0457B2AEA4E05A91D0E43F317894A614434D8CEBE35020785387F307E231FBE4 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
23:19:19.0181 0x14a0 mrxsmb - ok
23:19:19.0201 0x14a0 [ D711B3C1D5F42C0C2415687BE09FC163, 9B3013AC60BD2D0FF52086658BA5FF486ADE15954A552D7DD590580E8BAE3EFF ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
23:19:19.0251 0x14a0 mrxsmb10 - ok
23:19:19.0271 0x14a0 [ 9423E9D355C8D303E76B8CFBD8A5C30C, 220B33F120C2DD937FE4D5664F4B581DC0ACF78D62EB56B7720888F67B9644CC ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
23:19:19.0311 0x14a0 mrxsmb20 - ok
23:19:19.0351 0x14a0 [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci C:\Windows\system32\drivers\msahci.sys
23:19:19.0361 0x14a0 msahci - ok
23:19:19.0391 0x14a0 [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm C:\Windows\system32\drivers\msdsm.sys
23:19:19.0401 0x14a0 msdsm - ok
23:19:19.0431 0x14a0 [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC C:\Windows\System32\msdtc.exe
23:19:19.0471 0x14a0 MSDTC - ok
23:19:19.0501 0x14a0 [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs C:\Windows\system32\drivers\Msfs.sys
23:19:19.0561 0x14a0 Msfs - ok
23:19:19.0581 0x14a0 [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
23:19:19.0621 0x14a0 mshidkmdf - ok
23:19:19.0631 0x14a0 [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
23:19:19.0651 0x14a0 msisadrv - ok
23:19:19.0721 0x14a0 [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
23:19:19.0771 0x14a0 MSiSCSI - ok
23:19:19.0781 0x14a0 msiserver - ok
23:19:19.0841 0x14a0 [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
23:19:19.0881 0x14a0 MSKSSRV - ok
23:19:19.0991 0x14a0 [ F46BA4E7F4A34295B20917CD77F6CEC9, 1A91AC1AC1FBFC6922D0430D752240A91C9001373B1F84F960FDE0AC062A411A ] MsMpSvc c:\Program Files\Microsoft Security Client\MsMpEng.exe
23:19:20.0001 0x14a0 MsMpSvc - ok
23:19:20.0041 0x14a0 [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
23:19:20.0071 0x14a0 MSPCLOCK - ok
23:19:20.0081 0x14a0 [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
23:19:20.0131 0x14a0 MSPQM - ok
23:19:20.0161 0x14a0 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
23:19:20.0181 0x14a0 MsRPC - ok
23:19:20.0201 0x14a0 [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
23:19:20.0211 0x14a0 mssmbios - ok
23:19:20.0221 0x14a0 [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
23:19:20.0281 0x14a0 MSTEE - ok
23:19:20.0281 0x14a0 [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
23:19:20.0301 0x14a0 MTConfig - ok
23:19:20.0331 0x14a0 [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup C:\Windows\system32\Drivers\mup.sys
23:19:20.0351 0x14a0 Mup - ok
23:19:20.0431 0x14a0 [ C009123B206C56854F4E88596035231D, 670403A40B425F77C90ECB048A0C8BC11FB19E40A8CECC2C3DCF79175B745863 ] mwlPSDFilter C:\Windows\system32\DRIVERS\mwlPSDFilter.sys
23:19:20.0441 0x14a0 mwlPSDFilter - ok
23:19:20.0451 0x14a0 [ BF3739EEB9F008B1DEBAC115089A53F8, 8546AB69087656259BBE17D6F80F4AB164B04171673CE2BF9FFD1B5C9584E9A4 ] mwlPSDNServ C:\Windows\system32\DRIVERS\mwlPSDNServ.sys
23:19:20.0461 0x14a0 mwlPSDNServ - ok
23:19:20.0471 0x14a0 [ 38DD143D95E7A01B86F219DDA9C28779, 5FA8C0595CCF835DBCE1CC5322E8FD4BFB6DFB6CF869BB7CB73F919445D469AA ] mwlPSDVDisk C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys
23:19:20.0481 0x14a0 mwlPSDVDisk - ok
23:19:20.0521 0x14a0 [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent C:\Windows\system32\qagentRT.dll
23:19:20.0591 0x14a0 napagent - ok
23:19:20.0681 0x14a0 [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
23:19:20.0741 0x14a0 NativeWifiP - ok
23:19:20.0841 0x14a0 [ 760E38053BF56E501D562B70AD796B88, F856E81A975D44F8684A6F2466549CEEDFAEB3950191698555A93A1206E0A42D ] NDIS C:\Windows\system32\drivers\ndis.sys
23:19:20.0911 0x14a0 NDIS - ok
23:19:20.0971 0x14a0 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
23:19:21.0001 0x14a0 NdisCap - ok
23:19:21.0071 0x14a0 [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
23:19:21.0121 0x14a0 NdisTapi - ok
23:19:21.0181 0x14a0 [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
23:19:21.0211 0x14a0 Ndisuio - ok
23:19:21.0241 0x14a0 [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
23:19:21.0291 0x14a0 NdisWan - ok
23:19:21.0321 0x14a0 [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
23:19:21.0351 0x14a0 NDProxy - ok
23:19:21.0411 0x14a0 [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
23:19:21.0461 0x14a0 NetBIOS - ok
23:19:21.0491 0x14a0 [ 09594D1089C523423B32A4229263F068, 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
23:19:21.0531 0x14a0 NetBT - ok
23:19:21.0551 0x14a0 [ E0105F3B5B1C4B0F5B3D788A13504EC6, 16C094BC098E4606239C8A54F2E4B92BABB68215CCB43C161661B1A664A0C7A0 ] Netlogon C:\Windows\system32\lsass.exe
23:19:21.0571 0x14a0 Netlogon - ok
23:19:21.0611 0x14a0 [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman C:\Windows\System32\netman.dll
23:19:21.0661 0x14a0 Netman - ok
23:19:21.0801 0x14a0 [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
23:19:21.0841 0x14a0 NetMsmqActivator - ok
23:19:21.0851 0x14a0 [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
23:19:21.0861 0x14a0 NetPipeActivator - ok
23:19:21.0881 0x14a0 [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm C:\Windows\System32\netprofm.dll
23:19:21.0941 0x14a0 netprofm - ok
23:19:21.0951 0x14a0 [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
23:19:21.0961 0x14a0 NetTcpActivator - ok
23:19:21.0971 0x14a0 [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
23:19:21.0991 0x14a0 NetTcpPortSharing - ok
23:19:22.0081 0x14a0 [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
23:19:22.0091 0x14a0 nfrd960 - ok
23:19:22.0161 0x14a0 [ E10B84385C3FEEF4BDE8E6A980535522, 56D9E47B76CDABE45E64C9E74DCBCC2F7C07A44519ED938BD730018C48445614 ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys
23:19:22.0171 0x14a0 NisDrv - ok
23:19:22.0271 0x14a0 [ 9BF50324444C46997C2492D505B47F2D, 42C74456C64F7D688E0911255746BD2A52A3590AED22B24F7E385760D720B8E9 ] NisSrv c:\Program Files\Microsoft Security Client\NisSrv.exe
23:19:22.0291 0x14a0 NisSrv - ok
23:19:22.0381 0x14a0 [ 8B301D474B478E9A92823BAB50A7BC49, 8181816035F41B1DABEC05E65E4F67BCD785F56760A61F1049E91BA39D42F01D ] NlaSvc C:\Windows\System32\nlasvc.dll
23:19:22.0441 0x14a0 NlaSvc - ok
23:19:22.0581 0x14a0 [ 5839A8027D6D324A7CD494051A96628C, 474F2D0BB463ABE68D7C4D2C630860AED4B722EC62C616C91EE00AA965378382 ] NOBU C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
23:19:22.0661 0x14a0 NOBU - ok
23:19:22.0681 0x14a0 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs C:\Windows\system32\drivers\Npfs.sys
23:19:22.0741 0x14a0 Npfs - ok
23:19:22.0771 0x14a0 [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi C:\Windows\system32\nsisvc.dll
23:19:22.0831 0x14a0 nsi - ok
23:19:22.0851 0x14a0 [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
23:19:22.0911 0x14a0 nsiproxy - ok
23:19:23.0001 0x14a0 [ 1A29A59A4C5BA6F8C85062A613B7E2B2, CC137F499A12C724D4166C2D85E9F447413419A0683DAC6F1A802B7F210C77F1 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
23:19:23.0091 0x14a0 Ntfs - ok
23:19:23.0201 0x14a0 [ 1873214666F6F0A883742DF91FBC48C9, DCF5382CE338D4B5B0C3A3B722A19B6C7BAB59EB7B266FEF04698B79070E2C4B ] NTI IScheduleSvc C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
23:19:23.0211 0x14a0 NTI IScheduleSvc - ok
23:19:23.0251 0x14a0 [ EE3BA1024594D5D09E314F206B94069E, 34C8EC3DF1C3088D8A0442CAA4F5506665AFB2DF016709457ED2AB7DA45F53A6 ] NTIDrvr C:\Windows\system32\drivers\NTIDrvr.sys
23:19:23.0261 0x14a0 NTIDrvr - ok
23:19:23.0271 0x14a0 [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null C:\Windows\system32\drivers\Null.sys
23:19:23.0331 0x14a0 Null - ok
23:19:23.0841 0x14a0 [ 9B93CC9C70EDE60A9C486E7719DB9E8D, 8E31BE72797D3308D8AF136E9F4C6199BCF4592F88E9FEB361752FF768225EC9 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
23:19:24.0331 0x14a0 nvlddmkm - ok
23:19:24.0391 0x14a0 [ F76296368BB813E0C6996501A3271C7C, FA1C127F881C09C5066CB83A686AFD7A40D731922185EA4001A52ABA230FD812 ] nvpciflt C:\Windows\system32\DRIVERS\nvpciflt.sys
23:19:24.0401 0x14a0 nvpciflt - ok
23:19:24.0421 0x14a0 [ 0A92CB65770442ED0DC44834632F66AD, 581327F07A68DBD5CC749214BE5F1211FC2CE41C7A4F0656B680AFB51A35ACE7 ] nvraid C:\Windows\system32\drivers\nvraid.sys
23:19:24.0431 0x14a0 nvraid - ok
23:19:24.0441 0x14a0 [ DAB0E87525C10052BF65F06152F37E4A, AD9BFF0D5FD3FFB95C758B478E1F6A9FE45E7B37AEC71EB5070D292FEAAEDF37 ] nvstor C:\Windows\system32\drivers\nvstor.sys
23:19:24.0451 0x14a0 nvstor - ok
23:19:24.0551 0x14a0 [ FB50E60564ED30DDC855F0CE435C8467, C9A56D74F58739B8A069336FF5456FC5F3CE89371B8CFE8144B8D06A9C79C6AB ] nvsvc C:\Windows\system32\nvvsvc.exe
23:19:24.0591 0x14a0 nvsvc - ok
23:19:24.0751 0x14a0 [ C63E582366EAD77978BFFD959A66DBB8, BBAC11300AFED29291A08EEC8A740DA67C8C003AF89D06F9E0671CCF0E7908A0 ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
23:19:24.0801 0x14a0 nvUpdatusService - ok
23:19:24.0811 0x14a0 [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
23:19:24.0831 0x14a0 nv_agp - ok
23:19:24.0841 0x14a0 [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
23:19:24.0871 0x14a0 ohci1394 - ok
23:19:25.0011 0x14a0 [ 9D10F99A6712E28F8ACD5641E3A7EA6B, 70964A0ED9011EA94044E15FA77EDD9CF535CC79ED8E03A3721FF007E69595CC ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
23:19:25.0021 0x14a0 ose - ok
23:19:25.0311 0x14a0 [ 61BFFB5F57AD12F83AB64B7181829B34, 1DD0DD35E4158F95765EE6639F217DF03A0A19E624E020DBA609268C08A13846 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
23:19:25.0521 0x14a0 osppsvc - ok
23:19:25.0571 0x14a0 [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
23:19:25.0591 0x14a0 p2pimsvc - ok
23:19:25.0641 0x14a0 [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc C:\Windows\system32\p2psvc.dll
23:19:25.0681 0x14a0 p2psvc - ok
23:19:25.0721 0x14a0 [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport C:\Windows\system32\drivers\parport.sys
23:19:25.0761 0x14a0 Parport - ok
23:19:25.0791 0x14a0 [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr C:\Windows\system32\drivers\partmgr.sys
23:19:25.0811 0x14a0 partmgr - ok
23:19:25.0891 0x14a0 [ 256390425414F90FCBC12F525A84EB11, A4992020BF6A239AD8A77125426E2C39980C9ABC971C4DBCB24B358F946AD7F9 ] PcaSvc C:\Windows\System32\pcasvc.dll
23:19:25.0911 0x14a0 PcaSvc - ok
23:19:25.0941 0x14a0 [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci C:\Windows\system32\drivers\pci.sys
23:19:25.0961 0x14a0 pci - ok
23:19:26.0001 0x14a0 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide C:\Windows\system32\drivers\pciide.sys
23:19:26.0011 0x14a0 pciide - ok
23:19:26.0031 0x14a0 [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
23:19:26.0051 0x14a0 pcmcia - ok
23:19:26.0071 0x14a0 [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw C:\Windows\system32\drivers\pcw.sys
23:19:26.0081 0x14a0 pcw - ok
23:19:26.0241 0x14a0 [ 20372BE109FEE1C37E2D5216680DB9EB, 2C3737FB3C6BCF81D0A7293667412DDEA649A8AEA40B7ADCFCB9893E8B3C4AF3 ] PDF Architect Helper Service C:\Program Files (x86)\PDF Architect\HelperService.exe
23:19:26.0281 0x14a0 PDF Architect Helper Service - ok
23:19:26.0391 0x14a0 [ B90A279073A815A4AA2C45A09EE004FA, 9EA27630C47F5FF99CBBE513C113F3ED01FABA0D59B9D9637764027BCC6EA24A ] PDF Architect Service C:\Program Files (x86)\PDF Architect\ConversionService.exe
23:19:26.0411 0x14a0 PDF Architect Service - ok
23:19:26.0481 0x14a0 [ 946010CDFA91469351B22E2620CEBCD8, F099C92706D42ADC289B72724F7932E5D4F62A427AEC967DDB0A1D728AE59A63 ] PEAUTH C:\Windows\system32\drivers\peauth.sys
23:19:26.0541 0x14a0 PEAUTH - ok
23:19:26.0631 0x14a0 [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost C:\Windows\SysWow64\perfhost.exe
23:19:26.0661 0x14a0 PerfHost - ok
23:19:26.0761 0x14a0 [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla C:\Windows\system32\pla.dll
23:19:26.0851 0x14a0 pla - ok
23:19:26.0931 0x14a0 [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
23:19:27.0001 0x14a0 PlugPlay - ok
23:19:27.0011 0x14a0 [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
23:19:27.0051 0x14a0 PNRPAutoReg - ok
23:19:27.0081 0x14a0 [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
23:19:27.0101 0x14a0 PNRPsvc - ok
23:19:27.0141 0x14a0 [ 4F15D75ADF6156BF56ECED6D4A55C389, 2ADA3EA69A5D7EC2A4D2DD89178DB94EAFDDF95F07B0070D654D9F7A5C12A044 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
23:19:27.0211 0x14a0 PolicyAgent - ok
23:19:27.0221 0x14a0 [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power C:\Windows\system32\umpo.dll
23:19:27.0271 0x14a0 Power - ok
23:19:27.0341 0x14a0 [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
23:19:27.0391 0x14a0 PptpMiniport - ok
23:19:27.0431 0x14a0 [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor C:\Windows\system32\drivers\processr.sys
23:19:27.0461 0x14a0 Processor - ok
23:19:27.0531 0x14a0 [ B6A58491307B4CADA572583D863DC602, 5C44936605E52C9533E4CE22F18FAB8211475877F71EFD88DA4D02FD608C90A3 ] ProfSvc C:\Windows\system32\profsvc.dll
23:19:27.0591 0x14a0 ProfSvc - ok
23:19:27.0621 0x14a0 [ E0105F3B5B1C4B0F5B3D788A13504EC6, 16C094BC098E4606239C8A54F2E4B92BABB68215CCB43C161661B1A664A0C7A0 ] ProtectedStorage C:\Windows\system32\lsass.exe
23:19:27.0631 0x14a0 ProtectedStorage - ok
23:19:27.0681 0x14a0 [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched C:\Windows\system32\DRIVERS\pacer.sys
23:19:27.0741 0x14a0 Psched - ok
23:19:27.0821 0x14a0 [ DD3FD48D69F5FBBB21D46D1514C1C2DB, 2B188E3AC4BD9B608D375DD550507717852C2AF7C0F99FFED90098999B9D4F01 ] PSI C:\Windows\system32\DRIVERS\psi_mf_amd64.sys
23:19:27.0831 0x14a0 PSI - ok
23:19:27.0911 0x14a0 [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
23:19:27.0991 0x14a0 ql2300 - ok
23:19:28.0001 0x14a0 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
23:19:28.0011 0x14a0 ql40xx - ok
23:19:28.0051 0x14a0 [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE C:\Windows\system32\qwave.dll
23:19:28.0081 0x14a0 QWAVE - ok
23:19:28.0091 0x14a0 [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
23:19:28.0111 0x14a0 QWAVEdrv - ok
23:19:28.0121 0x14a0 [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
23:19:28.0181 0x14a0 RasAcd - ok
23:19:28.0251 0x14a0 [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
23:19:28.0301 0x14a0 RasAgileVpn - ok
23:19:28.0311 0x14a0 [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto C:\Windows\System32\rasauto.dll
23:19:28.0361 0x14a0 RasAuto - ok
23:19:28.0391 0x14a0 [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
23:19:28.0451 0x14a0 Rasl2tp - ok
23:19:28.0491 0x14a0 [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan C:\Windows\System32\rasmans.dll
23:19:28.0541 0x14a0 RasMan - ok
23:19:28.0571 0x14a0 [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
23:19:28.0611 0x14a0 RasPppoe - ok
23:19:28.0681 0x14a0 [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
23:19:28.0751 0x14a0 RasSstp - ok
23:19:28.0791 0x14a0 [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
23:19:28.0861 0x14a0 rdbss - ok
23:19:28.0881 0x14a0 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus C:\Windows\system32\drivers\rdpbus.sys
23:19:28.0901 0x14a0 rdpbus - ok
23:19:28.0921 0x14a0 [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
23:19:28.0991 0x14a0 RDPCDD - ok
23:19:29.0041 0x14a0 [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
23:19:29.0081 0x14a0 RDPENCDD - ok
23:19:29.0101 0x14a0 [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
23:19:29.0141 0x14a0 RDPREFMP - ok
23:19:29.0271 0x14a0 [ 313F68E1A3E6345A4F47A36B07062F34, B8318A0AE06BDE278931CA52F960B9FE226FD9894B076858DDB755AE26E1E66F ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
23:19:29.0301 0x14a0 RdpVideoMiniport - ok
23:19:29.0341 0x14a0 [ FE571E088C2D83619D2D48D4E961BF41, 88C5A2FCB1D0E528657842E39963471A6E42FCA3FCDF37955AEC8258AB4C48EA ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
23:19:29.0381 0x14a0 RDPWD - ok
23:19:29.0431 0x14a0 [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
23:19:29.0451 0x14a0 rdyboost - ok
23:19:29.0481 0x14a0 [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess C:\Windows\System32\mprdim.dll
23:19:29.0511 0x14a0 RemoteAccess - ok
23:19:29.0541 0x14a0 [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry C:\Windows\system32\regsvc.dll
23:19:29.0591 0x14a0 RemoteRegistry - ok
23:19:29.0651 0x14a0 [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
23:19:29.0711 0x14a0 RpcEptMapper - ok
23:19:29.0731 0x14a0 [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator C:\Windows\system32\locator.exe
23:19:29.0751 0x14a0 RpcLocator - ok
23:19:29.0781 0x14a0 [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] RpcSs C:\Windows\system32\rpcss.dll
23:19:29.0831 0x14a0 RpcSs - ok
23:19:29.0901 0x14a0 [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
23:19:29.0931 0x14a0 rspndr - ok
23:19:29.0951 0x14a0 [ E0105F3B5B1C4B0F5B3D788A13504EC6, 16C094BC098E4606239C8A54F2E4B92BABB68215CCB43C161661B1A664A0C7A0 ] SamSs C:\Windows\system32\lsass.exe
23:19:29.0961 0x14a0 SamSs - ok
23:19:29.0981 0x14a0 [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
23:19:30.0001 0x14a0 sbp2port - ok
23:19:30.0021 0x14a0 [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr C:\Windows\System32\SCardSvr.dll
23:19:30.0061 0x14a0 SCardSvr - ok
23:19:30.0081 0x14a0 [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
23:19:30.0141 0x14a0 scfilter - ok
23:19:30.0201 0x14a0 [ 262F6592C3299C005FD6BEC90FC4463A, 54095E37F0B6CC677A3E9BDD40F4647C713273D197DB341063AA7F342A60C4A7 ] Schedule C:\Windows\system32\schedsvc.dll
23:19:30.0301 0x14a0 Schedule - ok
23:19:30.0341 0x14a0 [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc C:\Windows\System32\certprop.dll
23:19:30.0381 0x14a0 SCPolicySvc - ok
23:19:30.0401 0x14a0 [ 111E0EBC0AD79CB0FA014B907B231CF0, B7D43D156C2524938503CF8E99C4D1F7A5C55E16C0368F57F4CD23C6D833B38F ] sdbus C:\Windows\system32\DRIVERS\sdbus.sys
23:19:30.0441 0x14a0 sdbus - ok
23:19:30.0471 0x14a0 [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC C:\Windows\System32\SDRSVC.dll
23:19:30.0541 0x14a0 SDRSVC - ok
23:19:30.0601 0x14a0 [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv C:\Windows\system32\drivers\secdrv.sys
23:19:30.0641 0x14a0 secdrv - ok
23:19:30.0681 0x14a0 [ BC617A4E1B4FA8DF523A061739A0BD87, 10C4057F6B321EB5237FF619747B74F5401BC17D15A8C7060829E8204A2297F9 ] seclogon C:\Windows\system32\seclogon.dll
23:19:30.0731 0x14a0 seclogon - ok
23:19:30.0871 0x14a0 [ DA6C0E0B15CD0B135FD385AEABAE3A4C, 1DBED093D4BD1E800828D8E0EB19EDA7FD1E963AABD4F71D61F1AD04F669290F ] Secunia PSI Agent C:\Program Files (x86)\Secunia\PSI\PSIA.exe
23:19:30.0921 0x14a0 Secunia PSI Agent - ok
23:19:31.0001 0x14a0 [ 71761EDC432A0E39CF621105884E738E, 935133326B794F6DEAA97B9B6B6295AC6A884C3B73ABCD5662A79CEAD8EEA5EE ] Secunia Update Agent C:\Program Files (x86)\Secunia\PSI\sua.exe
23:19:31.0031 0x14a0 Secunia Update Agent - ok
23:19:31.0051 0x14a0 [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS C:\Windows\System32\sens.dll
23:19:31.0081 0x14a0 SENS - ok
23:19:31.0141 0x14a0 [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc C:\Windows\system32\sensrsvc.dll
23:19:31.0181 0x14a0 SensrSvc - ok
23:19:31.0251 0x14a0 [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum C:\Windows\system32\drivers\serenum.sys
23:19:31.0271 0x14a0 Serenum - ok
23:19:31.0341 0x14a0 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial C:\Windows\system32\drivers\serial.sys
23:19:31.0371 0x14a0 Serial - ok
23:19:31.0381 0x14a0 [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse C:\Windows\system32\drivers\sermouse.sys
23:19:31.0391 0x14a0 sermouse - ok
23:19:31.0441 0x14a0 [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv C:\Windows\system32\sessenv.dll
23:19:31.0481 0x14a0 SessionEnv - ok
23:19:31.0481 0x14a0 [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
23:19:31.0501 0x14a0 sffdisk - ok
23:19:31.0501 0x14a0 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
23:19:31.0521 0x14a0 sffp_mmc - ok
23:19:31.0521 0x14a0 [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
23:19:31.0541 0x14a0 sffp_sd - ok
23:19:31.0541 0x14a0 [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
23:19:31.0581 0x14a0 sfloppy - ok
23:19:31.0671 0x14a0 [ 2046AA7491DE7EFA4D70E615D9BC9D09, A8763D059AD68D5842C407FA9644E0B129BEF0F63CD87E62B80B05441EDC3489 ] Sftfs C:\Windows\system32\DRIVERS\Sftfslh.sys
23:19:31.0721 0x14a0 Sftfs - ok
23:19:31.0831 0x14a0 [ 77C5A741A7452812F278EF2C18478862, 0B763679EB7EFB8ED9DCE7B429706E939BB65BA6BCF1BAE0E0426D4E87074B8C ] sftlist C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
23:19:31.0861 0x14a0 sftlist - ok
23:19:31.0931 0x14a0 [ 0E0446BC4D51BE4263ACB7E33491191C, 2AD039FB440560658C4E06F67CC192EF71577EF3FF789A43C08430CE5EAE5A70 ] Sftplay C:\Windows\system32\DRIVERS\Sftplaylh.sys
23:19:31.0951 0x14a0 Sftplay - ok
23:19:32.0061 0x14a0 [ C5FB982CD266E604ED3142102C26D62C, A6BC0D72E98F924274ECAD49C85F0775D1CD45B97CD43F53DF3992B560835FC5 ] Sftredir C:\Windows\system32\DRIVERS\Sftredirlh.sys
23:19:32.0071 0x14a0 Sftredir - ok
23:19:32.0071 0x14a0 [ 2575511AF67AA1FA068CCC4918E2C2A3, 3152FF5AC2CF6FE966DA59B1B33E22F9BD9B6BB4310441870528364BA9501A4D ] Sftvol C:\Windows\system32\DRIVERS\Sftvollh.sys
23:19:32.0081 0x14a0 Sftvol - ok
23:19:32.0141 0x14a0 [ 39B1D0A636A400304565D4521FAD6D77, 1F01DB35B5A477AA7A77585C9304E6B5F3E67807531305BCA93A7F494CED8F59 ] sftvsa C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
23:19:32.0161 0x14a0 sftvsa - ok
23:19:32.0241 0x14a0 [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess C:\Windows\System32\ipnathlp.dll
23:19:32.0281 0x14a0 SharedAccess - ok
23:19:32.0341 0x14a0 [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
23:19:32.0411 0x14a0 ShellHWDetection - ok
23:19:32.0471 0x14a0 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
23:19:32.0481 0x14a0 SiSRaid2 - ok
23:19:32.0491 0x14a0 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
23:19:32.0501 0x14a0 SiSRaid4 - ok
23:19:32.0531 0x14a0 [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb C:\Windows\system32\DRIVERS\smb.sys
23:19:32.0571 0x14a0 Smb - ok
23:19:32.0621 0x14a0 [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
23:19:32.0651 0x14a0 SNMPTRAP - ok
23:19:32.0681 0x14a0 [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr C:\Windows\system32\drivers\spldr.sys
23:19:32.0691 0x14a0 spldr - ok
23:19:32.0751 0x14a0 [ 85DAA09A98C9286D4EA2BA8D0E644377, F9C324E2EF81193FE831C7EECC44A100CA06F82FA731BF555D9EA4D91DA13329 ] Spooler C:\Windows\System32\spoolsv.exe
23:19:32.0821 0x14a0 Spooler - ok
23:19:32.0951 0x14a0 [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc C:\Windows\system32\sppsvc.exe
23:19:33.0121 0x14a0 sppsvc - ok
23:19:33.0141 0x14a0 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify C:\Windows\system32\sppuinotify.dll
23:19:33.0201 0x14a0 sppuinotify - ok
23:19:33.0241 0x14a0 [ 441FBA48BFF01FDB9D5969EBC1838F0B, 306128F1AD489F87161A089D1BDC1542A4CB742D91A0C12A7CD1863FDB8932C0 ] srv C:\Windows\system32\DRIVERS\srv.sys
23:19:33.0331 0x14a0 srv - ok
23:19:33.0361 0x14a0 [ B4ADEBBF5E3677CCE9651E0F01F7CC28, 726DB2283113AB2A9681E8E9F61132303D6D86E9CD034C40EE4A8C9DB29E87F7 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
23:19:33.0411 0x14a0 srv2 - ok
23:19:33.0431 0x14a0 [ 27E461F0BE5BFF5FC737328F749538C3, AFA4704ED8FFC1A0BAB40DFB81D3AE3F3D933A3C9BF54DDAF39FF9AF3646D9E6 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
23:19:33.0471 0x14a0 srvnet - ok
23:19:33.0511 0x14a0 [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
23:19:33.0561 0x14a0 SSDPSRV - ok
23:19:33.0571 0x14a0 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc C:\Windows\system32\sstpsvc.dll
23:19:33.0621 0x14a0 SstpSvc - ok
23:19:33.0631 0x14a0 [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor C:\Windows\system32\drivers\stexstor.sys
23:19:33.0651 0x14a0 stexstor - ok
23:19:33.0721 0x14a0 [ DECACB6921DED1A38642642685D77DAC, 1633711CE973F818EBCCCA28538772431167C33ECDD44D1E846A9436598B52DC ] StillCam C:\Windows\system32\drivers\serscan.sys
23:19:33.0771 0x14a0 StillCam - ok
23:19:33.0881 0x14a0 [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc C:\Windows\System32\wiaservc.dll
23:19:33.0941 0x14a0 stisvc - ok
23:19:33.0961 0x14a0 [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum C:\Windows\system32\drivers\swenum.sys
23:19:33.0971 0x14a0 swenum - ok
23:19:34.0001 0x14a0 [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv C:\Windows\System32\swprv.dll
23:19:34.0091 0x14a0 swprv - ok
23:19:34.0211 0x14a0 [ EF51B22706DB03F0857FADE127C804EC, F3A97B8D94E96ACF93448CDF33DED97B076C3D8FFE42E9EAD088EE662306277B ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
23:19:34.0291 0x14a0 SynTP - ok
23:19:34.0371 0x14a0 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D, 3C13217548BE61F2BDB8BD41F77345CDDA1F97BF0AE17241C335B9807EB3DBB8 ] SysMain C:\Windows\system32\sysmain.dll
23:19:34.0491 0x14a0 SysMain - ok
23:19:34.0521 0x14a0 [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\Windows\System32\TabSvc.dll
23:19:34.0541 0x14a0 TabletInputService - ok
23:19:34.0561 0x14a0 [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv C:\Windows\System32\tapisrv.dll
23:19:34.0631 0x14a0 TapiSrv - ok
23:19:34.0651 0x14a0 [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS C:\Windows\System32\tbssvc.dll
23:19:34.0711 0x14a0 TBS - ok
23:19:34.0851 0x14a0 [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
23:19:34.0941 0x14a0 Tcpip - ok
23:19:35.0031 0x14a0 [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
23:19:35.0091 0x14a0 TCPIP6 - ok
23:19:35.0151 0x14a0 [ 1B16D0BD9841794A6E0CDE0CEF744ABC, 7EB8BA97339199EEE7F2B09DA2DA6279DA64A510D4598D42CF86415D67CD674C ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
23:19:35.0181 0x14a0 tcpipreg - ok
23:19:35.0221 0x14a0 [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
23:19:35.0241 0x14a0 TDPIPE - ok
23:19:35.0271 0x14a0 [ 51C5ECEB1CDEE2468A1748BE550CFBC8, 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
23:19:35.0281 0x14a0 TDTCP - ok
23:19:35.0361 0x14a0 [ 70988118145F5F10EF24720B97F35F65, F80C806417A68047FFB3D63214BC4AE5445315219AC594E043293006B704A63D ] tdx C:\Windows\system32\DRIVERS\tdx.sys
23:19:35.0411 0x14a0 tdx - ok
23:19:35.0431 0x14a0 [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD C:\Windows\system32\drivers\termdd.sys
23:19:35.0441 0x14a0 TermDD - ok
23:19:35.0521 0x14a0 [ 008CD4EBFABCF78D0F19B3778492648C, 9050490EEE0AD86E73F0A82D83E4FC29DF84F6B6FDB389AE135FD712B5F425BE ] TermService C:\Windows\System32\termsrv.dll
23:19:35.0591 0x14a0 TermService - ok
23:19:35.0631 0x14a0 [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes C:\Windows\system32\themeservice.dll
23:19:35.0661 0x14a0 Themes - ok
23:19:35.0691 0x14a0 [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER C:\Windows\system32\mmcss.dll
23:19:35.0731 0x14a0 THREADORDER - ok
23:19:35.0801 0x14a0 [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks C:\Windows\System32\trkwks.dll
23:19:35.0861 0x14a0 TrkWks - ok
23:19:35.0951 0x14a0 [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
23:19:36.0001 0x14a0 TrustedInstaller - ok
23:19:36.0071 0x14a0 [ E232A3B43A894BB327FC161529BD9ED1, F2673DA8C920F21ACCECC25F7C59A05822E5E577D47F126EDF9C94FEB4B30C5F ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
23:19:36.0091 0x14a0 tssecsrv - ok
23:19:36.0151 0x14a0 [ E9981ECE8D894CEF7038FD1D040EB426, DCDDCE933CAECE8180A3447199B07F2F0413704EEC1A09606EE357901A84A7CF ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
23:19:36.0191 0x14a0 TsUsbFlt - ok
23:19:36.0251 0x14a0 [ AD64450A4ABE076F5CB34CC08EEACB07, B5C386635441A19178E7FEEE299BA430C8D72F9110866C13A216B12A1080AD12 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
23:19:36.0291 0x14a0 TsUsbGD - ok
23:19:36.0381 0x14a0 [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
23:19:36.0441 0x14a0 tunnel - ok
23:19:36.0461 0x14a0 [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
23:19:36.0481 0x14a0 uagp35 - ok
23:19:36.0481 0x14a0 [ A17D5E1A6DF4EAB0A480F2C490DE4C9D, 1EA835F172B6BF3D7F496E079DF1CDF00122B2110C08D61427582BC9405D2B7B ] UBHelper C:\Windows\system32\drivers\UBHelper.sys
23:19:36.0491 0x14a0 UBHelper - ok
23:19:36.0521 0x14a0 [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
23:19:36.0561 0x14a0 udfs - ok
23:19:36.0581 0x14a0 [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect C:\Windows\system32\UI0Detect.exe
23:19:36.0591 0x14a0 UI0Detect - ok
23:19:36.0601 0x14a0 [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
23:19:36.0611 0x14a0 uliagpkx - ok
23:19:36.0661 0x14a0 [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus C:\Windows\system32\DRIVERS\umbus.sys
23:19:36.0701 0x14a0 umbus - ok
23:19:36.0701 0x14a0 [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass C:\Windows\system32\drivers\umpass.sys
23:19:36.0721 0x14a0 UmPass - ok
23:19:36.0871 0x14a0 [ 374EBDA379A8F38E0CFC2211611E7167, 0D6C3002B28E27C052227488CEE69FA99399421FF777EB48031E6080A759F532 ] UNS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
23:19:36.0971 0x14a0 UNS - ok
23:19:37.0001 0x14a0 [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost C:\Windows\System32\upnphost.dll
23:19:37.0071 0x14a0 upnphost - ok
23:19:37.0111 0x14a0 [ DCA68B0943D6FA415F0C56C92158A83A, BEE5A5B33B22D1DF50B884D46D89FC3B8286EB16E38AD5A20F0A49E5C6766C57 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
23:19:37.0131 0x14a0 usbccgp - ok
23:19:37.0181 0x14a0 [ 80B0F7D5CCF86CEB5D402EAAF61FEC31, 140C62116A425DEAD25FE8D82DE283BC92C482A9F643658D512F9F67061F28AD ] usbcir C:\Windows\system32\drivers\usbcir.sys
23:19:37.0201 0x14a0 usbcir - ok
23:19:37.0211 0x14a0 [ 18A85013A3E0F7E1755365D287443965, 811C5EDF38C765BCF71BCE25CB6626FF6988C3699F5EF1846240EA0052F34C33 ] usbehci C:\Windows\system32\drivers\usbehci.sys
23:19:37.0241 0x14a0 usbehci - ok
23:19:37.0311 0x14a0 [ 8D1196CFBB223621F2C67D45710F25BA, B5D7AFE51833B24FC9576F3AED3D8A2B290E5846060E73F9FFFAC1890A8B6003 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
23:19:37.0331 0x14a0 usbhub - ok
23:19:37.0351 0x14a0 [ 765A92D428A8DB88B960DA5A8D6089DC, 56DE8A2ED58E53B202C399CA7BACB1551136303C2EE0AB426BDBBF880E3C542C ] usbohci C:\Windows\system32\drivers\usbohci.sys
23:19:37.0381 0x14a0 usbohci - ok
23:19:37.0441 0x14a0 [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
23:19:37.0451 0x14a0 usbprint - ok
23:19:37.0471 0x14a0 [ FED648B01349A3C8395A5169DB5FB7D6, DC4D7594C24ADD076927B9347F1B50B91CF03A4ABDB284248D5711D9C19DEB96 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
23:19:37.0501 0x14a0 USBSTOR - ok
23:19:37.0521 0x14a0 [ DD253AFC3BC6CBA412342DE60C3647F3, 146F8613F1057AC054DC3593E84BC52899DA27EA33B0E72ACFB78C3699ADCDE7 ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
23:19:37.0531 0x14a0 usbuhci - ok
23:19:37.0611 0x14a0 [ 1F775DA4CF1A3A1834207E975A72E9D7, 6D3DE5BD3EF3A76E997E5BAF900C51D25308F5A9682D1F62017F577A24095B90 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
23:19:37.0631 0x14a0 usbvideo - ok
23:19:37.0661 0x14a0 [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms C:\Windows\System32\uxsms.dll
23:19:37.0711 0x14a0 UxSms - ok
23:19:37.0731 0x14a0 [ E0105F3B5B1C4B0F5B3D788A13504EC6, 16C094BC098E4606239C8A54F2E4B92BABB68215CCB43C161661B1A664A0C7A0 ] VaultSvc C:\Windows\system32\lsass.exe
23:19:37.0741 0x14a0 VaultSvc - ok
23:19:37.0811 0x14a0 [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
23:19:37.0831 0x14a0 vdrvroot - ok
23:19:37.0861 0x14a0 [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds C:\Windows\System32\vds.exe
23:19:37.0951 0x14a0 vds - ok
23:19:38.0011 0x14a0 [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
23:19:38.0031 0x14a0 vga - ok
23:19:38.0061 0x14a0 [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave C:\Windows\System32\drivers\vga.sys
23:19:38.0121 0x14a0 VgaSave - ok
23:19:38.0131 0x14a0 [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
23:19:38.0151 0x14a0 vhdmp - ok
23:19:38.0181 0x14a0 [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide C:\Windows\system32\drivers\viaide.sys
23:19:38.0191 0x14a0 viaide - ok
23:19:38.0211 0x14a0 [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr C:\Windows\system32\drivers\volmgr.sys
23:19:38.0231 0x14a0 volmgr - ok
23:19:38.0261 0x14a0 [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
23:19:38.0291 0x14a0 volmgrx - ok
23:19:38.0311 0x14a0 [ 0D08D2F3B3FF84E433346669B5E0F639, 3D6716CEC95B8861A7CC5778E91F310528DC6BEE0E57A3C8757FC675154EBDEC ] volsnap C:\Windows\system32\drivers\volsnap.sys
23:19:38.0331 0x14a0 volsnap - ok
23:19:38.0391 0x14a0 [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
23:19:38.0411 0x14a0 vsmraid - ok
23:19:38.0501 0x14a0 [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS C:\Windows\system32\vssvc.exe
23:19:38.0631 0x14a0 VSS - ok
23:19:38.0651 0x14a0 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
23:19:38.0671 0x14a0 vwifibus - ok
23:19:38.0691 0x14a0 [ 6A3D66263414FF0D6FA754C646612F3F, 30F6BA594B0D3B94113064015A16D97811CD989DF1715CCE21CEAB9894C1B4FB ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
23:19:38.0721 0x14a0 vwififlt - ok
23:19:38.0761 0x14a0 [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time C:\Windows\system32\w32time.dll
23:19:38.0841 0x14a0 W32Time - ok
23:19:38.0891 0x14a0 [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
23:19:38.0921 0x14a0 WacomPen - ok
23:19:38.0971 0x14a0 [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
23:19:39.0021 0x14a0 WANARP - ok
23:19:39.0051 0x14a0 [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
23:19:39.0091 0x14a0 Wanarpv6 - ok
23:19:39.0201 0x14a0 [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine C:\Windows\system32\wbengine.exe
23:19:39.0321 0x14a0 wbengine - ok
23:19:39.0351 0x14a0 [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
23:19:39.0371 0x14a0 WbioSrvc - ok
23:19:39.0411 0x14a0 [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc C:\Windows\System32\wcncsvc.dll
23:19:39.0441 0x14a0 wcncsvc - ok
23:19:39.0461 0x14a0 [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
23:19:39.0481 0x14a0 WcsPlugInService - ok
23:19:39.0501 0x14a0 [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd C:\Windows\system32\drivers\wd.sys
23:19:39.0511 0x14a0 Wd - ok
23:19:39.0581 0x14a0 [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
23:19:39.0631 0x14a0 Wdf01000 - ok
23:19:39.0711 0x14a0 [ C6F7473B55510F0B93961DA03D8E3B38, 4BAB9274DED8F7AC4A52B8739F501323FFFA0367CAA24BFAFDB5523812E0CE39 ] WdiServiceHost C:\Windows\system32\wdi.dll
23:19:39.0761 0x14a0 WdiServiceHost - ok
23:19:39.0771 0x14a0 [ C6F7473B55510F0B93961DA03D8E3B38, 4BAB9274DED8F7AC4A52B8739F501323FFFA0367CAA24BFAFDB5523812E0CE39 ] WdiSystemHost C:\Windows\system32\wdi.dll
23:19:39.0781 0x14a0 WdiSystemHost - ok
23:19:39.0841 0x14a0 [ 0EB0E5D22B1760F2DBCE632F2DD7A54D, B8A4CC62F88768947FB0A161CF9564DB28FD9C1C037B5475DF192982DE035C22 ] WebClient C:\Windows\System32\webclnt.dll
23:19:39.0901 0x14a0 WebClient - ok
23:19:39.0931 0x14a0 [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc C:\Windows\system32\wecsvc.dll
23:19:40.0001 0x14a0 Wecsvc - ok
23:19:40.0021 0x14a0 [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport C:\Windows\System32\wercplsupport.dll
23:19:40.0081 0x14a0 wercplsupport - ok
23:19:40.0131 0x14a0 [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc C:\Windows\System32\WerSvc.dll
23:19:40.0181 0x14a0 WerSvc - ok
23:19:40.0261 0x14a0 [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
23:19:40.0291 0x14a0 WfpLwf - ok
23:19:40.0311 0x14a0 [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount C:\Windows\system32\drivers\wimmount.sys
23:19:40.0321 0x14a0 WIMMount - ok
23:19:40.0341 0x14a0 WinDefend - ok
23:19:40.0381 0x14a0 WinHttpAutoProxySvc - ok
23:19:40.0451 0x14a0 [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
23:19:40.0531 0x14a0 Winmgmt - ok
23:19:40.0631 0x14a0 [ D929ABD465A2DED963DA8B30946A8D5C, DE8DBFB01C11D2AE903CBD6A974D6F995E9813CE2D6484B7DA06EAE4C545842A ] WinRM C:\Windows\system32\WsmSvc.dll
23:19:40.0741 0x14a0 WinRM - ok
23:19:40.0831 0x14a0 [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc C:\Windows\System32\wlansvc.dll
23:19:40.0911 0x14a0 Wlansvc - ok
23:19:41.0011 0x14a0 [ 06C8FA1CF39DE6A735B54D906BA791C6, D8FEC7DE227781CDA876904701B2AA995268F74DCD6CB34AA0296C557FC283B6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
23:19:41.0021 0x14a0 wlcrasvc - ok
23:19:41.0141 0x14a0 [ 2BACD71123F42CEA603F4E205E1AE337, 1FEF20554110371D738F462ECFFA999158EFEED02062414C58C1B61C422BF0B9 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
23:19:41.0261 0x14a0 wlidsvc - ok
23:19:41.0341 0x14a0 [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
23:19:41.0351 0x14a0 WmiAcpi - ok
23:19:41.0381 0x14a0 [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
23:19:41.0421 0x14a0 wmiApSrv - ok
23:19:41.0491 0x14a0 WMPNetworkSvc - ok
23:19:41.0521 0x14a0 [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc C:\Windows\System32\wpcsvc.dll
23:19:41.0541 0x14a0 WPCSvc - ok
23:19:41.0551 0x14a0 [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
23:19:41.0571 0x14a0 WPDBusEnum - ok
23:19:41.0581 0x14a0 [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
23:19:41.0641 0x14a0 ws2ifsl - ok
23:19:41.0671 0x14a0 [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc C:\Windows\System32\wscsvc.dll
23:19:41.0711 0x14a0 wscsvc - ok
23:19:41.0721 0x14a0 WSearch - ok
23:19:41.0831 0x14a0 [ 61FF576450CCC80564B850BC3FB6713A, B2843BC9E2F62D27DCF6787D063378926748CE75002BADA1873DCB5039883705 ] wuauserv C:\Windows\system32\wuaueng.dll
23:19:41.0951 0x14a0 wuauserv - ok
23:19:42.0001 0x14a0 [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
23:19:42.0021 0x14a0 WudfPf - ok
23:19:42.0101 0x14a0 [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
23:19:42.0141 0x14a0 WUDFRd - ok
23:19:42.0181 0x14a0 [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
23:19:42.0201 0x14a0 wudfsvc - ok
23:19:42.0261 0x14a0 [ 04F82965C09CBDF646B487E145060301, 2CD8533EDBE24C3E42EB7550E20F8A2EB9E5E345B165DEF543163A6BC1FDD18B ] WwanSvc C:\Windows\System32\wwansvc.dll
23:19:42.0291 0x14a0 WwanSvc - ok
23:19:42.0321 0x14a0 ================ Scan global ===============================
23:19:42.0371 0x14a0 [ BA0CD8C393E8C9F83354106093832C7B, 18D8A4780A2BAA6CEF7FBBBDA0EF6BF2DADF146E1E578A618DD5859E8ADBF1A8 ] C:\Windows\system32\basesrv.dll
23:19:42.0431 0x14a0 [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll
23:19:42.0451 0x14a0 [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll
23:19:42.0541 0x14a0 [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\Windows\system32\sxssrv.dll
23:19:42.0581 0x14a0 [ 24ACB7E5BE595468E3B9AA488B9B4FCB, 63541E3432FCE953F266AE553E7A394978D6EE3DB52388D885F668CF42C5E7E2 ] C:\Windows\system32\services.exe
23:19:42.0601 0x14a0 [ Global ] - ok
23:19:42.0601 0x14a0 ================ Scan MBR ==================================
23:19:42.0671 0x14a0 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
23:19:43.0061 0x14a0 \Device\Harddisk0\DR0 - ok
23:19:43.0061 0x14a0 ================ Scan VBR ==================================
23:19:43.0061 0x14a0 [ EF40068D07DC651A18753107D0A43527 ] \Device\Harddisk0\DR0\Partition1
23:19:43.0121 0x14a0 \Device\Harddisk0\DR0\Partition1 - ok
23:19:43.0121 0x14a0 [ 3D85220D32F89770771D54322D4730C6 ] \Device\Harddisk0\DR0\Partition2
23:19:43.0161 0x14a0 \Device\Harddisk0\DR0\Partition2 - ok
23:19:43.0161 0x14a0 ================ Scan generic autorun ======================
23:19:43.0211 0x14a0 [ BA9E8BF3E91C14DE99FDB1FA946D07AF, 9C3F5F52EE5B8D02B15EE18AA492FB110547A8DCDA3F8284A614F4E1A30F9BB1 ] C:\Windows\system32\igfxtray.exe
23:19:43.0231 0x14a0 IgfxTray - ok
23:19:43.0251 0x14a0 [ B20857C91A3E992A5AC93D8625C53CAE, ECB89856B267E2F4930CB7B404B51425C6375A47F864577C1A7B8B255278EC12 ] C:\Windows\system32\hkcmd.exe
23:19:43.0271 0x14a0 HotKeysCmds - ok
23:19:43.0291 0x14a0 [ 29E120E36791B2E620CC398847C28E12, 7C2904FEDD50F49447FD091D33BB3BFA5A2A684101ADB123BC2C08699320B912 ] C:\Windows\system32\igfxpers.exe
23:19:43.0311 0x14a0 Persistence - ok
23:19:43.0311 0x14a0 SynTPEnh - ok
23:19:43.0801 0x14a0 [ 5DADA908E14051D65DB1991CB0B1F58D, DC02EDA032CEC2241F302995BF010B0376D5421A3E97583CB8A13A80993290B4 ] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
23:19:44.0231 0x14a0 RtHDVCpl - ok
23:19:44.0331 0x14a0 [ E897F9B62E611D59FDFAB82FC829B93A, E11E1A488D461105104E7FFD9F8219BDD231807FE33600233BEF11A432E138FD ] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
23:19:44.0401 0x14a0 RtHDVBg_Dolby - ok
23:19:44.0531 0x14a0 [ F0474296AC4E0E6BDE733C1B8513E41A, 2E54894FC1B422F0C520D11166204926D3994A3440037D655C73D66D7118859C ] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
23:19:44.0591 0x14a0 Power Management - ok
23:19:44.0701 0x14a0 [ 87A4BA086E5B5DF0F36E3F6D7234D701, EE26338497E016A95CB5970777B7B7AC8FAEF4E491713D729EDEFBCDC9FBF4A4 ] c:\Program Files\Microsoft Security Client\msseces.exe
23:19:44.0781 0x14a0 MSC - ok
23:19:44.0861 0x14a0 [ D3E69D500466C17498AAF7F83D12FFF0, F5723FC28396489EADDDCAD67A0E46B56D859590823E3CFA7254BA6709DC5AE6 ] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
23:19:44.0921 0x14a0 Norton Online Backup - ok
23:19:44.0961 0x14a0 [ 0D360F06B168A6F37ACA9D9F958245DA, 0F37D510AE0A31503A359F65D5C04CD798B178A3A3E2601DFBAB6534B3C7C23C ] C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe
23:19:44.0981 0x14a0 BackupManagerTray - ok
23:19:45.0061 0x14a0 [ 9ABC4E3B00CFA3A47D5569F5B49FE42F, 5D33CCE770BC9BC3AFA544A21F100A7F1E5A36577FDB30884160AC4BFE6A1838 ] C:\Program Files (x86)\Launch Manager\LManager.exe
23:19:45.0101 0x14a0 LManager - ok
23:19:45.0151 0x14a0 [ E6CC0FA3C1040C791EB3F4BA6C789411, 095D5965FEE00ACB6D8713B2E2772A409A84F42D85383AEAF5FC3E2E393DC07D ] C:\Dolby PCEE4\pcee4.exe
23:19:45.0171 0x14a0 Dolby Advanced Audio v2 - ok
23:19:45.0201 0x14a0 [ D35187E38B0BD6E116C2CE582CAC4273, B3C652E0875D4354ACE6F475BC84B4BCA41A1AD8AF5FBE9DE9A9B66B7FCC2756 ] C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe
23:19:45.0221 0x14a0 SuiteTray - ok
23:19:45.0221 0x14a0 ZoneAlarm Installer - ok
23:19:45.0251 0x14a0 Download Protect - ok
23:19:45.0361 0x14a0 [ 39D5333A11EC3CB56F80D42312F2EE7C, B6CBF4BCCE9A506E1F669312DC3A92498B919E755B11783C434D72B8A886252F ] C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe
23:19:45.0401 0x14a0 DivXMediaServer - detected UnsignedFile.Multi.Generic ( 1 )
23:19:55.0401 0x14a0 DivXMediaServer ( UnsignedFile.Multi.Generic ) - warning
23:19:55.0401 0x14a0 Force sending object to P2P due to detect: C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe
23:19:59.0881 0x14a0 Object send P2P result: true
23:20:02.0421 0x14a0 [ 16AFB34618E1286FF856DC600AC49C79, 431EC110507685A0F4472EAE35383B4C1E3DC0B56E01CDECFB18F753181DC995 ] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
23:20:02.0471 0x14a0 DivXUpdate - ok
23:20:02.0551 0x14a0 [ 34D296AFC913E302953C70463EF09A48, BC413307CBC56C039EE8A05B51A56E14EF59678FBB33815AEB320078056C8CE7 ] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
23:20:02.0561 0x14a0 HP Software Update - ok
23:20:02.0641 0x14a0 [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
23:20:02.0731 0x14a0 Sidebar - ok
23:20:02.0751 0x14a0 [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
23:20:02.0771 0x14a0 mctadmin - ok
23:20:02.0771 0x14a0 IsMyWinLockerReboot - ok
23:20:02.0811 0x14a0 [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
23:20:02.0851 0x14a0 Sidebar - ok
23:20:02.0851 0x14a0 [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
23:20:02.0871 0x14a0 mctadmin - ok
23:20:02.0871 0x14a0 IsMyWinLockerReboot - ok
23:20:02.0911 0x14a0 [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
23:20:02.0951 0x14a0 Sidebar - ok
23:20:02.0961 0x14a0 [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
23:20:02.0981 0x14a0 mctadmin - ok
23:20:02.0991 0x14a0 IsMyWinLockerReboot - ok
23:20:03.0071 0x14a0 [ F911551E5B9B5029CF56A57E42A7AC90, 53F4C53C9B67505519215B6EA1F52DF47382A7196E662D470521B3706C7E1437 ] C:\Program Files (x86)\Lidl_Fotos\dd.exe
23:20:03.0101 0x14a0 Device Detection - ok
23:20:03.0271 0x14a0 [ 22F7B9670AD770C7ED7F4738204C8E5C, 7B793AC094CB1B073419B5DAE09DFBB8EBED03D29301F490AA76EA0667613438 ] C:\Program Files\HP\HP Photosmart 5520 series\Bin\ScanToPCActivationApp.exe
23:20:03.0361 0x14a0 HP Photosmart 5520 series (NET) - ok
23:20:03.0371 0x14a0 GoogleDriveSync - ok
23:20:04.0751 0x14a0 [ BC59AE9A62B28A31487BFD32373BCD5D, A57C1887558B0E652F69B60658E4A3F805E11FCC077DBE925985F3789D57A100 ] C:\Users\Sonja\AppData\Local\Amazon Music\Amazon Music Helper.exe
23:20:04.0941 0x14a0 Amazon Music - ok
23:20:04.0951 0x14a0 Waiting for KSN requests completion. In queue: 11
23:20:05.0951 0x14a0 Waiting for KSN requests completion. In queue: 11
23:20:06.0951 0x14a0 Waiting for KSN requests completion. In queue: 11
23:20:07.0951 0x14a0 Waiting for KSN requests completion. In queue: 11
23:20:08.0961 0x14a0 AV detected via SS2: Microsoft Security Essentials, C:\Program Files\Microsoft Security Client\msseces.exe ( 4.7.205.0 ), 0x61000 ( enabled : updated )
23:20:08.0981 0x14a0 Win FW state via NFP2: enabled
23:20:11.0331 0x14a0 ============================================================
23:20:11.0331 0x14a0 Scan finished
23:20:11.0331 0x14a0 ============================================================
23:20:11.0341 0x159c Detected object count: 3
23:20:11.0341 0x159c Actual detected object count: 3
23:22:30.0081 0x159c bujixodo ( UDS:DangerousObject.Multi.Generic ) - skipped by user
23:22:30.0081 0x159c bujixodo ( UDS:DangerousObject.Multi.Generic ) - User select action: Skip
23:22:30.0081 0x159c dibudyzy ( UnsignedFile.Multi.Generic ) - skipped by user
23:22:30.0081 0x159c dibudyzy ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:22:30.0081 0x159c DivXMediaServer ( UnsignedFile.Multi.Generic ) - skipped by user
23:22:30.0081 0x159c DivXMediaServer ( UnsignedFile.Multi.Generic ) - User select action: Skip
Geändert von Fanou (03.03.2015 um 23:24 Uhr) Grund: Beitragsverdichtung |
|
04.03.2015, 08:56
| #4 | |
| /// the machine /// TB-Ausbilder | Windows 7, Adware eingefangen (Digisaver etc.)Zitat:
Starte TDSSkiller.exe mit Doppelklick. Vista und Win7 User mit Rechtsklick "als Administrator starten"
Als Beispiel: C:\TDSSKiller.<version_date_time>log.txt Poste den Inhalt bitte hier in deinen Thread.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
04.03.2015, 09:40
| #5 |
| | Windows 7, Adware eingefangen (Digisaver etc.) Guten Morgen schrauber, der Scan ist gerade gelaufen, die beiden Funde wurden wieder entdeckt, aber ich kann kein "CURE" auswählen. Die Auswahlmöglichkeiten sind: "DELETE" "SKIP" & "COPY TO QUARANTINE". Welches ist hier richtig? Vielen Dank. |
|
04.03.2015, 11:28
| #6 |
| /// the machine /// TB-Ausbilder | Windows 7, Adware eingefangen (Digisaver etc.) Delete 
__________________ --> Windows 7, Adware eingefangen (Digisaver etc.) |
|
04.03.2015, 12:20
| #7 |
| | Windows 7, Adware eingefangen (Digisaver etc.) TDSS ist durch, System ist neu gebootet. Banner im FF sind immer noch da. Hier das logfile: Code:
ATTFilter 12:07:56.0272 0x0b68 TDSS rootkit removing tool 3.0.0.44 Jan 22 2015 08:27:04
12:07:58.0284 0x0b68 ============================================================
12:07:58.0284 0x0b68 Current date / time: 2015/03/04 12:07:58.0284
12:07:58.0284 0x0b68 SystemInfo:
12:07:58.0284 0x0b68
12:07:58.0284 0x0b68 OS Version: 6.1.7601 ServicePack: 1.0
12:07:58.0284 0x0b68 Product type: Workstation
12:07:58.0284 0x0b68 ComputerName: PC
12:07:58.0284 0x0b68 UserName: Sonja
12:07:58.0284 0x0b68 Windows directory: C:\Windows
12:07:58.0284 0x0b68 System windows directory: C:\Windows
12:07:58.0284 0x0b68 Running under WOW64
12:07:58.0284 0x0b68 Processor architecture: Intel x64
12:07:58.0284 0x0b68 Number of processors: 4
12:07:58.0284 0x0b68 Page size: 0x1000
12:07:58.0284 0x0b68 Boot type: Normal boot
12:07:58.0284 0x0b68 ============================================================
12:07:58.0284 0x0b68 BG loaded
12:08:11.0294 0x0b68 System UUID: {0DA0F262-08EE-2711-F97B-1C91E59548AD}
12:08:16.0536 0x0b68 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 ( 298.09 Gb ), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
12:08:16.0536 0x0b68 ============================================================
12:08:16.0536 0x0b68 \Device\Harddisk0\DR0:
12:08:16.0536 0x0b68 MBR partitions:
12:08:16.0552 0x0b68 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2400800, BlocksNum 0x32000
12:08:16.0552 0x0b68 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x2432800, BlocksNum 0x22FFB800
12:08:16.0552 0x0b68 ============================================================
12:08:17.0566 0x0b68 C: <-> \Device\Harddisk0\DR0\Partition2
12:08:17.0566 0x0b68 ============================================================
12:08:17.0566 0x0b68 Initialize success
12:08:17.0566 0x0b68 ============================================================
|
|
04.03.2015, 16:25
| #8 |
| /// the machine /// TB-Ausbilder | Windows 7, Adware eingefangen (Digisaver etc.) Neuen Scan mit TDSSKIller bitte. Die Banner sind im Moment das kleinere Übel
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
04.03.2015, 19:53
| #9 |
| | Windows 7, Adware eingefangen (Digisaver etc.) Guten Abend, hier das frische TDSS-Log: Code:
ATTFilter 19:43:26.0886 0x1a64 TDSS rootkit removing tool 3.0.0.44 Jan 22 2015 08:27:04
19:43:31.0826 0x1a64 ============================================================
19:43:31.0826 0x1a64 Current date / time: 2015/03/04 19:43:31.0826
19:43:31.0826 0x1a64 SystemInfo:
19:43:31.0826 0x1a64
19:43:31.0826 0x1a64 OS Version: 6.1.7601 ServicePack: 1.0
19:43:31.0826 0x1a64 Product type: Workstation
19:43:31.0826 0x1a64 ComputerName: PC
19:43:31.0826 0x1a64 UserName: Sonja
19:43:31.0826 0x1a64 Windows directory: C:\Windows
19:43:31.0826 0x1a64 System windows directory: C:\Windows
19:43:31.0826 0x1a64 Running under WOW64
19:43:31.0826 0x1a64 Processor architecture: Intel x64
19:43:31.0826 0x1a64 Number of processors: 4
19:43:31.0826 0x1a64 Page size: 0x1000
19:43:31.0826 0x1a64 Boot type: Normal boot
19:43:31.0826 0x1a64 ============================================================
19:43:31.0826 0x1a64 BG loaded
19:43:37.0786 0x1a64 System UUID: {0DA0F262-08EE-2711-F97B-1C91E59548AD}
19:43:40.0216 0x1a64 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 ( 298.09 Gb ), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
19:43:40.0296 0x1a64 ============================================================
19:43:40.0296 0x1a64 \Device\Harddisk0\DR0:
19:43:40.0296 0x1a64 MBR partitions:
19:43:40.0296 0x1a64 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2400800, BlocksNum 0x32000
19:43:40.0296 0x1a64 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x2432800, BlocksNum 0x22FFB800
19:43:40.0296 0x1a64 ============================================================
19:43:40.0896 0x1a64 C: <-> \Device\Harddisk0\DR0\Partition2
19:43:41.0156 0x1a64 ============================================================
19:43:41.0156 0x1a64 Initialize success
19:43:41.0156 0x1a64 ============================================================
19:43:53.0526 0x1c44 ============================================================
19:43:53.0526 0x1c44 Scan started
19:43:53.0526 0x1c44 Mode: Manual; SigCheck; TDLFS;
19:43:53.0526 0x1c44 ============================================================
19:43:53.0526 0x1c44 KSN ping started
19:44:07.0548 0x1c44 KSN ping finished: true
19:44:09.0148 0x1c44 ================ Scan system memory ========================
19:44:09.0148 0x1c44 System memory - ok
19:44:09.0148 0x1c44 ================ Scan services =============================
19:44:09.0578 0x1c44 [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
19:44:09.0808 0x1c44 1394ohci - ok
19:44:10.0178 0x1c44 [ C8030D922511A926D0AA06B78C4B87A9, 6D093CE1F43249839D4A2C3D832A57A8358203F6F6BA9349AB1E7806701A9E1D ] acedrv06 C:\Windows\system32\drivers\acedrv06.sys
19:44:10.0368 0x1c44 acedrv06 - detected UnsignedFile.Multi.Generic ( 1 )
19:44:12.0968 0x1c44 Detect skipped due to KSN trusted
19:44:12.0968 0x1c44 acedrv06 - ok
19:44:13.0178 0x1c44 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI C:\Windows\system32\drivers\ACPI.sys
19:44:13.0198 0x1c44 ACPI - ok
19:44:13.0308 0x1c44 [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
19:44:13.0578 0x1c44 AcpiPmi - ok
19:44:14.0048 0x1c44 [ FC5B75CA6A1DA31EDD4F8D53F5540B98, CDC445F2790ADFC4C5568C40D4DA8BB95CD71991665B38AEC3D84571C99C3520 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
19:44:14.0238 0x1c44 AdobeARMservice - ok
19:44:14.0638 0x1c44 [ 080255CDCB878813B481B8C348D47D8E, 75808821FBC732D0504795B8F85852E4C01D3B412989A1E597E1295CFF7B7A45 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
19:44:14.0658 0x1c44 AdobeFlashPlayerUpdateSvc - ok
19:44:14.0738 0x1c44 [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
19:44:14.0768 0x1c44 adp94xx - ok
19:44:14.0838 0x1c44 [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci C:\Windows\system32\drivers\adpahci.sys
19:44:14.0868 0x1c44 adpahci - ok
19:44:14.0878 0x1c44 [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
19:44:14.0903 0x1c44 adpu320 - ok
19:44:15.0030 0x1c44 [ 4B78B431F225FD8624C5655CB1DE7B61, 198A5AF2125C7C41F531A652D200C083A55A97DC541E3C0B5B253C7329949156 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
19:44:15.0200 0x1c44 AeLookupSvc - ok
19:44:15.0340 0x1c44 [ FA886682CFC5D36718D3E436AACF10B9, F80AB4F91AA6B5C7ECCB000D8E1BC2CF776DC3D69B3D9EBC2558C19035A6B3AB ] AFD C:\Windows\system32\drivers\afd.sys
19:44:15.0460 0x1c44 AFD - ok
19:44:15.0520 0x1c44 [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440 C:\Windows\system32\drivers\agp440.sys
19:44:15.0530 0x1c44 agp440 - ok
19:44:15.0610 0x1c44 [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG C:\Windows\System32\alg.exe
19:44:15.0690 0x1c44 ALG - ok
19:44:15.0760 0x1c44 [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide C:\Windows\system32\drivers\aliide.sys
19:44:15.0780 0x1c44 aliide - ok
19:44:15.0870 0x1c44 [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide C:\Windows\system32\drivers\amdide.sys
19:44:15.0910 0x1c44 amdide - ok
19:44:16.0030 0x1c44 [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
19:44:16.0080 0x1c44 AmdK8 - ok
19:44:16.0080 0x1c44 [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys
19:44:16.0170 0x1c44 AmdPPM - ok
19:44:16.0190 0x1c44 [ D4121AE6D0C0E7E13AA221AA57EF2D49, 626F43C099BD197BE56648C367B711143C2BCCE96496BBDEF19F391D52FA01D0 ] amdsata C:\Windows\system32\drivers\amdsata.sys
19:44:16.0210 0x1c44 amdsata - ok
19:44:16.0270 0x1c44 [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
19:44:16.0290 0x1c44 amdsbs - ok
19:44:16.0300 0x1c44 [ 540DAF1CEA6094886D72126FD7C33048, 296578572A93F5B74E1AD443E000B79DC99D1CBD25082E02704800F886A3065F ] amdxata C:\Windows\system32\drivers\amdxata.sys
19:44:16.0310 0x1c44 amdxata - ok
19:44:16.0390 0x1c44 [ 80B9412C4DE09147581FC935FB4C97AB, 0C9661F7B5EF7F9D61981790B7AB64E3375BD117962166619D0CC546A2D014D3 ] AppID C:\Windows\system32\drivers\appid.sys
19:44:16.0440 0x1c44 AppID - ok
19:44:16.0460 0x1c44 [ F71CA01C24FC3798A717B5A6F682F9AD, 8CF1C209E7BBBAD02D6D087293C0B681CDA3170AF119CA2916C2708D8801E749 ] AppIDSvc C:\Windows\System32\appidsvc.dll
19:44:16.0500 0x1c44 AppIDSvc - ok
19:44:16.0570 0x1c44 [ 9D2A2369AB4B08A4905FE72DB104498F, D6FA1705018BABABFA2362E05691A0D6408D14DE7B76129B16D0A1DAD6378E58 ] Appinfo C:\Windows\System32\appinfo.dll
19:44:16.0620 0x1c44 Appinfo - ok
19:44:16.0690 0x1c44 [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc C:\Windows\system32\drivers\arc.sys
19:44:16.0710 0x1c44 arc - ok
19:44:16.0710 0x1c44 [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas C:\Windows\system32\drivers\arcsas.sys
19:44:16.0730 0x1c44 arcsas - ok
19:44:17.0180 0x1c44 [ 9A262EDD17F8473B91B333D6B031A901, 05DFBD3A7D83FDE1D062EA719ACA9EC48CB7FD42D17DDD88B82E5D25469ADD23 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
19:44:17.0250 0x1c44 aspnet_state - ok
19:44:17.0360 0x1c44 [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
19:44:17.0420 0x1c44 AsyncMac - ok
19:44:17.0510 0x1c44 [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi C:\Windows\system32\drivers\atapi.sys
19:44:17.0520 0x1c44 atapi - ok
19:44:17.0680 0x1c44 [ 956BC6EB96AA09478BD897AF8DF55A62, 07221CE77A08BF44AEEC5B65BD9991920853DD69592FFEAF86A63B70DB988796 ] athr C:\Windows\system32\DRIVERS\athrx.sys
19:44:17.0960 0x1c44 athr - ok
19:44:18.0040 0x1c44 [ DE3E38431B00C2EA247C53675DCF01A0, 8965192096C94203A1F16689DCDA45FE0EDF3A6FB75B70FC378C2008E8E71C9B ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
19:44:18.0160 0x1c44 AudioEndpointBuilder - ok
19:44:18.0180 0x1c44 [ DE3E38431B00C2EA247C53675DCF01A0, 8965192096C94203A1F16689DCDA45FE0EDF3A6FB75B70FC378C2008E8E71C9B ] AudioSrv C:\Windows\System32\Audiosrv.dll
19:44:18.0210 0x1c44 AudioSrv - ok
19:44:18.0290 0x1c44 [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV C:\Windows\System32\AxInstSV.dll
19:44:18.0400 0x1c44 AxInstSV - ok
19:44:18.0510 0x1c44 [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
19:44:18.0600 0x1c44 b06bdrv - ok
19:44:18.0680 0x1c44 [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
19:44:18.0740 0x1c44 b57nd60a - ok
19:44:18.0810 0x1c44 [ A424CB46A145E5AABF15621550976DF2, B6CA183FD5ED72237D2DC1F599FD04A066C06A717A2CF63AF08D3AA0A227D7BA ] b57xdbd C:\Windows\system32\DRIVERS\b57xdbd.sys
19:44:18.0860 0x1c44 b57xdbd - ok
19:44:18.0910 0x1c44 [ BE4E6FD5A898812B85D5817AD9754A9F, 46A7C80283BE53F43A0D73DA3338461024DD002A7CF43660F9C7D640E0C72876 ] b57xdmp C:\Windows\system32\DRIVERS\b57xdmp.sys
19:44:18.0920 0x1c44 b57xdmp - ok
19:44:18.0980 0x1c44 [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC C:\Windows\System32\bdesvc.dll
19:44:19.0030 0x1c44 BDESVC - ok
19:44:19.0060 0x1c44 [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep C:\Windows\system32\drivers\Beep.sys
19:44:19.0110 0x1c44 Beep - ok
19:44:19.0230 0x1c44 [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE C:\Windows\System32\bfe.dll
19:44:19.0440 0x1c44 BFE - ok
19:44:19.0500 0x1c44 [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS C:\Windows\System32\qmgr.dll
19:44:19.0732 0x1c44 BITS - ok
19:44:19.0812 0x1c44 [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys
19:44:19.0852 0x1c44 blbdrive - ok
19:44:19.0922 0x1c44 [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
19:44:19.0952 0x1c44 bowser - ok
19:44:20.0002 0x1c44 [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
19:44:20.0042 0x1c44 BrFiltLo - ok
19:44:20.0042 0x1c44 [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
19:44:20.0062 0x1c44 BrFiltUp - ok
19:44:20.0122 0x1c44 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser C:\Windows\System32\browser.dll
19:44:20.0192 0x1c44 Browser - ok
19:44:20.0212 0x1c44 [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid C:\Windows\System32\Drivers\Brserid.sys
19:44:20.0292 0x1c44 Brserid - ok
19:44:20.0292 0x1c44 [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
19:44:20.0362 0x1c44 BrSerWdm - ok
19:44:20.0362 0x1c44 [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
19:44:20.0442 0x1c44 BrUsbMdm - ok
19:44:20.0442 0x1c44 [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
19:44:20.0452 0x1c44 BrUsbSer - ok
19:44:20.0542 0x1c44 [ 0970D8B7151E9113BF8D44CE2E954DF7, D467DFFA1668F3BE29620154A13867568C25211ED823BE6A220D2DEE7E3A1278 ] bScsiMSa C:\Windows\system32\DRIVERS\bScsiMSa.sys
19:44:20.0552 0x1c44 bScsiMSa - ok
19:44:20.0632 0x1c44 [ 0C1EEE5AF32402D306874B110DE237EC, B0FE0F3B6A1E2C003E6F4B6330601C43126881262B328D7DD93AC2C0B714DC86 ] bScsiSDa C:\Windows\system32\DRIVERS\bScsiSDa.sys
19:44:20.0662 0x1c44 bScsiSDa - ok
19:44:20.0702 0x1c44 [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
19:44:20.0782 0x1c44 BTHMODEM - ok
19:44:20.0852 0x1c44 [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv C:\Windows\system32\bthserv.dll
19:44:20.0902 0x1c44 bthserv - ok
19:44:21.0682 0x1c44 [ 1F79342D9EB530A48742F651E570983A, 99E0B613C23FA8591E248DFA6FF2D3EE19E262BE6E070A0E43E256B69687017F ] c2cautoupdatesvc C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
19:44:21.0742 0x1c44 c2cautoupdatesvc - ok
19:44:21.0962 0x1c44 [ E4938E0A376CF0B9D989EE5C0A146891, 9DF6AB5781CD60862D9664CA9A8AF0696A1FB6D09D804CD8DE9630F40DE59E90 ] c2cpnrsvc C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
19:44:22.0042 0x1c44 c2cpnrsvc - ok
19:44:22.0102 0x1c44 [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
19:44:22.0172 0x1c44 cdfs - ok
19:44:22.0282 0x1c44 [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
19:44:22.0322 0x1c44 cdrom - ok
19:44:22.0412 0x1c44 [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc C:\Windows\System32\certprop.dll
19:44:22.0452 0x1c44 CertPropSvc - ok
19:44:22.0542 0x1c44 [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass C:\Windows\system32\drivers\circlass.sys
19:44:22.0582 0x1c44 circlass - ok
19:44:22.0622 0x1c44 [ FE1EC06F2253F691FE36217C592A0206, B9F122DB5E665ECDF29A5CB8BB6B531236F31A54A95769D6C5C1924C87FE70CE ] CLFS C:\Windows\system32\CLFS.sys
19:44:22.0652 0x1c44 CLFS - ok
19:44:22.0772 0x1c44 [ F13EC8A783E0CB0D6DC26A3CA848B7B8, 0809E3B71709F1343086EEB6C820543C1A7119E74EEF8AC1AEE1F81093ABEC66 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:44:22.0782 0x1c44 clr_optimization_v2.0.50727_32 - ok
19:44:22.0872 0x1c44 [ B4D73F04E9BC076F7CDAC4327DF636BB, 1ADED20D5A0D0A76E2F85CB778FD06BAB814868D35F8532E17D67045FF4770C2 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
19:44:22.0882 0x1c44 clr_optimization_v2.0.50727_64 - ok
19:44:23.0052 0x1c44 [ E87213F37A13E2B54391E40934F071D0, 7EB221127EFB5BF158FB03D18EFDA2C55FB6CE3D1A1FE69C01D70DBED02C87E5 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
19:44:23.0072 0x1c44 clr_optimization_v4.0.30319_32 - ok
19:44:23.0112 0x1c44 [ 4AEDAB50F83580D0B4D6CF78191F92AA, D113C47013B018B45161911B96E93AF96A2F3B34FA47061BF6E7A71FBA03194A ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
19:44:23.0132 0x1c44 clr_optimization_v4.0.30319_64 - ok
19:44:23.0182 0x1c44 [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt C:\Windows\system32\drivers\CmBatt.sys
19:44:23.0212 0x1c44 CmBatt - ok
19:44:23.0252 0x1c44 [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide C:\Windows\system32\drivers\cmdide.sys
19:44:23.0262 0x1c44 cmdide - ok
19:44:23.0312 0x1c44 [ E45CDE1C8340DFEDF1D6724263F39E5B, 8B8091D0A8FF08170F34DA01A4201DAE7C3D026226BC77B5C2EC67657C670168 ] CNG C:\Windows\system32\Drivers\cng.sys
19:44:23.0392 0x1c44 CNG - ok
19:44:23.0452 0x1c44 [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt C:\Windows\system32\drivers\compbatt.sys
19:44:23.0462 0x1c44 Compbatt - ok
19:44:23.0532 0x1c44 [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
19:44:23.0572 0x1c44 CompositeBus - ok
19:44:23.0592 0x1c44 COMSysApp - ok
19:44:23.0622 0x1c44 [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
19:44:23.0632 0x1c44 crcdisk - ok
19:44:23.0702 0x1c44 [ 19D511CC455C19DE1ADF60E6C39C85B6, 2A05DD5EF3D0BEC2C9F4EA186E0E2D0F7BE0BF6A473D51194B09D33773AC7FAA ] CryptSvc C:\Windows\system32\cryptsvc.dll
19:44:23.0762 0x1c44 CryptSvc - ok
19:44:24.0042 0x1c44 [ FD557A50A65E44041CD2FCEF4BEB04DB, 746D5958F7198895D35A23566D3736D993D57726BF59D91421D8091C48926A26 ] cvhsvc C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
19:44:24.0182 0x1c44 cvhsvc - ok
19:44:24.0272 0x1c44 [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] DcomLaunch C:\Windows\system32\rpcss.dll
19:44:24.0372 0x1c44 DcomLaunch - ok
19:44:24.0432 0x1c44 [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc C:\Windows\System32\defragsvc.dll
19:44:24.0512 0x1c44 defragsvc - ok
19:44:24.0572 0x1c44 [ 9BB2EF44EAA163B29C4A4587887A0FE4, 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F ] DfsC C:\Windows\system32\Drivers\dfsc.sys
19:44:24.0632 0x1c44 DfsC - ok
19:44:24.0692 0x1c44 [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp C:\Windows\system32\dhcpcore.dll
19:44:24.0762 0x1c44 Dhcp - ok
19:44:24.0772 0x1c44 [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache C:\Windows\system32\drivers\discache.sys
19:44:24.0832 0x1c44 discache - ok
19:44:24.0922 0x1c44 [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk C:\Windows\system32\drivers\disk.sys
19:44:24.0932 0x1c44 Disk - ok
19:44:25.0012 0x1c44 [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache C:\Windows\System32\dnsrslvr.dll
19:44:25.0072 0x1c44 Dnscache - ok
19:44:25.0092 0x1c44 [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc C:\Windows\System32\dot3svc.dll
19:44:25.0172 0x1c44 dot3svc - ok
19:44:25.0242 0x1c44 [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS C:\Windows\system32\dps.dll
19:44:25.0282 0x1c44 DPS - ok
19:44:25.0392 0x1c44 [ 9B19F34400D24DF84C858A421C205754, 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
19:44:25.0412 0x1c44 drmkaud - ok
19:44:25.0552 0x1c44 [ 9DD3A22F804697606C2B7FF9E912FF6B, BBE2FC0D554030BA9E3A96CC4A360D61DBCCAA1D81BD7547809F29A3AF0B3A25 ] DsiWMIService C:\Program Files (x86)\Launch Manager\dsiwmis.exe
19:44:25.0572 0x1c44 DsiWMIService - ok
19:44:25.0652 0x1c44 [ 87CE5C8965E101CCCED1F4675557E868, 077D98F0F130B2FC710208BA34016EF2B2506EE2BD71740B228145E34A3046F1 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
19:44:25.0702 0x1c44 DXGKrnl - ok
19:44:25.0782 0x1c44 [ DD81D91FF3B0763C392422865C9AC12E, F5691B8F200E3196E6808E932630E862F8F26F31CD949981373F23C9D87DB8B9 ] e47f97f2 C:\Windows\system32\rundll32.exe
19:44:25.0812 0x1c44 e47f97f2 - ok
19:44:25.0892 0x1c44 [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost C:\Windows\System32\eapsvc.dll
19:44:25.0952 0x1c44 EapHost - ok
19:44:26.0282 0x1c44 [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv C:\Windows\system32\drivers\evbda.sys
19:44:26.0572 0x1c44 ebdrv - ok
19:44:26.0652 0x1c44 [ E0105F3B5B1C4B0F5B3D788A13504EC6, 16C094BC098E4606239C8A54F2E4B92BABB68215CCB43C161661B1A664A0C7A0 ] EFS C:\Windows\System32\lsass.exe
19:44:26.0732 0x1c44 EFS - ok
19:44:26.0812 0x1c44 [ 5332EC2BA1C112BD4BB1F38127848FEF, 156585CE4011546B20EDD20D04E639A0788B1DE6455B23B94E2CD31BA725FE3C ] EgisTec Ticket Service C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe
19:44:26.0822 0x1c44 EgisTec Ticket Service - ok
19:44:26.0952 0x1c44 [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
19:44:27.0042 0x1c44 ehRecvr - ok
19:44:27.0102 0x1c44 [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched C:\Windows\ehome\ehsched.exe
19:44:27.0142 0x1c44 ehSched - ok
19:44:27.0222 0x1c44 [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor C:\Windows\system32\drivers\elxstor.sys
19:44:27.0252 0x1c44 elxstor - ok
19:44:27.0422 0x1c44 [ 48425C93B6F36529707206E4FA680CF3, 328BD59DEDFAD359EF79CCFBC2AD3E9C95657EC616AE0611F5EFEB34B810692A ] ePowerSvc C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
19:44:27.0492 0x1c44 ePowerSvc - ok
19:44:27.0522 0x1c44 [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev C:\Windows\system32\drivers\errdev.sys
19:44:27.0552 0x1c44 ErrDev - ok
19:44:27.0622 0x1c44 [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem C:\Windows\system32\es.dll
19:44:27.0672 0x1c44 EventSystem - ok
19:44:27.0722 0x1c44 [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat C:\Windows\system32\drivers\exfat.sys
19:44:27.0792 0x1c44 exfat - ok
19:44:27.0852 0x1c44 [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat C:\Windows\system32\drivers\fastfat.sys
19:44:27.0892 0x1c44 fastfat - ok
19:44:27.0972 0x1c44 [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax C:\Windows\system32\fxssvc.exe
19:44:28.0072 0x1c44 Fax - ok
19:44:28.0132 0x1c44 [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc C:\Windows\system32\drivers\fdc.sys
19:44:28.0142 0x1c44 fdc - ok
19:44:28.0212 0x1c44 [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost C:\Windows\system32\fdPHost.dll
19:44:28.0262 0x1c44 fdPHost - ok
19:44:28.0322 0x1c44 [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub C:\Windows\system32\fdrespub.dll
19:44:28.0382 0x1c44 FDResPub - ok
19:44:28.0432 0x1c44 [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
19:44:28.0442 0x1c44 FileInfo - ok
19:44:28.0462 0x1c44 [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
19:44:28.0532 0x1c44 Filetrace - ok
19:44:28.0622 0x1c44 [ BB0667B0171B632B97EA759515476F07, 07A123B2182D5813D2898928C231638353CF086606E9D5A5AF4A2A73E17CEC27 ] FLEXnet Licensing Service C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
19:44:28.0652 0x1c44 FLEXnet Licensing Service - ok
19:44:28.0732 0x1c44 [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
19:44:28.0762 0x1c44 flpydisk - ok
19:44:28.0802 0x1c44 [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
19:44:28.0822 0x1c44 FltMgr - ok
19:44:29.0032 0x1c44 [ C4C183E6551084039EC862DA1C945E3D, 0874A2ACDD24D64965AA9A76E9C818E216880AE4C9A2E07ED932EE404585CEE6 ] FontCache C:\Windows\system32\FntCache.dll
19:44:29.0172 0x1c44 FontCache - ok
19:44:29.0222 0x1c44 [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
19:44:29.0232 0x1c44 FontCache3.0.0.0 - ok
19:44:29.0252 0x1c44 [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
19:44:29.0262 0x1c44 FsDepends - ok
19:44:29.0292 0x1c44 [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
19:44:29.0302 0x1c44 Fs_Rec - ok
19:44:29.0392 0x1c44 [ 8F6322049018354F45F05A2FD2D4E5E0, 73BF0FB4EBD7887E992DDEBB79E906958D6678F8D1107E8C368F5A0514D80359 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
19:44:29.0412 0x1c44 fvevol - ok
19:44:29.0502 0x1c44 [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
19:44:29.0522 0x1c44 gagp30kx - ok
19:44:29.0872 0x1c44 [ 277BBC7E1AA1EE957F573A10ECA7EF3A, 2EE60B924E583E847CC24E78B401EF95C69DB777A5B74E1EC963E18D47B94D24 ] gpsvc C:\Windows\System32\gpsvc.dll
19:44:29.0982 0x1c44 gpsvc - ok
19:44:30.0122 0x1c44 [ C9B2D1D3F86FD3673EF847DEF73B6F9E, 9D3822A6464F685F770F8D02A8AE623A676888F135E8425C3BAF1CC077429A7F ] GREGService C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
19:44:30.0132 0x1c44 GREGService - ok
19:44:30.0352 0x1c44 [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
19:44:30.0362 0x1c44 gupdate - ok
19:44:30.0422 0x1c44 [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
19:44:30.0432 0x1c44 gupdatem - ok
19:44:30.0482 0x1c44 [ C1B577B2169900F4CF7190C39F085794, 73E104B96A48F4C80D8C37254ECB0891D15C0D2F0C251B57C168F90D60316447 ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
19:44:30.0502 0x1c44 gusvc - ok
19:44:30.0552 0x1c44 [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
19:44:30.0602 0x1c44 hcw85cir - ok
19:44:30.0692 0x1c44 [ 975761C778E33CD22498059B91E7373A, 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
19:44:30.0802 0x1c44 HdAudAddService - ok
19:44:30.0872 0x1c44 [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
19:44:30.0902 0x1c44 HDAudBus - ok
19:44:30.0942 0x1c44 [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
19:44:30.0972 0x1c44 HidBatt - ok
19:44:31.0012 0x1c44 [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth C:\Windows\system32\drivers\hidbth.sys
19:44:31.0052 0x1c44 HidBth - ok
19:44:31.0052 0x1c44 [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr C:\Windows\system32\drivers\hidir.sys
19:44:31.0132 0x1c44 HidIr - ok
19:44:31.0172 0x1c44 [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv C:\Windows\system32\hidserv.dll
19:44:31.0232 0x1c44 hidserv - ok
19:44:31.0352 0x1c44 [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb C:\Windows\system32\drivers\hidusb.sys
19:44:31.0372 0x1c44 HidUsb - ok
19:44:31.0402 0x1c44 [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc C:\Windows\system32\kmsvc.dll
19:44:31.0452 0x1c44 hkmsvc - ok
19:44:31.0522 0x1c44 [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
19:44:31.0582 0x1c44 HomeGroupListener - ok
19:44:31.0612 0x1c44 [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
19:44:31.0652 0x1c44 HomeGroupProvider - ok
19:44:31.0712 0x1c44 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
19:44:31.0722 0x1c44 HpSAMD - ok
19:44:32.0622 0x1c44 HPSLPSVC - ok
19:44:32.0702 0x1c44 [ 0EA7DE1ACB728DD5A369FD742D6EEE28, 21C489412EB33A12B22290EB701C19BA57006E8702E76F730954F0784DDE9779 ] HTTP C:\Windows\system32\drivers\HTTP.sys
19:44:32.0822 0x1c44 HTTP - ok
19:44:32.0912 0x1c44 [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
19:44:32.0922 0x1c44 hwpolicy - ok
19:44:33.0012 0x1c44 [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
19:44:33.0022 0x1c44 i8042prt - ok
19:44:33.0122 0x1c44 [ 26CF4275034214ECEDD8EC17B0A18A99, 95A08C63971C28F1BC97040C0ADA247E3B43DE7D937B14E33A394B955D0AC8B7 ] iaStor C:\Windows\system32\drivers\iaStor.sys
19:44:33.0212 0x1c44 iaStor - ok
19:44:33.0322 0x1c44 [ E79A8E33BD136D14BAE1FA20EB2EF124, 54AD784570282FEF21021BE76C57EE878EC6FF6423CE2FFC3A4372AF6C3112D4 ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
19:44:33.0332 0x1c44 IAStorDataMgrSvc - ok
19:44:33.0402 0x1c44 [ AAAF44DB3BD0B9D1FB6969B23ECC8366, 805AA4A9464002D1AB3832E4106B2AAA1331F4281367E75956062AAE99699385 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
19:44:33.0432 0x1c44 iaStorV - ok
19:44:33.0502 0x1c44 [ C98A5B9D932430AD8EEBD3EF73756EF7, DF7E1D391A0F3345AD61154363922C27BD557DEEACE395A6A8A8A16BFD1BB9A8 ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
19:44:33.0562 0x1c44 idsvc - ok
19:44:33.0572 0x1c44 IEEtwCollectorService - ok
19:44:34.0102 0x1c44 [ 9937600A1584FF00565D5379EB4C9EDB, CF03333E9E7BD940B27194A9CF21ED8A6A10B698B545A898291976F650FC2675 ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
19:44:34.0728 0x1c44 igfx - ok
19:44:34.0858 0x1c44 [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp C:\Windows\system32\drivers\iirsp.sys
19:44:34.0868 0x1c44 iirsp - ok
19:44:34.0978 0x1c44 [ 344789398EC3EE5A4E00C52B31847946, 3DA5F08E4B46F4E63456AA588D49E39A6A09A97D0509880C00F327623DB6122D ] IKEEXT C:\Windows\System32\ikeext.dll
19:44:35.0088 0x1c44 IKEEXT - ok
19:44:35.0309 0x1c44 [ CB7DADEF3D83FE2C12655A0BDCBA99F2, AD55A578986F008ED01635D3BB26414D71F418640099BFA92D9CABAB6A88E01D ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
19:44:35.0460 0x1c44 IntcAzAudAddService - ok
19:44:35.0580 0x1c44 [ FC727061C0F47C8059E88E05D5C8E381, C7A3782F5D86C7FDE57AA1F2EE81638C5FC3072ACC6E572BA2EC7B3CFF389800 ] IntcDAud C:\Windows\system32\DRIVERS\IntcDAud.sys
19:44:35.0620 0x1c44 IntcDAud - ok
19:44:35.0660 0x1c44 [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide C:\Windows\system32\drivers\intelide.sys
19:44:35.0670 0x1c44 intelide - ok
19:44:35.0740 0x1c44 [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
19:44:35.0770 0x1c44 intelppm - ok
19:44:35.0820 0x1c44 [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum C:\Windows\system32\ipbusenum.dll
19:44:35.0880 0x1c44 IPBusEnum - ok
19:44:35.0930 0x1c44 [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:44:35.0970 0x1c44 IpFilterDriver - ok
19:44:36.0090 0x1c44 [ 08C2957BB30058E663720C5606885653, E13EDF6701512E2A9977A531454932CA5023087CB50E1D2F416B8BCDD92B67BE ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
19:44:36.0190 0x1c44 iphlpsvc - ok
19:44:36.0220 0x1c44 [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
19:44:36.0250 0x1c44 IPMIDRV - ok
19:44:36.0280 0x1c44 [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT C:\Windows\system32\drivers\ipnat.sys
19:44:36.0350 0x1c44 IPNAT - ok
19:44:36.0450 0x1c44 [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM C:\Windows\system32\drivers\irenum.sys
19:44:36.0490 0x1c44 IRENUM - ok
19:44:36.0490 0x1c44 [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp C:\Windows\system32\drivers\isapnp.sys
19:44:36.0500 0x1c44 isapnp - ok
19:44:36.0580 0x1c44 [ 96BB922A0981BC7432C8CF52B5410FE6, 236C05509B1040059B15021CBBDBDAF3B9C0F00910142BE5887B2C7561BAAFBA ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
19:44:36.0600 0x1c44 iScsiPrt - ok
19:44:36.0680 0x1c44 [ 455B75C19BF3F1F2EE3AC10E1169826C, C8CE6DE48E0B4621F2851A994261FA787556A27F9868A8859E5E8A8354028257 ] k57nd60a C:\Windows\system32\DRIVERS\k57nd60a.sys
19:44:36.0700 0x1c44 k57nd60a - ok
19:44:36.0800 0x1c44 [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
19:44:36.0810 0x1c44 kbdclass - ok
19:44:36.0840 0x1c44 [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
19:44:36.0880 0x1c44 kbdhid - ok
19:44:36.0890 0x1c44 [ E0105F3B5B1C4B0F5B3D788A13504EC6, 16C094BC098E4606239C8A54F2E4B92BABB68215CCB43C161661B1A664A0C7A0 ] KeyIso C:\Windows\system32\lsass.exe
19:44:36.0900 0x1c44 KeyIso - ok
19:44:36.0950 0x1c44 [ C60C6B9A2E50B0404F6789C62B428C03, 0DFFAACBA038FB3D994049E7BBC8E0C63CB8B4A68C4AB770AD995B66B017C25B ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
19:44:36.0960 0x1c44 KSecDD - ok
19:44:37.0010 0x1c44 [ 78D152A9FD5747FF6AA89C79F0346F62, 69138077E84E5324751E3C8B80D05BE58EDF03CEC84F69B734537F10F6998F3B ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
19:44:37.0030 0x1c44 KSecPkg - ok
19:44:37.0050 0x1c44 [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
19:44:37.0080 0x1c44 ksthunk - ok
19:44:37.0280 0x1c44 [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm C:\Windows\system32\msdtckrm.dll
19:44:37.0330 0x1c44 KtmRm - ok
19:44:37.0420 0x1c44 [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer C:\Windows\system32\srvsvc.dll
19:44:37.0490 0x1c44 LanmanServer - ok
19:44:37.0560 0x1c44 [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
19:44:37.0620 0x1c44 LanmanWorkstation - ok
19:44:37.0730 0x1c44 [ 93B73DED2BC688F140C6AE2FBAD45789, B6859BC5D309B99BCCDC3717108B714497AAE9C5B26CE5B201344A41FC4CFF9D ] Live Updater Service C:\Program Files\Acer\Acer Updater\UpdaterService.exe
19:44:37.0750 0x1c44 Live Updater Service - ok
19:44:37.0830 0x1c44 [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
19:44:37.0890 0x1c44 lltdio - ok
19:44:37.0990 0x1c44 [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc C:\Windows\System32\lltdsvc.dll
19:44:38.0080 0x1c44 lltdsvc - ok
19:44:38.0130 0x1c44 [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts C:\Windows\System32\lmhsvc.dll
19:44:38.0180 0x1c44 lmhosts - ok
19:44:38.0280 0x1c44 [ 50C7CE53EF461870410355F1F2E7D515, D6E84C63D74E4603D37FD7CC88BF51DE23CD17DB1D1AD4ADBED62F949F3C470C ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
19:44:38.0300 0x1c44 LMS - ok
19:44:38.0390 0x1c44 [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
19:44:38.0400 0x1c44 LSI_FC - ok
19:44:38.0410 0x1c44 [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
19:44:38.0420 0x1c44 LSI_SAS - ok
19:44:38.0430 0x1c44 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
19:44:38.0440 0x1c44 LSI_SAS2 - ok
19:44:38.0450 0x1c44 [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
19:44:38.0460 0x1c44 LSI_SCSI - ok
19:44:38.0570 0x1c44 [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv C:\Windows\system32\drivers\luafv.sys
19:44:38.0640 0x1c44 luafv - ok
19:44:38.0690 0x1c44 McAfee SiteAdvisor Service - ok
19:44:38.0730 0x1c44 [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
19:44:38.0740 0x1c44 Mcx2Svc - ok
19:44:38.0750 0x1c44 [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas C:\Windows\system32\drivers\megasas.sys
19:44:38.0760 0x1c44 megasas - ok
19:44:38.0870 0x1c44 [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
19:44:38.0890 0x1c44 MegaSR - ok
19:44:38.0970 0x1c44 [ A6518DCC42F7A6E999BB3BEA8FD87567, 8A9AE992F93F37E0723761EA271A7E1AA8172702C471041A17324474FC96B9BC ] MEIx64 C:\Windows\system32\DRIVERS\HECIx64.sys
19:44:38.0980 0x1c44 MEIx64 - ok
19:44:38.0990 0x1c44 [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS C:\Windows\system32\mmcss.dll
19:44:39.0060 0x1c44 MMCSS - ok
19:44:39.0060 0x1c44 [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem C:\Windows\system32\drivers\modem.sys
19:44:39.0140 0x1c44 Modem - ok
19:44:39.0210 0x1c44 [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
19:44:39.0220 0x1c44 monitor - ok
19:44:39.0280 0x1c44 [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
19:44:39.0310 0x1c44 mouclass - ok
19:44:39.0310 0x1c44 [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid C:\Windows\system32\drivers\mouhid.sys
19:44:39.0360 0x1c44 mouhid - ok
19:44:39.0400 0x1c44 [ 32E7A3D591D671A6DF2DB515A5CBE0FA, 47CED0B9067AE8BF5EEF60B17ADEE5906BEDCC56E4CB460B7BFBC12BB9A69E63 ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
19:44:39.0420 0x1c44 mountmgr - ok
19:44:39.0520 0x1c44 [ 345477F02C308B7480702767218C86A2, 98AFB5CF35BD82BA44B8F52CBC5FA3760506ADD7892C2AA1A77E8DF71FC8523F ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
19:44:39.0530 0x1c44 MozillaMaintenance - ok
19:44:39.0590 0x1c44 [ FBA4CDA6B3B00D7A116DCC2B5C7E9790, FE909159323290555971F031E7911DCCD035B873E630A230A660C13D57719206 ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys
19:44:39.0620 0x1c44 MpFilter - ok
19:44:39.0630 0x1c44 [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio C:\Windows\system32\drivers\mpio.sys
19:44:39.0653 0x1c44 mpio - ok
19:44:39.0722 0x1c44 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
19:44:39.0772 0x1c44 mpsdrv - ok
19:44:39.0822 0x1c44 [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc C:\Windows\system32\mpssvc.dll
19:44:39.0972 0x1c44 MpsSvc - ok
19:44:40.0012 0x1c44 [ AE3334958D8F631FF14A0AEB3D7EFB3A, F5FD6B61F896104C20DFC43FEE2FCE6930B73F78DF876BD19A333EABB9139C6D ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
19:44:40.0072 0x1c44 MRxDAV - ok
19:44:40.0102 0x1c44 [ A5D9106A73DC88564C825D317CAC68AC, 0457B2AEA4E05A91D0E43F317894A614434D8CEBE35020785387F307E231FBE4 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
19:44:40.0132 0x1c44 mrxsmb - ok
19:44:40.0162 0x1c44 [ D711B3C1D5F42C0C2415687BE09FC163, 9B3013AC60BD2D0FF52086658BA5FF486ADE15954A552D7DD590580E8BAE3EFF ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:44:40.0212 0x1c44 mrxsmb10 - ok
19:44:40.0242 0x1c44 [ 9423E9D355C8D303E76B8CFBD8A5C30C, 220B33F120C2DD937FE4D5664F4B581DC0ACF78D62EB56B7720888F67B9644CC ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:44:40.0272 0x1c44 mrxsmb20 - ok
19:44:40.0322 0x1c44 [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci C:\Windows\system32\drivers\msahci.sys
19:44:40.0332 0x1c44 msahci - ok
19:44:40.0362 0x1c44 [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm C:\Windows\system32\drivers\msdsm.sys
19:44:40.0382 0x1c44 msdsm - ok
19:44:40.0472 0x1c44 [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC C:\Windows\System32\msdtc.exe
19:44:40.0512 0x1c44 MSDTC - ok
19:44:40.0542 0x1c44 [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs C:\Windows\system32\drivers\Msfs.sys
19:44:40.0602 0x1c44 Msfs - ok
19:44:40.0622 0x1c44 [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
19:44:40.0652 0x1c44 mshidkmdf - ok
19:44:40.0682 0x1c44 [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
19:44:40.0692 0x1c44 msisadrv - ok
19:44:40.0822 0x1c44 [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
19:44:40.0892 0x1c44 MSiSCSI - ok
19:44:40.0892 0x1c44 msiserver - ok
19:44:40.0972 0x1c44 [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
19:44:41.0002 0x1c44 MSKSSRV - ok
19:44:41.0392 0x1c44 [ F46BA4E7F4A34295B20917CD77F6CEC9, 1A91AC1AC1FBFC6922D0430D752240A91C9001373B1F84F960FDE0AC062A411A ] MsMpSvc c:\Program Files\Microsoft Security Client\MsMpEng.exe
19:44:41.0402 0x1c44 MsMpSvc - ok
19:44:41.0472 0x1c44 [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
19:44:41.0502 0x1c44 MSPCLOCK - ok
19:44:41.0532 0x1c44 [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
19:44:41.0592 0x1c44 MSPQM - ok
19:44:41.0672 0x1c44 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
19:44:41.0692 0x1c44 MsRPC - ok
19:44:41.0722 0x1c44 [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
19:44:41.0732 0x1c44 mssmbios - ok
19:44:41.0752 0x1c44 [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
19:44:41.0822 0x1c44 MSTEE - ok
19:44:41.0842 0x1c44 [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
19:44:41.0882 0x1c44 MTConfig - ok
19:44:41.0912 0x1c44 [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup C:\Windows\system32\Drivers\mup.sys
19:44:41.0922 0x1c44 Mup - ok
19:44:42.0062 0x1c44 [ C009123B206C56854F4E88596035231D, 670403A40B425F77C90ECB048A0C8BC11FB19E40A8CECC2C3DCF79175B745863 ] mwlPSDFilter C:\Windows\system32\DRIVERS\mwlPSDFilter.sys
19:44:42.0072 0x1c44 mwlPSDFilter - ok
19:44:42.0102 0x1c44 [ BF3739EEB9F008B1DEBAC115089A53F8, 8546AB69087656259BBE17D6F80F4AB164B04171673CE2BF9FFD1B5C9584E9A4 ] mwlPSDNServ C:\Windows\system32\DRIVERS\mwlPSDNServ.sys
19:44:42.0112 0x1c44 mwlPSDNServ - ok
19:44:42.0162 0x1c44 [ 38DD143D95E7A01B86F219DDA9C28779, 5FA8C0595CCF835DBCE1CC5322E8FD4BFB6DFB6CF869BB7CB73F919445D469AA ] mwlPSDVDisk C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys
19:44:42.0172 0x1c44 mwlPSDVDisk - ok
19:44:42.0352 0x1c44 [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent C:\Windows\system32\qagentRT.dll
19:44:42.0442 0x1c44 napagent - ok
19:44:42.0612 0x1c44 [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
19:44:42.0662 0x1c44 NativeWifiP - ok
19:44:42.0832 0x1c44 [ 760E38053BF56E501D562B70AD796B88, F856E81A975D44F8684A6F2466549CEEDFAEB3950191698555A93A1206E0A42D ] NDIS C:\Windows\system32\drivers\ndis.sys
19:44:42.0872 0x1c44 NDIS - ok
19:44:42.0962 0x1c44 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
19:44:43.0002 0x1c44 NdisCap - ok
19:44:43.0342 0x1c44 [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
19:44:43.0412 0x1c44 NdisTapi - ok
19:44:44.0681 0x1c44 [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
19:44:44.0739 0x1c44 Ndisuio - ok
19:44:44.0906 0x1c44 [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
19:44:45.0098 0x1c44 NdisWan - ok
19:44:45.0148 0x1c44 [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
19:44:45.0198 0x1c44 NDProxy - ok
19:44:45.0528 0x1c44 [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
19:44:45.0638 0x1c44 NetBIOS - ok
19:44:45.0718 0x1c44 [ 09594D1089C523423B32A4229263F068, 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
19:44:46.0028 0x1c44 NetBT - ok
19:44:46.0098 0x1c44 [ E0105F3B5B1C4B0F5B3D788A13504EC6, 16C094BC098E4606239C8A54F2E4B92BABB68215CCB43C161661B1A664A0C7A0 ] Netlogon C:\Windows\system32\lsass.exe
19:44:46.0108 0x1c44 Netlogon - ok
19:44:46.0228 0x1c44 [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman C:\Windows\System32\netman.dll
19:44:46.0288 0x1c44 Netman - ok
19:44:47.0658 0x1c44 [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:44:47.0678 0x1c44 NetMsmqActivator - ok
19:44:47.0688 0x1c44 [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:44:47.0698 0x1c44 NetPipeActivator - ok
19:44:47.0838 0x1c44 [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm C:\Windows\System32\netprofm.dll
19:44:49.0188 0x1c44 netprofm - ok
19:44:49.0408 0x1c44 [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:44:49.0428 0x1c44 NetTcpActivator - ok
19:44:49.0438 0x1c44 [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:44:49.0458 0x1c44 NetTcpPortSharing - ok
19:44:49.0558 0x1c44 [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
19:44:49.0568 0x1c44 nfrd960 - ok
19:44:49.0668 0x1c44 [ E10B84385C3FEEF4BDE8E6A980535522, 56D9E47B76CDABE45E64C9E74DCBCC2F7C07A44519ED938BD730018C48445614 ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys
19:44:49.0688 0x1c44 NisDrv - ok
19:44:50.0220 0x1c44 [ 9BF50324444C46997C2492D505B47F2D, 42C74456C64F7D688E0911255746BD2A52A3590AED22B24F7E385760D720B8E9 ] NisSrv c:\Program Files\Microsoft Security Client\NisSrv.exe
19:44:50.0260 0x1c44 NisSrv - ok
19:44:50.0372 0x1c44 [ 8B301D474B478E9A92823BAB50A7BC49, 8181816035F41B1DABEC05E65E4F67BCD785F56760A61F1049E91BA39D42F01D ] NlaSvc C:\Windows\System32\nlasvc.dll
19:44:50.0624 0x1c44 NlaSvc - ok
19:44:51.0646 0x1c44 [ 5839A8027D6D324A7CD494051A96628C, 474F2D0BB463ABE68D7C4D2C630860AED4B722EC62C616C91EE00AA965378382 ] NOBU C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
19:44:51.0806 0x1c44 NOBU - ok
19:44:51.0906 0x1c44 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs C:\Windows\system32\drivers\Npfs.sys
19:44:51.0976 0x1c44 Npfs - ok
19:44:52.0066 0x1c44 [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi C:\Windows\system32\nsisvc.dll
19:44:52.0166 0x1c44 nsi - ok
19:44:52.0216 0x1c44 [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
19:44:52.0256 0x1c44 nsiproxy - ok
19:44:52.0676 0x1c44 [ 1A29A59A4C5BA6F8C85062A613B7E2B2, CC137F499A12C724D4166C2D85E9F447413419A0683DAC6F1A802B7F210C77F1 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
19:44:52.0756 0x1c44 Ntfs - ok
19:44:53.0036 0x1c44 [ 1873214666F6F0A883742DF91FBC48C9, DCF5382CE338D4B5B0C3A3B722A19B6C7BAB59EB7B266FEF04698B79070E2C4B ] NTI IScheduleSvc C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
19:44:53.0316 0x1c44 NTI IScheduleSvc - ok
19:44:53.0356 0x1c44 [ EE3BA1024594D5D09E314F206B94069E, 34C8EC3DF1C3088D8A0442CAA4F5506665AFB2DF016709457ED2AB7DA45F53A6 ] NTIDrvr C:\Windows\system32\drivers\NTIDrvr.sys
19:44:53.0366 0x1c44 NTIDrvr - ok
19:44:53.0376 0x1c44 [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null C:\Windows\system32\drivers\Null.sys
19:44:53.0436 0x1c44 Null - ok
19:44:54.0318 0x1c44 [ 9B93CC9C70EDE60A9C486E7719DB9E8D, 8E31BE72797D3308D8AF136E9F4C6199BCF4592F88E9FEB361752FF768225EC9 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
19:44:54.0943 0x1c44 nvlddmkm - ok
19:44:55.0012 0x1c44 [ F76296368BB813E0C6996501A3271C7C, FA1C127F881C09C5066CB83A686AFD7A40D731922185EA4001A52ABA230FD812 ] nvpciflt C:\Windows\system32\DRIVERS\nvpciflt.sys
19:44:55.0032 0x1c44 nvpciflt - ok
19:44:55.0122 0x1c44 [ 0A92CB65770442ED0DC44834632F66AD, 581327F07A68DBD5CC749214BE5F1211FC2CE41C7A4F0656B680AFB51A35ACE7 ] nvraid C:\Windows\system32\drivers\nvraid.sys
19:44:55.0134 0x1c44 nvraid - ok
19:44:55.0144 0x1c44 [ DAB0E87525C10052BF65F06152F37E4A, AD9BFF0D5FD3FFB95C758B478E1F6A9FE45E7B37AEC71EB5070D292FEAAEDF37 ] nvstor C:\Windows\system32\drivers\nvstor.sys
19:44:55.0164 0x1c44 nvstor - ok
19:44:55.0366 0x1c44 [ FB50E60564ED30DDC855F0CE435C8467, C9A56D74F58739B8A069336FF5456FC5F3CE89371B8CFE8144B8D06A9C79C6AB ] nvsvc C:\Windows\system32\nvvsvc.exe
19:44:55.0432 0x1c44 nvsvc - ok
19:44:55.0688 0x1c44 [ C63E582366EAD77978BFFD959A66DBB8, BBAC11300AFED29291A08EEC8A740DA67C8C003AF89D06F9E0671CCF0E7908A0 ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
19:44:55.0766 0x1c44 nvUpdatusService - ok
19:44:55.0800 0x1c44 [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
19:44:55.0820 0x1c44 nv_agp - ok
19:44:55.0840 0x1c44 [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
19:44:55.0890 0x1c44 ohci1394 - ok
19:44:56.0090 0x1c44 [ 9D10F99A6712E28F8ACD5641E3A7EA6B, 70964A0ED9011EA94044E15FA77EDD9CF535CC79ED8E03A3721FF007E69595CC ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
19:44:56.0270 0x1c44 ose - ok
19:44:56.0800 0x1c44 [ 61BFFB5F57AD12F83AB64B7181829B34, 1DD0DD35E4158F95765EE6639F217DF03A0A19E624E020DBA609268C08A13846 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
19:44:57.0092 0x1c44 osppsvc - ok
19:44:57.0224 0x1c44 [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
19:44:57.0304 0x1c44 p2pimsvc - ok
19:44:57.0396 0x1c44 [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc C:\Windows\system32\p2psvc.dll
19:44:57.0476 0x1c44 p2psvc - ok
19:44:57.0516 0x1c44 [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport C:\Windows\system32\drivers\parport.sys
19:44:57.0556 0x1c44 Parport - ok
19:44:57.0596 0x1c44 [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr C:\Windows\system32\drivers\partmgr.sys
19:44:57.0606 0x1c44 partmgr - ok
19:44:57.0706 0x1c44 [ 256390425414F90FCBC12F525A84EB11, A4992020BF6A239AD8A77125426E2C39980C9ABC971C4DBCB24B358F946AD7F9 ] PcaSvc C:\Windows\System32\pcasvc.dll
19:44:57.0736 0x1c44 PcaSvc - ok
19:44:57.0776 0x1c44 [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci C:\Windows\system32\drivers\pci.sys
19:44:57.0796 0x1c44 pci - ok
19:44:57.0846 0x1c44 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide C:\Windows\system32\drivers\pciide.sys
19:44:57.0866 0x1c44 pciide - ok
19:44:57.0956 0x1c44 [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
19:44:57.0976 0x1c44 pcmcia - ok
19:44:58.0026 0x1c44 [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw C:\Windows\system32\drivers\pcw.sys
19:44:58.0046 0x1c44 pcw - ok
19:44:58.0256 0x1c44 [ 20372BE109FEE1C37E2D5216680DB9EB, 2C3737FB3C6BCF81D0A7293667412DDEA649A8AEA40B7ADCFCB9893E8B3C4AF3 ] PDF Architect Helper Service C:\Program Files (x86)\PDF Architect\HelperService.exe
19:44:58.0458 0x1c44 PDF Architect Helper Service - ok
19:44:58.0778 0x1c44 [ B90A279073A815A4AA2C45A09EE004FA, 9EA27630C47F5FF99CBBE513C113F3ED01FABA0D59B9D9637764027BCC6EA24A ] PDF Architect Service C:\Program Files (x86)\PDF Architect\ConversionService.exe
19:44:58.0918 0x1c44 PDF Architect Service - ok
19:44:59.0028 0x1c44 [ 946010CDFA91469351B22E2620CEBCD8, F099C92706D42ADC289B72724F7932E5D4F62A427AEC967DDB0A1D728AE59A63 ] PEAUTH C:\Windows\system32\drivers\peauth.sys
19:44:59.0158 0x1c44 PEAUTH - ok
19:44:59.0358 0x1c44 [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost C:\Windows\SysWow64\perfhost.exe
19:44:59.0428 0x1c44 PerfHost - ok
19:44:59.0588 0x1c44 [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla C:\Windows\system32\pla.dll
19:44:59.0702 0x1c44 pla - ok
19:44:59.0814 0x1c44 [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
19:44:59.0914 0x1c44 PlugPlay - ok
19:44:59.0984 0x1c44 [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
19:45:00.0044 0x1c44 PNRPAutoReg - ok
19:45:00.0134 0x1c44 [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
19:45:00.0164 0x1c44 PNRPsvc - ok
19:45:00.0256 0x1c44 [ 4F15D75ADF6156BF56ECED6D4A55C389, 2ADA3EA69A5D7EC2A4D2DD89178DB94EAFDDF95F07B0070D654D9F7A5C12A044 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
19:45:00.0358 0x1c44 PolicyAgent - ok
19:45:00.0440 0x1c44 [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power C:\Windows\system32\umpo.dll
19:45:00.0520 0x1c44 Power - ok
19:45:00.0630 0x1c44 [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
19:45:00.0710 0x1c44 PptpMiniport - ok
19:45:00.0740 0x1c44 [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor C:\Windows\system32\drivers\processr.sys
19:45:00.0810 0x1c44 Processor - ok
19:45:00.0890 0x1c44 [ B6A58491307B4CADA572583D863DC602, 5C44936605E52C9533E4CE22F18FAB8211475877F71EFD88DA4D02FD608C90A3 ] ProfSvc C:\Windows\system32\profsvc.dll
19:45:00.0970 0x1c44 ProfSvc - ok
19:45:01.0030 0x1c44 [ E0105F3B5B1C4B0F5B3D788A13504EC6, 16C094BC098E4606239C8A54F2E4B92BABB68215CCB43C161661B1A664A0C7A0 ] ProtectedStorage C:\Windows\system32\lsass.exe
19:45:01.0040 0x1c44 ProtectedStorage - ok
19:45:01.0140 0x1c44 [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched C:\Windows\system32\DRIVERS\pacer.sys
19:45:01.0210 0x1c44 Psched - ok
19:45:01.0330 0x1c44 [ DD3FD48D69F5FBBB21D46D1514C1C2DB, 2B188E3AC4BD9B608D375DD550507717852C2AF7C0F99FFED90098999B9D4F01 ] PSI C:\Windows\system32\DRIVERS\psi_mf_amd64.sys
19:45:01.0360 0x1c44 PSI - ok
19:45:01.0570 0x1c44 [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
19:45:01.0680 0x1c44 ql2300 - ok
19:45:01.0690 0x1c44 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
19:45:01.0710 0x1c44 ql40xx - ok
19:45:01.0750 0x1c44 [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE C:\Windows\system32\qwave.dll
19:45:01.0790 0x1c44 QWAVE - ok
19:45:01.0820 0x1c44 [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
19:45:01.0850 0x1c44 QWAVEdrv - ok
19:45:01.0850 0x1c44 [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
19:45:01.0942 0x1c44 RasAcd - ok
19:45:02.0012 0x1c44 [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
19:45:02.0082 0x1c44 RasAgileVpn - ok
19:45:02.0162 0x1c44 [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto C:\Windows\System32\rasauto.dll
19:45:02.0212 0x1c44 RasAuto - ok
19:45:02.0262 0x1c44 [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
19:45:02.0332 0x1c44 Rasl2tp - ok
19:45:02.0472 0x1c44 [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan C:\Windows\System32\rasmans.dll
19:45:02.0544 0x1c44 RasMan - ok
19:45:02.0584 0x1c44 [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
19:45:02.0624 0x1c44 RasPppoe - ok
19:45:02.0734 0x1c44 [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
19:45:02.0814 0x1c44 RasSstp - ok
19:45:02.0864 0x1c44 [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
19:45:02.0954 0x1c44 rdbss - ok
19:45:02.0994 0x1c44 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus C:\Windows\system32\drivers\rdpbus.sys
19:45:03.0014 0x1c44 rdpbus - ok
19:45:03.0034 0x1c44 [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
19:45:03.0104 0x1c44 RDPCDD - ok
19:45:03.0214 0x1c44 [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
19:45:03.0264 0x1c44 RDPENCDD - ok
19:45:03.0304 0x1c44 [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
19:45:03.0344 0x1c44 RDPREFMP - ok
19:45:03.0494 0x1c44 [ 313F68E1A3E6345A4F47A36B07062F34, B8318A0AE06BDE278931CA52F960B9FE226FD9894B076858DDB755AE26E1E66F ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
19:45:03.0554 0x1c44 RdpVideoMiniport - ok
19:45:03.0654 0x1c44 [ FE571E088C2D83619D2D48D4E961BF41, 88C5A2FCB1D0E528657842E39963471A6E42FCA3FCDF37955AEC8258AB4C48EA ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
19:45:03.0714 0x1c44 RDPWD - ok
19:45:03.0784 0x1c44 [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
19:45:03.0804 0x1c44 rdyboost - ok
19:45:03.0884 0x1c44 [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess C:\Windows\System32\mprdim.dll
19:45:03.0934 0x1c44 RemoteAccess - ok
19:45:04.0034 0x1c44 [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry C:\Windows\system32\regsvc.dll
19:45:04.0134 0x1c44 RemoteRegistry - ok
19:45:04.0194 0x1c44 [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
19:45:04.0274 0x1c44 RpcEptMapper - ok
19:45:04.0344 0x1c44 [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator C:\Windows\system32\locator.exe
19:45:04.0364 0x1c44 RpcLocator - ok
19:45:04.0524 0x1c44 [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] RpcSs C:\Windows\system32\rpcss.dll
19:45:04.0597 0x1c44 RpcSs - ok
19:45:04.0656 0x1c44 [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
19:45:04.0710 0x1c44 rspndr - ok
19:45:04.0728 0x1c44 [ E0105F3B5B1C4B0F5B3D788A13504EC6, 16C094BC098E4606239C8A54F2E4B92BABB68215CCB43C161661B1A664A0C7A0 ] SamSs C:\Windows\system32\lsass.exe
19:45:04.0748 0x1c44 SamSs - ok
19:45:04.0789 0x1c44 [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
19:45:04.0800 0x1c44 sbp2port - ok
19:45:04.0930 0x1c44 [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr C:\Windows\System32\SCardSvr.dll
19:45:04.0999 0x1c44 SCardSvr - ok
19:45:05.0019 0x1c44 [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
19:45:05.0062 0x1c44 scfilter - ok
19:45:05.0494 0x1c44 [ 262F6592C3299C005FD6BEC90FC4463A, 54095E37F0B6CC677A3E9BDD40F4647C713273D197DB341063AA7F342A60C4A7 ] Schedule C:\Windows\system32\schedsvc.dll
19:45:05.0626 0x1c44 Schedule - ok
19:45:05.0676 0x1c44 [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc C:\Windows\System32\certprop.dll
19:45:05.0726 0x1c44 SCPolicySvc - ok
19:45:05.0766 0x1c44 [ 111E0EBC0AD79CB0FA014B907B231CF0, B7D43D156C2524938503CF8E99C4D1F7A5C55E16C0368F57F4CD23C6D833B38F ] sdbus C:\Windows\system32\DRIVERS\sdbus.sys
19:45:05.0806 0x1c44 sdbus - ok
19:45:05.0856 0x1c44 [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC C:\Windows\System32\SDRSVC.dll
19:45:05.0926 0x1c44 SDRSVC - ok
19:45:06.0036 0x1c44 [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv C:\Windows\system32\drivers\secdrv.sys
19:45:06.0116 0x1c44 secdrv - ok
19:45:06.0176 0x1c44 [ BC617A4E1B4FA8DF523A061739A0BD87, 10C4057F6B321EB5237FF619747B74F5401BC17D15A8C7060829E8204A2297F9 ] seclogon C:\Windows\system32\seclogon.dll
19:45:06.0236 0x1c44 seclogon - ok
19:45:06.0686 0x1c44 [ DA6C0E0B15CD0B135FD385AEABAE3A4C, 1DBED093D4BD1E800828D8E0EB19EDA7FD1E963AABD4F71D61F1AD04F669290F ] Secunia PSI Agent C:\Program Files (x86)\Secunia\PSI\PSIA.exe
19:45:06.0816 0x1c44 Secunia PSI Agent - ok
19:45:06.0976 0x1c44 [ 71761EDC432A0E39CF621105884E738E, 935133326B794F6DEAA97B9B6B6295AC6A884C3B73ABCD5662A79CEAD8EEA5EE ] Secunia Update Agent C:\Program Files (x86)\Secunia\PSI\sua.exe
19:45:07.0140 0x1c44 Secunia Update Agent - ok
19:45:07.0200 0x1c44 [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS C:\Windows\System32\sens.dll
19:45:07.0260 0x1c44 SENS - ok
19:45:07.0280 0x1c44 [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc C:\Windows\system32\sensrsvc.dll
19:45:07.0362 0x1c44 SensrSvc - ok
19:45:07.0432 0x1c44 [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum C:\Windows\system32\drivers\serenum.sys
19:45:07.0462 0x1c44 Serenum - ok
19:45:07.0562 0x1c44 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial C:\Windows\system32\drivers\serial.sys
19:45:07.0602 0x1c44 Serial - ok
19:45:07.0612 0x1c44 [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse C:\Windows\system32\drivers\sermouse.sys
19:45:07.0632 0x1c44 sermouse - ok
19:45:07.0682 0x1c44 [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv C:\Windows\system32\sessenv.dll
19:45:07.0742 0x1c44 SessionEnv - ok
19:45:07.0742 0x1c44 [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
19:45:07.0762 0x1c44 sffdisk - ok
19:45:07.0772 0x1c44 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
19:45:07.0792 0x1c44 sffp_mmc - ok
19:45:07.0844 0x1c44 [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
19:45:07.0924 0x1c44 sffp_sd - ok
19:45:07.0964 0x1c44 [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
19:45:08.0204 0x1c44 sfloppy - ok
19:45:10.0748 0x1c44 [ 2046AA7491DE7EFA4D70E615D9BC9D09, A8763D059AD68D5842C407FA9644E0B129BEF0F63CD87E62B80B05441EDC3489 ] Sftfs C:\Windows\system32\DRIVERS\Sftfslh.sys
19:45:10.0898 0x1c44 Sftfs - ok
19:45:11.0198 0x1c44 [ 77C5A741A7452812F278EF2C18478862, 0B763679EB7EFB8ED9DCE7B429706E939BB65BA6BCF1BAE0E0426D4E87074B8C ] sftlist C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
19:45:11.0248 0x1c44 sftlist - ok
19:45:11.0448 0x1c44 [ 0E0446BC4D51BE4263ACB7E33491191C, 2AD039FB440560658C4E06F67CC192EF71577EF3FF789A43C08430CE5EAE5A70 ] Sftplay C:\Windows\system32\DRIVERS\Sftplaylh.sys
19:45:11.0468 0x1c44 Sftplay - ok
19:45:11.0548 0x1c44 [ C5FB982CD266E604ED3142102C26D62C, A6BC0D72E98F924274ECAD49C85F0775D1CD45B97CD43F53DF3992B560835FC5 ] Sftredir C:\Windows\system32\DRIVERS\Sftredirlh.sys
19:45:11.0558 0x1c44 Sftredir - ok
19:45:11.0588 0x1c44 [ 2575511AF67AA1FA068CCC4918E2C2A3, 3152FF5AC2CF6FE966DA59B1B33E22F9BD9B6BB4310441870528364BA9501A4D ] Sftvol C:\Windows\system32\DRIVERS\Sftvollh.sys
19:45:11.0598 0x1c44 Sftvol - ok
19:45:11.0718 0x1c44 [ 39B1D0A636A400304565D4521FAD6D77, 1F01DB35B5A477AA7A77585C9304E6B5F3E67807531305BCA93A7F494CED8F59 ] sftvsa C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
19:45:11.0738 0x1c44 sftvsa - ok
19:45:11.0848 0x1c44 [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess C:\Windows\System32\ipnathlp.dll
19:45:11.0888 0x1c44 SharedAccess - ok
19:45:11.0998 0x1c44 [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
19:45:12.0078 0x1c44 ShellHWDetection - ok
19:45:12.0168 0x1c44 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
19:45:12.0188 0x1c44 SiSRaid2 - ok
19:45:12.0208 0x1c44 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
19:45:12.0218 0x1c44 SiSRaid4 - ok
19:45:12.0288 0x1c44 [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb C:\Windows\system32\DRIVERS\smb.sys
19:45:12.0328 0x1c44 Smb - ok
19:45:12.0498 0x1c44 [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
19:45:12.0548 0x1c44 SNMPTRAP - ok
19:45:12.0578 0x1c44 [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr C:\Windows\system32\drivers\spldr.sys
19:45:12.0588 0x1c44 spldr - ok
19:45:12.0698 0x1c44 [ 85DAA09A98C9286D4EA2BA8D0E644377, F9C324E2EF81193FE831C7EECC44A100CA06F82FA731BF555D9EA4D91DA13329 ] Spooler C:\Windows\System32\spoolsv.exe
19:45:12.0788 0x1c44 Spooler - ok
19:45:13.0068 0x1c44 [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc C:\Windows\system32\sppsvc.exe
19:45:13.0238 0x1c44 sppsvc - ok
19:45:13.0298 0x1c44 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify C:\Windows\system32\sppuinotify.dll
19:45:13.0388 0x1c44 sppuinotify - ok
19:45:13.0428 0x1c44 [ 441FBA48BFF01FDB9D5969EBC1838F0B, 306128F1AD489F87161A089D1BDC1542A4CB742D91A0C12A7CD1863FDB8932C0 ] srv C:\Windows\system32\DRIVERS\srv.sys
19:45:13.0538 0x1c44 srv - ok
19:45:13.0568 0x1c44 [ B4ADEBBF5E3677CCE9651E0F01F7CC28, 726DB2283113AB2A9681E8E9F61132303D6D86E9CD034C40EE4A8C9DB29E87F7 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
19:45:13.0618 0x1c44 srv2 - ok
19:45:13.0648 0x1c44 [ 27E461F0BE5BFF5FC737328F749538C3, AFA4704ED8FFC1A0BAB40DFB81D3AE3F3D933A3C9BF54DDAF39FF9AF3646D9E6 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
19:45:13.0698 0x1c44 srvnet - ok
19:45:13.0758 0x1c44 [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
19:45:13.0798 0x1c44 SSDPSRV - ok
19:45:13.0848 0x1c44 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc C:\Windows\system32\sstpsvc.dll
19:45:13.0888 0x1c44 SstpSvc - ok
19:45:13.0908 0x1c44 [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor C:\Windows\system32\drivers\stexstor.sys
19:45:13.0918 0x1c44 stexstor - ok
19:45:14.0038 0x1c44 [ DECACB6921DED1A38642642685D77DAC, 1633711CE973F818EBCCCA28538772431167C33ECDD44D1E846A9436598B52DC ] StillCam C:\Windows\system32\drivers\serscan.sys
19:45:14.0098 0x1c44 StillCam - ok
19:45:14.0358 0x1c44 [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc C:\Windows\System32\wiaservc.dll
19:45:14.0398 0x1c44 stisvc - ok
19:45:14.0468 0x1c44 [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum C:\Windows\system32\drivers\swenum.sys
19:45:14.0478 0x1c44 swenum - ok
19:45:14.0558 0x1c44 [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv C:\Windows\System32\swprv.dll
19:45:14.0618 0x1c44 swprv - ok
19:45:15.0088 0x1c44 [ EF51B22706DB03F0857FADE127C804EC, F3A97B8D94E96ACF93448CDF33DED97B076C3D8FFE42E9EAD088EE662306277B ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
19:45:15.0138 0x1c44 SynTP - ok
19:45:15.0708 0x1c44 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D, 3C13217548BE61F2BDB8BD41F77345CDDA1F97BF0AE17241C335B9807EB3DBB8 ] SysMain C:\Windows\system32\sysmain.dll
19:45:15.0828 0x1c44 SysMain - ok
19:45:15.0888 0x1c44 [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\Windows\System32\TabSvc.dll
19:45:15.0908 0x1c44 TabletInputService - ok
19:45:16.0058 0x1c44 [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv C:\Windows\System32\tapisrv.dll
19:45:16.0128 0x1c44 TapiSrv - ok
19:45:16.0218 0x1c44 [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS C:\Windows\System32\tbssvc.dll
19:45:16.0278 0x1c44 TBS - ok
19:45:16.0478 0x1c44 [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
19:45:16.0598 0x1c44 Tcpip - ok
19:45:16.0728 0x1c44 [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
19:45:16.0808 0x1c44 TCPIP6 - ok
19:45:16.0908 0x1c44 [ 1B16D0BD9841794A6E0CDE0CEF744ABC, 7EB8BA97339199EEE7F2B09DA2DA6279DA64A510D4598D42CF86415D67CD674C ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
19:45:16.0948 0x1c44 tcpipreg - ok
19:45:17.0028 0x1c44 [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
19:45:17.0098 0x1c44 TDPIPE - ok
19:45:17.0128 0x1c44 [ 51C5ECEB1CDEE2468A1748BE550CFBC8, 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
19:45:17.0138 0x1c44 TDTCP - ok
19:45:17.0178 0x1c44 [ 70988118145F5F10EF24720B97F35F65, F80C806417A68047FFB3D63214BC4AE5445315219AC594E043293006B704A63D ] tdx C:\Windows\system32\DRIVERS\tdx.sys
19:45:17.0238 0x1c44 tdx - ok
19:45:17.0258 0x1c44 [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD C:\Windows\system32\drivers\termdd.sys
19:45:17.0278 0x1c44 TermDD - ok
19:45:17.0608 0x1c44 [ 008CD4EBFABCF78D0F19B3778492648C, 9050490EEE0AD86E73F0A82D83E4FC29DF84F6B6FDB389AE135FD712B5F425BE ] TermService C:\Windows\System32\termsrv.dll
19:45:17.0678 0x1c44 TermService - ok
19:45:17.0708 0x1c44 [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes C:\Windows\system32\themeservice.dll
19:45:17.0778 0x1c44 Themes - ok
19:45:17.0838 0x1c44 [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER C:\Windows\system32\mmcss.dll
19:45:17.0878 0x1c44 THREADORDER - ok
19:45:17.0908 0x1c44 [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks C:\Windows\System32\trkwks.dll
19:45:17.0988 0x1c44 TrkWks - ok
19:45:18.0148 0x1c44 [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
19:45:18.0198 0x1c44 TrustedInstaller - ok
19:45:18.0308 0x1c44 [ E232A3B43A894BB327FC161529BD9ED1, F2673DA8C920F21ACCECC25F7C59A05822E5E577D47F126EDF9C94FEB4B30C5F ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
19:45:18.0318 0x1c44 tssecsrv - ok
19:45:18.0378 0x1c44 [ E9981ECE8D894CEF7038FD1D040EB426, DCDDCE933CAECE8180A3447199B07F2F0413704EEC1A09606EE357901A84A7CF ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
19:45:18.0428 0x1c44 TsUsbFlt - ok
19:45:18.0478 0x1c44 [ AD64450A4ABE076F5CB34CC08EEACB07, B5C386635441A19178E7FEEE299BA430C8D72F9110866C13A216B12A1080AD12 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
19:45:18.0538 0x1c44 TsUsbGD - ok
19:45:18.0638 0x1c44 [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
19:45:18.0718 0x1c44 tunnel - ok
19:45:18.0748 0x1c44 [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
19:45:18.0758 0x1c44 uagp35 - ok
19:45:18.0788 0x1c44 [ A17D5E1A6DF4EAB0A480F2C490DE4C9D, 1EA835F172B6BF3D7F496E079DF1CDF00122B2110C08D61427582BC9405D2B7B ] UBHelper C:\Windows\system32\drivers\UBHelper.sys
19:45:18.0798 0x1c44 UBHelper - ok
19:45:18.0858 0x1c44 [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
19:45:18.0898 0x1c44 udfs - ok
19:45:18.0948 0x1c44 [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect C:\Windows\system32\UI0Detect.exe
19:45:18.0968 0x1c44 UI0Detect - ok
19:45:18.0988 0x1c44 [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
19:45:19.0008 0x1c44 uliagpkx - ok
19:45:19.0118 0x1c44 [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus C:\Windows\system32\DRIVERS\umbus.sys
19:45:19.0158 0x1c44 umbus - ok
19:45:19.0188 0x1c44 [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass C:\Windows\system32\drivers\umpass.sys
19:45:19.0208 0x1c44 UmPass - ok
19:45:19.0548 0x1c44 [ 374EBDA379A8F38E0CFC2211611E7167, 0D6C3002B28E27C052227488CEE69FA99399421FF777EB48031E6080A759F532 ] UNS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
19:45:19.0714 0x1c44 UNS - ok
19:45:19.0870 0x1c44 [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost C:\Windows\System32\upnphost.dll
19:45:19.0972 0x1c44 upnphost - ok
19:45:20.0032 0x1c44 [ DCA68B0943D6FA415F0C56C92158A83A, BEE5A5B33B22D1DF50B884D46D89FC3B8286EB16E38AD5A20F0A49E5C6766C57 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
19:45:20.0102 0x1c44 usbccgp - ok
19:45:20.0152 0x1c44 [ 80B0F7D5CCF86CEB5D402EAAF61FEC31, 140C62116A425DEAD25FE8D82DE283BC92C482A9F643658D512F9F67061F28AD ] usbcir C:\Windows\system32\drivers\usbcir.sys
19:45:20.0202 0x1c44 usbcir - ok
19:45:20.0242 0x1c44 [ 18A85013A3E0F7E1755365D287443965, 811C5EDF38C765BCF71BCE25CB6626FF6988C3699F5EF1846240EA0052F34C33 ] usbehci C:\Windows\system32\drivers\usbehci.sys
19:45:20.0282 0x1c44 usbehci - ok
19:45:20.0402 0x1c44 [ 8D1196CFBB223621F2C67D45710F25BA, B5D7AFE51833B24FC9576F3AED3D8A2B290E5846060E73F9FFFAC1890A8B6003 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
19:45:20.0422 0x1c44 usbhub - ok
19:45:20.0462 0x1c44 [ 765A92D428A8DB88B960DA5A8D6089DC, 56DE8A2ED58E53B202C399CA7BACB1551136303C2EE0AB426BDBBF880E3C542C ] usbohci C:\Windows\system32\drivers\usbohci.sys
19:45:20.0512 0x1c44 usbohci - ok
19:45:20.0622 0x1c44 [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
19:45:20.0642 0x1c44 usbprint - ok
19:45:20.0672 0x1c44 [ FED648B01349A3C8395A5169DB5FB7D6, DC4D7594C24ADD076927B9347F1B50B91CF03A4ABDB284248D5711D9C19DEB96 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
19:45:20.0722 0x1c44 USBSTOR - ok
19:45:20.0772 0x1c44 [ DD253AFC3BC6CBA412342DE60C3647F3, 146F8613F1057AC054DC3593E84BC52899DA27EA33B0E72ACFB78C3699ADCDE7 ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
19:45:20.0782 0x1c44 usbuhci - ok
19:45:20.0852 0x1c44 [ 1F775DA4CF1A3A1834207E975A72E9D7, 6D3DE5BD3EF3A76E997E5BAF900C51D25308F5A9682D1F62017F577A24095B90 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
19:45:20.0872 0x1c44 usbvideo - ok
19:45:20.0922 0x1c44 [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms C:\Windows\System32\uxsms.dll
19:45:20.0992 0x1c44 UxSms - ok
19:45:21.0012 0x1c44 [ E0105F3B5B1C4B0F5B3D788A13504EC6, 16C094BC098E4606239C8A54F2E4B92BABB68215CCB43C161661B1A664A0C7A0 ] VaultSvc C:\Windows\system32\lsass.exe
19:45:21.0032 0x1c44 VaultSvc - ok
19:45:21.0102 0x1c44 [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
19:45:21.0112 0x1c44 vdrvroot - ok
19:45:21.0362 0x1c44 [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds C:\Windows\System32\vds.exe
19:45:21.0442 0x1c44 vds - ok
19:45:21.0552 0x1c44 [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
19:45:21.0562 0x1c44 vga - ok
19:45:21.0592 0x1c44 [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave C:\Windows\System32\drivers\vga.sys
19:45:21.0652 0x1c44 VgaSave - ok
19:45:21.0772 0x1c44 [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
19:45:21.0782 0x1c44 vhdmp - ok
19:45:21.0812 0x1c44 [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide C:\Windows\system32\drivers\viaide.sys
19:45:21.0822 0x1c44 viaide - ok
19:45:21.0852 0x1c44 [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr C:\Windows\system32\drivers\volmgr.sys
19:45:21.0872 0x1c44 volmgr - ok
19:45:21.0992 0x1c44 [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
19:45:22.0012 0x1c44 volmgrx - ok
19:45:22.0152 0x1c44 [ 0D08D2F3B3FF84E433346669B5E0F639, 3D6716CEC95B8861A7CC5778E91F310528DC6BEE0E57A3C8757FC675154EBDEC ] volsnap C:\Windows\system32\drivers\volsnap.sys
19:45:22.0172 0x1c44 volsnap - ok
19:45:22.0322 0x1c44 [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
19:45:22.0332 0x1c44 vsmraid - ok
19:45:22.0912 0x1c44 [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS C:\Windows\system32\vssvc.exe
19:45:22.0992 0x1c44 VSS - ok
19:45:23.0022 0x1c44 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
19:45:23.0042 0x1c44 vwifibus - ok
19:45:23.0142 0x1c44 [ 6A3D66263414FF0D6FA754C646612F3F, 30F6BA594B0D3B94113064015A16D97811CD989DF1715CCE21CEAB9894C1B4FB ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
19:45:23.0192 0x1c44 vwififlt - ok
19:45:23.0302 0x1c44 [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time C:\Windows\system32\w32time.dll
19:45:23.0362 0x1c44 W32Time - ok
19:45:23.0472 0x1c44 [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
19:45:23.0542 0x1c44 WacomPen - ok
19:45:23.0712 0x1c44 [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
19:45:23.0752 0x1c44 WANARP - ok
19:45:23.0802 0x1c44 [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
19:45:23.0842 0x1c44 Wanarpv6 - ok
19:45:24.0102 0x1c44 [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine C:\Windows\system32\wbengine.exe
19:45:24.0192 0x1c44 wbengine - ok
19:45:24.0272 0x1c44 [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
19:45:24.0292 0x1c44 WbioSrvc - ok
19:45:24.0422 0x1c44 [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc C:\Windows\System32\wcncsvc.dll
19:45:24.0452 0x1c44 wcncsvc - ok
19:45:24.0492 0x1c44 [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
19:45:24.0532 0x1c44 WcsPlugInService - ok
19:45:24.0602 0x1c44 [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd C:\Windows\system32\drivers\wd.sys
19:45:24.0622 0x1c44 Wd - ok
19:45:24.0942 0x1c44 [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
19:45:24.0994 0x1c44 Wdf01000 - ok
19:45:25.0064 0x1c44 [ C6F7473B55510F0B93961DA03D8E3B38, 4BAB9274DED8F7AC4A52B8739F501323FFFA0367CAA24BFAFDB5523812E0CE39 ] WdiServiceHost C:\Windows\system32\wdi.dll
19:45:25.0114 0x1c44 WdiServiceHost - ok
19:45:25.0124 0x1c44 [ C6F7473B55510F0B93961DA03D8E3B38, 4BAB9274DED8F7AC4A52B8739F501323FFFA0367CAA24BFAFDB5523812E0CE39 ] WdiSystemHost C:\Windows\system32\wdi.dll
19:45:25.0144 0x1c44 WdiSystemHost - ok
19:45:25.0254 0x1c44 [ 0EB0E5D22B1760F2DBCE632F2DD7A54D, B8A4CC62F88768947FB0A161CF9564DB28FD9C1C037B5475DF192982DE035C22 ] WebClient C:\Windows\System32\webclnt.dll
19:45:25.0304 0x1c44 WebClient - ok
19:45:25.0374 0x1c44 [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc C:\Windows\system32\wecsvc.dll
19:45:25.0454 0x1c44 Wecsvc - ok
19:45:25.0484 0x1c44 [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport C:\Windows\System32\wercplsupport.dll
19:45:25.0554 0x1c44 wercplsupport - ok
19:45:25.0654 0x1c44 [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc C:\Windows\System32\WerSvc.dll
19:45:25.0734 0x1c44 WerSvc - ok
19:45:25.0824 0x1c44 [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
19:45:25.0854 0x1c44 WfpLwf - ok
19:45:25.0894 0x1c44 [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount C:\Windows\system32\drivers\wimmount.sys
19:45:25.0914 0x1c44 WIMMount - ok
19:45:25.0984 0x1c44 WinDefend - ok
19:45:26.0034 0x1c44 WinHttpAutoProxySvc - ok
19:45:26.0284 0x1c44 [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
19:45:26.0324 0x1c44 Winmgmt - ok
19:45:26.0514 0x1c44 [ D929ABD465A2DED963DA8B30946A8D5C, DE8DBFB01C11D2AE903CBD6A974D6F995E9813CE2D6484B7DA06EAE4C545842A ] WinRM C:\Windows\system32\WsmSvc.dll
19:45:26.0674 0x1c44 WinRM - ok
19:45:26.0964 0x1c44 [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc C:\Windows\System32\wlansvc.dll
19:45:27.0024 0x1c44 Wlansvc - ok
19:45:27.0184 0x1c44 [ 06C8FA1CF39DE6A735B54D906BA791C6, D8FEC7DE227781CDA876904701B2AA995268F74DCD6CB34AA0296C557FC283B6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
19:45:27.0194 0x1c44 wlcrasvc - ok
19:45:27.0514 0x1c44 [ 2BACD71123F42CEA603F4E205E1AE337, 1FEF20554110371D738F462ECFFA999158EFEED02062414C58C1B61C422BF0B9 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
19:45:27.0664 0x1c44 wlidsvc - ok
19:45:27.0814 0x1c44 [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
19:45:27.0824 0x1c44 WmiAcpi - ok
19:45:27.0914 0x1c44 [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
19:45:27.0974 0x1c44 wmiApSrv - ok
19:45:28.0074 0x1c44 WMPNetworkSvc - ok
19:45:28.0154 0x1c44 [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc C:\Windows\System32\wpcsvc.dll
19:45:28.0214 0x1c44 WPCSvc - ok
19:45:28.0224 0x1c44 [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
19:45:28.0264 0x1c44 WPDBusEnum - ok
19:45:28.0304 0x1c44 [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
19:45:28.0364 0x1c44 ws2ifsl - ok
19:45:28.0404 0x1c44 [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc C:\Windows\System32\wscsvc.dll
19:45:28.0454 0x1c44 wscsvc - ok
19:45:28.0454 0x1c44 WSearch - ok
19:45:28.0804 0x1c44 [ 61FF576450CCC80564B850BC3FB6713A, B2843BC9E2F62D27DCF6787D063378926748CE75002BADA1873DCB5039883705 ] wuauserv C:\Windows\system32\wuaueng.dll
19:45:28.0934 0x1c44 wuauserv - ok
19:45:29.0054 0x1c44 [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
19:45:29.0104 0x1c44 WudfPf - ok
19:45:29.0194 0x1c44 [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
19:45:29.0224 0x1c44 WUDFRd - ok
19:45:29.0284 0x1c44 [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
19:45:29.0314 0x1c44 wudfsvc - ok
19:45:29.0394 0x1c44 [ 04F82965C09CBDF646B487E145060301, 2CD8533EDBE24C3E42EB7550E20F8A2EB9E5E345B165DEF543163A6BC1FDD18B ] WwanSvc C:\Windows\System32\wwansvc.dll
19:45:29.0434 0x1c44 WwanSvc - ok
19:45:29.0464 0x1c44 ================ Scan global ===============================
19:45:29.0534 0x1c44 [ BA0CD8C393E8C9F83354106093832C7B, 18D8A4780A2BAA6CEF7FBBBDA0EF6BF2DADF146E1E578A618DD5859E8ADBF1A8 ] C:\Windows\system32\basesrv.dll
19:45:29.0664 0x1c44 [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll
19:45:29.0694 0x1c44 [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll
19:45:29.0794 0x1c44 [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\Windows\system32\sxssrv.dll
19:45:29.0954 0x1c44 [ 24ACB7E5BE595468E3B9AA488B9B4FCB, 63541E3432FCE953F266AE553E7A394978D6EE3DB52388D885F668CF42C5E7E2 ] C:\Windows\system32\services.exe
19:45:29.0964 0x1c44 [ Global ] - ok
19:45:29.0964 0x1c44 ================ Scan MBR ==================================
19:45:29.0994 0x1c44 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
19:45:31.0622 0x1c44 \Device\Harddisk0\DR0 - ok
19:45:31.0622 0x1c44 ================ Scan VBR ==================================
19:45:31.0632 0x1c44 [ EF40068D07DC651A18753107D0A43527 ] \Device\Harddisk0\DR0\Partition1
19:45:31.0732 0x1c44 \Device\Harddisk0\DR0\Partition1 - ok
19:45:31.0752 0x1c44 [ 3D85220D32F89770771D54322D4730C6 ] \Device\Harddisk0\DR0\Partition2
19:45:31.0862 0x1c44 \Device\Harddisk0\DR0\Partition2 - ok
19:45:31.0862 0x1c44 ================ Scan generic autorun ======================
19:45:31.0972 0x1c44 [ BA9E8BF3E91C14DE99FDB1FA946D07AF, 9C3F5F52EE5B8D02B15EE18AA492FB110547A8DCDA3F8284A614F4E1A30F9BB1 ] C:\Windows\system32\igfxtray.exe
19:45:31.0982 0x1c44 IgfxTray - ok
19:45:32.0002 0x1c44 [ B20857C91A3E992A5AC93D8625C53CAE, ECB89856B267E2F4930CB7B404B51425C6375A47F864577C1A7B8B255278EC12 ] C:\Windows\system32\hkcmd.exe
19:45:32.0022 0x1c44 HotKeysCmds - ok
19:45:32.0042 0x1c44 [ 29E120E36791B2E620CC398847C28E12, 7C2904FEDD50F49447FD091D33BB3BFA5A2A684101ADB123BC2C08699320B912 ] C:\Windows\system32\igfxpers.exe
19:45:32.0062 0x1c44 Persistence - ok
19:45:32.0062 0x1c44 SynTPEnh - ok
19:45:33.0472 0x1c44 [ 5DADA908E14051D65DB1991CB0B1F58D, DC02EDA032CEC2241F302995BF010B0376D5421A3E97583CB8A13A80993290B4 ] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
19:45:34.0042 0x1c44 RtHDVCpl - ok
19:45:34.0372 0x1c44 [ E897F9B62E611D59FDFAB82FC829B93A, E11E1A488D461105104E7FFD9F8219BDD231807FE33600233BEF11A432E138FD ] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
19:45:34.0542 0x1c44 RtHDVBg_Dolby - ok
19:45:35.0062 0x1c44 [ F0474296AC4E0E6BDE733C1B8513E41A, 2E54894FC1B422F0C520D11166204926D3994A3440037D655C73D66D7118859C ] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
19:45:35.0163 0x1c44 Power Management - ok
19:45:35.0484 0x1c44 [ 87A4BA086E5B5DF0F36E3F6D7234D701, EE26338497E016A95CB5970777B7B7AC8FAEF4E491713D729EDEFBCDC9FBF4A4 ] c:\Program Files\Microsoft Security Client\msseces.exe
19:45:35.0534 0x1c44 MSC - ok
19:45:35.0734 0x1c44 [ D3E69D500466C17498AAF7F83D12FFF0, F5723FC28396489EADDDCAD67A0E46B56D859590823E3CFA7254BA6709DC5AE6 ] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
19:45:35.0814 0x1c44 Norton Online Backup - ok
19:45:36.0194 0x1c44 [ 0D360F06B168A6F37ACA9D9F958245DA, 0F37D510AE0A31503A359F65D5C04CD798B178A3A3E2601DFBAB6534B3C7C23C ] C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe
19:45:36.0254 0x1c44 BackupManagerTray - ok
19:45:36.0564 0x1c44 [ 9ABC4E3B00CFA3A47D5569F5B49FE42F, 5D33CCE770BC9BC3AFA544A21F100A7F1E5A36577FDB30884160AC4BFE6A1838 ] C:\Program Files (x86)\Launch Manager\LManager.exe
19:45:36.0654 0x1c44 LManager - ok
19:45:36.0754 0x1c44 [ E6CC0FA3C1040C791EB3F4BA6C789411, 095D5965FEE00ACB6D8713B2E2772A409A84F42D85383AEAF5FC3E2E393DC07D ] C:\Dolby PCEE4\pcee4.exe
19:45:36.0804 0x1c44 Dolby Advanced Audio v2 - ok
19:45:36.0974 0x1c44 [ D35187E38B0BD6E116C2CE582CAC4273, B3C652E0875D4354ACE6F475BC84B4BCA41A1AD8AF5FBE9DE9A9B66B7FCC2756 ] C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe
19:45:36.0994 0x1c44 SuiteTray - ok
19:45:36.0994 0x1c44 ZoneAlarm Installer - ok
19:45:37.0024 0x1c44 Download Protect - ok
19:45:37.0204 0x1c44 [ 39D5333A11EC3CB56F80D42312F2EE7C, B6CBF4BCCE9A506E1F669312DC3A92498B919E755B11783C434D72B8A886252F ] C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe
19:45:37.0377 0x1c44 DivXMediaServer - detected UnsignedFile.Multi.Generic ( 1 )
19:45:39.0948 0x1c44 Detect skipped due to KSN trusted
19:45:39.0948 0x1c44 DivXMediaServer - ok
19:45:40.0378 0x1c44 [ 16AFB34618E1286FF856DC600AC49C79, 431EC110507685A0F4472EAE35383B4C1E3DC0B56E01CDECFB18F753181DC995 ] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
19:45:40.0448 0x1c44 DivXUpdate - ok
19:45:40.0648 0x1c44 [ 34D296AFC913E302953C70463EF09A48, BC413307CBC56C039EE8A05B51A56E14EF59678FBB33815AEB320078056C8CE7 ] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
19:45:40.0658 0x1c44 HP Software Update - ok
19:45:41.0018 0x1c44 [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
19:45:41.0188 0x1c44 Sidebar - ok
19:45:41.0228 0x1c44 [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
19:45:41.0248 0x1c44 mctadmin - ok
19:45:41.0248 0x1c44 IsMyWinLockerReboot - ok
19:45:41.0288 0x1c44 [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
19:45:41.0338 0x1c44 Sidebar - ok
19:45:41.0348 0x1c44 [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
19:45:41.0368 0x1c44 mctadmin - ok
19:45:41.0368 0x1c44 IsMyWinLockerReboot - ok
19:45:41.0418 0x1c44 [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
19:45:41.0468 0x1c44 Sidebar - ok
19:45:41.0478 0x1c44 [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
19:45:41.0508 0x1c44 mctadmin - ok
19:45:41.0718 0x1c44 [ 8E27F731A1BDED1B13DEBA9E54FE0B20, 326F0CFC75AD7E552DA5DD64964C06AC0AD6E71BF0D5F568C2AEE9206C2FD0BE ] C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe
19:45:41.0728 0x1c44 ScrSav - ok
19:45:41.0758 0x1c44 [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
19:45:41.0798 0x1c44 Sidebar - ok
19:45:41.0808 0x1c44 [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
19:45:41.0828 0x1c44 mctadmin - ok
19:45:41.0828 0x1c44 IsMyWinLockerReboot - ok
19:45:42.0008 0x1c44 [ F911551E5B9B5029CF56A57E42A7AC90, 53F4C53C9B67505519215B6EA1F52DF47382A7196E662D470521B3706C7E1437 ] C:\Program Files (x86)\Lidl_Fotos\dd.exe
19:45:42.0278 0x1c44 Device Detection - ok
19:45:42.0728 0x1c44 [ 22F7B9670AD770C7ED7F4738204C8E5C, 7B793AC094CB1B073419B5DAE09DFBB8EBED03D29301F490AA76EA0667613438 ] C:\Program Files\HP\HP Photosmart 5520 series\Bin\ScanToPCActivationApp.exe
19:45:42.0908 0x1c44 HP Photosmart 5520 series (NET) - ok
19:45:42.0938 0x1c44 GoogleDriveSync - ok
19:45:46.0358 0x1c44 [ BC59AE9A62B28A31487BFD32373BCD5D, A57C1887558B0E652F69B60658E4A3F805E11FCC077DBE925985F3789D57A100 ] C:\Users\Sonja\AppData\Local\Amazon Music\Amazon Music Helper.exe
19:45:47.0558 0x1c44 Amazon Music - ok
19:45:47.0568 0x1c44 Waiting for KSN requests completion. In queue: 14
19:45:48.0568 0x1c44 Waiting for KSN requests completion. In queue: 14
19:45:49.0568 0x1c44 Waiting for KSN requests completion. In queue: 1
19:45:50.0568 0x1c44 AV detected via SS2: Microsoft Security Essentials, C:\Program Files\Microsoft Security Client\msseces.exe ( 4.7.205.0 ), 0x61000 ( enabled : updated )
19:45:50.0938 0x1c44 Win FW state via NFP2: enabled
19:45:53.0358 0x1c44 ============================================================
19:45:53.0358 0x1c44 Scan finished
19:45:53.0358 0x1c44 ============================================================
19:45:53.0358 0x1d90 Detected object count: 0
19:45:53.0368 0x1d90 Actual detected object count: 0
|
|
05.03.2015, 07:16
| #10 |
| /// the machine /// TB-Ausbilder | Windows 7, Adware eingefangen (Digisaver etc.) hi, Scan mit Combofix
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
05.03.2015, 14:40
| #11 |
| | Windows 7, Adware eingefangen (Digisaver etc.) Hallo schrauber, hier das Combofix-Log, ist ganz glatt durchgelaufen: Code:
ATTFilter ComboFix 15-03-01.01 - Sonja 05.03.2015 14:18:08.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.3948.2038 [GMT 1:00]
ausgeführt von:: c:\users\Sonja\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
SP: Microsoft Security Essentials *Disabled/Updated* {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\END
C:\Install.exe
c:\program files (x86)\CouPExtenssiion
c:\program files (x86)\CouPExtenssiion\r6yNPHvj7FN2vj.dat
c:\program files (x86)\CouPExtenssiion\r6yNPHvj7FN2vj.tlb
c:\program files (x86)\CouPExtenssiion\r6yNPHvj7FN2vj.x64.dll
c:\program files (x86)\DealuExpress
c:\program files (x86)\DealuExpress\lKKpUnz2d5pRII.dat
c:\program files (x86)\DealuExpress\lKKpUnz2d5pRII.tlb
c:\program files (x86)\DealuExpress\lKKpUnz2d5pRII.x64.dll
c:\program files (x86)\UNiDeals i
c:\program files (x86)\UNiDeals i\ywtoaxppRj1uoW.dat
c:\program files (x86)\UNiDeals i\ywtoaxppRj1uoW.exe
c:\program files (x86)\UNiDeals i\ywtoaxppRj1uoW.tlb
c:\program files (x86)\UNiDeals i\ywtoaxppRj1uoW.x64.dll
c:\programdata\14550590384833052901
c:\programdata\14550590384833052901\14e3ff1a5b63b70f8989e97ff6c777ce.ini
c:\programdata\14550590384833052901\33c7d529881794748989e97ff6c777ce.ini
c:\programdata\14550590384833052901\48b3953b525f68d78989e97ff6c777ce.ini
c:\programdata\14550590384833052901\cd5b15e575e1c3d08989e97ff6c777ce.ini
c:\programdata\14550590384833052901\e62923f612d821d18989e97ff6c777ce.ini
c:\programdata\14550590384833052901\f58fc3a7beebbd868989e97ff6c777ce.ini
c:\programdata\14550590384833052901\f70fcb9ed91b0ab18989e97ff6c777ce.ini
c:\users\Sonja\AppData\Local\nsk1212.tmp
c:\users\Sonja\AppData\Roaming\AnyProtectEx
c:\users\Sonja\AppData\Roaming\AnyProtectEx\installer\ab.test.json
c:\users\Sonja\AppData\Roaming\AnyProtectEx\installer\tempfile.t
c:\users\Sonja\AppData\Roaming\AnyProtectEx\swf\mov01.swf
c:\users\Sonja\AppData\Roaming\Mozilla\Firefox\Profiles\rajhh0q2.default-1409765728724\extensions\jA8B8ktNN@lj.org
c:\users\Sonja\AppData\Roaming\Mozilla\Firefox\Profiles\rajhh0q2.default-1409765728724\extensions\jA8B8ktNN@lj.org\bootstrap.js
c:\users\Sonja\AppData\Roaming\Mozilla\Firefox\Profiles\rajhh0q2.default-1409765728724\extensions\jA8B8ktNN@lj.org\chrome.manifest
c:\users\Sonja\AppData\Roaming\Mozilla\Firefox\Profiles\rajhh0q2.default-1409765728724\extensions\jA8B8ktNN@lj.org\content\bg.js
c:\users\Sonja\AppData\Roaming\Mozilla\Firefox\Profiles\rajhh0q2.default-1409765728724\extensions\jA8B8ktNN@lj.org\install.rdf
c:\users\Sonja\AppData\Roaming\Mozilla\Firefox\Profiles\rajhh0q2.default-1409765728724\extensions\v@Nk.net
c:\users\Sonja\AppData\Roaming\Mozilla\Firefox\Profiles\rajhh0q2.default-1409765728724\extensions\v@Nk.net\bootstrap.js
c:\users\Sonja\AppData\Roaming\Mozilla\Firefox\Profiles\rajhh0q2.default-1409765728724\extensions\v@Nk.net\chrome.manifest
c:\users\Sonja\AppData\Roaming\Mozilla\Firefox\Profiles\rajhh0q2.default-1409765728724\extensions\v@Nk.net\content\bg.js
c:\users\Sonja\AppData\Roaming\Mozilla\Firefox\Profiles\rajhh0q2.default-1409765728724\extensions\v@Nk.net\install.rdf
c:\windows\IsUn0407.exe
c:\windows\wininit.ini
.
.
((((((((((((((((((((((( Dateien erstellt von 2015-02-05 bis 2015-03-05 ))))))))))))))))))))))))))))))
.
.
2015-03-04 18:43 . 2015-01-29 09:07 11910896 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2C34749D-79EB-4213-B6C4-D45938FEF126}\mpengine.dll
2015-03-04 11:09 . 2015-03-04 11:10 -------- d-----w- c:\users\TEMP
2015-03-04 11:03 . 2015-03-04 11:03 -------- d-----w- C:\TDSSKiller_Quarantine
2015-03-03 21:15 . 2015-01-29 09:07 11910896 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2015-03-02 19:00 . 2015-03-02 19:00 -------- d-----w- c:\program files (x86)\7-Zip
2015-03-02 18:07 . 2015-03-03 22:07 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
2015-03-02 07:50 . 2015-03-02 07:50 -------- d-----w- c:\users\Sonja\AppData\Local\ElevatedDiagnostics
2015-03-02 06:58 . 2015-03-02 07:05 -------- d-----w- C:\FRST
2015-02-22 07:22 . 2014-09-16 17:36 1188440 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E745D6A7-FB19-43D5-B7EE-CDA81C241544}\gapaengine.dll
2015-02-18 21:13 . 2015-02-06 01:05 318608 ----a-w- c:\windows\SysWow64\abengine.dll
2015-02-18 21:12 . 2015-02-06 01:05 363992 ----a-w- c:\windows\system32\abengine64.dll
2015-02-18 19:37 . 2015-02-27 08:22 -------- d-----w- c:\programdata\e49f0d02000023f9
2015-02-18 19:23 . 2015-02-18 19:23 -------- d-----w- c:\program files (x86)\DiGiSSaverr
2015-02-18 19:23 . 2015-02-18 19:23 -------- d-----w- c:\program files (x86)\SavveNewaAppz
2015-02-18 19:23 . 2015-02-18 19:23 -------- d-----w- c:\program files (x86)\Secure Downloader
2015-02-18 19:23 . 2015-02-18 19:23 -------- d-----w- c:\program files (x86)\FinduBesutDeaal
2015-02-18 19:23 . 2015-02-18 19:23 -------- d-----w- c:\programdata\kfdklpogcdiepbhfmgklkebjdcnhoojl
2015-02-18 18:41 . 2015-02-18 18:41 -------- d-----w- c:\windows\SysWow64\Flash
2015-02-18 18:41 . 2015-02-18 18:41 -------- d-----w- c:\program files (x86)\AnyProtectEx
2015-02-18 18:41 . 2015-02-18 18:41 -------- d-sh--w- c:\users\Sonja\AppData\Local\EmieUserList
2015-02-18 18:41 . 2015-02-18 18:41 -------- d-sh--w- c:\users\Sonja\AppData\Local\EmieSiteList
2015-02-18 18:41 . 2015-02-18 18:41 -------- d-sh--w- c:\users\Sonja\AppData\Local\EmieBrowserModeList
2015-02-18 18:38 . 2015-02-18 20:32 -------- d-----w- c:\users\Sonja\AppData\Local\SmartWeb
2015-02-18 18:33 . 2015-02-18 18:49 -------- d-----w- c:\programdata\{dc73b5bd-2ead-65a6-dc73-3b5bd2ead6f4}
2015-02-18 18:31 . 2015-02-18 18:31 -------- d-----w- C:\shoplog
2015-02-18 18:25 . 2015-03-04 11:03 -------- d-----w- c:\users\Sonja\AppData\Roaming\38FAE90D-1424287507-E111-9C39-DC0EA126DAF4
2015-02-18 18:24 . 2015-02-18 18:24 -------- d-----w- c:\program files (x86)\predm
2015-02-18 18:10 . 2015-02-18 18:29 -------- d-----w- c:\programdata\{d075ee4c-e609-54bb-d075-5ee4ce60b933}
2015-02-18 18:01 . 2015-02-18 18:01 -------- d-----w- c:\program files (x86)\clean2PC
2015-02-18 18:01 . 2015-02-18 18:01 -------- d-----w- c:\program files (x86)\download Manager
2015-02-18 17:59 . 2015-02-18 20:32 -------- d-----w- c:\program files (x86)\globalUpdate
2015-02-18 17:59 . 2015-02-18 17:59 -------- d-----w- c:\users\Sonja\AppData\Local\globalUpdate
2015-02-18 17:56 . 2015-02-18 17:56 -------- d-----w- c:\program files (x86)\Chrome Notepad
2015-02-18 17:55 . 2015-02-18 18:29 -------- d-----w- c:\programdata\{b11f671d-3060-98e6-b11f-f671d3069c74}
2015-02-18 17:55 . 2015-02-18 17:55 -------- d-----w- c:\program files (x86)\UniDeealusi
2015-02-18 17:54 . 2015-02-18 17:54 -------- d-----w- c:\programdata\{2048d42c-81cc-fdba-2048-8d42c81c50b2}
2015-02-18 17:22 . 2015-01-09 03:14 91136 ----a-w- c:\windows\system32\wdi.dll
2015-02-18 17:22 . 2015-01-09 03:14 950272 ----a-w- c:\windows\system32\perftrack.dll
2015-02-18 17:22 . 2015-01-09 03:14 29696 ----a-w- c:\windows\system32\powertracker.dll
2015-02-18 17:22 . 2015-01-09 02:48 76800 ----a-w- c:\windows\SysWow64\wdi.dll
2015-02-12 18:32 . 2015-01-23 03:43 620032 ----a-w- c:\windows\SysWow64\jscript9diag.dll
2015-02-12 18:32 . 2015-01-23 03:17 4300800 ----a-w- c:\windows\SysWow64\jscript9.dll
2015-02-12 18:32 . 2015-01-23 04:42 814080 ----a-w- c:\windows\system32\jscript9diag.dll
2015-02-12 18:32 . 2015-01-23 04:41 6041600 ----a-w- c:\windows\system32\jscript9.dll
2015-02-11 18:42 . 2015-01-12 02:56 49664 ----a-w- c:\program files\Internet Explorer\DiagnosticsHub_is.dll
2015-02-11 18:41 . 2015-01-13 03:10 1424384 ----a-w- c:\windows\system32\WindowsCodecs.dll
2015-02-11 18:40 . 2014-12-12 05:31 1480192 ----a-w- c:\windows\system32\crypt32.dll
2015-02-11 18:40 . 2014-12-12 05:07 1174528 ----a-w- c:\windows\SysWow64\crypt32.dll
2015-02-11 18:40 . 2014-11-26 03:53 861696 ----a-w- c:\windows\system32\oleaut32.dll
2015-02-11 18:40 . 2014-11-26 03:32 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll
2015-02-11 18:40 . 2014-12-08 03:09 406528 ----a-w- c:\windows\system32\scesrv.dll
2015-02-11 18:40 . 2014-12-08 02:46 308224 ----a-w- c:\windows\SysWow64\scesrv.dll
2015-02-11 18:40 . 2015-01-14 06:09 5554112 ----a-w- c:\windows\system32\ntoskrnl.exe
2015-02-11 18:40 . 2015-01-14 05:44 3972544 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2015-02-11 18:40 . 2015-01-14 06:05 503808 ----a-w- c:\windows\system32\srcore.dll
2015-02-11 18:40 . 2015-01-14 06:04 296960 ----a-w- c:\windows\system32\rstrui.exe
2015-02-11 18:40 . 2015-01-14 05:44 3917760 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2015-02-11 18:40 . 2015-01-14 06:05 50176 ----a-w- c:\windows\system32\srclient.dll
2015-02-11 18:40 . 2015-01-14 05:41 43008 ----a-w- c:\windows\SysWow64\srclient.dll
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-03-03 21:17 . 2014-09-03 21:17 136408 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-03-03 21:17 . 2014-09-03 21:16 107736 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2015-03-03 13:17 . 2010-11-21 03:27 295552 ------w- c:\windows\system32\MpSigStub.exe
2015-02-11 19:12 . 2012-07-03 17:37 116773704 ----a-w- c:\windows\system32\MRT.exe
2015-02-05 17:35 . 2014-11-27 17:45 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-02-05 17:35 . 2014-11-27 17:45 701616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-12-19 03:06 . 2015-01-14 19:37 210432 ----a-w- c:\windows\system32\profsvc.dll
2014-12-19 01:46 . 2015-01-14 19:37 141312 ----a-w- c:\windows\system32\drivers\mrxdav.sys
2014-12-11 17:47 . 2015-01-14 19:37 87040 ----a-w- c:\windows\system32\TSWbPrxy.exe
2014-12-06 04:17 . 2015-01-14 19:37 303616 ----a-w- c:\windows\system32\nlasvc.dll
2014-12-06 03:50 . 2015-01-14 19:37 52224 ----a-w- c:\windows\SysWow64\nlaapi.dll
2014-12-06 03:50 . 2015-01-14 19:37 156672 ----a-w- c:\windows\SysWow64\ncsi.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12 152544 ----a-w- c:\users\Sonja\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12 152544 ----a-w- c:\users\Sonja\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12 152544 ----a-w- c:\users\Sonja\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Device Detection"="c:\program files (x86)\Lidl_Fotos\dd.exe" [2014-11-26 860528]
"HP Photosmart 5520 series (NET)"="c:\program files\HP\HP Photosmart 5520 series\Bin\ScanToPCActivationApp.exe" [2012-10-17 2573416]
"Amazon Music"="c:\users\Sonja\AppData\Local\Amazon Music\Amazon Music Helper.exe" [2014-09-06 6281536]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Norton Online Backup"="c:\program files (x86)\Symantec\Norton Online Backup\NOBuClient.exe" [2010-06-01 1155928]
"BackupManagerTray"="c:\program files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe" [2011-04-24 297280]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2011-07-01 1103440]
"Dolby Advanced Audio v2"="c:\dolby pcee4\pcee4.exe" [2011-06-01 506712]
"SuiteTray"="c:\program files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe" [2011-09-20 341360]
"DivXMediaServer"="c:\program files (x86)\DivX\DivX Media Server\DivXMediaServer.exe" [2014-02-14 450560]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2014-01-10 1861968]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2013-05-30 96056]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"IsMyWinLockerReboot"="msiexec.exe" [2010-11-21 73216]
.
c:\users\Sonja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Die Prinzen Millionar.mp3.lnk - c:\programdata\{b11f671d-3060-98e6-b11f-f671d3069c74}\Die Prinzen Millionar.mp3.exe --startup=1 [2015-2-18 1057280]
die prinzen kssen verboten.lnk - c:\programdata\{d075ee4c-e609-54bb-d075-5ee4ce60b933}\die prinzen kssen verboten.exe --startup=1 [2015-2-18 1050624]
Dropbox.lnk - c:\users\Sonja\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2015-2-11 42555824]
OptimizerProInstaller.lnk - c:\programdata\{dc73b5bd-2ead-65a6-dc73-3b5bd2ead6f4}\OptimizerProInstaller.exe /startup [2014-2-18 6351352]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Secunia PSI Tray.lnk - c:\program files (x86)\Secunia\PSI\psi_tray.exe [2013-11-4 565464]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableSecureUIAPath"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R1 acedrv06;acedrv06;c:\windows\system32\drivers\acedrv06.sys;c:\windows\SYSNATIVE\drivers\acedrv06.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 e47f97f2;SystemPower;c:\windows\system32\rundll32.exe;c:\windows\SYSNATIVE\rundll32.exe [x]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~2\mcafee\SITEAD~1\mcsacore.exe;c:\progra~2\mcafee\SITEAD~1\mcsacore.exe [x]
R3 EgisTec Ticket Service;EgisTec Ticket Service;c:\program files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe;c:\program files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft-Netzwerkinspektion;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvpciflt.sys [x]
S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDFilter.sys [x]
S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDNServ.sys [x]
S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDVDisk.sys [x]
S2 c2cautoupdatesvc;Skype Click to Call Updater;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [x]
S2 c2cpnrsvc;Skype Click to Call PNR Service;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe;c:\program files (x86)\Launch Manager\dsiwmis.exe [x]
S2 ePowerSvc;ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [x]
S2 GREGService;GREGService;c:\program files (x86)\Acer\Registration\GREGsvc.exe;c:\program files (x86)\Acer\Registration\GREGsvc.exe [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 Live Updater Service;Live Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe;c:\program files\Acer\Acer Updater\UpdaterService.exe [x]
S2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe;c:\program files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [x]
S2 PDF Architect Helper Service;PDF Architect Helper Service;c:\program files (x86)\PDF Architect\HelperService.exe;c:\program files (x86)\PDF Architect\HelperService.exe [x]
S2 PDF Architect Service;PDF Architect Service;c:\program files (x86)\PDF Architect\ConversionService.exe;c:\program files (x86)\PDF Architect\ConversionService.exe [x]
S2 Secunia PSI Agent;Secunia PSI Agent;c:\program files (x86)\Secunia\PSI\PSIA.exe;c:\program files (x86)\Secunia\PSI\PSIA.exe [x]
S2 Secunia Update Agent;Secunia Update Agent;c:\program files (x86)\Secunia\PSI\sua.exe;c:\program files (x86)\Secunia\PSI\sua.exe [x]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S3 b57xdbd;Broadcom xD Picture Bus Driver Service;c:\windows\system32\DRIVERS\b57xdbd.sys;c:\windows\SYSNATIVE\DRIVERS\b57xdbd.sys [x]
S3 b57xdmp;Broadcom xD Picture vstorp client drv;c:\windows\system32\DRIVERS\b57xdmp.sys;c:\windows\SYSNATIVE\DRIVERS\b57xdmp.sys [x]
S3 bScsiMSa;bScsiMSa;c:\windows\system32\DRIVERS\bScsiMSa.sys;c:\windows\SYSNATIVE\DRIVERS\bScsiMSa.sys [x]
S3 bScsiSDa;bScsiSDa;c:\windows\system32\DRIVERS\bScsiSDa.sys;c:\windows\SYSNATIVE\DRIVERS\bScsiSDa.sys [x]
S3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys;c:\windows\SYSNATIVE\DRIVERS\k57nd60a.sys [x]
S3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf_amd64.sys;c:\windows\SYSNATIVE\DRIVERS\psi_mf_amd64.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]
.
.
Inhalt des "geplante Tasks" Ordners
.
2015-03-05 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-11-27 17:35]
.
2015-03-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-09-10 19:43]
.
2015-03-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-09-10 19:43]
.
2015-03-05 c:\windows\Tasks\HP Photo Creations Communicator.job
- c:\programdata\HP Photo Creations\Communicator.exe [2014-12-05 14:30]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12 185824 ----a-w- c:\users\Sonja\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12 185824 ----a-w- c:\users\Sonja\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12 185824 ----a-w- c:\users\Sonja\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12 185824 ----a-w- c:\users\Sonja\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-06-21 167704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-06-21 392472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-06-21 416024]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-08-16 12673128]
"RtHDVBg_Dolby"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-08-16 2277480]
"Power Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2011-08-02 1831016]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2015-01-30 1332296]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uDefault_Search_URL = www.google.com
mDefault_Search_URL = www.google.com
mDefault_Page_URL = www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearch Page = www.google.com
uInternet Settings,ProxyOverride = <-loopback>
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\Sonja\AppData\Roaming\Mozilla\Firefox\Profiles\rajhh0q2.default-1409765728724\
FF - prefs.js: browser.search.defaulturl - hxxp://websearch.look-for-it.info/?pid=21773&r=2015/02/18&hid=9910709190815872974&lg=EN&cc=DE&unqvl=82&l=1&q=
FF - prefs.js: browser.search.selectedEngine - mystartsearch
FF - prefs.js: browser.startup.homepage - about:home
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKCU-Run-GoogleDriveSync - c:\program files (x86)\Google\Drive\googledrivesync.exe
Wow6432Node-HKLM-Run-ZoneAlarm Installer - c:\program files (x86)\CheckPoint\Install\Launcher.exe
Wow6432Node-HKLM-Run-Download Protect - c:\programdata\dlprotect.exe
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
SafeBoot-09611313.sys
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-Amazon MP3-Downloader - c:\program files (x86)\Amazon\MP3 Downloader\Uninstall.exe
AddRemove-Trusted Software Assistant_is1 - c:\program files (x86)\File Type Assistant\unins000.exe
AddRemove-{11F6D5AB-263F-388E-74DE-E3DECD390E3F} - c:\program files (x86)\UNiDeals i\ywtoaxppRj1uoW.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\software\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Launch Manager\LMworker.exe
c:\program files (x86)\Launch Manager\LMutilps32.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\ComUpdatus.exe
c:\programdata\NVIDIA\Updatus\Packages\000015f0\updatus.17446539_RUNASUSER.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2015-03-05 14:36:16 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2015-03-05 13:36
.
Vor Suchlauf: 14 Verzeichnis(se), 49.681.018.880 Bytes frei
Nach Suchlauf: 22 Verzeichnis(se), 49.900.720.128 Bytes frei
.
- - End Of File - - 5F6E1BC728554B8D1B7B89CB5C6A8544
|
|
05.03.2015, 21:09
| #12 |
| /// the machine /// TB-Ausbilder | Windows 7, Adware eingefangen (Digisaver etc.) Downloade Dir bitte  Malwarebytes Anti-Malware
Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
06.03.2015, 22:19
| #13 |
| | Windows 7, Adware eingefangen (Digisaver etc.) Guten Abend schrauber, hier schon einmal das mbam-log, hat eine Weile gedauert... Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: 06.03.2015 Suchlauf-Zeit: 21:23:35 Logdatei: mbam.txt Administrator: Ja Version: 2.00.4.1028 Malware Datenbank: v2015.03.06.06 Rootkit Datenbank: v2015.02.25.01 Lizenz: Kostenlos Malware Schutz: Deaktiviert Bösartiger Webseiten Schutz: Deaktiviert Selbstschutz: Deaktiviert Betriebssystem: Windows 7 Service Pack 1 CPU: x64 Dateisystem: NTFS Benutzer: Sonja Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 420061 Verstrichene Zeit: 44 Min, 4 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Aktiviert Heuristik: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 2 PUP.Optional.MultiPlug, C:\ProgramData\{b11f671d-3060-98e6-b11f-f671d3069c74}\Die Prinzen Millionar.mp3.exe, 2880, Löschen bei Neustart, [654472b098f2d561d4b6aa7ecb37d42c] PUP.Optional.MultiPlug, C:\ProgramData\{d075ee4c-e609-54bb-d075-5ee4ce60b933}\die prinzen kssen verboten.exe, 2952, Löschen bei Neustart, [4f5aa1816c1e1224563488a0a85acb35] Module: 0 (Keine schädliche Elemente erkannt) Registrierungsschlüssel: 5 PUP.Optional.UninstallBHO, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{AD11DADE-C597-45D9-D8C5-1D2EB0B89613}, In Quarantäne, [baef35ed612977bf29a0ec3f3cc6d030], PUP.Optional.Shopperz.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\{4E7638A1-6962-4e44-A6B9-F40E84FD6D09}, In Quarantäne, [e2c754ce98f2a78ff75eeeb41ce70bf5], PUP.Optional.Shopperz.A, HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\{4E7638A1-6962-4e44-A6B9-F40E84FD6D09}, In Quarantäne, [4a5fcd55206aa39367ee5f4342c16c94], PUP.Optional.Shopperz.A, HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\{4E7638A1-6962-4e44-A6B9-F40E84FD6D09}, In Quarantäne, [4663f42e9bef77bfa5b0fca644bf51af], PUP.Optional.Shopperz.A, HKU\S-1-5-21-608024502-4260226369-3383888787-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\{4E7638A1-6962-4e44-A6B9-F40E84FD6D09}, In Quarantäne, [614864becdbd1f17d184edb518ebf30d], Registrierungswerte: 0 (Keine schädliche Elemente erkannt) Registrierungsdaten: 0 (Keine schädliche Elemente erkannt) Ordner: 0 (Keine schädliche Elemente erkannt) Dateien: 5 PUP.Optional.MultiPlug, C:\ProgramData\{b11f671d-3060-98e6-b11f-f671d3069c74}\Die Prinzen Millionar.mp3.exe, Löschen bei Neustart, [654472b098f2d561d4b6aa7ecb37d42c], PUP.Optional.MultiPlug, C:\ProgramData\{d075ee4c-e609-54bb-d075-5ee4ce60b933}\die prinzen kssen verboten.exe, Löschen bei Neustart, [4f5aa1816c1e1224563488a0a85acb35], PUP.Optional.MultiPlug, C:\ProgramData\{2048d42c-81cc-fdba-2048-8d42c81c50b2}\Die Prinzen Millionar.mp3.exe, In Quarantäne, [8425c65c305ac0766d1d63c542c003fd], PUP.Optional.UninstallBHO, C:\Program Files (x86)\Chrome Notepad\Chrome Notepad.exe, In Quarantäne, [baef35ed612977bf29a0ec3f3cc6d030], PUP.Optional.UninstallBHO, C:\Program Files (x86)\UniDeealusi\UniDeealusi.exe, In Quarantäne, [b6f3ed354c3e3df9a2277caf0df5926e], Physische Sektoren: 0 (Keine schädliche Elemente erkannt) (end) Code:
ATTFilter # AdwCleaner v4.111 - Bericht erstellt 06/03/2015 um 22:28:10
# Aktualisiert 18/02/2015 von Xplode
# Datenbank : 2015-03-05.1 [Server]
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (x64)
# Benutzername : Sonja - PC
# Gestarted von : C:\Users\Sonja\Desktop\AdwCleaner_4.111.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\ProgramData\Conduit
Ordner Gelöscht : C:\ProgramData\kfdklpogcdiepbhfmgklkebjdcnhoojl
Ordner Gelöscht : C:\ProgramData\e49f0d02000023f9
Ordner Gelöscht : C:\Program Files (x86)\AnyProtectEx
Ordner Gelöscht : C:\Program Files (x86)\Conduit
Ordner Gelöscht : C:\Program Files (x86)\globalUpdate
Ordner Gelöscht : C:\Program Files (x86)\predm
Ordner Gelöscht : C:\Program Files (x86)\download Manager
Ordner Gelöscht : C:\Program Files (x86)\DiGiSSaverr
Ordner Gelöscht : C:\Program Files (x86)\FinduBesutDeaal
Ordner Gelöscht : C:\Program Files (x86)\SavveNewaAppz
Ordner Gelöscht : C:\Program Files (x86)\UniDeealusi
Ordner Gelöscht : C:\Users\Sonja\AppData\Local\Conduit
Ordner Gelöscht : C:\Users\Sonja\AppData\Local\DownloadGuide
Ordner Gelöscht : C:\Users\Sonja\AppData\Local\globalUpdate
Ordner Gelöscht : C:\Users\Sonja\AppData\Local\SmartWeb
Ordner Gelöscht : C:\Users\Sonja\AppData\LocalLow\Conduit
Ordner Gelöscht : C:\Users\Sonja\Documents\Optimizer Pro
Datei Gelöscht : C:\Windows\SysWOW64\abengine.dll
Datei Gelöscht : C:\Windows\System32\abengine64.dll
Datei Gelöscht : C:\Users\Sonja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OptimizerProInstaller.lnk
***** [ Geplante Tasks ] *****
Task Gelöscht : ProgramUpdateCheck
Task Gelöscht : zufap3002
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\conduit.com
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\www.superfish.com
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\*\shell\filescout
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc.1.0
Schlüssel Gelöscht : HKCU\Software\Mozilla\Extends
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\abengineLib.DataContainer
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\abengineLib.DataContainer.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\abengineLib.DataController
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\abengineLib.DataController.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\abengineLib.DataTable
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\abengineLib.DataTable.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\abengineLib.DataTableFields
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\abengineLib.DataTableFields.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\abengineLib.DataTableHolder
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\abengineLib.DataTableHolder.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\abengineLib.LSPLogic
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\abengineLib.LSPLogic.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\abengineLib.ReadOnlyManager
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\abengineLib.ReadOnlyManager.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT3317892
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{00B11DA2-75ED-4364-ABA5-9A95B1F5E946}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{02A96331-0CA6-40E2-A87D-C224601985EB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3B5702BA-7F4C-4D1A-B026-1E9A01D43978}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{533403E2-6E21-4615-9E28-43F4E97E977B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{69F256DF-BA98-45E9-86EA-FC3CFECF9D30}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{6E87FC94-9866-49B9-8E93-5736D6DE3DD7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{7E49F793-B3CD-4BF7-8419-B34B8BD30E61}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{834469E3-CA2B-4F21-A5CA-4F6F4DBCDE87}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{8529FAA3-5BFD-43C1-AB35-B53C4B96C6E5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{ADBC39BE-3D20-4333-8D99-E91EB1B62474}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E06CA7F5-BA34-4FF6-8D24-B1BDC594D91F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{F6421EE5-A5BE-4D31-81D5-C16B7BF48E4C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{FD8E81D0-F5FE-4CB1-9AEA-1E163D2BAB78}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EE95078D-518C-4FD2-8093-FD1D4E33D3CA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{F9EB11AB-9384-4736-9B33-993940F88895}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{57B0DCF0-8B40-4449-8AA4-E297D6E779D4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{F9EB11AB-9384-4736-9B33-993940F88895}
Schlüssel Gelöscht : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0b4d26f6-61a8-4463-99dd-5f2fe0400fa6}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{36622CCB-325B-421B-BB6C-17C608131E27}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{BB82DE59-BC4C-4172-9AC4-73315F71CFFE}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{D1B3EBCF-ABF1-4CB2-B438-75B5E741640D}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{E733165D-CBCF-4FDA-883E-ADEF965B476C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BB82DE59-BC4C-4172-9AC4-73315F71CFFE}
Schlüssel Gelöscht : HKCU\Software\AnyProtect
Schlüssel Gelöscht : HKCU\Software\APN PIP
Schlüssel Gelöscht : HKCU\Software\Bitberry
Schlüssel Gelöscht : HKCU\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\FileTypeAssistant
Schlüssel Gelöscht : HKCU\Software\GlobalUpdate
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKCU\Software\Optimizer Pro
Schlüssel Gelöscht : HKCU\Software\simplytech
Schlüssel Gelöscht : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Schlüssel Gelöscht : HKCU\Software\AppDataLow\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9}
Schlüssel Gelöscht : HKCU\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\TheBestDeals
Schlüssel Gelöscht : HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}
Schlüssel Gelöscht : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Schlüssel Gelöscht : HKLM\SOFTWARE\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9}
Schlüssel Gelöscht : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Schlüssel Gelöscht : HKLM\SOFTWARE\AskPartnerNetwork
Schlüssel Gelöscht : HKLM\SOFTWARE\Conduit
Schlüssel Gelöscht : HKLM\SOFTWARE\GlobalUpdate
Schlüssel Gelöscht : HKLM\SOFTWARE\SearchProtect
Schlüssel Gelöscht : HKLM\SOFTWARE\SupDp
Schlüssel Gelöscht : HKLM\SOFTWARE\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
Schlüssel Gelöscht : HKLM\SOFTWARE\{12A61307-94CD-4F8E-94BC-918E511FAA81}
Schlüssel Gelöscht : HKLM\SOFTWARE\SPPDCOM
Schlüssel Gelöscht : HKLM\SOFTWARE\TabNav
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Trusted Software Assistant_is1
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VOPackage
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{EE171732-BEB4-4576-887D-CB62727F01CA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ASPackage
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{11F6D5AB-263F-388E-74DE-E3DECD390E3F}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\DivX\Install\Setup\WizardLayout\ConduitToolbar
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\searchgol.com
Daten Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - <-loopback>
***** [ Internetbrowser ] *****
-\\ Internet Explorer v11.0.9600.17631
-\\ Mozilla Firefox v35.0.1 (x86 de)
[rajhh0q2.default-1409765728724\prefs.js] - Zeile Gelöscht : user_pref("browser.search.defaultenginename,S", "WebSearch");
[rajhh0q2.default-1409765728724\prefs.js] - Zeile Gelöscht : user_pref("browser.search.defaulturl", "hxxp://websearch.look-for-it.info/?pid=21773&r=2015/02/18&hid=9910709190815872974&lg=EN&cc=DE&unqvl=82&l=1&q=");
[rajhh0q2.default-1409765728724\prefs.js] - Zeile Gelöscht : user_pref("browser.search.order.1", "WebSearch");
[rajhh0q2.default-1409765728724\prefs.js] - Zeile Gelöscht : user_pref("browser.search.order.1,S", "WebSearch");
[rajhh0q2.default-1409765728724\prefs.js] - Zeile Gelöscht : user_pref("browser.search.searchengine.alias", "mystartsearch");
[rajhh0q2.default-1409765728724\prefs.js] - Zeile Gelöscht : user_pref("browser.search.searchengine.iconURL", "hxxp://www.mystartsearch.com/web/favicon.ico");
[rajhh0q2.default-1409765728724\prefs.js] - Zeile Gelöscht : user_pref("browser.search.searchengine.name", "mystartsearch");
[rajhh0q2.default-1409765728724\prefs.js] - Zeile Gelöscht : user_pref("browser.search.searchengine.url", "hxxp://www.mystartsearch.com/web/?type=dspp&ts=1424282597&from=fun&uid=WDCXWD3200BPVT-22JJ5T0_WD-WXL1EA1CZAURCZAUR&q={searchTerms}");
[rajhh0q2.default-1409765728724\prefs.js] - Zeile Gelöscht : user_pref("browser.search.selectedEngine", "mystartsearch");
[rajhh0q2.default-1409765728724\prefs.js] - Zeile Gelöscht : user_pref("browser.search.selectedEngine,S", "WebSearch");
[rajhh0q2.default-1409765728724\prefs.js] - Zeile Gelöscht : user_pref("extensions.3qknB38nuo6Ezcfw.scode", "try{(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"pjUFrdCEpjw4rdYFqjY6rTU6qa\")>-1url.indexOf(\"acebook\")>-1[...]
[rajhh0q2.default-1409765728724\prefs.js] - Zeile Gelöscht : user_pref("extensions.quick_start.enable_search1", false);
[rajhh0q2.default-1409765728724\prefs.js] - Zeile Gelöscht : user_pref("extensions.quick_start.sd.closeWindowWithLastTab_prev_state", false);
[rajhh0q2.default-1409765728724\prefs.js] - Zeile Gelöscht : user_pref("extensions.rdbL0mb8uu1MI7HP.scode", "try{(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"pjUFrdCEpjw4rdYFqjY6rTU6qa\")>-1url.indexOf(\"acebook\")>-1[...]
[rajhh0q2.default-1409765728724\prefs.js] - Zeile Gelöscht : user_pref("extensions.zDwPDobU34VPVwfW.scode", "try{(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"pjUFrdCEpjw4rdYFqjY6rTU6qa\")>-1url.indexOf(\"acebook\")>-1[...]
-\\ Google Chrome v
[C:\Users\Sonja\AppData\Local\Google\Chrome\User Data\Default\preferences] - Gelöscht [Extension] : kfdklpogcdiepbhfmgklkebjdcnhoojl
*************************
AdwCleaner[R0].txt - [30885 Bytes] - [08/11/2013 21:14:56]
AdwCleaner[R1].txt - [15937 Bytes] - [06/03/2015 22:25:08]
AdwCleaner[S0].txt - [30143 Bytes] - [08/11/2013 21:16:00]
AdwCleaner[S1].txt - [14220 Bytes] - [06/03/2015 22:28:10]
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [14280 Bytes] ##########
Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.3 (03.01.2015:1)
OS: Windows 7 Home Premium x64
Ran by Sonja on 06.03.2015 at 22:39:13,93
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
~~~ Files
~~~ Folders
~~~ FireFox
Successfully deleted the following from C:\Users\Sonja\AppData\Roaming\mozilla\firefox\profiles\rajhh0q2.default-1409765728724\prefs.js
user_pref("browser.search.searchengine.desc", "this is my first firefox searchEngine");
user_pref("browser.search.searchengine.ptid", "fun");
user_pref("browser.search.searchengine.uid", "WDCXWD3200BPVT-22JJ5T0_WD-WXL1EA1CZAURCZAUR");
user_pref("extensions.3qknB38nuo6Ezcfw.url", "hxxp://solutionprojob.info/sync2/?q=hfZ9ofV9CShEAen0rTw6qHrMg708BNmGWj8wmihGheDUojw8rdsFpdw6qjk8pchIC7n0rjkErTw5rjYErHw6tNhVCT94t
user_pref("extensions.KjV8foO3AAfc11T9.scode", "(function(){try{if(window.self.location.href.indexOf(\"pjUFrdCEpjw4rdYFqjY6rTU6qa\")>-1){return;}}catch(e){}try{var d=[[\"acebo
user_pref("extensions.mYp6UsOYZ4a6Vs7j.scode", "(function(){try{if(window.self.location.href.indexOf(\"pjUFrdCEpjw4rdYFqjY6rTU6qa\")>-1){return;}}catch(e){}try{var d=[[\"acebo
Emptied folder: C:\Users\Sonja\AppData\Roaming\mozilla\firefox\profiles\rajhh0q2.default-1409765728724\minidumps [27 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 06.03.2015 at 22:42:02,30
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 29-02-2015
Ran by Sonja (administrator) on PC on 06-03-2015 22:45:13
Running from C:\Users\Sonja\Desktop
Loaded Profiles: UpdatusUser & Sonja (Available profiles: UpdatusUser & Sonja)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
() C:\Program Files (x86)\Lidl_Fotos\dd.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Photosmart 5520 series\Bin\ScanToPCActivationApp.exe
() C:\Users\Sonja\AppData\Local\Amazon Music\Amazon Music Helper.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Dropbox, Inc.) C:\Users\Sonja\AppData\Roaming\Dropbox\bin\Dropbox.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Dolby Laboratories Inc.) C:\Dolby PCEE4\pcee4.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
() C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
(pdfforge GmbH) C:\Program Files (x86)\PDF Architect\HelperService.exe
(pdfforge GmbH) C:\Program Files (x86)\PDF Architect\ConversionService.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psia.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2280232 2010-07-29] (Synaptics Incorporated)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12673128 2011-08-16] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2277480 2011-08-16] (Realtek Semiconductor)
HKLM\...\Run: [Power Management] => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [1831016 2011-08-02] (Acer Incorporated)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1332296 2015-01-30] (Microsoft Corporation)
HKLM-x32\...\Run: [Norton Online Backup] => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [1155928 2010-06-01] (Symantec Corporation)
HKLM-x32\...\Run: [BackupManagerTray] => C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe [297280 2011-04-24] (NTI Corporation)
HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [1103440 2011-07-01] (Dritek System Inc.)
HKLM-x32\...\Run: [Dolby Advanced Audio v2] => C:\Dolby PCEE4\pcee4.exe [506712 2011-06-01] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [SuiteTray] => C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe [341360 2011-09-20] (Egis Technology Inc.)
HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [450560 2014-02-14] (DivX, LLC)
HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1861968 2014-01-10] ()
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-608024502-4260226369-3383888787-1000\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
HKU\S-1-5-21-608024502-4260226369-3383888787-1001\...\Run: [Device Detection] => C:\Program Files (x86)\Lidl_Fotos\dd.exe [860528 2014-11-26] ()
HKU\S-1-5-21-608024502-4260226369-3383888787-1001\...\Run: [HP Photosmart 5520 series (NET)] => C:\Program Files\HP\HP Photosmart 5520 series\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-608024502-4260226369-3383888787-1001\...\Run: [Amazon Music] => C:\Users\Sonja\AppData\Local\Amazon Music\Amazon Music Helper.exe [6281536 2014-09-06] ()
HKU\S-1-5-21-608024502-4260226369-3383888787-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\System32\Acer.scr [450048 2011-09-13] ()
HKU\S-1-5-18\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
AppInit_DLLs-x32: c:\Windows\SysWOW64\nvinit.dll => c:\Windows\SysWOW64\nvinit.dll [141336 2013-09-05] (NVIDIA Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia)
Startup: C:\Users\Sonja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Die Prinzen Millionar.mp3.lnk
ShortcutTarget: Die Prinzen Millionar.mp3.lnk -> C:\ProgramData\{b11f671d-3060-98e6-b11f-f671d3069c74}\Die Prinzen Millionar.mp3.exe (No File)
Startup: C:\Users\Sonja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\die prinzen kssen verboten.lnk
ShortcutTarget: die prinzen kssen verboten.lnk -> C:\ProgramData\{d075ee4c-e609-54bb-d075-5ee4ce60b933}\die prinzen kssen verboten.exe (No File)
Startup: C:\Users\Sonja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Sonja\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Sonja\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Sonja\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Sonja\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Sonja\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Sonja\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Sonja\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Sonja\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\S-1-5-21-608024502-4260226369-3383888787-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=MSSE
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=MSSE
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-608024502-4260226369-3383888787-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=MSSE
HKU\S-1-5-21-608024502-4260226369-3383888787-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-608024502-4260226369-3383888787-1001\Software\Microsoft\Internet Explorer\Main,First Home Page = hxxp://go.microsoft.com/fwlink/?LinkID=226786&Mkt=de-DE&Src=MSE&Tid=000328B0&OHP=www.google.com&OSP=
SearchScopes: HKLM -> {0b4d26f6-61a8-4463-99dd-5f2fe0400fa6} URL =
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-608024502-4260226369-3383888787-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\Sonja\AppData\Roaming\Mozilla\Firefox\Profiles\rajhh0q2.default-1409765728724
FF Homepage: about:home
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @mcafee.com/SAFFPlugin -> C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5 -> C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll (RocketLife, LLP)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-608024502-4260226369-3383888787-1001: amazon.com/AmazonMP3DownloaderPlugin -> C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10174.dll No File
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Sonja\AppData\Roaming\Mozilla\Firefox\Profiles\rajhh0q2.default-1409765728724\searchplugins\google-images.xml
FF SearchPlugin: C:\Users\Sonja\AppData\Roaming\Mozilla\Firefox\Profiles\rajhh0q2.default-1409765728724\searchplugins\google-maps.xml
FF Extension: Adblock Plus - C:\Users\Sonja\AppData\Roaming\Mozilla\Firefox\Profiles\rajhh0q2.default-1409765728724\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-02-21]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2015-01-26]
Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: C:\Users\Sonja\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Secure Downloader) - C:\Users\Sonja\AppData\Local\Google\Chrome\User Data\Default\Extensions\njbcfghpoodhahbegndmbojmgkibhiol [2015-02-18]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2015-01-30] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366512 2015-01-30] (Microsoft Corporation)
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-01] (Symantec Corporation)
R2 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [256832 2011-04-24] (NTI Corporation)
R2 PDF Architect Helper Service; C:\Program Files (x86)\PDF Architect\HelperService.exe [1320496 2013-04-08] (pdfforge GmbH)
R2 PDF Architect Service; C:\Program Files (x86)\PDF Architect\ConversionService.exe [799280 2013-04-08] (pdfforge GmbH)
R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1228504 2013-11-04] (Secunia)
R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [660184 2013-11-04] (Secunia)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 e47f97f2; "C:\Windows\system32\rundll32.exe" "c:\Program Files (x86)\SystemPower\SystemPower.dll",serv
S2 HPSLPSVC; C:\Users\Sonja\AppData\Local\Temp\7zS1AA1\hpslpsvc64.dll [X]
S2 McAfee SiteAdvisor Service; c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe [X]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S1 acedrv06; C:\Windows\system32\drivers\acedrv06.sys [147456 2012-10-09] () [File not signed]
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [274696 2014-11-15] (Microsoft Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124560 2014-11-15] (Microsoft Corporation)
R3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2013-11-04] (Secunia)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-03-06 22:42 - 2015-03-06 22:42 - 00001679 _____ () C:\Users\Sonja\Desktop\JRT.txt
2015-03-06 22:38 - 2015-03-06 22:38 - 01388333 _____ (Thisisu) C:\Users\Sonja\Desktop\JRT.exe
2015-03-06 22:20 - 2015-03-06 22:21 - 02126848 _____ () C:\Users\Sonja\Desktop\AdwCleaner_4.111.exe
2015-03-06 22:17 - 2015-03-06 22:17 - 00003163 _____ () C:\Users\Sonja\Desktop\mbam.txt
2015-03-05 14:36 - 2015-03-05 14:36 - 00026706 _____ () C:\ComboFix.txt
2015-03-05 14:36 - 2015-03-05 14:36 - 00000000 ____D () C:\Users\TEMP
2015-03-05 14:16 - 2015-03-05 14:36 - 00000000 ____D () C:\Qoobox
2015-03-05 14:16 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-03-05 14:16 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-03-05 14:16 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-03-05 14:16 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-03-05 14:16 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-03-05 14:16 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2015-03-05 14:16 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2015-03-05 14:16 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2015-03-05 14:15 - 2015-03-05 14:34 - 00000000 ____D () C:\Windows\erdnt
2015-03-05 14:13 - 2015-03-05 14:13 - 05612482 ____R (Swearware) C:\Users\Sonja\Desktop\ComboFix.exe
2015-03-04 12:03 - 2015-03-04 12:03 - 00000000 ____D () C:\TDSSKiller_Quarantine
2015-03-03 22:21 - 2015-03-03 22:21 - 04197016 _____ (Kaspersky Lab ZAO) C:\Users\Sonja\Desktop\tdsskiller.exe
2015-03-02 20:00 - 2015-03-02 20:00 - 00000000 ____D () C:\Program Files (x86)\7-Zip
2015-03-02 19:59 - 2015-03-02 19:59 - 01182149 _____ () C:\Users\Sonja\Downloads\7z936.exe
2015-03-02 19:07 - 2015-03-03 23:07 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-03-02 19:03 - 2015-03-03 23:07 - 00000000 ____D () C:\Users\Sonja\Desktop\mbar
2015-03-02 18:08 - 2015-03-02 18:09 - 16502728 _____ (Malwarebytes Corp.) C:\Users\Sonja\Desktop\mbar-1.09.1.1004.exe
2015-03-02 08:49 - 2015-03-02 08:49 - 00014138 _____ () C:\Users\Sonja\Desktop\GMER.log
2015-03-02 08:01 - 2015-03-02 08:05 - 00036665 _____ () C:\Users\Sonja\Desktop\Addition.txt
2015-03-02 07:59 - 2015-03-06 22:45 - 00018984 _____ () C:\Users\Sonja\Desktop\FRST.txt
2015-03-02 07:58 - 2015-03-06 22:45 - 00000000 ____D () C:\FRST
2015-03-02 07:54 - 2015-03-02 07:55 - 00000472 _____ () C:\Users\Sonja\Desktop\defogger_disable.log
2015-03-02 07:54 - 2015-03-02 07:54 - 00000000 _____ () C:\Users\Sonja\defogger_reenable
2015-03-02 07:49 - 2015-03-02 07:49 - 00380416 _____ () C:\Users\Sonja\Desktop\Gmer-19357.exe
2015-03-02 07:46 - 2015-03-02 07:46 - 02092544 _____ (Farbar) C:\Users\Sonja\Desktop\FRST64.exe
2015-03-02 07:39 - 2015-03-02 07:39 - 00050477 _____ () C:\Users\Sonja\Desktop\Defogger.exe
2015-02-25 21:06 - 2015-01-09 00:44 - 00419936 _____ () C:\Windows\SysWOW64\locale.nls
2015-02-25 21:06 - 2015-01-09 00:43 - 00419936 _____ () C:\Windows\system32\locale.nls
2015-02-20 08:01 - 2015-02-20 08:01 - 00840312 _____ (App Web ) C:\Users\Sonja\Downloads\adobe_flash_setup.exe
2015-02-18 20:38 - 2015-02-18 20:38 - 00000042 _____ () C:\Users\Sonja\AppData\Roaming\WB.CFG
2015-02-18 20:23 - 2015-02-18 20:23 - 00000000 ____D () C:\Program Files (x86)\Secure Downloader
2015-02-18 20:06 - 2015-02-18 20:06 - 00003140 _____ () C:\Windows\System32\Tasks\{8F3DEAAE-1ECC-4362-B02C-A4F771F9C2C7}
2015-02-18 19:41 - 2015-02-18 19:41 - 00000000 __SHD () C:\Users\Sonja\AppData\Local\EmieUserList
2015-02-18 19:41 - 2015-02-18 19:41 - 00000000 __SHD () C:\Users\Sonja\AppData\Local\EmieSiteList
2015-02-18 19:41 - 2015-02-18 19:41 - 00000000 __SHD () C:\Users\Sonja\AppData\Local\EmieBrowserModeList
2015-02-18 19:41 - 2015-02-18 19:41 - 00000000 ____D () C:\Windows\SysWOW64\Flash
2015-02-18 19:33 - 2015-02-18 19:49 - 00000000 ____D () C:\ProgramData\{dc73b5bd-2ead-65a6-dc73-3b5bd2ead6f4}
2015-02-18 19:31 - 2015-02-18 19:31 - 00000000 ____D () C:\shoplog
2015-02-18 19:25 - 2015-03-04 12:03 - 00000000 ____D () C:\Users\Sonja\AppData\Roaming\38FAE90D-1424287507-E111-9C39-DC0EA126DAF4
2015-02-18 19:10 - 2015-03-06 22:08 - 00000000 ____D () C:\ProgramData\{d075ee4c-e609-54bb-d075-5ee4ce60b933}
2015-02-18 19:01 - 2015-02-18 19:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\clean2PC
2015-02-18 19:01 - 2015-02-18 19:01 - 00000000 ____D () C:\Program Files (x86)\clean2PC
2015-02-18 18:56 - 2015-03-06 22:07 - 00000000 ____D () C:\Program Files (x86)\Chrome Notepad
2015-02-18 18:55 - 2015-03-06 22:08 - 00000000 ____D () C:\ProgramData\{b11f671d-3060-98e6-b11f-f671d3069c74}
2015-02-18 18:54 - 2015-03-06 22:07 - 00000000 ____D () C:\ProgramData\{2048d42c-81cc-fdba-2048-8d42c81c50b2}
2015-02-18 18:22 - 2015-01-09 04:14 - 00950272 _____ (Microsoft Corporation) C:\Windows\system32\perftrack.dll
2015-02-18 18:22 - 2015-01-09 04:14 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\wdi.dll
2015-02-18 18:22 - 2015-01-09 04:14 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\powertracker.dll
2015-02-18 18:22 - 2015-01-09 03:48 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdi.dll
2015-02-12 19:32 - 2015-01-23 05:42 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-02-12 19:32 - 2015-01-23 05:41 - 06041600 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-02-12 19:32 - 2015-01-23 04:43 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-02-12 19:32 - 2015-01-23 04:17 - 04300800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-02-11 19:43 - 2015-01-10 07:48 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-02-11 19:43 - 2015-01-10 07:48 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-02-11 19:43 - 2015-01-10 07:48 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-02-11 19:43 - 2015-01-10 07:48 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-02-11 19:43 - 2015-01-10 07:48 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-02-11 19:43 - 2015-01-10 07:48 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-02-11 19:43 - 2015-01-10 07:48 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-02-11 19:43 - 2015-01-10 07:27 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-02-11 19:43 - 2015-01-10 07:27 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-02-11 19:43 - 2015-01-10 07:27 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-02-11 19:43 - 2015-01-10 07:27 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-02-11 19:43 - 2015-01-10 07:27 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-02-11 19:43 - 2015-01-10 07:27 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-02-11 19:43 - 2015-01-10 07:27 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-02-11 19:43 - 2015-01-09 03:03 - 03201536 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-02-11 19:42 - 2015-01-14 06:47 - 00389808 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-02-11 19:42 - 2015-01-14 06:09 - 00342712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-02-11 19:42 - 2015-01-12 04:09 - 25056256 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-02-11 19:42 - 2015-01-12 04:05 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-02-11 19:42 - 2015-01-12 04:05 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-02-11 19:42 - 2015-01-12 03:49 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-02-11 19:42 - 2015-01-12 03:48 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-02-11 19:42 - 2015-01-12 03:48 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-02-11 19:42 - 2015-01-12 03:48 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-02-11 19:42 - 2015-01-12 03:47 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-02-11 19:42 - 2015-01-12 03:40 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-02-11 19:42 - 2015-01-12 03:39 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-02-11 19:42 - 2015-01-12 03:36 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-02-11 19:42 - 2015-01-12 03:34 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-02-11 19:42 - 2015-01-12 03:34 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-02-11 19:42 - 2015-01-12 03:25 - 19740160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-02-11 19:42 - 2015-01-12 03:25 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-02-11 19:42 - 2015-01-12 03:21 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-02-11 19:42 - 2015-01-12 03:21 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-02-11 19:42 - 2015-01-12 03:13 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-02-11 19:42 - 2015-01-12 03:08 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-02-11 19:42 - 2015-01-12 03:08 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-02-11 19:42 - 2015-01-12 03:07 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-02-11 19:42 - 2015-01-12 03:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-02-11 19:42 - 2015-01-12 03:07 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-02-11 19:42 - 2015-01-12 03:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-02-11 19:42 - 2015-01-12 03:04 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-02-11 19:42 - 2015-01-12 03:02 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-02-11 19:42 - 2015-01-12 03:00 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-02-11 19:42 - 2015-01-12 02:59 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-02-11 19:42 - 2015-01-12 02:57 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-02-11 19:42 - 2015-01-12 02:55 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-02-11 19:42 - 2015-01-12 02:48 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-02-11 19:42 - 2015-01-12 02:48 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-02-11 19:42 - 2015-01-12 02:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-02-11 19:42 - 2015-01-12 02:46 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-02-11 19:42 - 2015-01-12 02:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-02-11 19:42 - 2015-01-12 02:43 - 14401024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-02-11 19:42 - 2015-01-12 02:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-02-11 19:42 - 2015-01-12 02:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-02-11 19:42 - 2015-01-12 02:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-02-11 19:42 - 2015-01-12 02:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-02-11 19:42 - 2015-01-12 02:27 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-02-11 19:42 - 2015-01-12 02:23 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-02-11 19:42 - 2015-01-12 02:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-02-11 19:42 - 2015-01-12 02:22 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-02-11 19:42 - 2015-01-12 02:14 - 12829184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-02-11 19:42 - 2015-01-12 02:14 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-02-11 19:42 - 2015-01-12 02:02 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-02-11 19:42 - 2015-01-12 02:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-02-11 19:42 - 2015-01-12 01:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-02-11 19:42 - 2015-01-12 01:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-02-11 19:41 - 2015-01-15 09:14 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-02-11 19:41 - 2015-01-15 09:14 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-02-11 19:41 - 2015-01-15 09:09 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-02-11 19:41 - 2015-01-15 09:09 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-02-11 19:41 - 2015-01-15 09:09 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-02-11 19:41 - 2015-01-15 09:09 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-02-11 19:41 - 2015-01-15 09:09 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-02-11 19:41 - 2015-01-15 09:08 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-02-11 19:41 - 2015-01-15 09:06 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-02-11 19:41 - 2015-01-15 09:06 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-02-11 19:41 - 2015-01-15 09:04 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-02-11 19:41 - 2015-01-15 08:42 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-02-11 19:41 - 2015-01-15 08:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-02-11 19:41 - 2015-01-15 08:41 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-02-11 19:41 - 2015-01-15 08:39 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-02-11 19:41 - 2015-01-15 08:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-02-11 19:41 - 2015-01-15 08:37 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-02-11 19:41 - 2015-01-15 05:22 - 00458824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-02-11 19:41 - 2015-01-13 04:10 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-02-11 19:41 - 2015-01-13 03:49 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-02-11 19:40 - 2015-01-14 07:09 - 05554112 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-02-11 19:40 - 2015-01-14 07:05 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-02-11 19:40 - 2015-01-14 07:05 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-02-11 19:40 - 2015-01-14 07:04 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-02-11 19:40 - 2015-01-14 06:44 - 03972544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-02-11 19:40 - 2015-01-14 06:44 - 03917760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-02-11 19:40 - 2015-01-14 06:41 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-02-11 19:40 - 2014-12-12 06:31 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-02-11 19:40 - 2014-12-12 06:07 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2015-02-11 19:40 - 2014-12-08 04:09 - 00406528 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2015-02-11 19:40 - 2014-12-08 03:46 - 00308224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scesrv.dll
2015-02-11 19:40 - 2014-11-26 04:53 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2015-02-11 19:40 - 2014-11-26 04:32 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-03-06 22:40 - 2009-07-14 05:45 - 00016752 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-03-06 22:40 - 2009-07-14 05:45 - 00016752 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-03-06 22:35 - 2014-11-27 18:45 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-03-06 22:35 - 2014-09-10 20:43 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-03-06 22:35 - 2013-03-10 08:25 - 00000000 ___RD () C:\Users\Sonja\Dropbox
2015-03-06 22:33 - 2013-03-10 08:24 - 00000000 ____D () C:\Users\Sonja\AppData\Roaming\Dropbox
2015-03-06 22:31 - 2014-09-10 20:43 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-03-06 22:30 - 2010-11-21 04:47 - 00457328 _____ () C:\Windows\PFRO.log
2015-03-06 22:30 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-03-06 22:30 - 2009-07-14 05:51 - 00139913 _____ () C:\Windows\setupact.log
2015-03-06 22:28 - 2013-11-08 21:14 - 00000000 ____D () C:\AdwCleaner
2015-03-06 22:28 - 2012-01-12 03:20 - 02052727 _____ () C:\Windows\WindowsUpdate.log
2015-03-06 22:14 - 2014-09-03 22:17 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-03-06 22:07 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\LiveKernelReports
2015-03-06 21:29 - 2013-11-30 08:49 - 00000338 _____ () C:\Windows\Tasks\HP Photo Creations Communicator.job
2015-03-05 14:36 - 2009-07-14 04:20 - 00000000 __RHD () C:\Users\Default
2015-03-05 14:29 - 2009-07-14 03:34 - 00000215 _____ () C:\Windows\system.ini
2015-03-03 22:17 - 2014-09-03 22:16 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-03-03 14:17 - 2010-11-21 04:27 - 00295552 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-03-02 08:50 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\NDF
2015-03-02 07:54 - 2012-06-20 20:21 - 00000000 ____D () C:\Users\Sonja
2015-03-01 09:41 - 2013-02-01 09:32 - 00000000 ____D () C:\NotenBox 7
2015-02-26 18:40 - 2009-07-14 06:08 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-02-20 18:36 - 2012-01-12 12:12 - 00700118 _____ () C:\Windows\system32\perfh007.dat
2015-02-20 18:36 - 2012-01-12 12:12 - 00149968 _____ () C:\Windows\system32\perfc007.dat
2015-02-20 18:36 - 2009-07-14 06:13 - 01622228 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-02-19 21:57 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\PLA
2015-02-18 22:10 - 2011-10-14 04:42 - 00000000 ____D () C:\Windows\ca
2015-02-18 20:11 - 2012-06-20 20:39 - 00001051 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-02-18 20:11 - 2012-06-20 20:39 - 00001039 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-02-18 20:11 - 2012-06-20 20:24 - 00001425 _____ () C:\Users\Sonja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-02-18 19:45 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\tracing
2015-02-18 19:38 - 2012-10-15 08:21 - 00000000 ____D () C:\Users\Sonja\AppData\Local\Adobe
2015-02-18 19:11 - 2012-07-10 19:37 - 00000000 ____D () C:\Users\Sonja\AppData\Roaming\vlc
2015-02-15 20:32 - 2012-10-09 10:50 - 00000000 ____D () C:\Users\Sonja\AppData\Roaming\Skype
2015-02-13 19:33 - 2013-03-10 08:25 - 00001015 _____ () C:\Users\Sonja\Desktop\Dropbox.lnk
2015-02-13 19:33 - 2013-03-10 08:24 - 00000000 ____D () C:\Users\Sonja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-02-11 21:25 - 2009-07-14 05:45 - 00312256 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-02-11 20:19 - 2013-11-23 21:17 - 00001912 _____ () C:\Windows\epplauncher.mif
2015-02-11 20:18 - 2013-11-23 21:17 - 00002121 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2015-02-11 20:18 - 2013-11-23 21:17 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2015-02-11 20:18 - 2013-11-23 21:17 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client
2015-02-11 20:18 - 2013-08-14 08:22 - 00000000 ____D () C:\Windows\system32\MRT
2015-02-11 20:12 - 2012-07-03 18:37 - 116773704 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-02-06 18:30 - 2014-09-10 20:43 - 00004106 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-02-06 18:30 - 2014-09-10 20:43 - 00003854 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-02-05 18:35 - 2014-11-27 18:45 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-02-05 18:35 - 2014-11-27 18:45 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-02-05 18:35 - 2014-11-27 18:45 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
==================== Files in the root of some directories =======
2015-01-25 17:12 - 2015-01-25 17:12 - 0001248 _____ () C:\Users\Sonja\AppData\Roaming\IVFLS
2015-01-25 17:12 - 2015-01-25 17:12 - 0002086 _____ () C:\Users\Sonja\AppData\Roaming\SX
2015-02-18 20:38 - 2015-02-18 20:38 - 0000042 _____ () C:\Users\Sonja\AppData\Roaming\WB.CFG
2013-04-02 09:54 - 2013-04-02 09:54 - 0000057 _____ () C:\ProgramData\Ament.ini
2012-01-12 03:47 - 2012-01-12 03:49 - 0015230 _____ () C:\ProgramData\ArcadeDeluxe5.log
2012-08-03 21:19 - 2012-08-03 21:20 - 0000317 _____ () C:\ProgramData\hpzinstall.log
2014-06-09 18:47 - 2014-06-09 18:50 - 0000032 _____ () C:\ProgramData\PS.log
Some content of TEMP:
====================
C:\Users\Sonja\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp2fvvcr.dll
C:\Users\Sonja\AppData\Local\Temp\Quarantine.exe
C:\Users\Sonja\AppData\Local\Temp\sqlite3.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-01-11 16:28
==================== End Of Log ============================
Vielen Dank und einen schönen Abend noch Geändert von Fanou (06.03.2015 um 22:47 Uhr) Grund: Beitragsverdichtung |
|
07.03.2015, 13:15
| #14 |
| /// the machine /// TB-Ausbilder | Windows 7, Adware eingefangen (Digisaver etc.)ESET Online Scanner
Downloade Dir bitte  SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
07.03.2015, 19:37
| #15 |
| | Windows 7, Adware eingefangen (Digisaver etc.) Guten Abend schrauber, ESET läuft (und läuft und läuft...) und hat inzwischen mehr als 100 Funde. Beim Starten hatte ESET gemeckert, weil noch eine andere Sicherheitssoftware aktiv wäre (MS Security Essentials). Ich hatte den Echtzeitschutz ausgestellt, aber komplett abschalten ließ es sich nicht. Ist das wichtig? Wenn ESET irgendwann mal fertig wird, poste ich das log  Viele Grüße Fanou EDIT: ESET ist fertig, hier das log: Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=e00471f1b600334097eb2bdd5f0a3b67
# engine=22800
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-03-07 06:44:49
# local_time=2015-03-07 07:44:49 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Microsoft Security Essentials'
# compatibility_mode=5895 16777213 100 100 2075172 67060005 0 0
# scanned=241127
# found=124
# cleaned=0
# scan_time=16299
sh=97BCCD25561F44E9B13F05F6EEF083C9CE9BA529 ft=1 fh=641f1fb3d2e699c4 vn="Win32/Toolbar.Conduit.Y evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Conduit\Community Alerts\Alert.dll.vir"
sh=AB28B1A4103224E83854DEB11EBD402DAD5529AA ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\LyriXeeker-1\41856.crx.vir"
sh=D2BFE1ABAE9D13BECCD876213422AE4158691D9F ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\LyriXeeker-1\41856.xpi.vir"
sh=BF11F09E96B9137F299E8996F4A02190D6AD350A ft=1 fh=97d439143ab78456 vn="Variante von Win32/Toolbar.CrossRider.H evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\LyriXeeker-1\LyriXeeker-1-bg.exe.vir"
sh=DDC1FF519447F0ED62E2C0F02386DC434926F372 ft=1 fh=c71c00113eef2777 vn="Variante von Win32/Toolbar.CrossRider.H evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\LyriXeeker-1\LyriXeeker-1-bho.dll.vir"
sh=C7C39A73408243BCB6EE0CC76DE347DD19113DA4 ft=1 fh=3966826d47bc5a39 vn="Variante von Win64/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\LyriXeeker-1\LyriXeeker-1-bho64.dll.vir"
sh=60DF1C494356DD54DF33EED5F90FE6142C017162 ft=1 fh=c71c00113f60402f vn="Variante von Win32/Toolbar.CrossRider.AZ evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\LyriXeeker-1\LyriXeeker-1-buttonutil.dll.vir"
sh=867C038DF529DA89AD89C615432914B7C904761D ft=1 fh=9ced8610c5ecb309 vn="Variante von Win32/Toolbar.CrossRider.I evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\LyriXeeker-1\LyriXeeker-1-buttonutil.exe.vir"
sh=561919C6621EE0ED548EEB4EF263786DF009F317 ft=1 fh=f3fd0242b69965f6 vn="Variante von Win64/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\LyriXeeker-1\LyriXeeker-1-buttonutil64.dll.vir"
sh=27851B0A3A1CB5CAC2E502732C7ACB543B69079C ft=1 fh=9ced8610cd6bcbc4 vn="Variante von Win64/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\LyriXeeker-1\LyriXeeker-1-buttonutil64.exe.vir"
sh=203CE2C0CF5375C48543730A5CDAC953DF0C4DCA ft=1 fh=94eaaf8006a6b0cd vn="Variante von Win32/Toolbar.CrossRider.K evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\LyriXeeker-1\LyriXeeker-1-chromeinstaller.exe.vir"
sh=88B602B1C7FA2020EAFEE73BB0432ADEAE7793D4 ft=1 fh=be9ae14d90318296 vn="Variante von Win32/Toolbar.CrossRider.J evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\LyriXeeker-1\LyriXeeker-1-codedownloader.exe.vir"
sh=F882CB3BFC65FCFC73AA38CCE0FB1F603BC180D1 ft=1 fh=74b78bb7a13dbe46 vn="Variante von Win32/Toolbar.CrossRider.J evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\LyriXeeker-1\LyriXeeker-1-firefoxinstaller.exe.vir"
sh=62CCFE3D5F601EF61C679386011046977EE1C4BF ft=1 fh=6bca5420fd8064b1 vn="Variante von Win32/Toolbar.CrossRider.J evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\LyriXeeker-1\LyriXeeker-1-updater.exe.vir"
sh=71E2F9D64D3FF023BD84948A4A415796F6DF3657 ft=1 fh=4374af28a4922a52 vn="Win32/Packed.ScrambleWrapper.C evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\LyriXeeker-1\utils.exe.vir"
sh=4AF99E43A299B48AB0C9F449A3EECEB34CAD6251 ft=1 fh=c373ebba2dd6fb96 vn="Win32/Toolbar.Besttoolbars.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SpecialSavings\AddonsFramework.dll.vir"
sh=5C490584673C131FAEA473748D12B1E019807726 ft=1 fh=d002bc3e2c1073db vn="Variante von Win32/Toolbar.Besttoolbars.J evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SpecialSavings\ScriptHost.dll.vir"
sh=5FB95D21BE8CF2753FD8A42398ADD26E2B21409F ft=1 fh=0f2c5f177050d203 vn="Variante von Win32/Toolbar.Conduit.AJ evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\Conduit\Multi\CT3317892\UninstallerUI.exe.vir"
sh=246DDBC3A2C223A6B9072637D93DC2A2832D097A ft=1 fh=c71c0011b04f613a vn="Win32/Toolbar.Babylon.Y evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\DSearchLink\DSearchLink.exe.vir"
sh=3AEF532A0211CE7869F0EB51E940D9E0C7CAE321 ft=1 fh=c7560653d3ee2314 vn="Variante von Win32/Adware.Yontoo.B Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\_Setupx.dll.vir"
sh=F8935573391555518C560A87DA9D48A7AFB964A9 ft=1 fh=d5f378fbab67b337 vn="Variante von Win32/Adware.Synatix.A Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Sonja\AppData\Local\DownloadGuide\Offers\vis-freeware.exe.vir"
sh=8E404BAFA9CEAC0628F089B4F1AA879EB5A3404E ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Sonja\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghgmpcnmaamenhngcinchjeifhhnlaig\1.24.10_0\extensionData\plugins\101_cortica_m.js.vir"
sh=957E505E027C2F899F844C27AC8B82EF94AEBB68 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Sonja\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghgmpcnmaamenhngcinchjeifhhnlaig\1.24.10_0\extensionData\plugins\102_dealply_m.js.vir"
sh=17F6E2411B6C3A285257D050832B0890BBEC046F ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Sonja\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghgmpcnmaamenhngcinchjeifhhnlaig\1.24.10_0\extensionData\plugins\103_intext_5_m.js.vir"
sh=EB047CB7862459E0F74832AEF6A7954A3663373F ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Sonja\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghgmpcnmaamenhngcinchjeifhhnlaig\1.24.10_0\extensionData\plugins\104_jollywallet_m.js.vir"
sh=F2126D68553053F0A5A411866DEC205E27283EDA ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Sonja\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghgmpcnmaamenhngcinchjeifhhnlaig\1.24.10_0\extensionData\plugins\105_corticas_m.js.vir"
sh=A69DBD3502EA9C4EDD7DEAFB23A8FC1C97BAB232 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Sonja\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghgmpcnmaamenhngcinchjeifhhnlaig\1.24.10_0\extensionData\plugins\107_coupish_m.js.vir"
sh=6FD52BE8732402A681159484442B6AA0351C4243 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Sonja\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghgmpcnmaamenhngcinchjeifhhnlaig\1.24.10_0\extensionData\plugins\108_icm_m.js.vir"
sh=F0D9BB17EC343592F74C53A4E3E5E460B90DD3E2 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Sonja\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghgmpcnmaamenhngcinchjeifhhnlaig\1.24.10_0\extensionData\plugins\116_ads_only_5_m.js.vir"
sh=DFB11E05B62F57EDA18112BC002C17EAFD79BEE7 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Sonja\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghgmpcnmaamenhngcinchjeifhhnlaig\1.24.10_0\extensionData\plugins\117_coupons_intext_ads_5_m.js.vir"
sh=9495814AE107F6739D62A09B1829E5A2DCDA1354 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Sonja\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghgmpcnmaamenhngcinchjeifhhnlaig\1.24.10_0\extensionData\plugins\119_similar_web_m.js.vir"
sh=D10EA105AB5DB329186B0B6F10541DD58058AEB8 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Sonja\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghgmpcnmaamenhngcinchjeifhhnlaig\1.24.10_0\extensionData\plugins\120_luck_m.js.vir"
sh=B985E49C6E0E423954A36327BE2EA87F0F287145 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Sonja\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghgmpcnmaamenhngcinchjeifhhnlaig\1.24.10_0\extensionData\plugins\123_intext_adv_m.js.vir"
sh=EAAF312959AC9CCF5138825927B5E2D38F57E2E1 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Sonja\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghgmpcnmaamenhngcinchjeifhhnlaig\1.24.10_0\extensionData\plugins\124_superfish_no_search_no_coupons_m.js.vir"
sh=62B063E0D121966E9A83C9AB518DADAE47423555 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Sonja\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghgmpcnmaamenhngcinchjeifhhnlaig\1.24.10_0\extensionData\plugins\125_arcadi2_m.js.vir"
sh=7E797140BE2D76B80EC180071B039E1DA561191D ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Sonja\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghgmpcnmaamenhngcinchjeifhhnlaig\1.24.10_0\extensionData\plugins\126_revizer_ws_m.js.vir"
sh=62892F2CBAFB6FD3DFDAD794F871133E0CF4FCA8 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Sonja\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghgmpcnmaamenhngcinchjeifhhnlaig\1.24.10_0\extensionData\plugins\127_revizer_p_m.js.vir"
sh=4A86247BDE5D2225473389037FA942819FD677CF ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Sonja\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghgmpcnmaamenhngcinchjeifhhnlaig\1.24.10_0\extensionData\plugins\128_superfish_pricora_m.js.vir"
sh=D9E89F57D3A13498640961F3B9954D67D7EA1039 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Sonja\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghgmpcnmaamenhngcinchjeifhhnlaig\1.24.10_0\extensionData\plugins\129_widdit_m.js.vir"
sh=B9CFC11B067C54952D592C618BD391AA26B3393B ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Sonja\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghgmpcnmaamenhngcinchjeifhhnlaig\1.24.10_0\extensionData\plugins\135_arcadi3_m.js.vir"
sh=17483832BF1FA23335B7C1E04A0530AB60CBEDC6 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Sonja\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghgmpcnmaamenhngcinchjeifhhnlaig\1.24.10_0\extensionData\plugins\138_getdeal_m.js.vir"
sh=90A4F559561CF603A203F93D56C80B17B8152325 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Sonja\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghgmpcnmaamenhngcinchjeifhhnlaig\1.24.10_0\extensionData\plugins\141_corticas_ru_m.js.js.vir"
sh=8395A2B6D59D2F3EDDCFC863DDA2F674396DC74C ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Sonja\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghgmpcnmaamenhngcinchjeifhhnlaig\1.24.10_0\extensionData\plugins\142_intext_fa_m.js.vir"
sh=786B0C8D3A9F6EFBCDB103B0FA7F9460D38C5D7B ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Sonja\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghgmpcnmaamenhngcinchjeifhhnlaig\1.24.10_0\extensionData\plugins\155_ibario_pops_m.js.vir"
sh=A28CB6571CE8071F7AC0A6BA249259A684E96292 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Sonja\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghgmpcnmaamenhngcinchjeifhhnlaig\1.24.10_0\extensionData\plugins\158_50onred_ads_only_no_fb_m.js.vir"
sh=18C46AE5CB67274764D17F8A40975EEB5C67F795 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Sonja\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghgmpcnmaamenhngcinchjeifhhnlaig\1.24.10_0\extensionData\plugins\159_cortica_rollover_m.js.vir"
sh=CB95B247FABF95831A2974B87B334DBE4597CEB2 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Sonja\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghgmpcnmaamenhngcinchjeifhhnlaig\1.24.10_0\extensionData\plugins\91_monetizationLoader.js.js.vir"
sh=93022F69189E8D2F1B4B8717522CA1AFFA59F708 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Sonja\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghgmpcnmaamenhngcinchjeifhhnlaig\1.24.10_0\extensionData\plugins\92_superfish_m.js.vir"
sh=DEF8CB14886F5A427CEB5E70D8C1D395AC135F4A ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Sonja\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghgmpcnmaamenhngcinchjeifhhnlaig\1.24.10_0\extensionData\plugins\93_superfish_no_coupons_m.js.vir"
sh=2B371F487F7913191E68EE2E12534E82AFDD3CB0 ft=1 fh=cc1a05615fab866c vn="Variante von Win32/ELEX.BF evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Sonja\AppData\Local\Temp\Desk365\eInstall\eInstall.exe.vir"
sh=1549CF4F9282F1B42A58B5E050E12EF0AD669798 ft=1 fh=ffe6693d8bc7d6c5 vn="Win32/Toolbar.Babylon.I evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Sonja\AppData\Roaming\BabSolution\Shared\BabMaint.exe.vir"
sh=8E404BAFA9CEAC0628F089B4F1AA879EB5A3404E ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Sonja\AppData\Roaming\Mozilla\Firefox\Profiles\usqebtv5.default\Extensions\763ab44b-71df-436c-906e-2ee8e1d7b302@af951efb-381e-47b2-ac45-80df41e44bc7.com\extensionData\plugins\101_cortica_m.js.vir"
sh=957E505E027C2F899F844C27AC8B82EF94AEBB68 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Sonja\AppData\Roaming\Mozilla\Firefox\Profiles\usqebtv5.default\Extensions\763ab44b-71df-436c-906e-2ee8e1d7b302@af951efb-381e-47b2-ac45-80df41e44bc7.com\extensionData\plugins\102_dealply_m.js.vir"
sh=2301B99B2F03CE326D6A6BDC1CF9FF1E3B72E126 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Sonja\AppData\Roaming\Mozilla\Firefox\Profiles\usqebtv5.default\Extensions\763ab44b-71df-436c-906e-2ee8e1d7b302@af951efb-381e-47b2-ac45-80df41e44bc7.com\extensionData\plugins\103_intext_5_m.js.vir"
sh=EB047CB7862459E0F74832AEF6A7954A3663373F ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Sonja\AppData\Roaming\Mozilla\Firefox\Profiles\usqebtv5.default\Extensions\763ab44b-71df-436c-906e-2ee8e1d7b302@af951efb-381e-47b2-ac45-80df41e44bc7.com\extensionData\plugins\104_jollywallet_m.js.vir"
sh=F2126D68553053F0A5A411866DEC205E27283EDA ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Sonja\AppData\Roaming\Mozilla\Firefox\Profiles\usqebtv5.default\Extensions\763ab44b-71df-436c-906e-2ee8e1d7b302@af951efb-381e-47b2-ac45-80df41e44bc7.com\extensionData\plugins\105_corticas_m.js.vir"
sh=A69DBD3502EA9C4EDD7DEAFB23A8FC1C97BAB232 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Sonja\AppData\Roaming\Mozilla\Firefox\Profiles\usqebtv5.default\Extensions\763ab44b-71df-436c-906e-2ee8e1d7b302@af951efb-381e-47b2-ac45-80df41e44bc7.com\extensionData\plugins\107_coupish_m.js.vir"
sh=76383B8DE33E6BBFB98D545DEA12B018A0A8F2C8 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Sonja\AppData\Roaming\Mozilla\Firefox\Profiles\usqebtv5.default\Extensions\763ab44b-71df-436c-906e-2ee8e1d7b302@af951efb-381e-47b2-ac45-80df41e44bc7.com\extensionData\plugins\108_icm_m.js.vir"
sh=A18766D6D6FF6B3985879B311F9984C744BBA15C ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Sonja\AppData\Roaming\Mozilla\Firefox\Profiles\usqebtv5.default\Extensions\763ab44b-71df-436c-906e-2ee8e1d7b302@af951efb-381e-47b2-ac45-80df41e44bc7.com\extensionData\plugins\116_ads_only_5_m.js.vir"
sh=431FFC8C5F0160D893723BFF0CCE55742716AE3D ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Sonja\AppData\Roaming\Mozilla\Firefox\Profiles\usqebtv5.default\Extensions\763ab44b-71df-436c-906e-2ee8e1d7b302@af951efb-381e-47b2-ac45-80df41e44bc7.com\extensionData\plugins\117_coupons_intext_ads_5_m.js.vir"
sh=9495814AE107F6739D62A09B1829E5A2DCDA1354 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Sonja\AppData\Roaming\Mozilla\Firefox\Profiles\usqebtv5.default\Extensions\763ab44b-71df-436c-906e-2ee8e1d7b302@af951efb-381e-47b2-ac45-80df41e44bc7.com\extensionData\plugins\119_similar_web_m.js.vir"
sh=D10EA105AB5DB329186B0B6F10541DD58058AEB8 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Sonja\AppData\Roaming\Mozilla\Firefox\Profiles\usqebtv5.default\Extensions\763ab44b-71df-436c-906e-2ee8e1d7b302@af951efb-381e-47b2-ac45-80df41e44bc7.com\extensionData\plugins\120_luck_m.js.vir"
sh=B985E49C6E0E423954A36327BE2EA87F0F287145 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Sonja\AppData\Roaming\Mozilla\Firefox\Profiles\usqebtv5.default\Extensions\763ab44b-71df-436c-906e-2ee8e1d7b302@af951efb-381e-47b2-ac45-80df41e44bc7.com\extensionData\plugins\123_intext_adv_m.js.vir"
sh=EAAF312959AC9CCF5138825927B5E2D38F57E2E1 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Sonja\AppData\Roaming\Mozilla\Firefox\Profiles\usqebtv5.default\Extensions\763ab44b-71df-436c-906e-2ee8e1d7b302@af951efb-381e-47b2-ac45-80df41e44bc7.com\extensionData\plugins\124_superfish_no_search_no_coupons_m.js.vir"
sh=62B063E0D121966E9A83C9AB518DADAE47423555 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Sonja\AppData\Roaming\Mozilla\Firefox\Profiles\usqebtv5.default\Extensions\763ab44b-71df-436c-906e-2ee8e1d7b302@af951efb-381e-47b2-ac45-80df41e44bc7.com\extensionData\plugins\125_arcadi2_m.js.vir"
sh=B1FD213981E274BCEE2697A82C7E87CA7418C39B ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Sonja\AppData\Roaming\Mozilla\Firefox\Profiles\usqebtv5.default\Extensions\763ab44b-71df-436c-906e-2ee8e1d7b302@af951efb-381e-47b2-ac45-80df41e44bc7.com\extensionData\plugins\126_revizer_ws_m.js.vir"
sh=2536CE239CC1E9DCCB8931BC82F1CF8520F55686 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Sonja\AppData\Roaming\Mozilla\Firefox\Profiles\usqebtv5.default\Extensions\763ab44b-71df-436c-906e-2ee8e1d7b302@af951efb-381e-47b2-ac45-80df41e44bc7.com\extensionData\plugins\127_revizer_p_m.js.vir"
sh=4A86247BDE5D2225473389037FA942819FD677CF ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Sonja\AppData\Roaming\Mozilla\Firefox\Profiles\usqebtv5.default\Extensions\763ab44b-71df-436c-906e-2ee8e1d7b302@af951efb-381e-47b2-ac45-80df41e44bc7.com\extensionData\plugins\128_superfish_pricora_m.js.vir"
sh=D9E89F57D3A13498640961F3B9954D67D7EA1039 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Sonja\AppData\Roaming\Mozilla\Firefox\Profiles\usqebtv5.default\Extensions\763ab44b-71df-436c-906e-2ee8e1d7b302@af951efb-381e-47b2-ac45-80df41e44bc7.com\extensionData\plugins\129_widdit_m.js.vir"
sh=B9CFC11B067C54952D592C618BD391AA26B3393B ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Sonja\AppData\Roaming\Mozilla\Firefox\Profiles\usqebtv5.default\Extensions\763ab44b-71df-436c-906e-2ee8e1d7b302@af951efb-381e-47b2-ac45-80df41e44bc7.com\extensionData\plugins\135_arcadi3_m.js.vir"
sh=17483832BF1FA23335B7C1E04A0530AB60CBEDC6 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Sonja\AppData\Roaming\Mozilla\Firefox\Profiles\usqebtv5.default\Extensions\763ab44b-71df-436c-906e-2ee8e1d7b302@af951efb-381e-47b2-ac45-80df41e44bc7.com\extensionData\plugins\138_getdeal_m.js.vir"
sh=90A4F559561CF603A203F93D56C80B17B8152325 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Sonja\AppData\Roaming\Mozilla\Firefox\Profiles\usqebtv5.default\Extensions\763ab44b-71df-436c-906e-2ee8e1d7b302@af951efb-381e-47b2-ac45-80df41e44bc7.com\extensionData\plugins\141_corticas_ru_m.js.js.vir"
sh=8395A2B6D59D2F3EDDCFC863DDA2F674396DC74C ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Sonja\AppData\Roaming\Mozilla\Firefox\Profiles\usqebtv5.default\Extensions\763ab44b-71df-436c-906e-2ee8e1d7b302@af951efb-381e-47b2-ac45-80df41e44bc7.com\extensionData\plugins\142_intext_fa_m.js.vir"
sh=C88DBAE0721E7739E511F90647A5238D389729A4 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Sonja\AppData\Roaming\Mozilla\Firefox\Profiles\usqebtv5.default\Extensions\763ab44b-71df-436c-906e-2ee8e1d7b302@af951efb-381e-47b2-ac45-80df41e44bc7.com\extensionData\plugins\155_ibario_pops_m.js.vir"
sh=399782A2AB704FCF977DD8C511424301382F4659 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Sonja\AppData\Roaming\Mozilla\Firefox\Profiles\usqebtv5.default\Extensions\763ab44b-71df-436c-906e-2ee8e1d7b302@af951efb-381e-47b2-ac45-80df41e44bc7.com\extensionData\plugins\158_50onred_ads_only_no_fb_m.js.vir"
sh=18C46AE5CB67274764D17F8A40975EEB5C67F795 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Sonja\AppData\Roaming\Mozilla\Firefox\Profiles\usqebtv5.default\Extensions\763ab44b-71df-436c-906e-2ee8e1d7b302@af951efb-381e-47b2-ac45-80df41e44bc7.com\extensionData\plugins\159_cortica_rollover_m.js.vir"
sh=E6BDC1907B7FE7C78DC0F1AF9FF678F5EB4D8E73 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Sonja\AppData\Roaming\Mozilla\Firefox\Profiles\usqebtv5.default\Extensions\763ab44b-71df-436c-906e-2ee8e1d7b302@af951efb-381e-47b2-ac45-80df41e44bc7.com\extensionData\plugins\171_arcadi2_sourceID_m.js.vir"
sh=062C50599A7B0E47E52FCE5016D5EC6EE2AD3A1C ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Sonja\AppData\Roaming\Mozilla\Firefox\Profiles\usqebtv5.default\Extensions\763ab44b-71df-436c-906e-2ee8e1d7b302@af951efb-381e-47b2-ac45-80df41e44bc7.com\extensionData\plugins\174_arcadi_serp_dynamic_id_m.js.vir"
sh=233496F4C4D033E8878BD480C97EB279E62B33F2 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Sonja\AppData\Roaming\Mozilla\Firefox\Profiles\usqebtv5.default\Extensions\763ab44b-71df-436c-906e-2ee8e1d7b302@af951efb-381e-47b2-ac45-80df41e44bc7.com\extensionData\plugins\175_coolmirage_m.js.vir"
sh=1B82157104A9F645095DF7AE7B5CF872400DF531 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Sonja\AppData\Roaming\Mozilla\Firefox\Profiles\usqebtv5.default\Extensions\763ab44b-71df-436c-906e-2ee8e1d7b302@af951efb-381e-47b2-ac45-80df41e44bc7.com\extensionData\plugins\178_revizer_ws_dynamic_m.js.vir"
sh=F4ED2E70B2B8D0F1C4EA381BC928D4DD0438F0F7 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Sonja\AppData\Roaming\Mozilla\Firefox\Profiles\usqebtv5.default\Extensions\763ab44b-71df-436c-906e-2ee8e1d7b302@af951efb-381e-47b2-ac45-80df41e44bc7.com\extensionData\plugins\179_revizer_p_dynamic_m.js.vir"
sh=FA5368990D934C99A38DEF34151ED59F4D95C64F ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Sonja\AppData\Roaming\Mozilla\Firefox\Profiles\usqebtv5.default\Extensions\763ab44b-71df-436c-906e-2ee8e1d7b302@af951efb-381e-47b2-ac45-80df41e44bc7.com\extensionData\plugins\91_monetizationLoader.js.js.vir"
sh=93022F69189E8D2F1B4B8717522CA1AFFA59F708 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Sonja\AppData\Roaming\Mozilla\Firefox\Profiles\usqebtv5.default\Extensions\763ab44b-71df-436c-906e-2ee8e1d7b302@af951efb-381e-47b2-ac45-80df41e44bc7.com\extensionData\plugins\92_superfish_m.js.vir"
sh=BFD0F29067CAE71544784708FE5554D6518AD6AD ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Sonja\AppData\Roaming\Mozilla\Firefox\Profiles\usqebtv5.default\Extensions\763ab44b-71df-436c-906e-2ee8e1d7b302@af951efb-381e-47b2-ac45-80df41e44bc7.com\extensionData\plugins\93_superfish_no_coupons_m.js.vir"
sh=EB3CE62B7E6499FC3F1435C5CBB7404813CD4981 ft=1 fh=52891f697437586e vn="Variante von Win32/Adware.SpeedingUpMyPC.AA Anwendung" ac=I fn="C:\ProgramData\{dc73b5bd-2ead-65a6-dc73-3b5bd2ead6f4}\OptimizerProInstaller.exe"
sh=0357621AC83DF191CD56CBD9EDD510F83884A743 ft=1 fh=6615ee6d091e66c2 vn="Variante von Win64/Adware.MultiPlug.F Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Program Files (x86)\CouPExtenssiion\r6yNPHvj7FN2vj.x64.dll.vir"
sh=3E654E75E78E41B04D7D8514611AF6FBD83400C7 ft=1 fh=6615ee6dbe9d5a4b vn="Variante von Win64/Adware.MultiPlug.F Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Program Files (x86)\DealuExpress\lKKpUnz2d5pRII.x64.dll.vir"
sh=4F8894A6924E7AF63153D82B71F3AF33A04F0637 ft=1 fh=c71c0011f582e792 vn="Variante von Win32/BHOUninstaller.AB evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Program Files (x86)\UNiDeals i\ywtoaxppRj1uoW.exe.vir"
sh=2BE782216EFC920ED6DD18F282F5D738DD5DA26A ft=1 fh=6615ee6dabd9942a vn="Variante von Win64/Adware.MultiPlug.F Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Program Files (x86)\UNiDeals i\ywtoaxppRj1uoW.x64.dll.vir"
sh=45C4511F0EC1A01CC992DBF11E232CA2C13062F4 ft=1 fh=183e6b613625d607 vn="Win32/VOPackage.BC evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Sonja\AppData\Local\nsk1212.tmp.vir"
sh=BA38199B25F5F1ED0B1A356ED2CB07F3006BD7B6 ft=1 fh=d4f71008b2fd795e vn="Variante von Win32/Adware.ICLoader.JA Anwendung" ac=I fn="C:\TDSSKiller_Quarantine\04.03.2015_09.29.56\susp0000\svc0000\tsk0000.dta"
sh=85B0A18DBF5D07B10A356D2EB5BA34DD21A06398 ft=1 fh=c9813bd9794daa8d vn="Variante von Win32/Adware.AdService.AL Anwendung" ac=I fn="C:\TDSSKiller_Quarantine\04.03.2015_09.29.56\uds0000\svc0000\tsk0000.dta"
sh=EB3CE62B7E6499FC3F1435C5CBB7404813CD4981 ft=1 fh=52891f697437586e vn="Variante von Win32/Adware.SpeedingUpMyPC.AA Anwendung" ac=I fn="C:\Users\All Users\{dc73b5bd-2ead-65a6-dc73-3b5bd2ead6f4}\OptimizerProInstaller.exe"
sh=4A22EDCDE458813A20BEB36EB2BABE856EDB182B ft=1 fh=e4a65a4c93580ecd vn="Win32/Adware.ConvertAd.AQ Anwendung" ac=I fn="C:\Users\Sonja\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\30DI4YPV\SearchUpdater[1].exe"
sh=3705670AF8CD8741D870A62B421EC5696A97BEFC ft=1 fh=097437150c7024d4 vn="Variante von Win32/PriceGong.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Sonja\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\30DI4YPV\SmartWebInstaller[1].exe"
sh=BA38199B25F5F1ED0B1A356ED2CB07F3006BD7B6 ft=1 fh=d4f71008b2fd795e vn="Variante von Win32/Adware.ICLoader.JA Anwendung" ac=I fn="C:\Users\Sonja\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\30DI4YPV\VOsrv[1].exe"
sh=AD274F5D2B12C1A564D13176C716579A8EA54237 ft=1 fh=a225194bb82f217f vn="Variante von Win32/Adware.AddLyrics.DN Anwendung" ac=I fn="C:\Users\Sonja\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8PUV1RBE\BlockAndSurf_2222-5510[1].exe"
sh=7BC10D75A0FE5BC368FB0C209221332F83688C14 ft=1 fh=5aa924e8dfac4f5b vn="Win32/VOPackage.BT evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Sonja\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8PUV1RBE\check[1].exe"
sh=CA3DC635CDEF2C285898DE94134C574D9B8EB80A ft=1 fh=4110cca1220a797d vn="Variante von Win32/InstallCore.PO evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Sonja\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8PUV1RBE\Setup[1].exe"
sh=65781DB72ABE2B33F080EF81E32868ECFE609117 ft=1 fh=a2561662e1683314 vn="Win32/Packed.ScrambleWrapper.O evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Sonja\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8PUV1RBE\setup[1].exe_a"
sh=7009002EB02A1801DB6D1C9388FD09C76774A81E ft=1 fh=c71c0011d6caeb29 vn="Variante von Win32/Adware.ConvertAd.AH Anwendung" ac=I fn="C:\Users\Sonja\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8PUV1RBE\Update_Notifier[1].exe"
sh=8440A220229C46807A4CCDF571107593E2733471 ft=1 fh=75eb7ae1e7a4bc56 vn="Win32/Adware.ConvertAd.BN Anwendung" ac=I fn="C:\Users\Sonja\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CKP3CR5Z\dl[1].htm"
sh=85B0A18DBF5D07B10A356D2EB5BA34DD21A06398 ft=1 fh=c9813bd9794daa8d vn="Variante von Win32/Adware.AdService.AL Anwendung" ac=I fn="C:\Users\Sonja\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CKP3CR5Z\JOSrv[1].exe"
sh=45C4511F0EC1A01CC992DBF11E232CA2C13062F4 ft=1 fh=183e6b613625d607 vn="Win32/VOPackage.BC evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Sonja\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ELS9B15D\AnyProtectSetup[1].exe"
sh=B8E1737A46C7D04A983D8D1F018175BBA3A7E5E3 ft=1 fh=7ed2aa8da7f26d60 vn="Variante von Win32/InstallCore.PL evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Sonja\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ELS9B15D\Setup[1].exe"
sh=B9E3C39C9B29839FAF2D5E55CD96B4B9CB60B548 ft=1 fh=8b279515fabfc722 vn="Mehrere Bedrohungen" ac=I fn="C:\Users\Sonja\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ELS9B15D\setup_gmsd_de[1].exe"
sh=355B221F5F0DFFF4A1D7EF495B7569B4973E9DFA ft=1 fh=9911c846256dedc3 vn="Win32/Adware.ConvertAd.AQ Anwendung" ac=I fn="C:\Users\Sonja\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ELS9B15D\SFSetup[1].exe"
sh=2DB714F4033CCE659E792E64A64E8092D98E07EB ft=1 fh=f37aa63c7dc75675 vn="Win32/Adware.ConvertAd.AQ Anwendung" ac=I fn="C:\Users\Sonja\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ELS9B15D\VOPackage[1].exe"
sh=DDD7E789E67132CF6C5D8169B2F46E3498FCA60F ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Sonja\AppData\Roaming\IVFLS"
sh=9413821E4285C46DAF48156B472065FC2D763FE8 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Sonja\AppData\Roaming\SX"
sh=453D3B26051E4D9E4B289C39650EE49B1278374B ft=1 fh=5cd7b9f2006f3aba vn="Win32/Adware.ConvertAd.AQ Anwendung" ac=I fn="C:\Users\Sonja\AppData\Roaming\38FAE90D-1424287507-E111-9C39-DC0EA126DAF4\Uninstall.exe"
sh=2DB714F4033CCE659E792E64A64E8092D98E07EB ft=1 fh=f37aa63c7dc75675 vn="Win32/Adware.ConvertAd.AQ Anwendung" ac=I fn="C:\Users\Sonja\AppData\Roaming\38FAE90D-1424287507-E111-9C39-DC0EA126DAF4\vnsqC177.tmp"
sh=324E23BD359A094D5C8EBE77CD43035E9993B0B5 ft=1 fh=c0656931bcca232d vn="Variante von Win32/InstallCore.WX evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Sonja\Downloads\adobe_flash_setup.exe"
sh=900396F2C3A06863A5B39BA0CC48031A0BC1C5B3 ft=1 fh=ffbd3625738b259d vn="Variante von MSIL/DownloadGuide.D evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Sonja\Downloads\aren117-20070111-Downloader.exe"
sh=46720407CF76A3A4EBDDAFDBBBFA943B1A8F1E9F ft=1 fh=06416bae119d1e72 vn="Variante von Win32/SoftonicDownloader.E evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Sonja\Downloads\computerbild_downloader_fuer_winzip.exe"
sh=64131EBCE68286BAAEFAC74F12628EBFC159B7CB ft=1 fh=252d3f247af8095f vn="Win32/InstallMonetizer.AQ evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Sonja\Downloads\PDFCreator-1_6_1_setup.exe"
sh=BCF43267B4416C6DDEFAAD5AE0A63E3F682C5BB0 ft=1 fh=905be375e5c80006 vn="Win32/InstallMonetizer.AQ evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Sonja\Downloads\PDFCreator-1_6_2_setup.exe"
sh=534999ED85CB0AE3C21385B37B538044EA2AB339 ft=1 fh=28e16a9d033375cd vn="Win32/InstallMonetizer.AQ evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Sonja\Downloads\PDFCreator-1_7_3_setup.exe"
sh=34F2C0844483FE1CF4B3C781A192BD3F164A364A ft=1 fh=ecc511e71376698b vn="Win32/InstallMonetizer.AQ evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Sonja\Downloads\PDFCreator-1_9_1-setup-beta.exe"
sh=3224DA93D806263147B59DCC0AE4EF5186F48B6C ft=0 fh=0000000000000000 vn="Variante von Win32/Systweak.L evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Sonja\Downloads\wz170-32gev.msi"
sh=203DC55D22F8B641565D92113AED0CEE84CD6636 ft=1 fh=a5c82d9e7cb612e7 vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Sonja\Downloads\zafwSetupWeb_102_057_000.exe"
sh=106331229BB0E6926354AA973913843E09C71E78 ft=1 fh=e5343e9e04c1f21e vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Sonja\Downloads\zafwSetupWeb_102_081_000.exe"
sh=238B76E136A032D4601301E567760EC10C814124 ft=1 fh=f14483085eb0dc09 vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Sonja\Downloads\zafwSetupWeb_110_000_038.exe"
sh=F5061F226B1F7E5B3F646131416BE24B86F9BE88 ft=1 fh=046a44521feb320b vn="Variante von Win32/FileTypeAssistant.A evtl. unerwünschte Anwendung" ac=I fn="C:\zoek_backup\C_PROGRA~2_File Type Assistant\tsassist.exe"
Code:
ATTFilter UNSUPPORTED OPERATING SYSTEM! ABORTED!
FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 07-03-2015 01
Ran by Sonja (administrator) on PC on 07-03-2015 19:59:55
Running from C:\Users\Sonja\Desktop
Loaded Profiles: UpdatusUser & Sonja (Available profiles: UpdatusUser & Sonja)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
() C:\Program Files (x86)\Lidl_Fotos\dd.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Photosmart 5520 series\Bin\ScanToPCActivationApp.exe
() C:\Users\Sonja\AppData\Local\Amazon Music\Amazon Music Helper.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Dropbox, Inc.) C:\Users\Sonja\AppData\Roaming\Dropbox\bin\Dropbox.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Dolby Laboratories Inc.) C:\Dolby PCEE4\pcee4.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
() C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
(pdfforge GmbH) C:\Program Files (x86)\PDF Architect\HelperService.exe
(pdfforge GmbH) C:\Program Files (x86)\PDF Architect\ConversionService.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psia.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Photosmart 5520 series\Bin\HPNetworkCommunicator.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MpCmdRun.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2280232 2010-07-29] (Synaptics Incorporated)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12673128 2011-08-16] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2277480 2011-08-16] (Realtek Semiconductor)
HKLM\...\Run: [Power Management] => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [1831016 2011-08-02] (Acer Incorporated)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1332296 2015-01-30] (Microsoft Corporation)
HKLM-x32\...\Run: [Norton Online Backup] => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [1155928 2010-06-01] (Symantec Corporation)
HKLM-x32\...\Run: [BackupManagerTray] => C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe [297280 2011-04-24] (NTI Corporation)
HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [1103440 2011-07-01] (Dritek System Inc.)
HKLM-x32\...\Run: [Dolby Advanced Audio v2] => C:\Dolby PCEE4\pcee4.exe [506712 2011-06-01] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [SuiteTray] => C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe [341360 2011-09-20] (Egis Technology Inc.)
HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [450560 2014-02-14] (DivX, LLC)
HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1861968 2014-01-10] ()
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-608024502-4260226369-3383888787-1000\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
HKU\S-1-5-21-608024502-4260226369-3383888787-1001\...\Run: [Device Detection] => C:\Program Files (x86)\Lidl_Fotos\dd.exe [860528 2014-11-26] ()
HKU\S-1-5-21-608024502-4260226369-3383888787-1001\...\Run: [HP Photosmart 5520 series (NET)] => C:\Program Files\HP\HP Photosmart 5520 series\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-608024502-4260226369-3383888787-1001\...\Run: [Amazon Music] => C:\Users\Sonja\AppData\Local\Amazon Music\Amazon Music Helper.exe [6281536 2014-09-06] ()
HKU\S-1-5-21-608024502-4260226369-3383888787-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\System32\Acer.scr [450048 2011-09-13] ()
HKU\S-1-5-18\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
AppInit_DLLs-x32: c:\Windows\SysWOW64\nvinit.dll => c:\Windows\SysWOW64\nvinit.dll [141336 2013-09-05] (NVIDIA Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia)
Startup: C:\Users\Sonja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Die Prinzen Millionar.mp3.lnk
ShortcutTarget: Die Prinzen Millionar.mp3.lnk -> C:\ProgramData\{b11f671d-3060-98e6-b11f-f671d3069c74}\Die Prinzen Millionar.mp3.exe (No File)
Startup: C:\Users\Sonja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\die prinzen kssen verboten.lnk
ShortcutTarget: die prinzen kssen verboten.lnk -> C:\ProgramData\{d075ee4c-e609-54bb-d075-5ee4ce60b933}\die prinzen kssen verboten.exe (No File)
Startup: C:\Users\Sonja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Sonja\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Sonja\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Sonja\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Sonja\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Sonja\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Sonja\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Sonja\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Sonja\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\S-1-5-21-608024502-4260226369-3383888787-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=MSSE
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=MSSE
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-608024502-4260226369-3383888787-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=MSSE
HKU\S-1-5-21-608024502-4260226369-3383888787-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-608024502-4260226369-3383888787-1001\Software\Microsoft\Internet Explorer\Main,First Home Page = hxxp://go.microsoft.com/fwlink/?LinkID=226786&Mkt=de-DE&Src=MSE&Tid=000328B0&OHP=www.google.com&OSP=
SearchScopes: HKLM -> {0b4d26f6-61a8-4463-99dd-5f2fe0400fa6} URL =
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-608024502-4260226369-3383888787-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\Sonja\AppData\Roaming\Mozilla\Firefox\Profiles\rajhh0q2.default-1409765728724
FF Homepage: about:home
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll [2015-02-05] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-05] ()
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll [2013-09-17] (DivX, LLC.)
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll [2014-02-18] (DivX, LLC)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2014-04-15] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2014-04-15] (Foxit Corporation)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2014-01-06] (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-10-16] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2014-10-16] (Oracle Corporation)
FF Plugin-x32: @mcafee.com/SAFFPlugin -> C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5 -> C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll [2014-02-18] (RocketLife, LLP)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-06] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-06] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-608024502-4260226369-3383888787-1001: amazon.com/AmazonMP3DownloaderPlugin -> C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10174.dll No File
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Sonja\AppData\Roaming\Mozilla\Firefox\Profiles\rajhh0q2.default-1409765728724\searchplugins\google-images.xml [2014-09-27]
FF SearchPlugin: C:\Users\Sonja\AppData\Roaming\Mozilla\Firefox\Profiles\rajhh0q2.default-1409765728724\searchplugins\google-maps.xml [2014-09-27]
FF Extension: Adblock Plus - C:\Users\Sonja\AppData\Roaming\Mozilla\Firefox\Profiles\rajhh0q2.default-1409765728724\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-02-21]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2015-01-26]
Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: C:\Users\Sonja\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Secure Downloader) - C:\Users\Sonja\AppData\Local\Google\Chrome\User Data\Default\Extensions\njbcfghpoodhahbegndmbojmgkibhiol [2015-02-18]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2015-01-30] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366512 2015-01-30] (Microsoft Corporation)
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-01] (Symantec Corporation)
R2 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [256832 2011-04-24] (NTI Corporation)
R2 PDF Architect Helper Service; C:\Program Files (x86)\PDF Architect\HelperService.exe [1320496 2013-04-08] (pdfforge GmbH)
R2 PDF Architect Service; C:\Program Files (x86)\PDF Architect\ConversionService.exe [799280 2013-04-08] (pdfforge GmbH)
R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1228504 2013-11-04] (Secunia)
R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [660184 2013-11-04] (Secunia)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 e47f97f2; "C:\Windows\system32\rundll32.exe" "c:\Program Files (x86)\SystemPower\SystemPower.dll",serv
S2 HPSLPSVC; C:\Users\Sonja\AppData\Local\Temp\7zS1AA1\hpslpsvc64.dll [X]
S2 McAfee SiteAdvisor Service; c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe [X]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S1 acedrv06; C:\Windows\system32\drivers\acedrv06.sys [147456 2012-10-09] () [File not signed]
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [274696 2014-11-15] (Microsoft Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124560 2014-11-15] (Microsoft Corporation)
R3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2013-11-04] (Secunia)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-03-07 19:59 - 2015-03-07 19:59 - 00000000 ____D () C:\Users\Sonja\Desktop\FRST-OlderVersion
2015-03-07 19:57 - 2015-03-07 19:57 - 00852604 _____ () C:\Users\Sonja\Downloads\SecurityCheck.exe
2015-03-07 19:55 - 2015-03-07 19:55 - 00852604 _____ () C:\Users\Sonja\Desktop\SecurityCheck.exe
2015-03-07 15:10 - 2015-03-07 15:10 - 00000000 ____D () C:\Program Files (x86)\ESET
2015-03-07 15:09 - 2015-03-07 15:09 - 02347384 _____ (ESET) C:\Users\Sonja\Desktop\esetsmartinstaller_deu.exe
2015-03-06 22:42 - 2015-03-06 22:42 - 00001679 _____ () C:\Users\Sonja\Desktop\JRT.txt
2015-03-06 22:38 - 2015-03-06 22:38 - 01388333 _____ (Thisisu) C:\Users\Sonja\Desktop\JRT.exe
2015-03-06 22:20 - 2015-03-06 22:21 - 02126848 _____ () C:\Users\Sonja\Desktop\AdwCleaner_4.111.exe
2015-03-06 22:17 - 2015-03-06 22:17 - 00003163 _____ () C:\Users\Sonja\Desktop\mbam.txt
2015-03-05 14:36 - 2015-03-05 14:36 - 00026706 _____ () C:\ComboFix.txt
2015-03-05 14:36 - 2015-03-05 14:36 - 00000000 ____D () C:\Users\TEMP
2015-03-05 14:16 - 2015-03-05 14:36 - 00000000 ____D () C:\Qoobox
2015-03-05 14:16 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-03-05 14:16 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-03-05 14:16 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-03-05 14:16 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-03-05 14:16 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-03-05 14:16 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2015-03-05 14:16 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2015-03-05 14:16 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2015-03-05 14:15 - 2015-03-05 14:34 - 00000000 ____D () C:\Windows\erdnt
2015-03-05 14:13 - 2015-03-05 14:13 - 05612482 ____R (Swearware) C:\Users\Sonja\Desktop\ComboFix.exe
2015-03-04 12:03 - 2015-03-04 12:03 - 00000000 ____D () C:\TDSSKiller_Quarantine
2015-03-03 22:21 - 2015-03-03 22:21 - 04197016 _____ (Kaspersky Lab ZAO) C:\Users\Sonja\Desktop\tdsskiller.exe
2015-03-02 20:00 - 2015-03-02 20:00 - 00000000 ____D () C:\Program Files (x86)\7-Zip
2015-03-02 19:59 - 2015-03-02 19:59 - 01182149 _____ () C:\Users\Sonja\Downloads\7z936.exe
2015-03-02 19:07 - 2015-03-03 23:07 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-03-02 19:03 - 2015-03-03 23:07 - 00000000 ____D () C:\Users\Sonja\Desktop\mbar
2015-03-02 18:08 - 2015-03-02 18:09 - 16502728 _____ (Malwarebytes Corp.) C:\Users\Sonja\Desktop\mbar-1.09.1.1004.exe
2015-03-02 08:49 - 2015-03-02 08:49 - 00014138 _____ () C:\Users\Sonja\Desktop\GMER.log
2015-03-02 08:01 - 2015-03-02 08:05 - 00036665 _____ () C:\Users\Sonja\Desktop\Addition.txt
2015-03-02 07:59 - 2015-03-07 19:59 - 00019579 _____ () C:\Users\Sonja\Desktop\FRST.txt
2015-03-02 07:58 - 2015-03-07 20:00 - 00000000 ____D () C:\FRST
2015-03-02 07:54 - 2015-03-02 07:55 - 00000472 _____ () C:\Users\Sonja\Desktop\defogger_disable.log
2015-03-02 07:54 - 2015-03-02 07:54 - 00000000 _____ () C:\Users\Sonja\defogger_reenable
2015-03-02 07:49 - 2015-03-02 07:49 - 00380416 _____ () C:\Users\Sonja\Desktop\Gmer-19357.exe
2015-03-02 07:46 - 2015-03-07 19:59 - 02094592 _____ (Farbar) C:\Users\Sonja\Desktop\FRST64.exe
2015-03-02 07:39 - 2015-03-02 07:39 - 00050477 _____ () C:\Users\Sonja\Desktop\Defogger.exe
2015-02-25 21:06 - 2015-01-09 00:44 - 00419936 _____ () C:\Windows\SysWOW64\locale.nls
2015-02-25 21:06 - 2015-01-09 00:43 - 00419936 _____ () C:\Windows\system32\locale.nls
2015-02-20 08:01 - 2015-02-20 08:01 - 00840312 _____ (App Web ) C:\Users\Sonja\Downloads\adobe_flash_setup.exe
2015-02-18 20:38 - 2015-02-18 20:38 - 00000042 _____ () C:\Users\Sonja\AppData\Roaming\WB.CFG
2015-02-18 20:23 - 2015-02-18 20:23 - 00000000 ____D () C:\Program Files (x86)\Secure Downloader
2015-02-18 20:06 - 2015-02-18 20:06 - 00003140 _____ () C:\Windows\System32\Tasks\{8F3DEAAE-1ECC-4362-B02C-A4F771F9C2C7}
2015-02-18 19:41 - 2015-02-18 19:41 - 00000000 __SHD () C:\Users\Sonja\AppData\Local\EmieUserList
2015-02-18 19:41 - 2015-02-18 19:41 - 00000000 __SHD () C:\Users\Sonja\AppData\Local\EmieSiteList
2015-02-18 19:41 - 2015-02-18 19:41 - 00000000 __SHD () C:\Users\Sonja\AppData\Local\EmieBrowserModeList
2015-02-18 19:41 - 2015-02-18 19:41 - 00000000 ____D () C:\Windows\SysWOW64\Flash
2015-02-18 19:33 - 2015-02-18 19:49 - 00000000 ____D () C:\ProgramData\{dc73b5bd-2ead-65a6-dc73-3b5bd2ead6f4}
2015-02-18 19:31 - 2015-02-18 19:31 - 00000000 ____D () C:\shoplog
2015-02-18 19:25 - 2015-03-04 12:03 - 00000000 ____D () C:\Users\Sonja\AppData\Roaming\38FAE90D-1424287507-E111-9C39-DC0EA126DAF4
2015-02-18 19:10 - 2015-03-06 22:08 - 00000000 ____D () C:\ProgramData\{d075ee4c-e609-54bb-d075-5ee4ce60b933}
2015-02-18 19:01 - 2015-02-18 19:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\clean2PC
2015-02-18 19:01 - 2015-02-18 19:01 - 00000000 ____D () C:\Program Files (x86)\clean2PC
2015-02-18 18:56 - 2015-03-06 22:07 - 00000000 ____D () C:\Program Files (x86)\Chrome Notepad
2015-02-18 18:55 - 2015-03-06 22:08 - 00000000 ____D () C:\ProgramData\{b11f671d-3060-98e6-b11f-f671d3069c74}
2015-02-18 18:54 - 2015-03-06 22:07 - 00000000 ____D () C:\ProgramData\{2048d42c-81cc-fdba-2048-8d42c81c50b2}
2015-02-18 18:22 - 2015-01-09 04:14 - 00950272 _____ (Microsoft Corporation) C:\Windows\system32\perftrack.dll
2015-02-18 18:22 - 2015-01-09 04:14 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\wdi.dll
2015-02-18 18:22 - 2015-01-09 04:14 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\powertracker.dll
2015-02-18 18:22 - 2015-01-09 03:48 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdi.dll
2015-02-12 19:32 - 2015-01-23 05:42 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-02-12 19:32 - 2015-01-23 05:41 - 06041600 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-02-12 19:32 - 2015-01-23 04:43 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-02-12 19:32 - 2015-01-23 04:17 - 04300800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-02-11 19:43 - 2015-01-10 07:48 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-02-11 19:43 - 2015-01-10 07:48 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-02-11 19:43 - 2015-01-10 07:48 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-02-11 19:43 - 2015-01-10 07:48 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-02-11 19:43 - 2015-01-10 07:48 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-02-11 19:43 - 2015-01-10 07:48 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-02-11 19:43 - 2015-01-10 07:48 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-02-11 19:43 - 2015-01-10 07:27 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-02-11 19:43 - 2015-01-10 07:27 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-02-11 19:43 - 2015-01-10 07:27 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-02-11 19:43 - 2015-01-10 07:27 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-02-11 19:43 - 2015-01-10 07:27 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-02-11 19:43 - 2015-01-10 07:27 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-02-11 19:43 - 2015-01-10 07:27 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-02-11 19:43 - 2015-01-09 03:03 - 03201536 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-02-11 19:42 - 2015-01-14 06:47 - 00389808 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-02-11 19:42 - 2015-01-14 06:09 - 00342712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-02-11 19:42 - 2015-01-12 04:09 - 25056256 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-02-11 19:42 - 2015-01-12 04:05 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-02-11 19:42 - 2015-01-12 04:05 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-02-11 19:42 - 2015-01-12 03:49 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-02-11 19:42 - 2015-01-12 03:48 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-02-11 19:42 - 2015-01-12 03:48 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-02-11 19:42 - 2015-01-12 03:48 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-02-11 19:42 - 2015-01-12 03:47 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-02-11 19:42 - 2015-01-12 03:40 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-02-11 19:42 - 2015-01-12 03:39 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-02-11 19:42 - 2015-01-12 03:36 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-02-11 19:42 - 2015-01-12 03:34 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-02-11 19:42 - 2015-01-12 03:34 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-02-11 19:42 - 2015-01-12 03:25 - 19740160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-02-11 19:42 - 2015-01-12 03:25 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-02-11 19:42 - 2015-01-12 03:21 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-02-11 19:42 - 2015-01-12 03:21 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-02-11 19:42 - 2015-01-12 03:13 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-02-11 19:42 - 2015-01-12 03:08 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-02-11 19:42 - 2015-01-12 03:08 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-02-11 19:42 - 2015-01-12 03:07 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-02-11 19:42 - 2015-01-12 03:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-02-11 19:42 - 2015-01-12 03:07 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-02-11 19:42 - 2015-01-12 03:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-02-11 19:42 - 2015-01-12 03:04 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-02-11 19:42 - 2015-01-12 03:02 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-02-11 19:42 - 2015-01-12 03:00 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-02-11 19:42 - 2015-01-12 02:59 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-02-11 19:42 - 2015-01-12 02:57 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-02-11 19:42 - 2015-01-12 02:55 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-02-11 19:42 - 2015-01-12 02:48 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-02-11 19:42 - 2015-01-12 02:48 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-02-11 19:42 - 2015-01-12 02:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-02-11 19:42 - 2015-01-12 02:46 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-02-11 19:42 - 2015-01-12 02:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-02-11 19:42 - 2015-01-12 02:43 - 14401024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-02-11 19:42 - 2015-01-12 02:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-02-11 19:42 - 2015-01-12 02:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-02-11 19:42 - 2015-01-12 02:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-02-11 19:42 - 2015-01-12 02:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-02-11 19:42 - 2015-01-12 02:27 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-02-11 19:42 - 2015-01-12 02:23 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-02-11 19:42 - 2015-01-12 02:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-02-11 19:42 - 2015-01-12 02:22 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-02-11 19:42 - 2015-01-12 02:14 - 12829184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-02-11 19:42 - 2015-01-12 02:14 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-02-11 19:42 - 2015-01-12 02:02 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-02-11 19:42 - 2015-01-12 02:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-02-11 19:42 - 2015-01-12 01:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-02-11 19:42 - 2015-01-12 01:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-02-11 19:41 - 2015-01-15 09:14 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-02-11 19:41 - 2015-01-15 09:14 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-02-11 19:41 - 2015-01-15 09:09 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-02-11 19:41 - 2015-01-15 09:09 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-02-11 19:41 - 2015-01-15 09:09 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-02-11 19:41 - 2015-01-15 09:09 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-02-11 19:41 - 2015-01-15 09:09 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-02-11 19:41 - 2015-01-15 09:08 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-02-11 19:41 - 2015-01-15 09:06 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-02-11 19:41 - 2015-01-15 09:06 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-02-11 19:41 - 2015-01-15 09:04 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-02-11 19:41 - 2015-01-15 08:42 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-02-11 19:41 - 2015-01-15 08:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-02-11 19:41 - 2015-01-15 08:41 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-02-11 19:41 - 2015-01-15 08:39 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-02-11 19:41 - 2015-01-15 08:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-02-11 19:41 - 2015-01-15 08:37 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-02-11 19:41 - 2015-01-15 05:22 - 00458824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-02-11 19:41 - 2015-01-13 04:10 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-02-11 19:41 - 2015-01-13 03:49 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-02-11 19:40 - 2015-01-14 07:09 - 05554112 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-02-11 19:40 - 2015-01-14 07:05 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-02-11 19:40 - 2015-01-14 07:05 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-02-11 19:40 - 2015-01-14 07:04 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-02-11 19:40 - 2015-01-14 06:44 - 03972544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-02-11 19:40 - 2015-01-14 06:44 - 03917760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-02-11 19:40 - 2015-01-14 06:41 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-02-11 19:40 - 2014-12-12 06:31 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-02-11 19:40 - 2014-12-12 06:07 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2015-02-11 19:40 - 2014-12-08 04:09 - 00406528 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2015-02-11 19:40 - 2014-12-08 03:46 - 00308224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scesrv.dll
2015-02-11 19:40 - 2014-11-26 04:53 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2015-02-11 19:40 - 2014-11-26 04:32 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-03-07 19:59 - 2012-01-12 03:20 - 01102562 _____ () C:\Windows\WindowsUpdate.log
2015-03-07 19:35 - 2014-11-27 18:45 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-03-07 19:35 - 2014-09-10 20:43 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-03-07 19:31 - 2013-11-30 08:49 - 00000338 _____ () C:\Windows\Tasks\HP Photo Creations Communicator.job
2015-03-07 18:35 - 2014-09-10 20:43 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-03-07 11:25 - 2015-01-26 18:37 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-03-06 22:40 - 2009-07-14 05:45 - 00016752 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-03-06 22:40 - 2009-07-14 05:45 - 00016752 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-03-06 22:35 - 2013-03-10 08:25 - 00000000 ___RD () C:\Users\Sonja\Dropbox
2015-03-06 22:33 - 2013-03-10 08:24 - 00000000 ____D () C:\Users\Sonja\AppData\Roaming\Dropbox
2015-03-06 22:30 - 2010-11-21 04:47 - 00457328 _____ () C:\Windows\PFRO.log
2015-03-06 22:30 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-03-06 22:30 - 2009-07-14 05:51 - 00139913 _____ () C:\Windows\setupact.log
2015-03-06 22:28 - 2013-11-08 21:14 - 00000000 ____D () C:\AdwCleaner
2015-03-06 22:14 - 2014-09-03 22:17 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-03-06 22:08 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\LiveKernelReports
2015-03-05 14:36 - 2009-07-14 04:20 - 00000000 __RHD () C:\Users\Default
2015-03-05 14:29 - 2009-07-14 03:34 - 00000215 _____ () C:\Windows\system.ini
2015-03-03 22:17 - 2014-09-03 22:16 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-03-03 14:17 - 2010-11-21 04:27 - 00295552 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-03-02 08:50 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\NDF
2015-03-02 07:54 - 2012-06-20 20:21 - 00000000 ____D () C:\Users\Sonja
2015-03-01 09:41 - 2013-02-01 09:32 - 00000000 ____D () C:\NotenBox 7
2015-02-26 18:40 - 2009-07-14 06:08 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-02-20 18:36 - 2012-01-12 12:12 - 00700118 _____ () C:\Windows\system32\perfh007.dat
2015-02-20 18:36 - 2012-01-12 12:12 - 00149968 _____ () C:\Windows\system32\perfc007.dat
2015-02-20 18:36 - 2009-07-14 06:13 - 01622228 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-02-19 21:57 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\PLA
2015-02-18 22:10 - 2011-10-14 04:42 - 00000000 ____D () C:\Windows\ca
2015-02-18 20:11 - 2012-06-20 20:39 - 00001051 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-02-18 20:11 - 2012-06-20 20:39 - 00001039 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-02-18 20:11 - 2012-06-20 20:24 - 00001425 _____ () C:\Users\Sonja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-02-18 19:45 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\tracing
2015-02-18 19:38 - 2012-10-15 08:21 - 00000000 ____D () C:\Users\Sonja\AppData\Local\Adobe
2015-02-18 19:11 - 2012-07-10 19:37 - 00000000 ____D () C:\Users\Sonja\AppData\Roaming\vlc
2015-02-15 20:32 - 2012-10-09 10:50 - 00000000 ____D () C:\Users\Sonja\AppData\Roaming\Skype
2015-02-13 19:33 - 2013-03-10 08:25 - 00001015 _____ () C:\Users\Sonja\Desktop\Dropbox.lnk
2015-02-13 19:33 - 2013-03-10 08:24 - 00000000 ____D () C:\Users\Sonja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-02-11 21:25 - 2009-07-14 05:45 - 00312256 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-02-11 20:19 - 2013-11-23 21:17 - 00001912 _____ () C:\Windows\epplauncher.mif
2015-02-11 20:18 - 2013-11-23 21:17 - 00002121 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2015-02-11 20:18 - 2013-11-23 21:17 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2015-02-11 20:18 - 2013-11-23 21:17 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client
2015-02-11 20:18 - 2013-08-14 08:22 - 00000000 ____D () C:\Windows\system32\MRT
2015-02-11 20:12 - 2012-07-03 18:37 - 116773704 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-02-06 18:30 - 2014-09-10 20:43 - 00004106 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-02-06 18:30 - 2014-09-10 20:43 - 00003854 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-02-05 18:35 - 2014-11-27 18:45 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-02-05 18:35 - 2014-11-27 18:45 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-02-05 18:35 - 2014-11-27 18:45 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
==================== Files in the root of some directories =======
2015-01-25 17:12 - 2015-01-25 17:12 - 0001248 _____ () C:\Users\Sonja\AppData\Roaming\IVFLS
2015-01-25 17:12 - 2015-01-25 17:12 - 0002086 _____ () C:\Users\Sonja\AppData\Roaming\SX
2015-02-18 20:38 - 2015-02-18 20:38 - 0000042 _____ () C:\Users\Sonja\AppData\Roaming\WB.CFG
2013-04-02 09:54 - 2013-04-02 09:54 - 0000057 _____ () C:\ProgramData\Ament.ini
2012-01-12 03:47 - 2012-01-12 03:49 - 0015230 _____ () C:\ProgramData\ArcadeDeluxe5.log
2012-08-03 21:19 - 2012-08-03 21:20 - 0000317 _____ () C:\ProgramData\hpzinstall.log
2014-06-09 18:47 - 2014-06-09 18:50 - 0000032 _____ () C:\ProgramData\PS.log
Some content of TEMP:
====================
C:\Users\Sonja\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp2fvvcr.dll
C:\Users\Sonja\AppData\Local\Temp\Quarantine.exe
C:\Users\Sonja\AppData\Local\Temp\sqlite3.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-01-11 16:28
==================== End Of Log ============================
Vielen Dank schonmal. Geändert von Fanou (07.03.2015 um 20:01 Uhr) Grund: Beitragsverdichtung |
|
| Themen zu Windows 7, Adware eingefangen (Digisaver etc.) |
| adobe, adware, browser, cpu, defender, device driver, failed, firefox, flash player, home, homepage, iexplore.exe, install.exe, installmanager.exe, launch, mozilla, msiexec.exe, prozesse, realtek, registry, rundll, security, services.exe, siteadvisor, software, svchost.exe, symantec, system, taskmanager, teredo, windows |
angerousObject.Multi.Generic ) - skipped by user
Linear-Darstellung
