Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
Windows 7 - Evtl. Highjacking/ Trojaner-Infektion nach unvorsichtigem Download

Windows 7 - Evtl. Highjacking/ Trojaner-Infektion nach unvorsichtigem Download


Log-Analyse und Auswertung: Windows 7 - Evtl. Highjacking/ Trojaner-Infektion nach unvorsichtigem Download

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

Antwort
Seite 1 von 2 1 2
Alt 10.04.2015, 16:46   #1
muy_raro
 
Windows 7 - Evtl. Highjacking/ Trojaner-Infektion nach unvorsichtigem Download - Standard

Windows 7 - Evtl. Highjacking/ Trojaner-Infektion nach unvorsichtigem Download


Hallo zusammen

Da ich nicht mehr weiter weiss und mich vor einer evtl. Neuinstallation absichern möchte, würde ich mich über Hilfe sehr freuen.

Situation:
Ich habe vor etwa 4 Wochen unvorsichtigerweise einen Video-Torrent geladen, den ich eigentlich als DVD besitze, jedoch nicht mehr finden konnte. Meine Tochter wollte ihn halt unbedingt anschauen. Klingt blöd, ist blöd!
Jedenfalls habe ich beim entpacken des Rar-Kontainers bereits ein ungutes Gefühl gehabt. Nach dem Entpacken hat mein Desktop angefangen seltsame Sachen zu machen, rechte und linke Maustaste waren plötzlich vertauscht, teilweise verzögerte Reaktionen oder unresponsive, Fenster und Programme liessen sich nicht mehr öffnen, Hilfefenster gingen unvermittelt auf und kamen beim manuellen Schliessen sofort wieder, so dass keine weitere Benutzung möglich war. Abhilfe schaffte eine Trennung vom Internet, sofort waren alle Symptome verschunden und das OS funktionierte wieder normal. Dieses seltsame Verhalten tritt seitdem auf, jedoch scheinbar unspezifisch nur hin und wieder und hört bei Trennung vom Internet sofort auf.
Heute erschien plötzlich an Stelle des Mauszeiger ein gelber/goldener längs ovaler Ring mit "ega-Pixeln" (es erschien wie eine unbekannte Ladeanzeige??!) und das System ging in einen Freeze, der nur durch einen Hard-Reset gelöst werden konnte.

Da ich nach diesem für mich sehr befremdlichen Erlebnis jetzt mein System neu aufsetzen möchte muss ich vorher abklären, wie weit ein eventueller Befall fortgeschritten ist.
Bisher habe ich durchlaufen lassen, ohne Funde: Malwarebytes, Super-Anti-Spyware, Combo-Fix, Linux-Live desinfect (Avira, Bitdefender, Kaspersky). Das jedoch bereits vor ca. zwei Wochen, Logs sind leider nicht gespeichert, da keine Befunde.

Zusatzinfo:
(Ich habe vor ca. 6 Wochen, nach einem kompletten Hardware-Upgrade meiner Work-Station, ein Upgrade meines Win7-Premium auf Win7-Professionell gemacht. Das seltsameVerhalten begann jedoch direkt nach dem Entpacken des heruntergeladenen Rar-Archivs).

Ich möchte gern wissen, ob mein Rechner infiziert ist (Keylogger, Backdoor-Trojaner etc). Wenn, dann scheint es etwas Spezielles zu sein, keine normale Malware. Da ich auch eine Daten-Partition angeschlossen habe, würde ich gern wissen, wie ich mich Neuinstallationsmässig hier vor einem Neubefall absichern kann. Die ganze Geschichte ist mir sehr suspekt und ich habe so ein Verhalten in den vielen Jahren PC-Erfahrung noch nie erlebt. Eine andere Möglichkeit wäre, dass die Fehler von Problemen des OS herrühren, aber dass beim Trennen der Internet-Verbindung die Symptome verschwinden, erscheint mir diesbezüglich sehr merkwürdig.

Ich würde mich jedenfalls sehr freuen, wenn mir hier geholfen werden könnte.

Besten Gruss und Danke im Voraus
Karl

Alt 10.04.2015, 17:55   #2
schrauber
/// the machine
/// TB-Ausbilder
 
Windows 7 - Evtl. Highjacking/ Trojaner-Infektion nach unvorsichtigem Download - Standard

Windows 7 - Evtl. Highjacking/ Trojaner-Infektion nach unvorsichtigem Download


Hi,

Logs bitte immer in den Thread posten. Zur Not aufteilen und mehrere Posts nutzen.
Ich kann auf Arbeit keine Anhänge öffnen, danke.

So funktioniert es:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
__________________

__________________
Alt 10.04.2015, 18:48   #3
muy_raro
 
Windows 7 - Evtl. Highjacking/ Trojaner-Infektion nach unvorsichtigem Download - Standard

Windows 7 - Evtl. Highjacking/ Trojaner-Infektion nach unvorsichtigem Download


Hallo schrauber

Danke für deine schnelle Antwort.
Sry, hab es in der Anleitung so verstanden, die Anhänge als Zip hochzuladen. Hier die Logs nochmal als Textfiles.


FRST.txt


FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015
Ran by admin (administrator) on CROCUZ-PC on 10-04-2015 17:02:24
Running from C:\Users\crocuz\Downloads
Loaded Profiles: crocuz & admin (Available profiles: crocuz & admin & Administrator)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\avp.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler.exe
(Nokia) C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Nokia) C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Nokia) C:\Program Files (x86)\PC Connectivity Solution\Transports\NclUSBSrv64.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\avpui.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Windows\System32\igfxTray.exe
(Nokia) C:\Program Files (x86)\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Windows\System32\vds.exe
(Almico Software (www.almico.com)) C:\Program Files (x86)\SpeedFan\speedfan.exe
(Dropbox, Inc.) C:\Users\crocuz\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Mozilla Messaging) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
() C:\Users\crocuz\Downloads\Defogger.exe
(Farbar) C:\Users\crocuz\Downloads\FRST64(2).exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13260944 2012-11-19] (Realtek Semiconductor)
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [108144 2012-11-05] (Microsoft Corporation)
HKLM\...\RunOnce: [*WerKernelReporting] => C:\Windows\SYSTEM32\WerFault.exe [415232 2009-07-14] (Microsoft Corporation)
HKLM-x32\...\RunOnce: [{A49E89D9-C9B0-4C41-A0A2-D2336DBEE689}] => cmd.exe /C start /D "C:\Users\admin\AppData\Local\Temp" /B {A49E89D9-C9B0-4C41-A0A2-D2336DBEE689}.exe -accepteula -accepteulaksn -activeimages -postboot
HKU\S-1-5-21-2859920938-3614251155-1635578748-1000\...\Run: [NokiaSuite.exe] => C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe [1090912 2013-04-19] (Nokia)
HKU\S-1-5-21-2859920938-3614251155-1635578748-1000\...\Run: [dualmonitor] => [X]
HKU\S-1-5-21-2859920938-3614251155-1635578748-1000\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [26232152 2015-02-19] (Google)
HKU\S-1-5-21-2859920938-3614251155-1635578748-1000\...\MountPoints2: {f9c13ab5-647d-11e2-a49a-806e6f6e6963} - F:\Astart.exe
HKU\S-1-5-21-2859920938-3614251155-1635578748-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\PhotoScreensaver.scr [477696 2010-11-21] (Microsoft Corporation)
HKU\S-1-5-21-2859920938-3614251155-1635578748-1004\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [30520936 2014-11-18] (Skype Technologies S.A.)
HKU\S-1-5-21-2859920938-3614251155-1635578748-1004\...\RunOnce: [Report] => \AdwCleaner\AdwCleaner[S0].txt [1646 2015-03-04] ()
Startup: C:\Users\crocuz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\admin\AppData\Roaming\Dropbox\bin\Dropbox.exe (No File)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-2859920938-3614251155-1635578748-1004\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-2859920938-3614251155-1635578748-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKU\S-1-5-21-2859920938-3614251155-1635578748-1004\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Content Blocker Plugin -> {03C04F0A-E2A3-4F7F-BA30-BFA06FFD1358} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\x64\IEExt\ie_plugin.dll [2014-12-06] (Kaspersky Lab ZAO)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: Virtual Keyboard Plugin -> {B5D5BB14-C8E2-478D-9C97-574AC10AF9E8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\x64\IEExt\ie_plugin.dll [2014-12-06] (Kaspersky Lab ZAO)
BHO: Safe Money Plugin -> {E3D96E85-529D-4269-AC6A-97CF9E2221E3} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\x64\IEExt\ie_plugin.dll [2014-12-06] (Kaspersky Lab ZAO)
BHO-x32: Content Blocker Plugin -> {03C04F0A-E2A3-4F7F-BA30-BFA06FFD1358} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\IEExt\ie_plugin.dll [2014-12-06] (Kaspersky Lab ZAO)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Virtual Keyboard Plugin -> {B5D5BB14-C8E2-478D-9C97-574AC10AF9E8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\IEExt\ie_plugin.dll [2014-12-06] (Kaspersky Lab ZAO)
BHO-x32: Safe Money Plugin -> {E3D96E85-529D-4269-AC6A-97CF9E2221E3} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\IEExt\ie_plugin.dll [2014-12-06] (Kaspersky Lab ZAO)
Tcpip\Parameters: [DhcpNameServer] 192.168.43.1

FireFox:
========
FF ProfilePath: C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gb8hs0xx.default
FF Homepage: about:home|hxxp://www.giga.de/androidnews/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll [2015-02-11] ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-30] (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-11] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-02-13] (Google, Inc.)
FF Plugin-x32: @kaspersky.com/content_blocker_6418E0D362104DADA084DC312DFA8ABC -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\content_blocker@kaspersky.com [2014-12-06] ()
FF Plugin-x32: @kaspersky.com/online_banking_69A4E213815F42BD863D889007201D82 -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\online_banking@kaspersky.com [2014-12-06] ()
FF Plugin-x32: @kaspersky.com/virtual_keyboard_294FF26A1D5B455495946778FDE7CEDB -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\virtual_keyboard@kaspersky.com [2014-12-06] ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @nokia.com/EnablerPlugin -> C:\Program Files (x86)\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll [2013-04-19] ( )
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2014-12-13] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2014-12-13] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-11] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-11] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [content_blocker_6418E0D362104DADA084DC312DFA8ABC@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\content_blocker@kaspersky.com
FF Extension: Модуль блокування небезпечних веб-сайтів - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\content_blocker@kaspersky.com [2014-12-06]
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard_294FF26A1D5B455495946778FDE7CEDB@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Віртуальна клавіатура - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\virtual_keyboard@kaspersky.com [2014-12-06]
FF HKLM-x32\...\Firefox\Extensions: [online_banking_69A4E213815F42BD863D889007201D82@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\online_banking@kaspersky.com
FF Extension: Безпечні платежі - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\online_banking@kaspersky.com [2014-12-06]
FF HKLM-x32\...\Firefox\Extensions: [send.to.picturerelate@walthelm.net] - C:\Program Files (x86)\PictureRelate\SendToPictureRelate
FF Extension: SendToPictureRelate - C:\Program Files (x86)\PictureRelate\SendToPictureRelate [2014-12-21]
FF HKLM-x32\...\Firefox\Extensions: [{8AA36F4F-6DC7-4c06-77AF-5035170634FE}] - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox
FF Extension: Citavi Picker - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox [2014-12-22]

Chrome: 
=======
CHR Profile: C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-03-22]
CHR Extension: (Google Docs) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-03-22]
CHR Extension: (Google Drive) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-03-22]
CHR Extension: (YouTube) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-03-22]
CHR Extension: (Google Search) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-03-22]
CHR Extension: (Kaspersky Protection) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\dbhjdbfgekjfcfkkfjjmlmojhbllhbho [2015-03-22]
CHR Extension: (Google Sheets) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-03-22]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-04-03]
CHR Extension: (Google Wallet) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-03-22]
CHR Extension: (Citavi Picker) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohgndokldibnndfnjnagojmheejlengn [2015-03-22]
CHR Extension: (Gmail) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-22]
CHR HKLM\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho [Not Found]
CHR HKU\S-1-5-21-2859920938-3614251155-1635578748-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [ohgndokldibnndfnjnagojmheejlengn] - https://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-23] (SUPERAntiSpyware.com)
R2 AVP15.0.1; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\avp.exe [234520 2014-08-30] (Kaspersky Lab ZAO)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148560 2014-12-13] (NVIDIA Corporation)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [344976 2015-03-31] (Intel Corporation)
S3 Installer Service; C:\ProgramData\NokiaInstallerCache\ProductCache\{D5878294-C113-43c5-A24F-FC333C52015A}\{0C808377-8C23-44ED-9016-05F42E6D4900}\Installer\InstallerService.exe [125288 2013-09-20] ()
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1701520 2014-12-13] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19823248 2014-12-13] (NVIDIA Corporation)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5436176 2015-02-17] (TeamViewer GmbH)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 cmuda3; C:\Windows\System32\drivers\cmudax3.sys [1155072 2009-05-22] (C-Media Inc)
R0 cm_km_w; C:\Windows\System32\DRIVERS\cm_km_w.sys [238288 2013-01-14] (Kaspersky Lab UK Ltd)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-11-10] (Disc Soft Ltd)
R3 dvdfab; C:\Windows\System32\drivers\dvdfab.sys [79232 2011-08-15] (Fengtao Software Inc.)
R3 e1dexpress; C:\Windows\System32\DRIVERS\e1d62x64.sys [495376 2013-05-30] (Intel Corporation)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [468576 2014-03-31] (Kaspersky Lab ZAO)
R2 kldisk; C:\Windows\System32\DRIVERS\kldisk.sys [46144 2014-07-02] (Kaspersky Lab ZAO)
R3 klflt; C:\Windows\System32\DRIVERS\klflt.sys [150536 2014-12-06] (Kaspersky Lab ZAO)
R1 klhk; C:\Windows\System32\DRIVERS\klhk.sys [246456 2014-08-12] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [819896 2015-03-11] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [30304 2014-02-25] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [28768 2014-03-28] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-08-08] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [55872 2014-06-05] (Kaspersky Lab ZAO)
R1 Klwtp; C:\Windows\System32\DRIVERS\klwtp.sys [77512 2014-12-06] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [179776 2014-07-09] (Kaspersky Lab ZAO)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2014-12-13] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
U3 pxlirpob; \??\C:\Users\admin\AppData\Local\Temp\pxlirpob.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-10 17:00 - 2015-04-10 17:00 - 00380416 _____ () C:\Users\crocuz\Downloads\Gmer-19357.exe
2015-04-10 17:00 - 2015-04-10 17:00 - 00000472 _____ () C:\Users\crocuz\Downloads\defogger_disable.log
2015-04-10 17:00 - 2015-04-10 17:00 - 00000000 _____ () C:\Users\admin\defogger_reenable
2015-04-10 16:59 - 2015-04-10 16:59 - 02095616 _____ (Farbar) C:\Users\crocuz\Downloads\FRST64(2).exe
2015-04-10 16:58 - 2015-04-10 16:58 - 00050477 _____ () C:\Users\crocuz\Downloads\Defogger.exe
2015-04-10 16:28 - 2015-04-10 16:28 - 00000118 _____ () C:\Windows\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2015-04-09 12:54 - 2015-04-09 12:54 - 00015871 _____ () C:\Users\crocuz\Desktop\Ziegler1.xltx
2015-04-08 18:34 - 2015-04-08 18:34 - 00000401 _____ () C:\Windows\system32\{F33C3B9B-72AF-418A-B3FD-560646F7CDA2}.bat
2015-04-08 18:28 - 2015-04-08 18:36 - 00000508 _____ () C:\Windows\system32\TeamViewer10_Hooks.log
2015-04-08 18:21 - 2015-04-10 16:28 - 00000000 ____D () C:\Intel
2015-04-08 18:21 - 2015-04-08 18:21 - 00000000 ____D () C:\Program Files (x86)\Intel
2015-04-08 00:20 - 2015-04-08 18:36 - 00000000 ____D () C:\Program Files (x86)\TeamViewer
2015-04-08 00:20 - 2015-04-08 00:20 - 00001059 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 10.lnk
2015-04-08 00:20 - 2015-04-08 00:20 - 00001047 _____ () C:\Users\Public\Desktop\TeamViewer 10.lnk
2015-04-08 00:20 - 2015-04-08 00:20 - 00000000 ____D () C:\Users\admin\AppData\Roaming\TeamViewer
2015-04-08 00:20 - 2015-01-20 11:45 - 00035112 _____ (TeamViewer GmbH) C:\Windows\system32\Drivers\teamviewervpn.sys
2015-04-07 19:04 - 2015-04-07 19:36 - 00001597 _____ () C:\Users\crocuz\Desktop\Google Drive.lnk
2015-04-07 19:04 - 2015-04-07 19:35 - 00000000 ___RD () C:\Users\crocuz\Google Drive
2015-04-07 19:03 - 2015-04-07 19:03 - 00002054 _____ () C:\Users\Public\Desktop\Google Slides.lnk
2015-04-07 19:03 - 2015-04-07 19:03 - 00002052 _____ () C:\Users\Public\Desktop\Google Sheets.lnk
2015-04-07 19:03 - 2015-04-07 19:03 - 00002042 _____ () C:\Users\Public\Desktop\Google Docs.lnk
2015-04-07 19:03 - 2015-04-07 19:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2015-04-07 19:02 - 2015-04-07 19:02 - 00880208 _____ (Google Inc.) C:\Users\crocuz\Downloads\googledrivesync.exe
2015-04-05 03:00 - 2015-04-07 08:47 - 00000000 ___SD () C:\Windows\system32\GWX
2015-04-05 03:00 - 2015-04-05 03:00 - 00000000 ___SD () C:\Windows\SysWOW64\GWX
2015-04-04 21:58 - 2015-04-04 21:58 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-04-04 15:00 - 2015-04-04 15:00 - 00001965 _____ () C:\Users\crocuz\AppData\Local\recently-used.xbel
2015-04-04 14:20 - 2015-04-04 14:20 - 00000000 ___HD () C:\Users\crocuz\Desktop\.picasaoriginals
2015-04-03 15:56 - 2015-04-03 15:56 - 00000907 _____ () C:\Users\Public\Desktop\Inkscape 0.91.lnk
2015-04-03 15:56 - 2015-04-03 15:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Inkscape 0.91
2015-04-03 15:56 - 2015-04-03 15:56 - 00000000 ____D () C:\Program Files\Inkscape
2015-04-03 15:48 - 2015-04-03 15:50 - 97868152 _____ () C:\Users\crocuz\Downloads\inkscape-0.91-x64.msi
2015-04-03 15:46 - 2015-04-03 15:46 - 00040059 _____ () C:\Users\crocuz\Desktop\logo_aktuell_argb_final_illu_neu_srgb2_gerader daumen_ohne kontur.svg
2015-03-31 19:02 - 2015-03-31 19:02 - 24802928 _____ (Intel Corporation) C:\Windows\system32\igdumdim64.dll
2015-03-31 19:02 - 2015-03-31 19:02 - 06067760 _____ (Intel Corporation) C:\Windows\system32\igdusc64.dll
2015-03-31 19:02 - 2015-03-31 19:02 - 04782296 _____ (Intel Corporation) C:\Windows\SysWOW64\igdusc32.dll
2015-03-31 19:02 - 2015-03-31 19:02 - 02813952 _____ () C:\Windows\system32\iglhxa64.cpa
2015-03-31 19:02 - 2015-03-31 19:02 - 02024960 _____ (Intel Corporation) C:\Windows\system32\igfxLHM.dll
2015-03-31 19:02 - 2015-03-31 19:02 - 01402336 _____ (Intel Corporation) C:\Windows\system32\iglhsip64.dll
2015-03-31 19:02 - 2015-03-31 19:02 - 01399240 _____ (Intel Corporation) C:\Windows\SysWOW64\iglhsip32.dll
2015-03-31 19:02 - 2015-03-31 19:02 - 01369088 _____ (Intel Corporation) C:\Windows\system32\igfxcmjit64.dll
2015-03-31 19:02 - 2015-03-31 19:02 - 01063936 _____ (Intel Corporation) C:\Windows\SysWOW64\igfxcmjit32.dll
2015-03-31 19:02 - 2015-03-31 19:02 - 00695808 _____ (Intel Corporation) C:\Windows\system32\igfxDH.dll
2015-03-31 19:02 - 2015-03-31 19:02 - 00623616 _____ (Intel Corporation) C:\Windows\system32\MetroIntelGenericUIFramework.dll
2015-03-31 19:02 - 2015-03-31 19:02 - 00403671 _____ () C:\Windows\system32\ImageStabilization.wmv
2015-03-31 19:02 - 2015-03-31 19:02 - 00392592 _____ () C:\Windows\system32\igfxTray.exe
2015-03-31 19:02 - 2015-03-31 19:02 - 00385024 _____ (Intel Corporation) C:\Windows\system32\igfxOSP.dll
2015-03-31 19:02 - 2015-03-31 19:02 - 00372224 _____ (Intel Corporation) C:\Windows\system32\IntelOpenCL64.dll
2015-03-31 19:02 - 2015-03-31 19:02 - 00344976 _____ (Intel Corporation) C:\Windows\system32\igfxCUIService.exe
2015-03-31 19:02 - 2015-03-31 19:02 - 00314256 _____ (Intel Corporation) C:\Windows\system32\igfxEM.exe
2015-03-31 19:02 - 2015-03-31 19:02 - 00304128 _____ (Intel Corporation) C:\Windows\SysWOW64\IntelOpenCL32.dll
2015-03-31 19:02 - 2015-03-31 19:02 - 00279952 _____ (Intel Corporation) C:\Windows\SysWOW64\IntelCpHeciSvc.exe
2015-03-31 19:02 - 2015-03-31 19:02 - 00278528 _____ (Intel Corporation) C:\Windows\system32\igfxDI.dll
2015-03-31 19:02 - 2015-03-31 19:02 - 00255488 _____ () C:\Windows\system32\igfxCPL.cpl
2015-03-31 19:02 - 2015-03-31 19:02 - 00249232 _____ (Intel Corporation) C:\Windows\system32\igfxHK.exe
2015-03-31 19:02 - 2015-03-31 19:02 - 00229888 _____ (Intel Corporation) C:\Windows\system32\igfxDTCM.dll
2015-03-31 19:02 - 2015-03-31 19:02 - 00220432 _____ (Intel Corporation) C:\Windows\system32\iglhcp64.dll
2015-03-31 19:02 - 2015-03-31 19:02 - 00218512 _____ (Intel Corporation) C:\Windows\system32\igfxext.exe
2015-03-31 19:02 - 2015-03-31 19:02 - 00213504 _____ (Intel Corporation) C:\Windows\system32\igfx11cmrt64.dll
2015-03-31 19:02 - 2015-03-31 19:02 - 00211656 _____ (Intel Corporation) C:\Windows\system32\igfxcmrt64.dll
2015-03-31 19:02 - 2015-03-31 19:02 - 00184352 _____ (Intel Corporation) C:\Windows\SysWOW64\iglhcp32.dll
2015-03-31 19:02 - 2015-03-31 19:02 - 00183296 _____ (Intel Corporation) C:\Windows\system32\igfxCoIn_v4156.dll
2015-03-31 19:02 - 2015-03-31 19:02 - 00178672 _____ (Intel Corporation) C:\Windows\SysWOW64\igfxcmrt32.dll
2015-03-31 19:02 - 2015-03-31 19:02 - 00178176 _____ (Intel Corporation) C:\Windows\SysWOW64\igfx11cmrt32.dll
2015-03-31 19:02 - 2015-03-31 19:02 - 00086528 _____ (Khronos Group) C:\Windows\SysWOW64\Intel_OpenCL_ICD32.dll
2015-03-31 19:02 - 2015-03-31 19:02 - 00086528 _____ () C:\Windows\system32\igfxCUIServicePS.dll
2015-03-31 19:02 - 2015-03-31 19:02 - 00082432 _____ (Khronos Group) C:\Windows\system32\Intel_OpenCL_ICD64.dll
2015-03-31 19:02 - 2015-03-31 19:02 - 00069632 _____ ( ) C:\Windows\system32\igfxDHLibv2_0.dll
2015-03-31 19:02 - 2015-03-31 19:02 - 00059904 _____ ( ) C:\Windows\system32\igfxDHLib.dll
2015-03-31 19:02 - 2015-03-31 19:02 - 00044025 _____ () C:\Windows\system32\iglhxo64.vp
2015-03-31 19:02 - 2015-03-31 19:02 - 00043816 _____ () C:\Windows\system32\iglhxc64_dev.vp
2015-03-31 19:02 - 2015-03-31 19:02 - 00043494 _____ () C:\Windows\system32\iglhxc64.vp
2015-03-31 19:02 - 2015-03-31 19:02 - 00043298 _____ () C:\Windows\system32\iglhxg64_dev.vp
2015-03-31 19:02 - 2015-03-31 19:02 - 00043256 _____ () C:\Windows\system32\iglhxg64.vp
2015-03-31 19:02 - 2015-03-31 19:02 - 00042079 _____ () C:\Windows\system32\iglhxo64_dev.vp
2015-03-31 19:02 - 2015-03-31 19:02 - 00036616 _____ (Intel Corporation) C:\Windows\system32\igfxexps.dll
2015-03-31 19:02 - 2015-03-31 19:02 - 00035328 _____ (Intel Corporation) C:\Windows\SysWOW64\igfxexps32.dll
2015-03-31 19:02 - 2015-03-31 19:02 - 00010752 _____ ( ) C:\Windows\system32\igfxDILibv2_0.dll
2015-03-31 19:02 - 2015-03-31 19:02 - 00010752 _____ ( ) C:\Windows\system32\igfxDILib.dll
2015-03-31 19:02 - 2015-03-31 19:02 - 00010240 _____ ( ) C:\Windows\system32\igfxEMLibv2_0.dll
2015-03-31 19:02 - 2015-03-31 19:02 - 00010240 _____ ( ) C:\Windows\system32\igfxEMLib.dll
2015-03-31 19:02 - 2015-03-31 19:02 - 00005120 _____ ( ) C:\Windows\system32\igfxLHMLibv2_0.dll
2015-03-31 19:02 - 2015-03-31 19:02 - 00005120 _____ ( ) C:\Windows\system32\igfxLHMLib.dll
2015-03-31 19:02 - 2015-03-31 19:02 - 00004016 _____ () C:\Windows\system32\iglhxs64.vp
2015-03-31 19:02 - 2015-03-31 19:02 - 00001125 _____ () C:\Windows\system32\iglhxa64.vp
2015-03-31 19:01 - 2015-03-31 19:01 - 24003648 _____ (Intel Corporation) C:\Windows\SysWOW64\igdumdim32.dll
2015-03-31 19:01 - 2015-03-31 19:01 - 17761872 _____ () C:\Windows\system32\igd11dxva64.dll
2015-03-31 19:01 - 2015-03-31 19:01 - 17285440 _____ () C:\Windows\SysWOW64\igd11dxva32.dll
2015-03-31 19:01 - 2015-03-31 19:01 - 15982080 _____ (Intel Corporation) C:\Windows\system32\igdfcl64.dll
2015-03-31 19:01 - 2015-03-31 19:01 - 10853888 _____ (Intel Corporation) C:\Windows\SysWOW64\igdfcl32.dll
2015-03-31 19:01 - 2015-03-31 19:01 - 09396160 _____ (Intel Corporation) C:\Windows\system32\igd10iumd64.dll
2015-03-31 19:01 - 2015-03-31 19:01 - 08605632 _____ (Intel Corporation) C:\Windows\SysWOW64\igd10iumd32.dll
2015-03-31 19:01 - 2015-03-31 19:01 - 06021437 _____ () C:\Windows\system32\igdclbif.bin
2015-03-31 19:01 - 2015-03-31 19:01 - 04877240 _____ (Intel Corporation) C:\Windows\system32\Drivers\igdkmd64.sys
2015-03-31 19:01 - 2015-03-31 19:01 - 03550208 _____ (Intel Corporation) C:\Windows\system32\igdrcl64.dll
2015-03-31 19:01 - 2015-03-31 19:01 - 03320320 _____ (Intel Corporation) C:\Windows\SysWOW64\igdrcl32.dll
2015-03-31 19:01 - 2015-03-31 19:01 - 00636016 _____ (Intel Corporation) C:\Windows\system32\igdmd64.dll
2015-03-31 19:01 - 2015-03-31 19:01 - 00515488 _____ (Intel Corporation) C:\Windows\SysWOW64\igdmd32.dll
2015-03-31 19:01 - 2015-03-31 19:01 - 00398848 _____ (Intel Corporation) C:\Windows\system32\igdbcl64.dll
2015-03-31 19:01 - 2015-03-31 19:01 - 00350208 _____ (Intel Corporation) C:\Windows\SysWOW64\igdbcl32.dll
2015-03-31 19:01 - 2015-03-31 19:01 - 00282696 _____ (Intel Corporation) C:\Windows\system32\igd10idpp64.dll
2015-03-31 19:01 - 2015-03-31 19:01 - 00263120 _____ (Intel Corporation) C:\Windows\SysWOW64\igd10idpp32.dll
2015-03-31 19:01 - 2015-03-31 19:01 - 00227328 _____ () C:\Windows\system32\igdde64.dll
2015-03-31 19:01 - 2015-03-31 19:01 - 00187392 _____ () C:\Windows\SysWOW64\igdde32.dll
2015-03-31 19:01 - 2015-03-31 19:01 - 00169984 _____ (Intel Corporation) C:\Windows\system32\igdail64.dll
2015-03-31 19:01 - 2015-03-31 19:01 - 00152064 _____ (Intel Corporation) C:\Windows\SysWOW64\igdail32.dll
2015-03-31 19:00 - 2015-03-31 19:00 - 09504256 _____ (Intel Corporation) C:\Windows\system32\ig75icd64.dll
2015-03-31 19:00 - 2015-03-31 19:00 - 07484416 _____ (Intel Corporation) C:\Windows\SysWOW64\ig75icd32.dll
2015-03-31 19:00 - 2015-03-31 19:00 - 01131008 _____ (Intel Corporation) C:\Windows\system32\GfxResources.dll
2015-03-31 19:00 - 2015-03-31 19:00 - 01029008 _____ (Intel Corporation) C:\Windows\system32\Gfxv4_0.exe
2015-03-31 19:00 - 2015-03-31 19:00 - 01025936 _____ (Intel Corporation) C:\Windows\system32\Gfxv2_0.exe
2015-03-31 19:00 - 2015-03-31 19:00 - 00641530 _____ () C:\Windows\system32\FilmModeDetection.wmv
2015-03-31 19:00 - 2015-03-31 19:00 - 00448912 _____ (Intel Corporation) C:\Windows\system32\GfxUIEx.exe
2015-03-31 19:00 - 2015-03-31 19:00 - 00375173 _____ () C:\Windows\system32\ColorImageEnhancement.wmv
2015-03-31 19:00 - 2015-03-31 19:00 - 00339344 _____ (Intel Corporation) C:\Windows\system32\DPTopologyApp.exe
2015-03-31 19:00 - 2015-03-31 19:00 - 00338832 _____ (Intel Corporation) C:\Windows\system32\DPTopologyAppv2_0.exe
2015-03-31 19:00 - 2015-03-31 19:00 - 00157072 _____ (Intel Corporation) C:\Windows\system32\difx64.exe
2015-03-31 19:00 - 2015-03-31 19:00 - 00094208 _____ () C:\Windows\system32\IccLibDll_x64.dll
2015-03-27 18:13 - 2015-03-27 18:13 - 00595145 _____ (GBOOKSDOWNLOADER.COM ) C:\Users\crocuz\Downloads\gbooks_latest.exe
2015-03-27 18:10 - 2015-03-27 18:13 - 00001116 _____ () C:\Users\Public\Desktop\Google Books Downloader.lnk
2015-03-27 18:10 - 2015-03-27 18:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Books Downloader
2015-03-27 18:10 - 2015-03-27 18:13 - 00000000 ____D () C:\Program Files (x86)\Google Books Downloader
2015-03-27 18:10 - 2015-03-27 18:10 - 00657781 _____ (GBOOKSDOWNLOADER.COM ) C:\Users\crocuz\Downloads\google-book-downloader_19557.exe
2015-03-27 13:46 - 2015-04-03 21:04 - 00000000 ____D () C:\Users\crocuz\AppData\Roaming\MediaMonkey
2015-03-27 13:46 - 2015-03-27 13:46 - 15621448 _____ (Ventis Media Inc. ) C:\Users\crocuz\Downloads\MediaMonkey_4.1.6.1736.exe
2015-03-27 13:46 - 2015-03-27 13:46 - 00001059 _____ () C:\Users\Public\Desktop\MediaMonkey.lnk
2015-03-27 13:46 - 2015-03-27 13:46 - 00000000 ____D () C:\Users\crocuz\AppData\Local\MediaMonkey
2015-03-27 13:46 - 2015-03-27 13:46 - 00000000 ____D () C:\Users\admin\AppData\Roaming\MediaMonkey
2015-03-27 13:46 - 2015-03-27 13:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MediaMonkey
2015-03-27 13:46 - 2015-03-27 13:46 - 00000000 ____D () C:\ProgramData\MediaMonkey
2015-03-27 13:46 - 2015-03-27 13:46 - 00000000 ____D () C:\Program Files (x86)\MediaMonkey
2015-03-25 20:48 - 2015-03-11 06:06 - 00943616 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-03-25 20:48 - 2015-03-11 06:06 - 00760832 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-03-25 20:48 - 2015-03-11 06:06 - 00677888 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-03-25 20:48 - 2015-03-11 06:06 - 00414720 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-03-25 20:48 - 2015-03-11 06:05 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-03-25 20:48 - 2015-03-11 06:05 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-03-25 20:48 - 2015-03-11 06:05 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-03-25 20:48 - 2015-03-11 06:02 - 01107456 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-03-24 14:52 - 2015-03-24 14:52 - 00006470 _____ () C:\Windows\PFRO.log
2015-03-22 16:52 - 2015-03-22 16:52 - 00115592 _____ (pdfforge GmbH) C:\Windows\system32\pdfcmon.dll
2015-03-22 16:52 - 2015-03-22 16:52 - 00000848 _____ () C:\Users\Public\Desktop\PDFCreator.lnk
2015-03-22 16:52 - 2015-03-22 16:52 - 00000000 ____D () C:\Users\crocuz\AppData\Local\PDFCreator
2015-03-22 16:52 - 2015-03-22 16:52 - 00000000 ____D () C:\Users\admin\AppData\Roaming\pdfforge
2015-03-22 16:52 - 2015-03-22 16:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator
2015-03-22 16:52 - 2015-03-22 16:52 - 00000000 ____D () C:\Program Files\PDFCreator
2015-03-22 16:50 - 2015-03-22 16:50 - 27834848 _____ (pdfforge ) C:\Users\crocuz\Downloads\PDFCreator-2_1_0-setup.exe
2015-03-22 16:13 - 2015-03-22 16:13 - 06305280 _____ () C:\Users\crocuz\Downloads\Word2007RedactionTool(1).exe
2015-03-22 16:11 - 2015-03-22 16:15 - 00000000 ____D () C:\Users\admin\AppData\Local\Deployment
2015-03-22 16:11 - 2015-03-22 16:11 - 00000000 ____D () C:\Users\admin\AppData\Local\Apps\2.0
2015-03-22 16:10 - 2015-03-22 16:10 - 06305280 _____ () C:\Users\crocuz\Downloads\Word2007RedactionTool.exe
2015-03-22 00:05 - 2015-03-22 00:06 - 00385880 _____ () C:\Windows\Minidump\032115-18330-01.dmp
2015-03-22 00:05 - 2015-03-22 00:05 - 704054168 _____ () C:\Windows\MEMORY.DMP
2015-03-22 00:05 - 2015-03-22 00:05 - 00000000 ____D () C:\Windows\Minidump
2015-03-19 22:38 - 2015-03-19 22:38 - 00002170 _____ () C:\Users\Public\Desktop\Style Builder 2015.lnk
2015-03-19 22:38 - 2015-03-19 22:38 - 00002084 _____ () C:\Users\Public\Desktop\LayOut 2015.lnk
2015-03-19 22:38 - 2015-03-19 22:38 - 00001999 _____ () C:\Users\Public\Desktop\SketchUp 2015.lnk
2015-03-19 22:38 - 2015-03-19 22:38 - 00000000 ____D () C:\Users\crocuz\AppData\Roaming\SketchUp
2015-03-19 22:38 - 2015-03-19 22:38 - 00000000 ____D () C:\ProgramData\Reprise
2015-03-19 22:38 - 2015-03-19 22:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SketchUp 2015
2015-03-19 22:37 - 2015-03-19 22:37 - 00000000 ____D () C:\ProgramData\SketchUp
2015-03-19 22:37 - 2015-03-19 22:37 - 00000000 ____D () C:\Program Files\SketchUp
2015-03-19 22:34 - 2015-03-19 22:37 - 119538880 _____ (Trimble Navigation Limited) C:\Users\crocuz\Downloads\SketchUpMake153-de-x64.exe
2015-03-19 22:21 - 2015-03-19 22:28 - 321350968 _____ () C:\Users\crocuz\Downloads\Desjet3D-V110-4144-64bit.exe
2015-03-13 14:42 - 2015-03-13 14:42 - 00880208 _____ (Google Inc.) C:\Users\crocuz\Downloads\ChromeSetup.exe
2015-03-12 04:31 - 2015-04-10 16:34 - 00004424 _____ () C:\Windows\setupact.log
2015-03-12 04:31 - 2015-03-12 04:31 - 00000000 _____ () C:\Windows\setuperr.log
2015-03-11 17:49 - 2015-02-20 06:41 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-03-11 17:49 - 2015-02-20 06:40 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-03-11 17:49 - 2015-02-20 06:40 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-03-11 17:49 - 2015-02-20 06:40 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-03-11 17:49 - 2015-02-20 06:13 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2015-03-11 17:49 - 2015-02-20 06:13 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-03-11 17:49 - 2015-02-20 06:13 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2015-03-11 17:49 - 2015-02-20 06:12 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2015-03-11 17:49 - 2015-02-20 05:29 - 00372224 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-03-11 17:49 - 2015-02-20 05:09 - 00299008 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-03-11 17:49 - 2015-02-03 05:34 - 05554104 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-03-11 17:49 - 2015-02-03 05:34 - 00693176 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2015-03-11 17:49 - 2015-02-03 05:34 - 00094656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2015-03-11 17:49 - 2015-02-03 05:33 - 00616360 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2015-03-11 17:49 - 2015-02-03 05:31 - 14632960 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2015-03-11 17:49 - 2015-02-03 05:31 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2015-03-11 17:49 - 2015-02-03 05:31 - 01574400 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2015-03-11 17:49 - 2015-02-03 05:31 - 00782848 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
2015-03-11 17:49 - 2015-02-03 05:31 - 00641024 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
2015-03-11 17:49 - 2015-02-03 05:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-03-11 17:49 - 2015-02-03 05:31 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2015-03-11 17:49 - 2015-02-03 05:31 - 00432128 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2015-03-11 17:49 - 2015-02-03 05:31 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2015-03-11 17:49 - 2015-02-03 05:31 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
2015-03-11 17:49 - 2015-02-03 05:31 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2015-03-11 17:49 - 2015-02-03 05:31 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2015-03-11 17:49 - 2015-02-03 05:31 - 00188416 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2015-03-11 17:49 - 2015-02-03 05:31 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2015-03-11 17:49 - 2015-02-03 05:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-03-11 17:49 - 2015-02-03 05:31 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\pcadm.dll
2015-03-11 17:49 - 2015-02-03 05:31 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
2015-03-11 17:49 - 2015-02-03 05:31 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2015-03-11 17:49 - 2015-02-03 05:31 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2015-03-11 17:49 - 2015-02-03 05:31 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2015-03-11 17:49 - 2015-02-03 05:30 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2015-03-11 17:49 - 2015-02-03 05:30 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-03-11 17:49 - 2015-02-03 05:30 - 01202176 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
2015-03-11 17:49 - 2015-02-03 05:30 - 01069056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
2015-03-11 17:49 - 2015-02-03 05:30 - 00842240 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
2015-03-11 17:49 - 2015-02-03 05:30 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2015-03-11 17:49 - 2015-02-03 05:30 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2015-03-11 17:49 - 2015-02-03 05:30 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
2015-03-11 17:49 - 2015-02-03 05:30 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2015-03-11 17:49 - 2015-02-03 05:30 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-03-11 17:49 - 2015-02-03 05:30 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2015-03-11 17:49 - 2015-02-03 05:30 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2015-03-11 17:49 - 2015-02-03 05:30 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2015-03-11 17:49 - 2015-02-03 05:30 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2015-03-11 17:49 - 2015-02-03 05:30 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2015-03-11 17:49 - 2015-02-03 05:30 - 00126464 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2015-03-11 17:49 - 2015-02-03 05:30 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-03-11 17:49 - 2015-02-03 05:30 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll
2015-03-11 17:49 - 2015-02-03 05:30 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2015-03-11 17:49 - 2015-02-03 05:30 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2015-03-11 17:49 - 2015-02-03 05:30 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-03-11 17:49 - 2015-02-03 05:30 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2015-03-11 17:49 - 2015-02-03 05:30 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2015-03-11 17:49 - 2015-02-03 05:30 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2015-03-11 17:49 - 2015-02-03 05:30 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\pcawrk.exe
2015-03-11 17:49 - 2015-02-03 05:30 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\pcalua.exe
2015-03-11 17:49 - 2015-02-03 05:29 - 00008704 _____ (Microsoft Corporation) C:\Windows\system32\pcaevts.dll
2015-03-11 17:49 - 2015-02-03 05:28 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-03-11 17:49 - 2015-02-03 05:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2015-03-11 17:49 - 2015-02-03 05:19 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
2015-03-11 17:49 - 2015-02-03 05:16 - 03973048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-03-11 17:49 - 2015-02-03 05:16 - 03917760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-03-11 17:49 - 2015-02-03 05:12 - 11411968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2015-03-11 17:49 - 2015-02-03 05:12 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2015-03-11 17:49 - 2015-02-03 05:12 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2015-03-11 17:49 - 2015-02-03 05:12 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2015-03-11 17:49 - 2015-02-03 05:12 - 01005056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll
2015-03-11 17:49 - 2015-02-03 05:12 - 00988160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmv2clt.dll
2015-03-11 17:49 - 2015-02-03 05:12 - 00744960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\blackbox.dll
2015-03-11 17:49 - 2015-02-03 05:12 - 00617984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmsdk.dll
2015-03-11 17:49 - 2015-02-03 05:12 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2015-03-11 17:49 - 2015-02-03 05:12 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscp.dll
2015-03-11 17:49 - 2015-02-03 05:12 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
2015-03-11 17:49 - 2015-02-03 05:12 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2015-03-11 17:49 - 2015-02-03 05:12 - 00406016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmmgrtn.dll
2015-03-11 17:49 - 2015-02-03 05:12 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2015-03-11 17:49 - 2015-02-03 05:12 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2015-03-11 17:49 - 2015-02-03 05:12 - 00265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msnetobj.dll
2015-03-11 17:49 - 2015-02-03 05:12 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2015-03-11 17:49 - 2015-02-03 05:12 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2015-03-11 17:49 - 2015-02-03 05:12 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2015-03-11 17:49 - 2015-02-03 05:12 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2015-03-11 17:49 - 2015-02-03 05:12 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2015-03-11 17:49 - 2015-02-03 05:12 - 00081408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsp.dll
2015-03-11 17:49 - 2015-02-03 05:12 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2015-03-11 17:49 - 2015-02-03 05:12 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-03-11 17:49 - 2015-02-03 05:12 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2015-03-11 17:49 - 2015-02-03 05:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2015-03-11 17:49 - 2015-02-03 05:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2015-03-11 17:49 - 2015-02-03 05:11 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2015-03-11 17:49 - 2015-02-03 05:11 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2015-03-11 17:49 - 2015-02-03 05:11 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2015-03-11 17:49 - 2015-02-03 05:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2015-03-11 17:49 - 2015-02-03 05:08 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-03-11 17:49 - 2015-02-03 04:32 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2015-03-11 17:49 - 2015-01-31 05:48 - 03179520 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2015-03-11 17:49 - 2015-01-31 05:48 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2015-03-11 17:49 - 2015-01-31 01:56 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2015-03-11 17:49 - 2014-11-01 00:24 - 00619056 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2015-03-11 17:49 - 2014-06-28 02:21 - 00532176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2015-03-11 17:49 - 2014-06-28 02:21 - 00457400 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2015-03-11 17:48 - 2015-03-06 07:56 - 00155576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-03-11 17:48 - 2015-03-06 07:56 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-03-11 17:48 - 2015-03-06 07:42 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-03-11 17:48 - 2015-03-06 07:42 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-03-11 17:48 - 2015-03-06 07:42 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-03-11 17:48 - 2015-03-06 07:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-03-11 17:48 - 2015-03-06 07:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-03-11 17:48 - 2015-03-06 07:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-03-11 17:48 - 2015-03-06 07:42 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-03-11 17:48 - 2015-03-06 07:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-03-11 17:48 - 2015-03-06 07:42 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-03-11 17:48 - 2015-03-06 07:42 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-03-11 17:48 - 2015-03-06 07:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-03-11 17:48 - 2015-03-06 07:41 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-03-11 17:48 - 2015-03-06 07:41 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-03-11 17:48 - 2015-03-06 07:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-03-11 17:48 - 2015-03-06 07:38 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-03-11 17:48 - 2015-03-06 07:36 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-03-11 17:48 - 2015-03-06 07:10 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-03-11 17:48 - 2015-03-06 07:10 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-03-11 17:48 - 2015-03-06 07:10 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-03-11 17:48 - 2015-03-06 07:10 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-03-11 17:48 - 2015-03-06 07:10 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-03-11 17:48 - 2015-03-06 07:10 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-03-11 17:48 - 2015-03-06 07:10 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-03-11 17:48 - 2015-03-06 07:10 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-03-11 17:48 - 2015-03-06 07:09 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-03-11 17:48 - 2015-03-06 07:09 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-03-11 17:48 - 2015-03-06 07:07 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-03-11 17:48 - 2015-03-06 07:07 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-03-11 17:48 - 2015-03-06 07:06 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-03-11 17:48 - 2015-02-26 05:25 - 03204096 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-03-11 17:48 - 2015-02-24 05:15 - 00389800 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-03-11 17:48 - 2015-02-24 04:32 - 00342696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-03-11 17:48 - 2015-02-21 03:16 - 25021440 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-03-11 17:48 - 2015-02-21 02:41 - 12827648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-03-11 17:48 - 2015-02-21 02:27 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-03-11 17:48 - 2015-02-21 02:27 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-03-11 17:48 - 2015-02-21 02:25 - 19720192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-03-11 17:48 - 2015-02-21 01:58 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-03-11 17:48 - 2015-02-21 01:32 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-03-11 17:48 - 2015-02-20 05:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-03-11 17:48 - 2015-02-20 05:05 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-03-11 17:48 - 2015-02-20 04:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-03-11 17:48 - 2015-02-20 04:49 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-03-11 17:48 - 2015-02-20 04:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-03-11 17:48 - 2015-02-20 04:48 - 02886144 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-03-11 17:48 - 2015-02-20 04:47 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-03-11 17:48 - 2015-02-20 04:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-03-11 17:48 - 2015-02-20 04:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-03-11 17:48 - 2015-02-20 04:36 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-03-11 17:48 - 2015-02-20 04:35 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-03-11 17:48 - 2015-02-20 04:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-03-11 17:48 - 2015-02-20 04:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-03-11 17:48 - 2015-02-20 04:32 - 06035456 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-03-11 17:48 - 2015-02-20 04:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-03-11 17:48 - 2015-02-20 04:22 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-03-11 17:48 - 2015-02-20 04:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-03-11 17:48 - 2015-02-20 04:13 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-03-11 17:48 - 2015-02-20 04:09 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-03-11 17:48 - 2015-02-20 04:08 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-03-11 17:48 - 2015-02-20 04:08 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-03-11 17:48 - 2015-02-20 04:08 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-03-11 17:48 - 2015-02-20 04:06 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-03-11 17:48 - 2015-02-20 04:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-03-11 17:48 - 2015-02-20 04:03 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-03-11 17:48 - 2015-02-20 04:01 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-03-11 17:48 - 2015-02-20 04:00 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-03-11 17:48 - 2015-02-20 03:58 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-03-11 17:48 - 2015-02-20 03:56 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-03-11 17:48 - 2015-02-20 03:56 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-03-11 17:48 - 2015-02-20 03:49 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-03-11 17:48 - 2015-02-20 03:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-03-11 17:48 - 2015-02-20 03:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-03-11 17:48 - 2015-02-20 03:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-03-11 17:48 - 2015-02-20 03:43 - 14398976 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-03-11 17:48 - 2015-02-20 03:41 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-03-11 17:48 - 2015-02-20 03:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-03-11 17:48 - 2015-02-20 03:30 - 04300288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-03-11 17:48 - 2015-02-20 03:28 - 02358784 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-03-11 17:48 - 2015-02-20 03:24 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-03-11 17:48 - 2015-02-20 03:24 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-03-11 17:48 - 2015-02-20 03:23 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-03-11 17:48 - 2015-02-20 03:16 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-03-11 17:48 - 2015-02-20 03:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-03-11 17:48 - 2015-02-20 03:01 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-03-11 17:48 - 2015-02-20 02:57 - 01311232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-03-11 17:48 - 2015-02-20 02:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-03-11 17:48 - 2015-02-13 07:26 - 12875264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2015-03-11 17:48 - 2015-02-13 07:22 - 14177280 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-03-11 17:48 - 2015-02-03 05:31 - 01424896 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-03-11 17:48 - 2015-02-03 05:31 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\ubpm.dll
2015-03-11 17:48 - 2015-02-03 05:12 - 01230848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-03-11 17:48 - 2015-02-03 05:12 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ubpm.dll
2015-03-11 17:48 - 2015-01-31 01:56 - 00459336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-03-11 17:48 - 2015-01-17 04:48 - 01067520 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2015-03-11 17:48 - 2015-01-17 04:30 - 00828928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
2015-03-11 17:46 - 2015-02-04 05:16 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2015-03-11 17:46 - 2015-02-04 04:54 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-10 17:02 - 2015-03-04 20:43 - 00019338 _____ () C:\Users\crocuz\Downloads\FRST.txt
2015-04-10 17:02 - 2015-03-04 20:43 - 00000000 ____D () C:\FRST
2015-04-10 17:00 - 2013-01-22 12:39 - 00000000 ____D () C:\Users\admin
2015-04-10 16:54 - 2014-12-06 17:34 - 00001033 _____ () C:\Users\crocuz\Desktop\Dropbox.lnk
2015-04-10 16:54 - 2014-12-06 17:31 - 00000000 ____D () C:\Users\crocuz\AppData\Roaming\Dropbox
2015-04-10 16:54 - 2014-12-06 17:18 - 00000000 ____D () C:\Users\crocuz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-04-10 16:53 - 2014-12-12 23:50 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-04-10 16:43 - 2014-10-03 18:49 - 00011824 _____ () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-04-10 16:43 - 2014-10-03 18:49 - 00011824 _____ () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-04-10 16:40 - 2014-10-03 18:50 - 00709900 _____ () C:\Windows\system32\perfh007.dat
2015-04-10 16:40 - 2014-10-03 18:50 - 00154336 _____ () C:\Windows\system32\perfc007.dat
2015-04-10 16:40 - 2014-10-03 18:49 - 01649556 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-04-10 16:39 - 2013-01-22 05:17 - 00000000 ____D () C:\Program Files (x86)\SpeedFan
2015-04-10 16:36 - 2013-01-22 03:37 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2015-04-10 16:35 - 2014-12-21 19:03 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-04-10 16:34 - 2014-12-30 01:08 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-04-10 16:34 - 2014-10-03 18:50 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-04-10 16:32 - 2015-03-04 19:00 - 01877763 _____ () C:\Windows\WindowsUpdate.log
2015-04-10 16:27 - 2014-12-21 19:03 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-04-09 22:16 - 2015-01-02 16:51 - 00000000 ____D () C:\Program Files (x86)\Steam
2015-04-08 18:34 - 2013-01-11 20:21 - 00000000 ____D () C:\Users\crocuz
2015-04-08 18:21 - 2014-12-30 06:25 - 00000000 ____D () C:\Program Files\Intel
2015-04-08 16:37 - 2014-10-03 18:49 - 00109280 _____ () C:\Users\crocuz\AppData\Local\GDIPFONTCACHEV1.DAT
2015-04-08 14:28 - 2014-10-03 18:49 - 00409912 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-04-08 00:35 - 2013-01-31 13:07 - 00000000 ____D () C:\Users\crocuz\AppData\Roaming\foobar2000
2015-04-07 21:42 - 2014-11-25 19:00 - 00000000 ____D () C:\Users\crocuz\AppData\Roaming\Skype
2015-04-07 19:03 - 2014-12-21 17:52 - 00000000 ____D () C:\Users\admin\AppData\Local\Google
2015-04-07 19:03 - 2013-01-22 04:32 - 00000000 ____D () C:\Users\crocuz\AppData\Local\Google
2015-04-07 19:03 - 2013-01-22 04:32 - 00000000 ____D () C:\Program Files (x86)\Google
2015-04-07 15:59 - 2013-01-22 03:37 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-04-07 08:25 - 2014-12-22 15:47 - 00000000 ____D () C:\Users\crocuz\AppData\Roaming\Swiss Academic Software
2015-04-03 20:07 - 2013-01-22 05:11 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-04-03 19:28 - 2014-12-21 19:05 - 00002187 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-04-03 18:11 - 2013-12-08 17:05 - 00000000 ____D () C:\Users\crocuz\Documents\Citavi 4
2015-04-02 14:39 - 2015-01-19 17:18 - 00000000 ____D () C:\Users\crocuz\AppData\Local\CutePDF Writer
2015-04-01 03:03 - 2013-02-17 22:23 - 01622900 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2015-03-31 19:02 - 2014-12-30 00:59 - 00086528 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2015-03-31 19:02 - 2014-12-30 00:59 - 00082432 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2015-03-27 14:04 - 2014-11-15 23:50 - 00000000 ____D () C:\Users\crocuz\AppData\Roaming\vlc
2015-03-26 13:03 - 2014-12-21 18:29 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-03-26 13:03 - 2014-12-21 18:29 - 00000000 ____D () C:\Windows\system32\appraiser
2015-03-19 22:39 - 2014-12-31 18:38 - 00000000 ____D () C:\Users\crocuz\AppData\Roaming\NVIDIA
2015-03-17 09:18 - 2014-01-13 23:52 - 00000000 ____D () C:\Users\crocuz\AppData\Roaming\Adobe
2015-03-12 14:16 - 2009-07-14 07:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2015-03-12 05:09 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2015-03-12 04:29 - 2014-12-31 17:59 - 00032768 _____ () C:\Windows\system32\persistent_q.db-shm
2015-03-12 04:29 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2015-03-12 04:29 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\Dism
2015-03-12 04:09 - 2013-09-21 01:06 - 00000000 ____D () C:\Windows\system32\MRT
2015-03-12 04:03 - 2013-01-22 05:10 - 122905848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-03-12 04:02 - 2009-07-14 04:34 - 00000478 _____ () C:\Windows\win.ini
2015-03-12 01:35 - 2014-12-30 19:54 - 00000000 ____D () C:\Users\crocuz\AppData\Roaming\AllDup
2015-03-12 01:35 - 2014-12-30 19:53 - 00000000 ____D () C:\ProgramData\AllDup
2015-03-11 17:34 - 2014-08-20 19:04 - 00819896 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klif.sys

==================== Files in the root of some directories =======

2013-02-17 22:29 - 2013-02-17 22:29 - 0000093 _____ () C:\Users\admin\AppData\Local\fusioncache.dat

Some content of TEMP:
====================
C:\Users\admin\AppData\Local\temp\sfamcc00001.dll
C:\Users\admin\AppData\Local\temp\sfareca00001.dll
C:\Users\crocuz\AppData\Local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp6heue7.dll
C:\Users\crocuz\AppData\Local\temp\NOSEventMessages.dll
C:\Users\crocuz\AppData\Local\temp\SkypeSetup.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-04-04 00:45

==================== End Of Log ============================
--- --- ---
__________________
Geändert von muy_raro (10.04.2015 um 18:56 Uhr)

Alt 10.04.2015, 18:56   #4
muy_raro
 
Windows 7 - Evtl. Highjacking/ Trojaner-Infektion nach unvorsichtigem Download - Standard

Windows 7 - Evtl. Highjacking/ Trojaner-Infektion nach unvorsichtigem Download


Gmer.log
GMER Logfile:
Code:
ATTFilter
GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2015-04-10 17:09:59
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk2\DR2 -> \Device\Ide\IdeDeviceP2T0L0-2 ST1000DM005_HD103SJ rev.1AJ100E5 931,51GB
Running: Gmer-19357.exe; Driver: C:\Users\admin\AppData\Local\Temp\pxlirpob.sys


---- User code sections - GMER 2.1 ----

.text    C:\Program Files (x86)\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe[5640] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 424                                                                                                                           0000000076d61398 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe[5640] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159                                                                                                                  0000000076d6143f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe[5640] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500                                                                                                                  0000000076d61594 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe[5640] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126                                                                                                                          0000000076d6191e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe[5640] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212                                                                                                                         0000000076d61bf8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe[5640] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373                                                                                                            0000000076d61d75 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe[5640] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31                                                                                                                                0000000076d61edf 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe[5640] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89                                                                                                                              0000000076d61fc5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe[5640] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16                                                                                                              0000000076d627b0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe[5640] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18                                                                                                            0000000076d627d2 8 bytes {JMP 0x10}
.text    C:\Program Files (x86)\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe[5640] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79                                                                                             0000000076d6282f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe[5640] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 184                                                                                            0000000076d62898 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe[5640] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299                                                                                                    0000000076d62d1b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe[5640] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 375                                                                                                    0000000076d62d67 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    ...                                                                                                                                                                                                                                                         * 2
.text    C:\Program Files (x86)\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe[5640] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523                                                                                                                0000000076d6323b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe[5640] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 920                                                                                                                0000000076d633c8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe[5640] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 318                                                                                                                               0000000076d63a5e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe[5640] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 403                                                                                                                               0000000076d63ab3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe[5640] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197                                                                                                   0000000076d63b85 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe[5640] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80                                                                                                            0000000076d64190 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe[5640] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetNameFromLangInfoNode + 161                                                                                                           0000000076d64241 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe[5640] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetNameFromLangInfoNode + 277                                                                                                           0000000076d642b5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    ...                                                                                                                                                                                                                                                         * 3
.text    C:\Program Files (x86)\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe[5640] C:\Windows\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 214                                                                                                               0000000076d643f6 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe[5640] C:\Windows\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 276                                                                                                               0000000076d64434 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe[5640] C:\Windows\SYSTEM32\ntdll.dll!RtlpNtOpenKey + 408                                                                                                                         0000000076d645d8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe[5640] C:\Windows\SYSTEM32\ntdll.dll!RtlpNtOpenKey + 657                                                                                                                         0000000076d646d1 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe[5640] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberOfSetBitsUlongPtr + 284                                                                                                            0000000076d64a9c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe[5640] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberOfSetBitsUlongPtr + 483                                                                                                            0000000076d64b63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe[5640] C:\Windows\SYSTEM32\ntdll.dll!TpWaitForWait + 231                                                                                                                         0000000076d64c57 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe[5640] C:\Windows\SYSTEM32\ntdll.dll!TpWaitForWait + 518                                                                                                                         0000000076d64d76 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    ...                                                                                                                                                                                                                                                         * 2
.text    C:\Program Files (x86)\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe[5640] C:\Windows\SYSTEM32\ntdll.dll!RtlDeactivateActivationContext + 256                                                                                                        0000000076d64ea0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe[5640] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContext + 67                                                                                                           0000000076d64ef3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe[5640] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContextEx + 501                                                                                                        0000000076d650f5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe[5640] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateUserThread + 256                                                                                                                   0000000076d652f0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe[5640] C:\Windows\SYSTEM32\ntdll.dll!RtlIpv6AddressToStringExW + 247                                                                                                             0000000076d653f7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe[5640] C:\Windows\SYSTEM32\ntdll.dll!RtlIpv6AddressToStringW + 484                                                                                                               0000000076d655e4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe[5640] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseAlpcCompletion + 438                                                                                                               0000000076d664d6 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe[5640] C:\Windows\SYSTEM32\ntdll.dll!atol + 194                                                                                                                                  0000000076d6668e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe[5640] C:\Windows\SYSTEM32\ntdll.dll!qsort + 76                                                                                                                                  0000000076d6687c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe[5640] C:\Windows\SYSTEM32\ntdll.dll!RtlLookupElementGenericTableFullAvl + 45                                                                                                    0000000076d668bd 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe[5640] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberGenericTableElementsAvl + 4                                                                                                        0000000076d668d4 8 bytes [70, 6C, F8, 7E, 00, 00, 00, ...]
.text    C:\Program Files (x86)\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe[5640] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberGenericTableElementsAvl + 92                                                                                                       0000000076d6692c 8 bytes [60, 6C, F8, 7E, 00, 00, 00, ...]
.text    C:\Program Files (x86)\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe[5640] C:\Windows\SYSTEM32\ntdll.dll!RtlSubtreePredecessor + 790                                                                                                                 0000000076d67166 8 bytes [40, 6C, F8, 7E, 00, 00, 00, ...]
.text    C:\Program Files (x86)\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe[5640] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseCleanupGroupMembers + 241                                                                                                          0000000076d67dd1 8 bytes [10, 6C, F8, 7E, 00, 00, 00, ...]
.text    C:\Program Files (x86)\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe[5640] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseCleanupGroup + 119                                                                                                                 0000000076d67e57 8 bytes [00, 6C, F8, 7E, 00, 00, 00, ...]
.text    C:\Program Files (x86)\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe[5640] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread                                                                                                                      0000000076db1380 8 bytes {JMP QWORD [RIP-0x4a220]}
.text    C:\Program Files (x86)\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe[5640] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread                                                                                                                    0000000076db1500 8 bytes {JMP QWORD [RIP-0x49cef]}
.text    C:\Program Files (x86)\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe[5640] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection                                                                                                                          0000000076db1530 8 bytes {JMP QWORD [RIP-0x4ac62]}
.text    C:\Program Files (x86)\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe[5640] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                                                                        0000000076db1650 8 bytes {JMP QWORD [RIP-0x4a80f]}
.text    C:\Program Files (x86)\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe[5640] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread                                                                                                                            0000000076db1700 8 bytes {JMP QWORD [RIP-0x4adda]}
.text    C:\Program Files (x86)\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe[5640] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                                                                            0000000076db1d30 8 bytes {JMP QWORD [RIP-0x49edf]}
.text    C:\Program Files (x86)\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe[5640] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread                                                                                                                          0000000076db1f80 8 bytes {JMP QWORD [RIP-0x4a1b5]}
.text    C:\Program Files (x86)\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe[5640] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                                                                          0000000076db27e0 8 bytes {JMP QWORD [RIP-0x4ab13]}
.text    C:\Program Files (x86)\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe[5640] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312                                                                                                        00000000748013cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe[5640] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471                                                                                                        000000007480146b 8 bytes {JMP 0xffffffffffffffb0}
.text    C:\Program Files (x86)\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe[5640] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611                                                                                                                     00000000748016d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe[5640] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23                                                                                                                  00000000748019db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe[5640] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23                                                                                                                  00000000748019fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe[5640] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23                                                                                                            0000000074801a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\crocuz\AppData\Roaming\Dropbox\bin\Dropbox.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 424                                                                                                                                               0000000076d61398 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\crocuz\AppData\Roaming\Dropbox\bin\Dropbox.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159                                                                                                                                      0000000076d6143f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\crocuz\AppData\Roaming\Dropbox\bin\Dropbox.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500                                                                                                                                      0000000076d61594 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\crocuz\AppData\Roaming\Dropbox\bin\Dropbox.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126                                                                                                                                              0000000076d6191e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\crocuz\AppData\Roaming\Dropbox\bin\Dropbox.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212                                                                                                                                             0000000076d61bf8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\crocuz\AppData\Roaming\Dropbox\bin\Dropbox.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373                                                                                                                                0000000076d61d75 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\crocuz\AppData\Roaming\Dropbox\bin\Dropbox.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31                                                                                                                                                    0000000076d61edf 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\crocuz\AppData\Roaming\Dropbox\bin\Dropbox.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89                                                                                                                                                  0000000076d61fc5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\crocuz\AppData\Roaming\Dropbox\bin\Dropbox.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16                                                                                                                                  0000000076d627b0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\crocuz\AppData\Roaming\Dropbox\bin\Dropbox.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18                                                                                                                                0000000076d627d2 8 bytes {JMP 0x10}
.text    C:\Users\crocuz\AppData\Roaming\Dropbox\bin\Dropbox.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79                                                                                                                 0000000076d6282f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\crocuz\AppData\Roaming\Dropbox\bin\Dropbox.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 184                                                                                                                0000000076d62898 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\crocuz\AppData\Roaming\Dropbox\bin\Dropbox.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299                                                                                                                        0000000076d62d1b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\crocuz\AppData\Roaming\Dropbox\bin\Dropbox.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 375                                                                                                                        0000000076d62d67 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    ...                                                                                                                                                                                                                                                         * 2
.text    C:\Users\crocuz\AppData\Roaming\Dropbox\bin\Dropbox.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523                                                                                                                                    0000000076d6323b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\crocuz\AppData\Roaming\Dropbox\bin\Dropbox.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 920                                                                                                                                    0000000076d633c8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\crocuz\AppData\Roaming\Dropbox\bin\Dropbox.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 318                                                                                                                                                   0000000076d63a5e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\crocuz\AppData\Roaming\Dropbox\bin\Dropbox.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 403                                                                                                                                                   0000000076d63ab3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\crocuz\AppData\Roaming\Dropbox\bin\Dropbox.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197                                                                                                                       0000000076d63b85 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\crocuz\AppData\Roaming\Dropbox\bin\Dropbox.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80                                                                                                                                0000000076d64190 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\crocuz\AppData\Roaming\Dropbox\bin\Dropbox.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetNameFromLangInfoNode + 161                                                                                                                               0000000076d64241 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\crocuz\AppData\Roaming\Dropbox\bin\Dropbox.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetNameFromLangInfoNode + 277                                                                                                                               0000000076d642b5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    ...                                                                                                                                                                                                                                                         * 3
.text    C:\Users\crocuz\AppData\Roaming\Dropbox\bin\Dropbox.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 214                                                                                                                                   0000000076d643f6 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\crocuz\AppData\Roaming\Dropbox\bin\Dropbox.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 276                                                                                                                                   0000000076d64434 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\crocuz\AppData\Roaming\Dropbox\bin\Dropbox.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!RtlpNtOpenKey + 408                                                                                                                                             0000000076d645d8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\crocuz\AppData\Roaming\Dropbox\bin\Dropbox.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!RtlpNtOpenKey + 657                                                                                                                                             0000000076d646d1 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\crocuz\AppData\Roaming\Dropbox\bin\Dropbox.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberOfSetBitsUlongPtr + 284                                                                                                                                0000000076d64a9c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\crocuz\AppData\Roaming\Dropbox\bin\Dropbox.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberOfSetBitsUlongPtr + 483                                                                                                                                0000000076d64b63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\crocuz\AppData\Roaming\Dropbox\bin\Dropbox.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!TpWaitForWait + 231                                                                                                                                             0000000076d64c57 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\crocuz\AppData\Roaming\Dropbox\bin\Dropbox.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!TpWaitForWait + 518                                                                                                                                             0000000076d64d76 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    ...                                                                                                                                                                                                                                                         * 2
.text    C:\Users\crocuz\AppData\Roaming\Dropbox\bin\Dropbox.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!RtlDeactivateActivationContext + 256                                                                                                                            0000000076d64ea0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\crocuz\AppData\Roaming\Dropbox\bin\Dropbox.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContext + 67                                                                                                                               0000000076d64ef3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\crocuz\AppData\Roaming\Dropbox\bin\Dropbox.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContextEx + 501                                                                                                                            0000000076d650f5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\crocuz\AppData\Roaming\Dropbox\bin\Dropbox.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateUserThread + 256                                                                                                                                       0000000076d652f0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\crocuz\AppData\Roaming\Dropbox\bin\Dropbox.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!RtlIpv6AddressToStringExW + 247                                                                                                                                 0000000076d653f7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\crocuz\AppData\Roaming\Dropbox\bin\Dropbox.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!RtlIpv6AddressToStringW + 484                                                                                                                                   0000000076d655e4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\crocuz\AppData\Roaming\Dropbox\bin\Dropbox.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseAlpcCompletion + 438                                                                                                                                   0000000076d664d6 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\crocuz\AppData\Roaming\Dropbox\bin\Dropbox.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!atol + 194                                                                                                                                                      0000000076d6668e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\crocuz\AppData\Roaming\Dropbox\bin\Dropbox.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!qsort + 76                                                                                                                                                      0000000076d6687c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\crocuz\AppData\Roaming\Dropbox\bin\Dropbox.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!RtlLookupElementGenericTableFullAvl + 45                                                                                                                        0000000076d668bd 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\crocuz\AppData\Roaming\Dropbox\bin\Dropbox.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberGenericTableElementsAvl + 4                                                                                                                            0000000076d668d4 8 bytes [70, 6C, F8, 7E, 00, 00, 00, ...]
.text    C:\Users\crocuz\AppData\Roaming\Dropbox\bin\Dropbox.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberGenericTableElementsAvl + 92                                                                                                                           0000000076d6692c 8 bytes [60, 6C, F8, 7E, 00, 00, 00, ...]
.text    C:\Users\crocuz\AppData\Roaming\Dropbox\bin\Dropbox.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!RtlSubtreePredecessor + 790                                                                                                                                     0000000076d67166 8 bytes [40, 6C, F8, 7E, 00, 00, 00, ...]
.text    C:\Users\crocuz\AppData\Roaming\Dropbox\bin\Dropbox.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseCleanupGroupMembers + 241                                                                                                                              0000000076d67dd1 8 bytes [10, 6C, F8, 7E, 00, 00, 00, ...]
.text    C:\Users\crocuz\AppData\Roaming\Dropbox\bin\Dropbox.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseCleanupGroup + 119                                                                                                                                     0000000076d67e57 8 bytes [00, 6C, F8, 7E, 00, 00, 00, ...]
.text    C:\Users\crocuz\AppData\Roaming\Dropbox\bin\Dropbox.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread                                                                                                                                          0000000076db1380 8 bytes {JMP QWORD [RIP-0x4a220]}
.text    C:\Users\crocuz\AppData\Roaming\Dropbox\bin\Dropbox.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread                                                                                                                                        0000000076db1500 8 bytes {JMP QWORD [RIP-0x49cef]}
.text    C:\Users\crocuz\AppData\Roaming\Dropbox\bin\Dropbox.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection                                                                                                                                              0000000076db1530 8 bytes {JMP QWORD [RIP-0x4ac62]}
.text    C:\Users\crocuz\AppData\Roaming\Dropbox\bin\Dropbox.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                                                                                            0000000076db1650 8 bytes {JMP QWORD [RIP-0x4a80f]}
.text    C:\Users\crocuz\AppData\Roaming\Dropbox\bin\Dropbox.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread                                                                                                                                                0000000076db1700 8 bytes {JMP QWORD [RIP-0x4adda]}
.text    C:\Users\crocuz\AppData\Roaming\Dropbox\bin\Dropbox.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                                                                                                0000000076db1d30 8 bytes {JMP QWORD [RIP-0x49edf]}
.text    C:\Users\crocuz\AppData\Roaming\Dropbox\bin\Dropbox.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread                                                                                                                                              0000000076db1f80 8 bytes {JMP QWORD [RIP-0x4a1b5]}
.text    C:\Users\crocuz\AppData\Roaming\Dropbox\bin\Dropbox.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                                                                                              0000000076db27e0 8 bytes {JMP QWORD [RIP-0x4ab13]}
.text    C:\Users\crocuz\AppData\Roaming\Dropbox\bin\Dropbox.exe[1680] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312                                                                                                                            00000000748013cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\crocuz\AppData\Roaming\Dropbox\bin\Dropbox.exe[1680] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471                                                                                                                            000000007480146b 8 bytes {JMP 0xffffffffffffffb0}
.text    C:\Users\crocuz\AppData\Roaming\Dropbox\bin\Dropbox.exe[1680] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611                                                                                                                                         00000000748016d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\crocuz\AppData\Roaming\Dropbox\bin\Dropbox.exe[1680] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23                                                                                                                                      00000000748019db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\crocuz\AppData\Roaming\Dropbox\bin\Dropbox.exe[1680] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23                                                                                                                                      00000000748019fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\crocuz\AppData\Roaming\Dropbox\bin\Dropbox.exe[1680] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23                                                                                                                                0000000074801a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\crocuz\AppData\Roaming\Dropbox\bin\Dropbox.exe[1680] C:\Windows\syswow64\Psapi.dll!GetModuleFileNameExW + 17                                                                                                                                       0000000076871401 2 bytes JMP 75c9b21b C:\Windows\syswow64\kernel32.dll
.text    C:\Users\crocuz\AppData\Roaming\Dropbox\bin\Dropbox.exe[1680] C:\Windows\syswow64\Psapi.dll!EnumProcessModules + 17                                                                                                                                         0000000076871419 2 bytes JMP 75c9b346 C:\Windows\syswow64\kernel32.dll
.text    C:\Users\crocuz\AppData\Roaming\Dropbox\bin\Dropbox.exe[1680] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 17                                                                                                                                       0000000076871431 2 bytes JMP 75d18ea9 C:\Windows\syswow64\kernel32.dll
.text    C:\Users\crocuz\AppData\Roaming\Dropbox\bin\Dropbox.exe[1680] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 42                                                                                                                                       000000007687144a 2 bytes CALL 75c748ad C:\Windows\syswow64\kernel32.dll
.text    ...                                                                                                                                                                                                                                                         * 9
.text    C:\Users\crocuz\AppData\Roaming\Dropbox\bin\Dropbox.exe[1680] C:\Windows\syswow64\Psapi.dll!EnumDeviceDrivers + 17                                                                                                                                          00000000768714dd 2 bytes JMP 75d187a2 C:\Windows\syswow64\kernel32.dll
.text    C:\Users\crocuz\AppData\Roaming\Dropbox\bin\Dropbox.exe[1680] C:\Windows\syswow64\Psapi.dll!GetDeviceDriverBaseNameA + 17                                                                                                                                   00000000768714f5 2 bytes JMP 75d18978 C:\Windows\syswow64\kernel32.dll
.text    C:\Users\crocuz\AppData\Roaming\Dropbox\bin\Dropbox.exe[1680] C:\Windows\syswow64\Psapi.dll!QueryWorkingSetEx + 17                                                                                                                                          000000007687150d 2 bytes JMP 75d18698 C:\Windows\syswow64\kernel32.dll
.text    C:\Users\crocuz\AppData\Roaming\Dropbox\bin\Dropbox.exe[1680] C:\Windows\syswow64\Psapi.dll!GetDeviceDriverBaseNameW + 17                                                                                                                                   0000000076871525 2 bytes JMP 75d18a62 C:\Windows\syswow64\kernel32.dll
.text    C:\Users\crocuz\AppData\Roaming\Dropbox\bin\Dropbox.exe[1680] C:\Windows\syswow64\Psapi.dll!GetModuleBaseNameW + 17                                                                                                                                         000000007687153d 2 bytes JMP 75c8fca8 C:\Windows\syswow64\kernel32.dll
.text    C:\Users\crocuz\AppData\Roaming\Dropbox\bin\Dropbox.exe[1680] C:\Windows\syswow64\Psapi.dll!EnumProcesses + 17                                                                                                                                              0000000076871555 2 bytes JMP 75c968ef C:\Windows\syswow64\kernel32.dll
.text    C:\Users\crocuz\AppData\Roaming\Dropbox\bin\Dropbox.exe[1680] C:\Windows\syswow64\Psapi.dll!GetProcessMemoryInfo + 17                                                                                                                                       000000007687156d 2 bytes JMP 75d18f61 C:\Windows\syswow64\kernel32.dll
.text    C:\Users\crocuz\AppData\Roaming\Dropbox\bin\Dropbox.exe[1680] C:\Windows\syswow64\Psapi.dll!GetPerformanceInfo + 17                                                                                                                                         0000000076871585 2 bytes JMP 75d18ac2 C:\Windows\syswow64\kernel32.dll
.text    C:\Users\crocuz\AppData\Roaming\Dropbox\bin\Dropbox.exe[1680] C:\Windows\syswow64\Psapi.dll!QueryWorkingSet + 17                                                                                                                                            000000007687159d 2 bytes JMP 75d1865c C:\Windows\syswow64\kernel32.dll
.text    C:\Users\crocuz\AppData\Roaming\Dropbox\bin\Dropbox.exe[1680] C:\Windows\syswow64\Psapi.dll!GetModuleBaseNameA + 17                                                                                                                                         00000000768715b5 2 bytes JMP 75c8fd41 C:\Windows\syswow64\kernel32.dll
.text    C:\Users\crocuz\AppData\Roaming\Dropbox\bin\Dropbox.exe[1680] C:\Windows\syswow64\Psapi.dll!GetModuleFileNameExA + 17                                                                                                                                       00000000768715cd 2 bytes JMP 75c9b2dc C:\Windows\syswow64\kernel32.dll
.text    C:\Users\crocuz\AppData\Roaming\Dropbox\bin\Dropbox.exe[1680] C:\Windows\syswow64\Psapi.dll!GetProcessImageFileNameW + 20                                                                                                                                   00000000768716b2 2 bytes JMP 75d18e24 C:\Windows\syswow64\kernel32.dll
.text    C:\Users\crocuz\AppData\Roaming\Dropbox\bin\Dropbox.exe[1680] C:\Windows\syswow64\Psapi.dll!GetProcessImageFileNameW + 31                                                                                                                                   00000000768716bd 2 bytes JMP 75d185f1 C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\sysWOW64\wbem\wmiprvse.exe[4976] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 424                                                                                                                                                                 0000000076d61398 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Windows\sysWOW64\wbem\wmiprvse.exe[4976] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159                                                                                                                                                        0000000076d6143f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Windows\sysWOW64\wbem\wmiprvse.exe[4976] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500                                                                                                                                                        0000000076d61594 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Windows\sysWOW64\wbem\wmiprvse.exe[4976] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126                                                                                                                                                                0000000076d6191e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Windows\sysWOW64\wbem\wmiprvse.exe[4976] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212                                                                                                                                                               0000000076d61bf8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Windows\sysWOW64\wbem\wmiprvse.exe[4976] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373                                                                                                                                                  0000000076d61d75 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Windows\sysWOW64\wbem\wmiprvse.exe[4976] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31                                                                                                                                                                      0000000076d61edf 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Windows\sysWOW64\wbem\wmiprvse.exe[4976] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89                                                                                                                                                                    0000000076d61fc5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Windows\sysWOW64\wbem\wmiprvse.exe[4976] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16                                                                                                                                                    0000000076d627b0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Windows\sysWOW64\wbem\wmiprvse.exe[4976] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18                                                                                                                                                  0000000076d627d2 8 bytes {JMP 0x10}
.text    C:\Windows\sysWOW64\wbem\wmiprvse.exe[4976] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79                                                                                                                                   0000000076d6282f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Windows\sysWOW64\wbem\wmiprvse.exe[4976] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 184                                                                                                                                  0000000076d62898 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Windows\sysWOW64\wbem\wmiprvse.exe[4976] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299                                                                                                                                          0000000076d62d1b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Windows\sysWOW64\wbem\wmiprvse.exe[4976] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 375                                                                                                                                          0000000076d62d67 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    ...                                                                                                                                                                                                                                                         * 2
.text    C:\Windows\sysWOW64\wbem\wmiprvse.exe[4976] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523                                                                                                                                                      0000000076d6323b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Windows\sysWOW64\wbem\wmiprvse.exe[4976] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 920                                                                                                                                                      0000000076d633c8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Windows\sysWOW64\wbem\wmiprvse.exe[4976] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 318                                                                                                                                                                     0000000076d63a5e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Windows\sysWOW64\wbem\wmiprvse.exe[4976] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 403                                                                                                                                                                     0000000076d63ab3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Windows\sysWOW64\wbem\wmiprvse.exe[4976] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197                                                                                                                                         0000000076d63b85 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Windows\sysWOW64\wbem\wmiprvse.exe[4976] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80                                                                                                                                                  0000000076d64190 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Windows\sysWOW64\wbem\wmiprvse.exe[4976] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetNameFromLangInfoNode + 161                                                                                                                                                 0000000076d64241 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Windows\sysWOW64\wbem\wmiprvse.exe[4976] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetNameFromLangInfoNode + 277                                                                                                                                                 0000000076d642b5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    ...                                                                                                                                                                                                                                                         * 3
.text    C:\Windows\sysWOW64\wbem\wmiprvse.exe[4976] C:\Windows\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 214                                                                                                                                                     0000000076d643f6 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Windows\sysWOW64\wbem\wmiprvse.exe[4976] C:\Windows\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 276                                                                                                                                                     0000000076d64434 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Windows\sysWOW64\wbem\wmiprvse.exe[4976] C:\Windows\SYSTEM32\ntdll.dll!RtlpNtOpenKey + 408                                                                                                                                                               0000000076d645d8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Windows\sysWOW64\wbem\wmiprvse.exe[4976] C:\Windows\SYSTEM32\ntdll.dll!RtlpNtOpenKey + 657                                                                                                                                                               0000000076d646d1 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Windows\sysWOW64\wbem\wmiprvse.exe[4976] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberOfSetBitsUlongPtr + 284                                                                                                                                                  0000000076d64a9c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Windows\sysWOW64\wbem\wmiprvse.exe[4976] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberOfSetBitsUlongPtr + 483                                                                                                                                                  0000000076d64b63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Windows\sysWOW64\wbem\wmiprvse.exe[4976] C:\Windows\SYSTEM32\ntdll.dll!TpWaitForWait + 231                                                                                                                                                               0000000076d64c57 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Windows\sysWOW64\wbem\wmiprvse.exe[4976] C:\Windows\SYSTEM32\ntdll.dll!TpWaitForWait + 518                                                                                                                                                               0000000076d64d76 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    ...                                                                                                                                                                                                                                                         * 2
.text    C:\Windows\sysWOW64\wbem\wmiprvse.exe[4976] C:\Windows\SYSTEM32\ntdll.dll!RtlDeactivateActivationContext + 256                                                                                                                                              0000000076d64ea0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Windows\sysWOW64\wbem\wmiprvse.exe[4976] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContext + 67                                                                                                                                                 0000000076d64ef3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Windows\sysWOW64\wbem\wmiprvse.exe[4976] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContextEx + 501                                                                                                                                              0000000076d650f5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Windows\sysWOW64\wbem\wmiprvse.exe[4976] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateUserThread + 256                                                                                                                                                         0000000076d652f0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Windows\sysWOW64\wbem\wmiprvse.exe[4976] C:\Windows\SYSTEM32\ntdll.dll!RtlIpv6AddressToStringExW + 247                                                                                                                                                   0000000076d653f7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Windows\sysWOW64\wbem\wmiprvse.exe[4976] C:\Windows\SYSTEM32\ntdll.dll!RtlIpv6AddressToStringW + 484                                                                                                                                                     0000000076d655e4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Windows\sysWOW64\wbem\wmiprvse.exe[4976] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseAlpcCompletion + 438                                                                                                                                                     0000000076d664d6 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Windows\sysWOW64\wbem\wmiprvse.exe[4976] C:\Windows\SYSTEM32\ntdll.dll!atol + 194                                                                                                                                                                        0000000076d6668e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Windows\sysWOW64\wbem\wmiprvse.exe[4976] C:\Windows\SYSTEM32\ntdll.dll!qsort + 76                                                                                                                                                                        0000000076d6687c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Windows\sysWOW64\wbem\wmiprvse.exe[4976] C:\Windows\SYSTEM32\ntdll.dll!RtlLookupElementGenericTableFullAvl + 45                                                                                                                                          0000000076d668bd 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Windows\sysWOW64\wbem\wmiprvse.exe[4976] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberGenericTableElementsAvl + 4                                                                                                                                              0000000076d668d4 8 bytes [70, 6C, F8, 7E, 00, 00, 00, ...]
.text    C:\Windows\sysWOW64\wbem\wmiprvse.exe[4976] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberGenericTableElementsAvl + 92                                                                                                                                             0000000076d6692c 8 bytes [60, 6C, F8, 7E, 00, 00, 00, ...]
.text    C:\Windows\sysWOW64\wbem\wmiprvse.exe[4976] C:\Windows\SYSTEM32\ntdll.dll!RtlSubtreePredecessor + 790                                                                                                                                                       0000000076d67166 8 bytes [40, 6C, F8, 7E, 00, 00, 00, ...]
.text    C:\Windows\sysWOW64\wbem\wmiprvse.exe[4976] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseCleanupGroupMembers + 241                                                                                                                                                0000000076d67dd1 8 bytes [10, 6C, F8, 7E, 00, 00, 00, ...]
.text    C:\Windows\sysWOW64\wbem\wmiprvse.exe[4976] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseCleanupGroup + 119                                                                                                                                                       0000000076d67e57 8 bytes [00, 6C, F8, 7E, 00, 00, 00, ...]
.text    C:\Windows\sysWOW64\wbem\wmiprvse.exe[4976] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread                                                                                                                                                            0000000076db1380 8 bytes {JMP QWORD [RIP-0x4a220]}
.text    C:\Windows\sysWOW64\wbem\wmiprvse.exe[4976] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread                                                                                                                                                          0000000076db1500 8 bytes {JMP QWORD [RIP-0x49cef]}
.text    C:\Windows\sysWOW64\wbem\wmiprvse.exe[4976] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection                                                                                                                                                                0000000076db1530 8 bytes {JMP QWORD [RIP-0x4ac62]}
.text    C:\Windows\sysWOW64\wbem\wmiprvse.exe[4976] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                                                                                                              0000000076db1650 8 bytes {JMP QWORD [RIP-0x4a80f]}
.text    C:\Windows\sysWOW64\wbem\wmiprvse.exe[4976] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread                                                                                                                                                                  0000000076db1700 8 bytes {JMP QWORD [RIP-0x4adda]}
.text    C:\Windows\sysWOW64\wbem\wmiprvse.exe[4976] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                                                                                                                  0000000076db1d30 8 bytes {JMP QWORD [RIP-0x49edf]}
.text    C:\Windows\sysWOW64\wbem\wmiprvse.exe[4976] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread                                                                                                                                                                0000000076db1f80 8 bytes {JMP QWORD [RIP-0x4a1b5]}
.text    C:\Windows\sysWOW64\wbem\wmiprvse.exe[4976] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                                                                                                                0000000076db27e0 8 bytes {JMP QWORD [RIP-0x4ab13]}
.text    C:\Windows\sysWOW64\wbem\wmiprvse.exe[4976] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312                                                                                                                                              00000000748013cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Windows\sysWOW64\wbem\wmiprvse.exe[4976] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471                                                                                                                                              000000007480146b 8 bytes {JMP 0xffffffffffffffb0}
.text    C:\Windows\sysWOW64\wbem\wmiprvse.exe[4976] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611                                                                                                                                                           00000000748016d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Windows\sysWOW64\wbem\wmiprvse.exe[4976] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23                                                                                                                                                        00000000748019db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Windows\sysWOW64\wbem\wmiprvse.exe[4976] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23                                                                                                                                                        00000000748019fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Windows\sysWOW64\wbem\wmiprvse.exe[4976] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23                                                                                                                                                  0000000074801a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    Z:\Dropbox\Virenscan\Gmer-19357.exe[5444] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 424                                                                                                                                                                   0000000076d61398 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    Z:\Dropbox\Virenscan\Gmer-19357.exe[5444] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159                                                                                                                                                          0000000076d6143f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    Z:\Dropbox\Virenscan\Gmer-19357.exe[5444] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500                                                                                                                                                          0000000076d61594 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    Z:\Dropbox\Virenscan\Gmer-19357.exe[5444] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126                                                                                                                                                                  0000000076d6191e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    Z:\Dropbox\Virenscan\Gmer-19357.exe[5444] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212                                                                                                                                                                 0000000076d61bf8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    Z:\Dropbox\Virenscan\Gmer-19357.exe[5444] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373                                                                                                                                                    0000000076d61d75 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    Z:\Dropbox\Virenscan\Gmer-19357.exe[5444] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31                                                                                                                                                                        0000000076d61edf 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    Z:\Dropbox\Virenscan\Gmer-19357.exe[5444] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89                                                                                                                                                                      0000000076d61fc5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    Z:\Dropbox\Virenscan\Gmer-19357.exe[5444] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16                                                                                                                                                      0000000076d627b0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    Z:\Dropbox\Virenscan\Gmer-19357.exe[5444] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18                                                                                                                                                    0000000076d627d2 8 bytes {JMP 0x10}
.text    Z:\Dropbox\Virenscan\Gmer-19357.exe[5444] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79                                                                                                                                     0000000076d6282f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    Z:\Dropbox\Virenscan\Gmer-19357.exe[5444] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 184                                                                                                                                    0000000076d62898 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    Z:\Dropbox\Virenscan\Gmer-19357.exe[5444] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299                                                                                                                                            0000000076d62d1b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    Z:\Dropbox\Virenscan\Gmer-19357.exe[5444] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 375                                                                                                                                            0000000076d62d67 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    ...                                                                                                                                                                                                                                                         * 2
.text    Z:\Dropbox\Virenscan\Gmer-19357.exe[5444] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523                                                                                                                                                        0000000076d6323b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    Z:\Dropbox\Virenscan\Gmer-19357.exe[5444] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 920                                                                                                                                                        0000000076d633c8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    Z:\Dropbox\Virenscan\Gmer-19357.exe[5444] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 318                                                                                                                                                                       0000000076d63a5e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    Z:\Dropbox\Virenscan\Gmer-19357.exe[5444] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 403                                                                                                                                                                       0000000076d63ab3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    Z:\Dropbox\Virenscan\Gmer-19357.exe[5444] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197                                                                                                                                           0000000076d63b85 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    Z:\Dropbox\Virenscan\Gmer-19357.exe[5444] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80                                                                                                                                                    0000000076d64190 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    Z:\Dropbox\Virenscan\Gmer-19357.exe[5444] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetNameFromLangInfoNode + 161                                                                                                                                                   0000000076d64241 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    Z:\Dropbox\Virenscan\Gmer-19357.exe[5444] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetNameFromLangInfoNode + 277                                                                                                                                                   0000000076d642b5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    ...                                                                                                                                                                                                                                                         * 3
.text    Z:\Dropbox\Virenscan\Gmer-19357.exe[5444] C:\Windows\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 214                                                                                                                                                       0000000076d643f6 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    Z:\Dropbox\Virenscan\Gmer-19357.exe[5444] C:\Windows\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 276                                                                                                                                                       0000000076d64434 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    Z:\Dropbox\Virenscan\Gmer-19357.exe[5444] C:\Windows\SYSTEM32\ntdll.dll!RtlpNtOpenKey + 408                                                                                                                                                                 0000000076d645d8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    Z:\Dropbox\Virenscan\Gmer-19357.exe[5444] C:\Windows\SYSTEM32\ntdll.dll!RtlpNtOpenKey + 657                                                                                                                                                                 0000000076d646d1 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    Z:\Dropbox\Virenscan\Gmer-19357.exe[5444] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberOfSetBitsUlongPtr + 284                                                                                                                                                    0000000076d64a9c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    Z:\Dropbox\Virenscan\Gmer-19357.exe[5444] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberOfSetBitsUlongPtr + 483                                                                                                                                                    0000000076d64b63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    Z:\Dropbox\Virenscan\Gmer-19357.exe[5444] C:\Windows\SYSTEM32\ntdll.dll!TpWaitForWait + 231                                                                                                                                                                 0000000076d64c57 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    Z:\Dropbox\Virenscan\Gmer-19357.exe[5444] C:\Windows\SYSTEM32\ntdll.dll!TpWaitForWait + 518                                                                                                                                                                 0000000076d64d76 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    ...                                                                                                                                                                                                                                                         * 2
.text    Z:\Dropbox\Virenscan\Gmer-19357.exe[5444] C:\Windows\SYSTEM32\ntdll.dll!RtlDeactivateActivationContext + 256                                                                                                                                                0000000076d64ea0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    Z:\Dropbox\Virenscan\Gmer-19357.exe[5444] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContext + 67                                                                                                                                                   0000000076d64ef3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    Z:\Dropbox\Virenscan\Gmer-19357.exe[5444] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContextEx + 501                                                                                                                                                0000000076d650f5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    Z:\Dropbox\Virenscan\Gmer-19357.exe[5444] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateUserThread + 256                                                                                                                                                           0000000076d652f0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    Z:\Dropbox\Virenscan\Gmer-19357.exe[5444] C:\Windows\SYSTEM32\ntdll.dll!RtlIpv6AddressToStringExW + 247                                                                                                                                                     0000000076d653f7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    Z:\Dropbox\Virenscan\Gmer-19357.exe[5444] C:\Windows\SYSTEM32\ntdll.dll!RtlIpv6AddressToStringW + 484                                                                                                                                                       0000000076d655e4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    Z:\Dropbox\Virenscan\Gmer-19357.exe[5444] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseAlpcCompletion + 438                                                                                                                                                       0000000076d664d6 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    Z:\Dropbox\Virenscan\Gmer-19357.exe[5444] C:\Windows\SYSTEM32\ntdll.dll!atol + 194                                                                                                                                                                          0000000076d6668e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    Z:\Dropbox\Virenscan\Gmer-19357.exe[5444] C:\Windows\SYSTEM32\ntdll.dll!qsort + 76                                                                                                                                                                          0000000076d6687c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    Z:\Dropbox\Virenscan\Gmer-19357.exe[5444] C:\Windows\SYSTEM32\ntdll.dll!RtlLookupElementGenericTableFullAvl + 45                                                                                                                                            0000000076d668bd 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    Z:\Dropbox\Virenscan\Gmer-19357.exe[5444] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberGenericTableElementsAvl + 4                                                                                                                                                0000000076d668d4 8 bytes [70, 6C, F8, 7E, 00, 00, 00, ...]
.text    Z:\Dropbox\Virenscan\Gmer-19357.exe[5444] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberGenericTableElementsAvl + 92                                                                                                                                               0000000076d6692c 8 bytes [60, 6C, F8, 7E, 00, 00, 00, ...]
.text    Z:\Dropbox\Virenscan\Gmer-19357.exe[5444] C:\Windows\SYSTEM32\ntdll.dll!RtlSubtreePredecessor + 790                                                                                                                                                         0000000076d67166 8 bytes [40, 6C, F8, 7E, 00, 00, 00, ...]
.text    Z:\Dropbox\Virenscan\Gmer-19357.exe[5444] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseCleanupGroupMembers + 241                                                                                                                                                  0000000076d67dd1 8 bytes [10, 6C, F8, 7E, 00, 00, 00, ...]
.text    Z:\Dropbox\Virenscan\Gmer-19357.exe[5444] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseCleanupGroup + 119                                                                                                                                                         0000000076d67e57 8 bytes [00, 6C, F8, 7E, 00, 00, 00, ...]
.text    Z:\Dropbox\Virenscan\Gmer-19357.exe[5444] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread                                                                                                                                                              0000000076db1380 8 bytes {JMP QWORD [RIP-0x4a220]}
.text    Z:\Dropbox\Virenscan\Gmer-19357.exe[5444] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread                                                                                                                                                            0000000076db1500 8 bytes {JMP QWORD [RIP-0x49cef]}
.text    Z:\Dropbox\Virenscan\Gmer-19357.exe[5444] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection                                                                                                                                                                  0000000076db1530 8 bytes {JMP QWORD [RIP-0x4ac62]}
.text    Z:\Dropbox\Virenscan\Gmer-19357.exe[5444] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                                                                                                                0000000076db1650 8 bytes {JMP QWORD [RIP-0x4a80f]}
.text    Z:\Dropbox\Virenscan\Gmer-19357.exe[5444] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread                                                                                                                                                                    0000000076db1700 8 bytes {JMP QWORD [RIP-0x4adda]}
.text    Z:\Dropbox\Virenscan\Gmer-19357.exe[5444] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                                                                                                                    0000000076db1d30 8 bytes {JMP QWORD [RIP-0x49edf]}
.text    Z:\Dropbox\Virenscan\Gmer-19357.exe[5444] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread                                                                                                                                                                  0000000076db1f80 8 bytes {JMP QWORD [RIP-0x4a1b5]}
.text    Z:\Dropbox\Virenscan\Gmer-19357.exe[5444] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                                                                                                                  0000000076db27e0 8 bytes {JMP QWORD [RIP-0x4ab13]}
.text    Z:\Dropbox\Virenscan\Gmer-19357.exe[5444] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312                                                                                                                                                00000000748013cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    Z:\Dropbox\Virenscan\Gmer-19357.exe[5444] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471                                                                                                                                                000000007480146b 8 bytes {JMP 0xffffffffffffffb0}
.text    Z:\Dropbox\Virenscan\Gmer-19357.exe[5444] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611                                                                                                                                                             00000000748016d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    Z:\Dropbox\Virenscan\Gmer-19357.exe[5444] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23                                                                                                                                                          00000000748019db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    Z:\Dropbox\Virenscan\Gmer-19357.exe[5444] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23                                                                                                                                                          00000000748019fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    Z:\Dropbox\Virenscan\Gmer-19357.exe[5444] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23                                                                                                                                                    0000000074801a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]

---- Threads - GMER 2.1 ----

Thread   C:\Windows\system32\mmc.exe [1072:2016]                                                                                                                                                                                                                     000007feea9efe98
Thread   C:\Windows\system32\mmc.exe [1072:712]                                                                                                                                                                                                                      000007feeab300bc
Thread   C:\Windows\system32\mmc.exe [1072:6104]                                                                                                                                                                                                                     000007fefb1d2bf8
Thread   C:\Windows\system32\mmc.exe [1072:6112]                                                                                                                                                                                                                     000007fee4451748
Thread   C:\Windows\system32\mmc.exe [1072:4604]                                                                                                                                                                                                                     000007feeab300bc
Thread   C:\Windows\system32\mmc.exe [1072:5784]                                                                                                                                                                                                                     000007feeab39cc0
Thread   C:\Windows\system32\mmc.exe [1072:808]                                                                                                                                                                                                                      000007feeab300bc
Thread   C:\Windows\system32\mmc.exe [1072:6064]                                                                                                                                                                                                                     000007feeab300bc
Thread   C:\Windows\system32\mmc.exe [1072:1944]                                                                                                                                                                                                                     000007feeab300bc
Thread   C:\Windows\system32\mmc.exe [1072:5952]                                                                                                                                                                                                                     000007feeab300bc
Thread   C:\Windows\system32\mmc.exe [1072:5956]                                                                                                                                                                                                                     000007feeaa1d9ac
Thread   C:\Windows\system32\mmc.exe [1072:6000]                                                                                                                                                                                                                     000007fee493bce8
---- Processes - GMER 2.1 ----

Library  C:\Users\crocuz\AppData\Local\Temp\_MEI28922\python27.dll (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [1984] (Python Core/Python Software Foundation)(2015-04-10 14:35:10)                                               000000001e000000
Library  C:\Users\crocuz\AppData\Local\Temp\_MEI28922\win32api.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [1984](2015-04-10 14:35:08)                                                                                        000000001e8c0000
Library  C:\Users\crocuz\AppData\Local\Temp\_MEI28922\pywintypes27.dll (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [1984](2015-04-10 14:35:10)                                                                                    000000001e7a0000
Library  C:\Users\crocuz\AppData\Local\Temp\_MEI28922\pythoncom27.dll (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [1984](2015-04-10 14:35:07)                                                                                     0000000000360000
Library  C:\Users\crocuz\AppData\Local\Temp\_MEI28922\_socket.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [1984](2015-04-10 14:35:09)                                                                                         0000000000240000
Library  C:\Users\crocuz\AppData\Local\Temp\_MEI28922\_ssl.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [1984](2015-04-10 14:35:10)                                                                                            0000000010000000
Library  C:\Users\crocuz\AppData\Local\Temp\_MEI28922\win32com.shell.shell.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [1984](2015-04-10 14:35:08)                                                                            000000001e800000
Library  C:\Users\crocuz\AppData\Local\Temp\_MEI28922\_hashlib.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [1984](2015-04-10 14:35:10)                                                                                        0000000002f10000
Library  C:\Users\crocuz\AppData\Local\Temp\_MEI28922\wx._core_.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [1984](2015-04-10 14:35:08)                                                                                       0000000002fd0000
Library  c:\users\crocuz\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp6heue7.dll (*** suspicious ***) @ C:\Users\crocuz\AppData\Roaming\Dropbox\bin\Dropbox.exe [1680](2015-04-10 14:54:05)                                       0000000002510000
Library  C:\Users\crocuz\AppData\Roaming\Dropbox\bin\Qt5Core.dll (*** suspicious ***) @ C:\Users\crocuz\AppData\Roaming\Dropbox\bin\Dropbox.exe [1680] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-03-04 21:45:24)           0000000073900000
Library  C:\Users\crocuz\AppData\Roaming\Dropbox\bin\icuin52.dll (*** suspicious ***) @ C:\Users\crocuz\AppData\Roaming\Dropbox\bin\Dropbox.exe [1680] (ICU I18N DLL/The ICU Project)(2015-03-04 21:45:30)                                                           000000004a900000
Library  C:\Users\crocuz\AppData\Roaming\Dropbox\bin\icuuc52.dll (*** suspicious ***) @ C:\Users\crocuz\AppData\Roaming\Dropbox\bin\Dropbox.exe [1680] (ICU Common DLL/The ICU Project)(2015-03-04 21:45:30)                                                         0000000005f70000
Library  C:\Users\crocuz\AppData\Roaming\Dropbox\bin\icudt52.dll (*** suspicious ***) @ C:\Users\crocuz\AppData\Roaming\Dropbox\bin\Dropbox.exe [1680] (ICU Data DLL/The ICU Project)(2015-03-04 21:45:30)                                                           000000004ad00000
Library  C:\Users\crocuz\AppData\Roaming\Dropbox\bin\Qt5Widgets.dll (*** suspicious ***) @ C:\Users\crocuz\AppData\Roaming\Dropbox\bin\Dropbox.exe [1680] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-03-04 21:45:28)        0000000064ec0000
Library  C:\Users\crocuz\AppData\Roaming\Dropbox\bin\Qt5Gui.dll (*** suspicious ***) @ C:\Users\crocuz\AppData\Roaming\Dropbox\bin\Dropbox.exe [1680] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-03-04 21:45:26)            0000000073610000
Library  C:\Users\crocuz\AppData\Roaming\Dropbox\bin\libGLESv2.dll (*** suspicious ***) @ C:\Users\crocuz\AppData\Roaming\Dropbox\bin\Dropbox.exe [1680](2015-03-04 21:45:30)                                                                                        000000006e2a0000
Library  C:\Users\crocuz\AppData\Roaming\Dropbox\bin\Qt5Network.dll (*** suspicious ***) @ C:\Users\crocuz\AppData\Roaming\Dropbox\bin\Dropbox.exe [1680] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-03-04 21:45:26)        000000006e0c0000
Library  C:\Users\crocuz\AppData\Roaming\Dropbox\bin\Qt5WebKit.dll (*** suspicious ***) @ C:\Users\crocuz\AppData\Roaming\Dropbox\bin\Dropbox.exe [1680] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-03-04 21:45:26)         0000000051eb0000
Library  C:\Users\crocuz\AppData\Roaming\Dropbox\bin\Qt5Quick.dll (*** suspicious ***) @ C:\Users\crocuz\AppData\Roaming\Dropbox\bin\Dropbox.exe [1680] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-03-04 21:45:26)          0000000066500000
Library  C:\Users\crocuz\AppData\Roaming\Dropbox\bin\Qt5Qml.dll (*** suspicious ***) @ C:\Users\crocuz\AppData\Roaming\Dropbox\bin\Dropbox.exe [1680] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-03-04 21:45:26)            000000005a4f0000
Library  C:\Users\crocuz\AppData\Roaming\Dropbox\bin\Qt5Sql.dll (*** suspicious ***) @ C:\Users\crocuz\AppData\Roaming\Dropbox\bin\Dropbox.exe [1680] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-03-04 21:45:26)            0000000074050000
Library  C:\Users\crocuz\AppData\Roaming\Dropbox\bin\libEGL.dll (*** suspicious ***) @ C:\Users\crocuz\AppData\Roaming\Dropbox\bin\Dropbox.exe [1680](2015-03-04 21:45:30)                                                                                           0000000074010000
Library  C:\Users\crocuz\AppData\Roaming\Dropbox\bin\Qt5WebKitWidgets.dll (*** suspicious ***) @ C:\Users\crocuz\AppData\Roaming\Dropbox\bin\Dropbox.exe [1680] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-03-04 21:45:28)  0000000073fe0000
Library  C:\Users\crocuz\AppData\Roaming\Dropbox\bin\Qt5OpenGL.dll (*** suspicious ***) @ C:\Users\crocuz\AppData\Roaming\Dropbox\bin\Dropbox.exe [1680] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-03-04 21:45:26)         00000000735d0000
Library  C:\Users\crocuz\AppData\Roaming\Dropbox\bin\Qt5PrintSupport.dll (*** suspicious ***) @ C:\Users\crocuz\AppData\Roaming\Dropbox\bin\Dropbox.exe [1680] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-03-04 21:45:26)   000000006e070000
Library  C:\Users\crocuz\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll (*** suspicious ***) @ C:\Users\crocuz\AppData\Roaming\Dropbox\bin\Dropbox.exe [1680](2015-03-04 21:45:30)                                                                       000000006df90000
Library  C:\Users\crocuz\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll (*** suspicious ***) @ C:\Users\crocuz\AppData\Roaming\Dropbox\bin\Dropbox.exe [1680](2015-03-04 21:45:30)                                                                       0000000066970000

---- EOF - GMER 2.1 ----
--- --- ---


Das Defogger-Logfile war unspezifisch.


Besten Gruss
Karl

Alt 11.04.2015, 07:32   #5
schrauber
/// the machine
/// TB-Ausbilder
 
Windows 7 - Evtl. Highjacking/ Trojaner-Infektion nach unvorsichtigem Download - Standard

Windows 7 - Evtl. Highjacking/ Trojaner-Infektion nach unvorsichtigem Download


Fehlt noch die Addition.txt

__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 12.04.2015, 17:57   #6
muy_raro
 
Windows 7 - Evtl. Highjacking/ Trojaner-Infektion nach unvorsichtigem Download - Standard

Windows 7 - Evtl. Highjacking/ Trojaner-Infektion nach unvorsichtigem Download


Hier noch die addition.txt:
Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12-04-2015
Ran by admin at 2015-04-12 18:51:56
Running from Z:\Dropbox\Virenscan
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Kaspersky Internet Security (Enabled - Up to date) {179979E8-273D-D14E-0543-2861940E4886}
AS: Kaspersky Internet Security (Enabled - Up to date) {ACF8980C-0107-DEC0-3FF3-1313EF89023B}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security (Enabled) {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
AllDup 3.4.24 (HKLM-x32\...\AllDup_is1) (Version: 3.4.24 - Michael Thummerer Software Design)
Aureon 5.1 PCI (HKLM\...\C-Media PCI Audio Driver) (Version:  - )
Avidemux 2.6 (32-bit) (HKLM-x32\...\Avidemux 2.6) (Version: 2.6.8.9046 - )
Belkin Connect Wireless USB Adapter (HKLM-x32\...\InstallShield_{08B73C99-D071-488F-8861-5DDA897C510D}) (Version: 1.0.0.3 - Belkin)
Belkin Connect Wireless USB Adapter (x32 Version: 1.0.0.3 - Belkin) Hidden
Bluefish 2.0.0-1 (HKLM-x32\...\Bluefish) (Version: 2.0.0-1 - The Bluefish Developers)
burnatonce (HKLM-x32\...\burnatonce_is1) (Version:  - )
calibre (HKLM-x32\...\{8FAFEF8C-295D-4D71-95FC-91D9B7D75F3E}) (Version: 2.13.0 - Kovid Goyal)
Canon MG5100 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5100_series) (Version:  - )
CCleaner (HKLM\...\CCleaner) (Version: 3.26 - Piriform)
Citavi 4 (HKLM-x32\...\{CC0A85B2-734A-45B3-B678-05F6A6499AC7}) (Version: 4.4.0.28 - Swiss Academic Software)
CutePDF Writer 3.0 (HKLM\...\CutePDF Writer Installation) (Version:  3.0 - Acro Software Inc.)
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.49.1.0356 - Disc Soft Ltd)
Dropbox (HKU\S-1-5-21-2859920938-3614251155-1635578748-1000\...\Dropbox) (Version: 3.4.3 - Dropbox, Inc.)
Dual Monitor 1.22 (HKU\S-1-5-21-2859920938-3614251155-1635578748-1000\...\{64AA3F94-ED4A-4A4B-B72C-B7A1481ED5D8}_is1) (Version: 1.22.021813 - Cristi Diaconu)
DVDFab 9.1.8.1 (24/12/2014) (HKLM-x32\...\DVDFab 9_is1) (Version:  - Fengtao Software Inc.)
DVDFab Passkey 8.2.2.9 (28/11/2014) (HKLM-x32\...\DVDFab Passkey 8_is1) (Version:  - Fengtao Software Inc.)
Exact Audio Copy 1.0beta4 (HKLM-x32\...\Exact Audio Copy) (Version: 1.0beta4 - Andre Wiethoff)
foobar2000 v1.3.6 (HKLM-x32\...\foobar2000) (Version: 1.3.6 - Peter Pawlowski)
Google Books Downloader version 2.5 (HKLM-x32\...\{216729B6-014A-F413-814F-F17F74FBA113}_is1) (Version: 2.5 - GBOOKSDOWNLOADER.COM)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 41.0.2272.118 - Google Inc.)
Google Drive (HKLM-x32\...\{6C36881B-0E51-4231-9D02-BF2149664D34}) (Version: 1.20.8672.3137 - Google, Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
GPL Ghostscript (HKLM-x32\...\GPL Ghostscript 9.15) (Version: 9.15 - Artifex Software Inc.)
HandBrake 0.10.0 (HKLM-x32\...\HandBrake) (Version: 0.10.0 - )
HD Tune 2.55 (HKLM-x32\...\HD Tune_is1) (Version:  - EFD Software)
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
Inkscape 0.91 (HKLM\...\{81922150-317E-4BB0-A31D-FF1C14F707C5}) (Version: 0.91 - inkscape.org)
Intel(R) Network Connections 18.5.54.0 (HKLM\...\PROSetDX) (Version: 18.5.54.0 - Intel)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.14.4156 - Intel Corporation)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.38 - Irfan Skiljan)
JMicron JMB36X Driver (HKLM-x32\...\{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}) (Version: 1.17.65.11 - JMicron Technology Corp.)
Joe (HKLM-x32\...\{0AD3DEBC-5321-457E-8B43-8F546940169B}) (Version: 4.00.0050 - Wirth IT Design)
Kaspersky Internet Security (HKLM-x32\...\InstallWIX_{8ED07EBD-22AD-415A-B71E-C1AD86862C2E}) (Version: 15.0.1.415 - Kaspersky Lab)
Kaspersky Internet Security (x32 Version: 15.0.1.415 - Kaspersky Lab) Hidden
MediaMonkey 4.1 (HKLM-x32\...\MediaMonkey_is1) (Version: 4.1 - Ventis Media Inc.)
Metro 2033 (HKLM-x32\...\Steam App 43110) (Version:  - 4A Games)
Microsoft .NET Framework 1.1 (HKLM-x32\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: 1.1.4322 - Microsoft)
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Pro Photo Tools (HKLM-x32\...\{A05CF147-BEED-4880-BF9B-4EAF22C77FFD}) (Version: 2.2 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
MotioninJoy Gamepad tool 0.7.1001 (HKLM\...\{330DAC67-5B62-452A-A0E4-6B4A5923940F}_is1) (Version: 0.7.1001 - www.motioninjoy.com)
Mozilla Firefox 37.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 37.0.1 (x86 de)) (Version: 37.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 33.1 - Mozilla)
Mozilla Thunderbird 12.0.1 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 12.0.1 (x86 de)) (Version: 12.0.1 - Mozilla)
Mp3tag v2.66 (HKLM-x32\...\Mp3tag) (Version: v2.66 - Florian Heidenreich)
MSVC80_x64_v2 (Version: 1.0.3.0 - Nokia) Hidden
MSVC80_x86_v2 (x32 Version: 1.0.3.0 - Nokia) Hidden
MSVC90_x64 (Version: 1.0.1.2 - Nokia) Hidden
MSVC90_x86 (x32 Version: 1.0.1.2 - Nokia) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MusicBrainz Picard (HKLM-x32\...\MusicBrainz Picard) (Version: 1.3 - MusicBrainz)
Nokia Connectivity Cable Driver (HKLM-x32\...\{29373274-977E-413C-A4DE-DC0F8E80C429}) (Version: 7.1.172.0 - Nokia)
Nokia Suite (HKLM-x32\...\Nokia Suite) (Version: 3.8.30.0 - Nokia)
Nokia Suite (x32 Version: 3.8.30.0 - Nokia) Hidden
NVIDIA 3D Vision Controller-Treiber 347.09 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 347.09 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 347.09 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 347.09 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.1.5 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.5 - NVIDIA Corporation)
NVIDIA Grafiktreiber 347.09 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 347.09 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.33.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.33.0 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation)
PC Connectivity Solution (HKLM-x32\...\{6D01D1B1-17BD-4F10-BB11-F08F0C47D42B}) (Version: 12.0.109.0 - Nokia)
PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 2.1.0 - pdfforge)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
PictureRelate (HKLM-x32\...\picture-relate@walthelm.net) (Version: 2.6.4 D - Axel Walthelm)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.53.216.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6782 - Realtek Semiconductor Corp.)
Roadkil's Unstoppable Copier Version 5.2 (HKLM-x32\...\{A306FD29-7D3A-4287-91AC-9A0180931395}_is1) (Version:  - Roadkil.Net)
Scribus 1.4.4 (64bit) (HKLM\...\Scribus 1.4.4) (Version: 1.4.4 - The Scribus Team)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{A3364707-2F53-4C83-8F68-C9877A9080C7}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (Version:  - Microsoft) Hidden
SHIELD Streaming (Version: 3.1.3000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 16.18.9 - NVIDIA Corporation) Hidden
SketchUp 2015 (HKLM\...\{A83795B9-570F-40FF-ACB4-710B568EBA22}) (Version: 15.3.331 - Trimble Navigation Limited)
Skype™ 6.22 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.22.106 - Skype Technologies S.A.)
SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version:  - )
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1170 - SUPERAntiSpyware.com)
TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.39052 - TeamViewer)
TeraCopy 2.3 (HKLM\...\TeraCopy_is1) (Version:  - Code Sector)
The Elder Scrolls V: Skyrim (HKLM-x32\...\Steam App 72850) (Version:  - Bethesda Game Studios)
TimeComX Basic (64-Bit) (HKLM-x32\...\TimeComX Basic 64-Bit) (Version: 1.3.2.7 - Bitdreamers)
TreeSize Free V3.2.1 (HKLM-x32\...\TreeSize Free_is1) (Version: 3.2.1 - JAM Software)
VC_CRT_x64 (Version: 1.02.0000 - Intel Corporation) Hidden
Visual Studio Tools for the Office system 3.0 Runtime (HKLM-x32\...\Visual Studio Tools for the Office system 3.0 Runtime) (Version:  - Microsoft Corporation)
Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258) (HKLM-x32\...\{8FB53850-246A-3507-8ADE-0060093FFEA6}.KB949258) (Version: 1 - Microsoft Corporation)
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Windows 7 USB/DVD Download Tool (HKLM-x32\...\{CCF298AF-9CE1-4B26-B251-486E98A34789}) (Version: 1.0.30 - Microsoft Corporation)
Windows-Treiberpaket - Nokia pccsmcfd LegacyDriver  (05/31/2012 7.1.2.0) (HKLM\...\62BBD193ADFDBB228C7E1ADB56463F5732FF7F6F) (Version: 05/31/2012 7.1.2.0 - Nokia)
WinRAR 5.20 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.20.0 - win.rar GmbH)
Word 2007 Redaction Tool (HKU\S-1-5-21-2859920938-3614251155-1635578748-1004\...\230EB0AF5FD37AA011F7EEE82934CD37B54C1592) (Version: 1.2.0.1 - Word 2007 Redaction Tool)
XBMC (HKU\S-1-5-21-2859920938-3614251155-1635578748-1004\...\XBMC) (Version:  - Team XBMC)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-2859920938-3614251155-1635578748-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\crocuz\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2859920938-3614251155-1635578748-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\crocuz\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2859920938-3614251155-1635578748-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\crocuz\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2859920938-3614251155-1635578748-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\crocuz\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2859920938-3614251155-1635578748-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\crocuz\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2859920938-3614251155-1635578748-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\crocuz\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2859920938-3614251155-1635578748-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\crocuz\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2859920938-3614251155-1635578748-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\crocuz\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2859920938-3614251155-1635578748-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\crocuz\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2859920938-3614251155-1635578748-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\crocuz\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2859920938-3614251155-1635578748-1004_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\crocuz\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2859920938-3614251155-1635578748-1004_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\crocuz\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2859920938-3614251155-1635578748-1004_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\crocuz\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2859920938-3614251155-1635578748-1004_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\crocuz\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2859920938-3614251155-1635578748-1004_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\crocuz\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2859920938-3614251155-1635578748-1004_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\crocuz\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2859920938-3614251155-1635578748-1004_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\crocuz\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2859920938-3614251155-1635578748-1004_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\crocuz\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2859920938-3614251155-1635578748-1004_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\crocuz\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

==================== Restore Points  =========================

ATTENTION: System Restore is disabled.

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2015-03-04 19:24 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {03653555-BF7B-4843-AADA-9E1A3BDF5DAC} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2012-12-19] (Piriform Ltd)
Task: {0D576563-BF63-4DC4-9BC2-A39CF09DE2ED} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
Task: {132B49B7-39C2-40C7-974E-0A3A57F4E056} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
Task: {3076492D-E598-4C64-B716-5984DAB5E1DC} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {4864301B-57D2-492D-B58C-EFF0EFD4F853} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-11] (Adobe Systems Incorporated)
Task: {74944953-50BD-47CD-A53A-7DC882BA16D2} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-12-21] (Google Inc.)
Task: {8E2D3576-3D38-4258-9C5D-897916277E45} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {9876AB75-6A95-4D8B-8F4D-91304EE6A5F8} - System32\Tasks\{1D9ACF15-A709-4B7B-BA61-C7EFC20FF728} => C:\Program Files (x86)\Jagged Alliance Back in Action Demo\JaggedAllianceBIADemo.exe
Task: {A1C810A1-440E-45A6-A5C5-27F09FE1D459} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-12-21] (Google Inc.)
Task: {C9189B10-2EDF-4D00-87E9-C3140E1E6C83} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
Task: {CA9339D4-A394-4DBF-ABFE-89535544C8B7} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-03-25] (Microsoft Corporation)
Task: {DBD8F716-D238-4ED1-B843-B991739A4C77} - System32\Tasks\custom_autostart Speedfan => C:\Program Files (x86)\SpeedFan\speedfan.exe [2012-09-12] (Almico Software (www.almico.com))
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) ==============

2014-12-30 01:07 - 2014-12-13 10:03 - 00117576 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2015-01-19 17:17 - 2013-10-23 16:24 - 00087600 _____ () C:\Windows\System32\cpwmon64.dll
2015-04-08 00:21 - 2015-01-20 11:45 - 00020240 _____ () C:\Windows\system32\spool\PRTPROCS\x64\TeamViewer_PrintProcessor.dll
2014-12-22 15:19 - 2012-01-20 15:55 - 00678400 _____ () C:\Program Files\TeraCopy\TeraCopyExt64.dll
2015-03-31 19:02 - 2015-03-31 19:02 - 00392592 _____ () C:\Windows\system32\igfxTray.exe
2014-08-30 18:12 - 2014-08-30 18:12 - 01269952 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\kpcengine.2.3.dll
2013-04-19 01:46 - 2013-04-19 01:46 - 08507232 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\QtGui4.dll
2013-04-19 01:46 - 2013-04-19 01:46 - 02354016 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\QtCore4.dll
2013-04-19 01:46 - 2013-04-19 01:46 - 01014624 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\QtNetwork4.dll
2013-04-19 01:46 - 2013-04-19 01:46 - 00364384 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\QtXml4.dll
2013-04-19 01:46 - 2013-04-19 01:46 - 02480992 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\QtDeclarative4.dll
2013-04-19 01:46 - 2013-04-19 01:46 - 01346912 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\QtScript4.dll
2013-04-19 01:46 - 2013-04-19 01:46 - 00206176 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\QtSql4.dll
2013-04-19 01:46 - 2013-04-19 01:46 - 02653024 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\QtXmlPatterns4.dll
2013-04-19 01:45 - 2013-04-19 01:45 - 00033120 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\imageformats\qgif4.dll
2013-04-19 01:45 - 2013-04-19 01:45 - 00035680 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\imageformats\qico4.dll
2013-04-19 01:45 - 2013-04-19 01:45 - 00207200 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\imageformats\qjpeg4.dll
2013-04-19 01:46 - 2013-04-19 01:46 - 11166560 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\QtWebKit4.dll
2013-04-19 01:46 - 2013-04-19 01:46 - 00276832 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\phonon4.dll
2013-04-15 13:26 - 2013-04-15 13:26 - 00391600 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\ssoengine.dll
2013-04-15 13:26 - 2013-04-15 13:26 - 00059280 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\securestorage.dll
2013-04-19 01:45 - 2013-04-19 01:45 - 00438624 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\NService.dll
2013-04-19 01:46 - 2013-04-19 01:46 - 00446304 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\sqldrivers\qsqlite4.dll
2013-04-19 01:46 - 2013-04-19 01:46 - 00520544 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\QtMultimediaKit1.dll
2013-04-19 01:46 - 2013-04-19 01:46 - 00720736 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\QtOpenGL4.dll
2013-04-19 01:44 - 2013-04-19 01:44 - 00606560 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\CommonUpdateChecker.dll
2013-04-19 01:46 - 2013-04-19 01:46 - 00093024 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\qjson.dll
2015-04-12 16:42 - 2015-04-12 16:42 - 00043008 _____ () c:\users\crocuz\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpjs66jg.dll
2015-03-04 23:45 - 2015-03-04 23:45 - 00750080 _____ () C:\Users\crocuz\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2015-03-04 23:45 - 2015-03-04 23:45 - 00047616 _____ () C:\Users\crocuz\AppData\Roaming\Dropbox\bin\libEGL.dll
2015-03-04 23:45 - 2015-03-04 23:45 - 00865280 _____ () C:\Users\crocuz\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll
2015-03-04 23:45 - 2015-03-04 23:45 - 00200704 _____ () C:\Users\crocuz\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll
2015-04-12 16:41 - 2015-04-12 16:41 - 00098816 _____ () C:\Users\crocuz\AppData\Local\Temp\_MEI22962\win32api.pyd
2015-04-12 16:41 - 2015-04-12 16:41 - 00110080 _____ () C:\Users\crocuz\AppData\Local\Temp\_MEI22962\pywintypes27.dll
2015-04-12 16:41 - 2015-04-12 16:41 - 00364544 _____ () C:\Users\crocuz\AppData\Local\Temp\_MEI22962\pythoncom27.dll
2015-04-12 16:41 - 2015-04-12 16:41 - 00045568 _____ () C:\Users\crocuz\AppData\Local\Temp\_MEI22962\_socket.pyd
2015-04-12 16:41 - 2015-04-12 16:41 - 01161216 _____ () C:\Users\crocuz\AppData\Local\Temp\_MEI22962\_ssl.pyd
2015-04-12 16:41 - 2015-04-12 16:41 - 00320512 _____ () C:\Users\crocuz\AppData\Local\Temp\_MEI22962\win32com.shell.shell.pyd
2015-04-12 16:41 - 2015-04-12 16:41 - 00713216 _____ () C:\Users\crocuz\AppData\Local\Temp\_MEI22962\_hashlib.pyd
2015-04-12 16:41 - 2015-04-12 16:41 - 01175040 _____ () C:\Users\crocuz\AppData\Local\Temp\_MEI22962\wx._core_.pyd
2015-04-12 16:41 - 2015-04-12 16:41 - 00805888 _____ () C:\Users\crocuz\AppData\Local\Temp\_MEI22962\wx._gdi_.pyd
2015-04-12 16:41 - 2015-04-12 16:41 - 00811008 _____ () C:\Users\crocuz\AppData\Local\Temp\_MEI22962\wx._windows_.pyd
2015-04-12 16:41 - 2015-04-12 16:41 - 01062400 _____ () C:\Users\crocuz\AppData\Local\Temp\_MEI22962\wx._controls_.pyd
2015-04-12 16:41 - 2015-04-12 16:41 - 00735232 _____ () C:\Users\crocuz\AppData\Local\Temp\_MEI22962\wx._misc_.pyd
2015-04-12 16:41 - 2015-04-12 16:41 - 00682496 _____ () C:\Users\crocuz\AppData\Local\Temp\_MEI22962\pysqlite2._sqlite.pyd
2015-04-12 16:41 - 2015-04-12 16:41 - 00128512 _____ () C:\Users\crocuz\AppData\Local\Temp\_MEI22962\_elementtree.pyd
2015-04-12 16:41 - 2015-04-12 16:41 - 00127488 _____ () C:\Users\crocuz\AppData\Local\Temp\_MEI22962\pyexpat.pyd
2015-04-12 16:41 - 2015-04-12 16:41 - 00087552 _____ () C:\Users\crocuz\AppData\Local\Temp\_MEI22962\_ctypes.pyd
2015-04-12 16:41 - 2015-04-12 16:41 - 00119808 _____ () C:\Users\crocuz\AppData\Local\Temp\_MEI22962\win32file.pyd
2015-04-12 16:41 - 2015-04-12 16:41 - 00108544 _____ () C:\Users\crocuz\AppData\Local\Temp\_MEI22962\win32security.pyd
2015-04-12 16:41 - 2015-04-12 16:41 - 00007168 _____ () C:\Users\crocuz\AppData\Local\Temp\_MEI22962\hashobjs_ext.pyd
2015-04-12 16:41 - 2015-04-12 16:41 - 00167936 _____ () C:\Users\crocuz\AppData\Local\Temp\_MEI22962\win32gui.pyd
2015-04-12 16:41 - 2015-04-12 16:41 - 00018432 _____ () C:\Users\crocuz\AppData\Local\Temp\_MEI22962\win32event.pyd
2015-04-12 16:41 - 2015-04-12 16:41 - 00038912 _____ () C:\Users\crocuz\AppData\Local\Temp\_MEI22962\win32inet.pyd
2015-04-12 16:41 - 2015-04-12 16:41 - 00011264 _____ () C:\Users\crocuz\AppData\Local\Temp\_MEI22962\win32crypt.pyd
2015-04-12 16:41 - 2015-04-12 16:41 - 00070656 _____ () C:\Users\crocuz\AppData\Local\Temp\_MEI22962\wx._html2.pyd
2015-04-12 16:41 - 2015-04-12 16:41 - 00027136 _____ () C:\Users\crocuz\AppData\Local\Temp\_MEI22962\_multiprocessing.pyd
2015-04-12 16:41 - 2015-04-12 16:41 - 00020480 _____ () C:\Users\crocuz\AppData\Local\Temp\_MEI22962\_yappi.pyd
2015-04-12 16:41 - 2015-04-12 16:41 - 00035840 _____ () C:\Users\crocuz\AppData\Local\Temp\_MEI22962\win32process.pyd
2015-04-12 16:41 - 2015-04-12 16:41 - 00686080 _____ () C:\Users\crocuz\AppData\Local\Temp\_MEI22962\unicodedata.pyd
2015-04-12 16:41 - 2015-04-12 16:41 - 00122368 _____ () C:\Users\crocuz\AppData\Local\Temp\_MEI22962\wx._wizard.pyd
2015-04-12 16:41 - 2015-04-12 16:41 - 00024064 _____ () C:\Users\crocuz\AppData\Local\Temp\_MEI22962\win32pipe.pyd
2015-04-12 16:41 - 2015-04-12 16:41 - 00010240 _____ () C:\Users\crocuz\AppData\Local\Temp\_MEI22962\select.pyd
2015-04-12 16:41 - 2015-04-12 16:41 - 00025600 _____ () C:\Users\crocuz\AppData\Local\Temp\_MEI22962\win32pdh.pyd
2015-04-12 16:41 - 2015-04-12 16:41 - 00525640 _____ () C:\Users\crocuz\AppData\Local\Temp\_MEI22962\windows._lib_cacheinvalidation.pyd
2015-04-12 16:41 - 2015-04-12 16:41 - 00017408 _____ () C:\Users\crocuz\AppData\Local\Temp\_MEI22962\win32profile.pyd
2015-04-12 16:41 - 2015-04-12 16:41 - 00022528 _____ () C:\Users\crocuz\AppData\Local\Temp\_MEI22962\win32ts.pyd
2015-04-12 16:41 - 2015-04-12 16:41 - 00078336 _____ () C:\Users\crocuz\AppData\Local\Temp\_MEI22962\wx._animate.pyd
2015-01-07 23:11 - 2015-01-07 23:11 - 01952728 _____ () C:\Program Files (x86)\Mozilla Thunderbird\mozjs.dll
2013-01-22 04:16 - 2015-01-07 23:11 - 00162776 _____ () C:\Program Files (x86)\Mozilla Thunderbird\NSLDAP32V60.dll
2013-01-22 04:16 - 2015-01-07 23:11 - 00021976 _____ () C:\Program Files (x86)\Mozilla Thunderbird\NSLDAPPR32V60.dll
2013-09-05 01:14 - 2013-09-05 01:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2015-04-07 08:53 - 2015-04-12 18:46 - 00158720 _____ () C:\Users\admin\AppData\Local\Temp\sfareca00001.dll
2015-03-04 19:30 - 2015-04-12 18:46 - 00192512 _____ () C:\Users\admin\AppData\Local\Temp\sfamcc00001.dll
2014-03-24 07:35 - 2014-03-24 07:35 - 01020928 _____ () C:\Users\crocuz\AppData\Roaming\Mozilla\Firefox\Profiles\a5frw0pj.default\extensions\support@lastpass.com\platform\WINNT_x86-msvc\components\lpxpcom.dll
2014-08-30 18:12 - 2014-12-06 19:24 - 00332584 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\online_banking@kaspersky.com\nponlinebanking.dll
2014-08-30 18:12 - 2014-12-06 19:24 - 00459048 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\content_blocker@kaspersky.com\npcontentblocker.dll
2014-08-30 18:12 - 2014-12-06 19:24 - 00587048 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\virtual_keyboard@kaspersky.com\npvkplugin.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxldtlfudivq`qsp`26hfm

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\76396234.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\76396234.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2859920938-3614251155-1635578748-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\crocuz\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-2859920938-3614251155-1635578748-1004\Control Panel\Desktop\\Wallpaper -> 
DNS Servers: 192.168.1.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^Users^admin^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\Windows\pss\Dropbox.lnk.Startup
MSCONFIG\startupreg: CmPCIaudio => C:\Windows\syswow64\RunDll32.exe C:\Windows\Syswow64\CMICNFG3.dll,CMICtrlWnd
MSCONFIG\startupreg: DAEMON Tools Lite => "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
MSCONFIG\startupreg: DVDFab Passkey => "C:\Program Files (x86)\DVDFab Passkey\DVDFabPasskey.exe"
MSCONFIG\startupreg: JMB36X IDE Setup => C:\Windows\RaidTool\xInsIDE.exe
MSCONFIG\startupreg: Logitech Download Assistant => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
MSCONFIG\startupreg: NvBackend => "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
MSCONFIG\startupreg: ShadowPlay => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart

==================== Accounts: =============================

admin (S-1-5-21-2859920938-3614251155-1635578748-1004 - Administrator - Enabled) => C:\Users\admin
Administrator (S-1-5-21-2859920938-3614251155-1635578748-500 - Administrator - Enabled) => C:\Users\Administrator.crocuz-PC
ASPNET (S-1-5-21-2859920938-3614251155-1635578748-1006 - Limited - Enabled)
crocuz (S-1-5-21-2859920938-3614251155-1635578748-1000 - Limited - Enabled) => C:\Users\crocuz
Gast (S-1-5-21-2859920938-3614251155-1635578748-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2859920938-3614251155-1635578748-1002 - Limited - Enabled)
testuser (S-1-5-21-2859920938-3614251155-1635578748-1009 - Limited - Enabled) => C:\Users\testuser

==================== Faulty Device Manager Devices =============

Name: SM-Bus-Controller
Description: SM-Bus-Controller
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: USB (Universal Serial Bus)-Controller
Description: USB (Universal Serial Bus)-Controller
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (04/12/2015 04:42:26 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/11/2015 01:08:01 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/10/2015 04:36:05 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/10/2015 04:27:04 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/09/2015 00:53:36 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm EXCEL.EXE, Version 14.0.7145.5001 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 1ac0

Startzeit: 01d0721a0d716b27

Endzeit: 0

Anwendungspfad: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

Berichts-ID: 9d303dbb-dea6-11e4-a87a-d05099407714

Error: (04/08/2015 06:32:25 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/08/2015 06:05:25 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/08/2015 02:28:26 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/07/2015 10:28:32 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: nvstreamsvc.exe, Version: 3.1.3000.0, Zeitstempel: 0x548b73d2
Name des fehlerhaften Moduls: nvstreamsvc.exe, Version: 3.1.3000.0, Zeitstempel: 0x548b73d2
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000000000049f4f9
ID des fehlerhaften Prozesses: 0x6bc
Startzeit der fehlerhaften Anwendung: 0xnvstreamsvc.exe0
Pfad der fehlerhaften Anwendung: nvstreamsvc.exe1
Pfad des fehlerhaften Moduls: nvstreamsvc.exe2
Berichtskennung: nvstreamsvc.exe3

Error: (04/07/2015 04:01:04 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (04/10/2015 04:38:55 PM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk3\DR5 gefunden.

Error: (04/10/2015 04:38:55 PM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk3\DR5 gefunden.

Error: (04/10/2015 04:38:55 PM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk3\DR5 gefunden.

Error: (04/10/2015 04:38:55 PM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk3\DR5 gefunden.

Error: (04/10/2015 04:38:55 PM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk3\DR5 gefunden.

Error: (04/10/2015 04:38:55 PM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk3\DR5 gefunden.

Error: (04/10/2015 04:38:55 PM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk3\DR5 gefunden.

Error: (04/10/2015 04:38:55 PM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk3\DR5 gefunden.

Error: (04/10/2015 04:38:55 PM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk3\DR5 gefunden.

Error: (04/10/2015 04:38:55 PM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk3\DR5 gefunden.


Microsoft Office Sessions:
=========================
Error: (04/12/2015 04:42:26 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/11/2015 01:08:01 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/10/2015 04:36:05 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/10/2015 04:27:04 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/09/2015 00:53:36 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: EXCEL.EXE14.0.7145.50011ac001d0721a0d716b270C:\Program Files\Microsoft Office\Office14\EXCEL.EXE9d303dbb-dea6-11e4-a87a-d05099407714

Error: (04/08/2015 06:32:25 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/08/2015 06:05:25 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/08/2015 02:28:26 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/07/2015 10:28:32 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: nvstreamsvc.exe3.1.3000.0548b73d2nvstreamsvc.exe3.1.3000.0548b73d2c0000005000000000049f4f96bc01d0714a4ba682daC:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exeC:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exea834623d-dd64-11e4-a265-d05099407714

Error: (04/07/2015 04:01:04 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


CodeIntegrity Errors:
===================================
  Date: 2015-03-04 18:07:51.477
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2015-03-04 18:07:51.446
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2015-03-04 18:07:51.415
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2015-03-04 18:07:51.384
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2015-03-04 17:35:44.701
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2015-03-04 17:35:44.664
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2015-02-13 13:30:24.186
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-02-13 13:30:24.121
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-12-30 19:15:12.516
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-12-30 19:15:12.504
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i5-4460 CPU @ 3.20GHz
Percentage of memory in use: 33%
Total physical RAM: 7842.27 MB
Available physical RAM: 5181.17 MB
Total Pagefile: 8864.45 MB
Available Pagefile: 5849.07 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: (Win7x64_Work) (Fixed) (Total:78.12 GB) (Free:8.46 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive g: (Win7Pro) (Fixed) (Total:58.63 GB) (Free:58.54 GB) NTFS
Drive x: (media_stuff) (Fixed) (Total:931.51 GB) (Free:126.35 GB) NTFS
Drive z: (personals) (Fixed) (Total:292.97 GB) (Free:70.86 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 111.8 GB) (Disk ID: 8E208F46)
Partition 1: (Active) - (Size=58.6 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 000F33C7)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 000F02ED)
Partition 1: (Not Active) - (Size=78.1 GB) - (Type=07 NTFS)
Partition 2: (Active) - (Size=78.2 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=53.5 GB) - (Type=05)
Partition 4: (Not Active) - (Size=293 GB) - (Type=07 NTFS)

==================== End Of Log ============================
und das defogger.log:
Code:
ATTFilter
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 18:51 on 12/04/2015 (admin)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-
Danke nochmals für die Hilfe im Voraus.

Beste Grüsse
Karl

Alt 13.04.2015, 08:58   #7
schrauber
/// the machine
/// TB-Ausbilder
 
Windows 7 - Evtl. Highjacking/ Trojaner-Infektion nach unvorsichtigem Download - Standard

Windows 7 - Evtl. Highjacking/ Trojaner-Infektion nach unvorsichtigem Download


hi,

Downloade dir bitte Malwarebytes Anti-Rootkit Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
  • Starte bitte die mbar.exe.
  • Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
  • Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
  • Klicke auf den CleanUp Button und erlaube den Neustart.
  • Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
  • Nach dem Neustart starte die mbar.exe erneut.
  • Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.
Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers

Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 13.04.2015, 13:27   #8
muy_raro
 
Windows 7 - Evtl. Highjacking/ Trojaner-Infektion nach unvorsichtigem Download - Standard

Windows 7 - Evtl. Highjacking/ Trojaner-Infektion nach unvorsichtigem Download


hoi schrauber

merci, dass du weiter dranbleibst. Hier ist schonmal das Logfile von TDSSKiller:
Code:
ATTFilter
14:09:04.0037 0x18b0  TDSS rootkit removing tool 3.0.0.44 Jan 22 2015 08:27:04
14:09:07.0030 0x18b0  ============================================================
14:09:07.0030 0x18b0  Current date / time: 2015/04/13 14:09:07.0030
14:09:07.0030 0x18b0  SystemInfo:
14:09:07.0030 0x18b0  
14:09:07.0030 0x18b0  OS Version: 6.1.7601 ServicePack: 1.0
14:09:07.0030 0x18b0  Product type: Workstation
14:09:07.0030 0x18b0  ComputerName: CROCUZ-PC
14:09:07.0031 0x18b0  UserName: admin
14:09:07.0031 0x18b0  Windows directory: C:\Windows
14:09:07.0031 0x18b0  System windows directory: C:\Windows
14:09:07.0031 0x18b0  Running under WOW64
14:09:07.0031 0x18b0  Processor architecture: Intel x64
14:09:07.0031 0x18b0  Number of processors: 4
14:09:07.0031 0x18b0  Page size: 0x1000
14:09:07.0031 0x18b0  Boot type: Normal boot
14:09:07.0031 0x18b0  ============================================================
14:09:12.0518 0x18b0  KLMD registered as C:\Windows\system32\drivers\33262814.sys
14:09:12.0914 0x18b0  System UUID: {D469C4C2-ED93-F748-E9BD-BA2F44EC04CF}
14:09:13.0392 0x18b0  Drive \Device\Harddisk2\DR2 - Size: 0xE8E0DB6000 ( 931.51 Gb ), SectorSize: 0x200, Cylinders: 0x700FC, SectorsPerTrack: 0x13, TracksPerCylinder: 0xE0, Type 'K0', Flags 0x00000040
14:09:13.0395 0x18b0  Drive \Device\Harddisk0\DR0 - Size: 0x1BF2976000 ( 111.79 Gb ), SectorSize: 0x200, Cylinders: 0x3901, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
14:09:13.0395 0x18b0  Drive \Device\Harddisk1\DR1 - Size: 0xE8E0DB6000 ( 931.51 Gb ), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
14:09:13.0620 0x18b0  ============================================================
14:09:13.0620 0x18b0  \Device\Harddisk2\DR2:
14:09:13.0625 0x18b0  MBR partitions:
14:09:13.0625 0x18b0  \Device\Harddisk2\DR2\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x9C40000
14:09:13.0625 0x18b0  \Device\Harddisk2\DR2\Partition2: MBR, Type 0x7, StartLBA 0x9C40800, BlocksNum 0x9C71000
14:09:13.0645 0x18b0  \Device\Harddisk2\DR2\Partition3: MBR, Type 0x7, StartLBA 0x4FD17000, BlocksNum 0x249EF000
14:09:13.0645 0x18b0  \Device\Harddisk0\DR0:
14:09:13.0647 0x18b0  MBR partitions:
14:09:13.0647 0x18b0  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x7544000
14:09:13.0647 0x18b0  \Device\Harddisk1\DR1:
14:09:13.0647 0x18b0  MBR partitions:
14:09:13.0647 0x18b0  \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x74706000
14:09:13.0647 0x18b0  ============================================================
14:09:13.0772 0x18b0  C: <-> \Device\Harddisk2\DR2\Partition1
14:09:13.0775 0x18b0  G: <-> \Device\Harddisk0\DR0\Partition1
14:09:13.0926 0x18b0  Z: <-> \Device\Harddisk2\DR2\Partition3
14:09:13.0937 0x18b0  X: <-> \Device\Harddisk1\DR1\Partition1
14:09:13.0937 0x18b0  ============================================================
14:09:13.0937 0x18b0  Initialize success
14:09:13.0937 0x18b0  ============================================================
14:09:49.0739 0x14d4  ============================================================
14:09:49.0739 0x14d4  Scan started
14:09:49.0739 0x14d4  Mode: Manual; SigCheck; TDLFS; 
14:09:49.0739 0x14d4  ============================================================
14:09:49.0739 0x14d4  KSN ping started
14:10:01.0497 0x14d4  KSN ping finished: true
14:10:02.0698 0x14d4  ================ Scan system memory ========================
14:10:02.0698 0x14d4  System memory - ok
14:10:02.0699 0x14d4  ================ Scan services =============================
14:10:02.0805 0x14d4  [ 970C70F6B2953ED43822D3797855D84C, CB22723678B514277BC6E6DDDD206F3B2377CD889C9D473A47A7056BE597BC6B ] !SASCORE        C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
14:10:02.0846 0x14d4  !SASCORE - ok
14:10:03.0023 0x14d4  [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
14:10:03.0057 0x14d4  1394ohci - ok
14:10:03.0134 0x14d4  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
14:10:03.0177 0x14d4  ACPI - ok
14:10:03.0205 0x14d4  [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
14:10:03.0268 0x14d4  AcpiPmi - ok
14:10:03.0502 0x14d4  [ FC5B75CA6A1DA31EDD4F8D53F5540B98, CDC445F2790ADFC4C5568C40D4DA8BB95CD71991665B38AEC3D84571C99C3520 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
14:10:03.0514 0x14d4  AdobeARMservice - ok
14:10:03.0668 0x14d4  [ 080255CDCB878813B481B8C348D47D8E, 75808821FBC732D0504795B8F85852E4C01D3B412989A1E597E1295CFF7B7A45 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
14:10:03.0683 0x14d4  AdobeFlashPlayerUpdateSvc - ok
14:10:03.0738 0x14d4  [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
14:10:03.0759 0x14d4  adp94xx - ok
14:10:03.0778 0x14d4  [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci         C:\Windows\system32\drivers\adpahci.sys
14:10:03.0789 0x14d4  adpahci - ok
14:10:03.0822 0x14d4  [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
14:10:03.0832 0x14d4  adpu320 - ok
14:10:03.0855 0x14d4  [ 4B78B431F225FD8624C5655CB1DE7B61, 198A5AF2125C7C41F531A652D200C083A55A97DC541E3C0B5B253C7329949156 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
14:10:04.0271 0x14d4  AeLookupSvc - ok
14:10:04.0364 0x14d4  [ FA886682CFC5D36718D3E436AACF10B9, F80AB4F91AA6B5C7ECCB000D8E1BC2CF776DC3D69B3D9EBC2558C19035A6B3AB ] AFD             C:\Windows\system32\drivers\afd.sys
14:10:04.0418 0x14d4  AFD - ok
14:10:04.0466 0x14d4  [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440          C:\Windows\system32\drivers\agp440.sys
14:10:04.0473 0x14d4  agp440 - ok
14:10:04.0485 0x14d4  [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG             C:\Windows\System32\alg.exe
14:10:04.0512 0x14d4  ALG - ok
14:10:04.0524 0x14d4  [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide          C:\Windows\system32\drivers\aliide.sys
14:10:04.0530 0x14d4  aliide - ok
14:10:04.0550 0x14d4  [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide          C:\Windows\system32\drivers\amdide.sys
14:10:04.0582 0x14d4  amdide - ok
14:10:04.0645 0x14d4  [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
14:10:04.0676 0x14d4  AmdK8 - ok
14:10:04.0698 0x14d4  [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM          C:\Windows\system32\drivers\amdppm.sys
14:10:04.0727 0x14d4  AmdPPM - ok
14:10:04.0749 0x14d4  [ D4121AE6D0C0E7E13AA221AA57EF2D49, 626F43C099BD197BE56648C367B711143C2BCCE96496BBDEF19F391D52FA01D0 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
14:10:04.0763 0x14d4  amdsata - ok
14:10:04.0777 0x14d4  [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys
14:10:04.0789 0x14d4  amdsbs - ok
14:10:04.0805 0x14d4  [ 540DAF1CEA6094886D72126FD7C33048, 296578572A93F5B74E1AD443E000B79DC99D1CBD25082E02704800F886A3065F ] amdxata         C:\Windows\system32\drivers\amdxata.sys
14:10:04.0812 0x14d4  amdxata - ok
14:10:04.0869 0x14d4  [ 90C53BD47979FB8814F465A08B885102, 5EDFC1909FC1FF9133A534DFCC5408CF3A777AC41FB21FAD375436E3D86C02EC ] AppID           C:\Windows\system32\drivers\appid.sys
14:10:04.0961 0x14d4  AppID - ok
14:10:04.0974 0x14d4  [ 72D4757510FDA69D729169C00AFC211E, FB9686D0D94EE7C19A3994C29E8331A6EC3020B2980B2CC75F72F3AB25512C15 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
14:10:04.0986 0x14d4  AppIDSvc - ok
14:10:05.0036 0x14d4  [ 9D2A2369AB4B08A4905FE72DB104498F, D6FA1705018BABABFA2362E05691A0D6408D14DE7B76129B16D0A1DAD6378E58 ] Appinfo         C:\Windows\System32\appinfo.dll
14:10:05.0108 0x14d4  Appinfo - ok
14:10:05.0155 0x14d4  [ 4ABA3E75A76195A3E38ED2766C962899, E2001ACD44DA270B8289DA362D26416676301773AB22616C211F31CF2E7869AA ] AppMgmt         C:\Windows\System32\appmgmts.dll
14:10:05.0192 0x14d4  AppMgmt - ok
14:10:05.0217 0x14d4  [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc             C:\Windows\system32\drivers\arc.sys
14:10:05.0230 0x14d4  arc - ok
14:10:05.0247 0x14d4  [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas          C:\Windows\system32\drivers\arcsas.sys
14:10:05.0260 0x14d4  arcsas - ok
14:10:05.0583 0x14d4  [ F15AB80B867D3332D5DDFB0A05B9CE04, 5A16577106246AB5DCC04FE0A0B00B7C5702557B75F958721E4C00383AB99809 ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
14:10:05.0687 0x14d4  aspnet_state - ok
14:10:05.0711 0x14d4  [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
14:10:05.0759 0x14d4  AsyncMac - ok
14:10:05.0785 0x14d4  [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi           C:\Windows\system32\drivers\atapi.sys
14:10:05.0794 0x14d4  atapi - ok
14:10:05.0864 0x14d4  [ 6968D02DC38757C3FBE7ED7C2F9670AA, C8B3115DDB32EFBE8C56C5AA78EEA05BBB77DF3F75CC2A04532EB32327E4735A ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
14:10:05.0903 0x14d4  AudioEndpointBuilder - ok
14:10:05.0931 0x14d4  [ 6968D02DC38757C3FBE7ED7C2F9670AA, C8B3115DDB32EFBE8C56C5AA78EEA05BBB77DF3F75CC2A04532EB32327E4735A ] AudioSrv        C:\Windows\System32\Audiosrv.dll
14:10:05.0958 0x14d4  AudioSrv - ok
14:10:06.0215 0x14d4  [ AB1AF0BA03DCB6A879BC22F472EACEEA, A75B73D0B1FE885F6DC2C7A0B755A6E12F9DC54CE702A1FFC3F283196793627A ] AVP15.0.1       C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\avp.exe
14:10:06.0230 0x14d4  AVP15.0.1 - ok
14:10:06.0297 0x14d4  [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV        C:\Windows\System32\AxInstSV.dll
14:10:06.0349 0x14d4  AxInstSV - ok
14:10:06.0394 0x14d4  [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv         C:\Windows\system32\drivers\bxvbda.sys
14:10:06.0432 0x14d4  b06bdrv - ok
14:10:06.0496 0x14d4  [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
14:10:06.0535 0x14d4  b57nd60a - ok
14:10:06.0616 0x14d4  [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC          C:\Windows\System32\bdesvc.dll
14:10:06.0647 0x14d4  BDESVC - ok
14:10:06.0691 0x14d4  [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep            C:\Windows\system32\drivers\Beep.sys
14:10:06.0768 0x14d4  Beep - ok
14:10:06.0830 0x14d4  [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE             C:\Windows\System32\bfe.dll
14:10:06.0885 0x14d4  BFE - ok
14:10:06.0991 0x14d4  [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS            C:\Windows\system32\qmgr.dll
14:10:07.0030 0x14d4  BITS - ok
14:10:07.0052 0x14d4  [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
14:10:07.0076 0x14d4  blbdrive - ok
14:10:07.0144 0x14d4  [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
14:10:07.0194 0x14d4  bowser - ok
14:10:07.0211 0x14d4  [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo        C:\Windows\system32\drivers\BrFiltLo.sys
14:10:07.0245 0x14d4  BrFiltLo - ok
14:10:07.0264 0x14d4  [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp        C:\Windows\system32\drivers\BrFiltUp.sys
14:10:07.0287 0x14d4  BrFiltUp - ok
14:10:07.0372 0x14d4  [ 5C2F352A4E961D72518261257AAE204B, 9EE1001E1D46A414A7A86FE1DBBE232203E26F54D9EF43ED31ED8EACD4D09853 ] BridgeMP        C:\Windows\system32\DRIVERS\bridge.sys
14:10:07.0419 0x14d4  BridgeMP - ok
14:10:07.0503 0x14d4  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser         C:\Windows\System32\browser.dll
14:10:07.0527 0x14d4  Browser - ok
14:10:07.0556 0x14d4  [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
14:10:07.0582 0x14d4  Brserid - ok
14:10:07.0609 0x14d4  [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
14:10:07.0639 0x14d4  BrSerWdm - ok
14:10:07.0664 0x14d4  [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
14:10:07.0691 0x14d4  BrUsbMdm - ok
14:10:07.0713 0x14d4  [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
14:10:07.0748 0x14d4  BrUsbSer - ok
14:10:07.0762 0x14d4  [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
14:10:07.0798 0x14d4  BTHMODEM - ok
14:10:07.0865 0x14d4  [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv         C:\Windows\system32\bthserv.dll
14:10:07.0949 0x14d4  bthserv - ok
14:10:08.0198 0x14d4  catchme - ok
14:10:08.0216 0x14d4  [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
14:10:08.0246 0x14d4  cdfs - ok
14:10:08.0282 0x14d4  [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
14:10:08.0307 0x14d4  cdrom - ok
14:10:08.0335 0x14d4  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc     C:\Windows\System32\certprop.dll
14:10:08.0357 0x14d4  CertPropSvc - ok
14:10:08.0387 0x14d4  [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass        C:\Windows\system32\drivers\circlass.sys
14:10:08.0412 0x14d4  circlass - ok
14:10:08.0452 0x14d4  [ FE1EC06F2253F691FE36217C592A0206, B9F122DB5E665ECDF29A5CB8BB6B531236F31A54A95769D6C5C1924C87FE70CE ] CLFS            C:\Windows\system32\CLFS.sys
14:10:08.0463 0x14d4  CLFS - ok
14:10:08.0614 0x14d4  [ F13EC8A783E0CB0D6DC26A3CA848B7B8, 0809E3B71709F1343086EEB6C820543C1A7119E74EEF8AC1AEE1F81093ABEC66 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
14:10:08.0636 0x14d4  clr_optimization_v2.0.50727_32 - ok
14:10:08.0743 0x14d4  [ B4D73F04E9BC076F7CDAC4327DF636BB, 1ADED20D5A0D0A76E2F85CB778FD06BAB814868D35F8532E17D67045FF4770C2 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
14:10:08.0758 0x14d4  clr_optimization_v2.0.50727_64 - ok
14:10:08.0908 0x14d4  [ F5AB4D2E36625F355E81539239765107, 48E6AD65EEFD6C54F938F5753EF58377CDA77ADBB41CD8635F0040D61EFB92A4 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
14:10:09.0196 0x14d4  clr_optimization_v4.0.30319_32 - ok
14:10:09.0214 0x14d4  [ 9ACBE5EC13C2CC95833BFB7636CA8B1A, 6224DA9FB335D2A8374C60B8DEA539DD3A0E43230DB888B137B71A56EC57D6AF ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
14:10:09.0302 0x14d4  clr_optimization_v4.0.30319_64 - ok
14:10:09.0325 0x14d4  [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt          C:\Windows\system32\drivers\CmBatt.sys
14:10:09.0354 0x14d4  CmBatt - ok
14:10:09.0385 0x14d4  [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide          C:\Windows\system32\drivers\cmdide.sys
14:10:09.0395 0x14d4  cmdide - ok
14:10:09.0595 0x14d4  [ 8F4BE02699ED644E89C7818D965B30A3, 3EC02EEC564BA4A830BF448C8741A9F919793C6F9A1A8E4E4E51D9AA9C71BA98 ] cmuda3          C:\Windows\system32\drivers\cmudax3.sys
14:10:09.0651 0x14d4  cmuda3 - ok
14:10:09.0759 0x14d4  [ AFA1BFF926592FD0C3AB97D838652EF9, C38BC4BBD4EDF779993B2FECF96C1FD55B085F3FBEB3E1AE3C892DFD369D611D ] cm_km_w         C:\Windows\system32\DRIVERS\cm_km_w.sys
14:10:09.0774 0x14d4  cm_km_w - ok
14:10:09.0880 0x14d4  [ 27667A788130A7F7A5858DE27572E6D7, 5501D80BCCB7A811ECCED3828DFD0A5D948BBED8504E9BCC4A3BFB840DD41CBC ] CNG             C:\Windows\system32\Drivers\cng.sys
14:10:09.0905 0x14d4  CNG - ok
14:10:09.0929 0x14d4  [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt        C:\Windows\system32\drivers\compbatt.sys
14:10:09.0938 0x14d4  Compbatt - ok
14:10:09.0973 0x14d4  [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus    C:\Windows\system32\DRIVERS\CompositeBus.sys
14:10:10.0014 0x14d4  CompositeBus - ok
14:10:10.0026 0x14d4  COMSysApp - ok
14:10:10.0727 0x14d4  [ 3FC4E7FA6BEC7AC2E5454BE585D7A09B, 56975748E0CB10C21F1CD9FEEE3206361221FCAA4F86A830E1BE2A9EC71DC61B ] cphs            C:\Windows\SysWow64\IntelCpHeciSvc.exe
14:10:10.0766 0x14d4  cphs - ok
14:10:10.0796 0x14d4  [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
14:10:10.0809 0x14d4  crcdisk - ok
14:10:10.0902 0x14d4  [ 1CD76A83B9E8E9A5A3519B39E28354D9, F9931743B99820FFBFB13136DFFD92F86802D543F9D8478648CDC554FB38899D ] CryptSvc        C:\Windows\system32\cryptsvc.dll
14:10:10.0947 0x14d4  CryptSvc - ok
14:10:10.0976 0x14d4  [ 54DA3DFD29ED9F1619B6F53F3CE55E49, 9177C6907A983296BF188892A894B668A09FFA058FD56B50FE12940D54B0FA5E ] CSC             C:\Windows\system32\drivers\csc.sys
14:10:10.0990 0x14d4  CSC - ok
14:10:11.0075 0x14d4  [ 3AB183AB4D2C79DCF459CD2C1266B043, 72B0187EBA9DC74E61EC5CB3DC24058DDB768843E865801894AAEAA211610C56 ] CscService      C:\Windows\System32\cscsvc.dll
14:10:11.0093 0x14d4  CscService - ok
14:10:11.0168 0x14d4  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] DcomLaunch      C:\Windows\system32\rpcss.dll
14:10:11.0224 0x14d4  DcomLaunch - ok
14:10:11.0296 0x14d4  [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc       C:\Windows\System32\defragsvc.dll
14:10:11.0373 0x14d4  defragsvc - ok
14:10:11.0411 0x14d4  [ 9BB2EF44EAA163B29C4A4587887A0FE4, 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
14:10:11.0444 0x14d4  DfsC - ok
14:10:11.0476 0x14d4  [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp            C:\Windows\system32\dhcpcore.dll
14:10:11.0530 0x14d4  Dhcp - ok
14:10:11.0554 0x14d4  [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache        C:\Windows\system32\drivers\discache.sys
14:10:11.0575 0x14d4  discache - ok
14:10:11.0623 0x14d4  [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk            C:\Windows\system32\drivers\disk.sys
14:10:11.0630 0x14d4  Disk - ok
14:10:11.0707 0x14d4  [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
14:10:11.0739 0x14d4  Dnscache - ok
14:10:11.0797 0x14d4  [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc         C:\Windows\System32\dot3svc.dll
14:10:11.0845 0x14d4  dot3svc - ok
14:10:11.0869 0x14d4  [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS             C:\Windows\system32\dps.dll
14:10:11.0905 0x14d4  DPS - ok
14:10:11.0975 0x14d4  [ 9B19F34400D24DF84C858A421C205754, 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
14:10:12.0024 0x14d4  drmkaud - ok
14:10:12.0132 0x14d4  [ 33F90B202E9DD9B7D489EB59310FDC34, 6ECF6669433E090E9CF6B1875AF18D2C06F8CDB3901D58BF89C3E2202574ABBD ] dtsoftbus01     C:\Windows\system32\DRIVERS\dtsoftbus01.sys
14:10:12.0142 0x14d4  dtsoftbus01 - ok
14:10:12.0212 0x14d4  [ EEE504899A0CC781F09CF003CA897771, 90D9500489FD12E3E6299B5BFC9A7E14E7D2A4744EC1A1158E8236D204F0DC27 ] dvdfab          C:\Windows\system32\drivers\dvdfab.sys
14:10:12.0226 0x14d4  dvdfab - ok
14:10:12.0409 0x14d4  [ 87CE5C8965E101CCCED1F4675557E868, 077D98F0F130B2FC710208BA34016EF2B2506EE2BD71740B228145E34A3046F1 ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
14:10:12.0430 0x14d4  DXGKrnl - ok
14:10:12.0574 0x14d4  [ 73F8DE25B04A66CE3BE5D09A10DE56E6, ABA5AA50D936897CC71D710BBCF9A1B1CCCAC290FCD10A710E4471C1CDDE1093 ] e1dexpress      C:\Windows\system32\DRIVERS\e1d62x64.sys
14:10:12.0587 0x14d4  e1dexpress - ok
14:10:12.0648 0x14d4  [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost         C:\Windows\System32\eapsvc.dll
14:10:12.0676 0x14d4  EapHost - ok
14:10:13.0280 0x14d4  [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv           C:\Windows\system32\drivers\evbda.sys
14:10:13.0350 0x14d4  ebdrv - ok
14:10:13.0416 0x14d4  [ B6C7729936AAF8E0697F0A7DCA82CED8, 9706E5234364488DD18527AAC82760E5ECB6EC9EBFDD4D04D2708D3C9C576FE6 ] EFS             C:\Windows\System32\lsass.exe
14:10:13.0431 0x14d4  EFS - ok
14:10:13.0606 0x14d4  [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
14:10:13.0637 0x14d4  ehRecvr - ok
14:10:13.0650 0x14d4  [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched         C:\Windows\ehome\ehsched.exe
14:10:13.0672 0x14d4  ehSched - ok
14:10:13.0793 0x14d4  [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
14:10:13.0818 0x14d4  elxstor - ok
14:10:13.0829 0x14d4  [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
14:10:13.0854 0x14d4  ErrDev - ok
14:10:13.0939 0x14d4  [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem     C:\Windows\system32\es.dll
14:10:13.0983 0x14d4  EventSystem - ok
14:10:14.0015 0x14d4  [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat           C:\Windows\system32\drivers\exfat.sys
14:10:14.0046 0x14d4  exfat - ok
14:10:14.0094 0x14d4  [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
14:10:14.0141 0x14d4  fastfat - ok
14:10:14.0249 0x14d4  [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax             C:\Windows\system32\fxssvc.exe
14:10:14.0268 0x14d4  Fax - ok
14:10:14.0290 0x14d4  [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc             C:\Windows\system32\drivers\fdc.sys
14:10:14.0314 0x14d4  fdc - ok
14:10:14.0333 0x14d4  [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost         C:\Windows\system32\fdPHost.dll
14:10:14.0361 0x14d4  fdPHost - ok
14:10:14.0375 0x14d4  [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub        C:\Windows\system32\fdrespub.dll
14:10:14.0396 0x14d4  FDResPub - ok
14:10:14.0414 0x14d4  [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
14:10:14.0421 0x14d4  FileInfo - ok
14:10:14.0457 0x14d4  [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
14:10:14.0491 0x14d4  Filetrace - ok
14:10:14.0512 0x14d4  [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk        C:\Windows\system32\drivers\flpydisk.sys
14:10:14.0532 0x14d4  flpydisk - ok
14:10:14.0601 0x14d4  [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
14:10:14.0639 0x14d4  FltMgr - ok
14:10:14.0784 0x14d4  [ C4C183E6551084039EC862DA1C945E3D, 0874A2ACDD24D64965AA9A76E9C818E216880AE4C9A2E07ED932EE404585CEE6 ] FontCache       C:\Windows\system32\FntCache.dll
14:10:14.0875 0x14d4  FontCache - ok
14:10:14.0995 0x14d4  [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
14:10:15.0005 0x14d4  FontCache3.0.0.0 - ok
14:10:15.0028 0x14d4  [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
14:10:15.0039 0x14d4  FsDepends - ok
14:10:15.0075 0x14d4  [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
14:10:15.0094 0x14d4  Fs_Rec - ok
14:10:15.0189 0x14d4  [ 8F6322049018354F45F05A2FD2D4E5E0, 73BF0FB4EBD7887E992DDEBB79E906958D6678F8D1107E8C368F5A0514D80359 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
14:10:15.0216 0x14d4  fvevol - ok
14:10:15.0267 0x14d4  [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
14:10:15.0281 0x14d4  gagp30kx - ok
14:10:15.0613 0x14d4  [ E8B0D36DC2C5B9F06A10D23F24238C72, B84F0789CB5ADEA5062B8F1E45B33A8ABF890EDE4423AB8A39FC3E1C25EFC5EB ] GfExperienceService C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
14:10:15.0669 0x14d4  GfExperienceService - ok
14:10:15.0782 0x14d4  [ 277BBC7E1AA1EE957F573A10ECA7EF3A, 2EE60B924E583E847CC24E78B401EF95C69DB777A5B74E1EC963E18D47B94D24 ] gpsvc           C:\Windows\System32\gpsvc.dll
14:10:15.0831 0x14d4  gpsvc - ok
14:10:16.0060 0x14d4  [ F172AD4E906D97ED8F071896FC6789DC, FC10B3CE3DB0D3BF84DFD28E900EB6A11EDAAE32AC50F23CB03AACC6AA496911 ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
14:10:16.0067 0x14d4  gupdate - ok
14:10:16.0072 0x14d4  [ F172AD4E906D97ED8F071896FC6789DC, FC10B3CE3DB0D3BF84DFD28E900EB6A11EDAAE32AC50F23CB03AACC6AA496911 ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
14:10:16.0078 0x14d4  gupdatem - ok
14:10:16.0216 0x14d4  [ C1B577B2169900F4CF7190C39F085794, 73E104B96A48F4C80D8C37254ECB0891D15C0D2F0C251B57C168F90D60316447 ] gusvc           C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
14:10:16.0224 0x14d4  gusvc - ok
14:10:16.0245 0x14d4  [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
14:10:16.0267 0x14d4  hcw85cir - ok
14:10:16.0367 0x14d4  [ 975761C778E33CD22498059B91E7373A, 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
14:10:16.0382 0x14d4  HdAudAddService - ok
14:10:16.0437 0x14d4  [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
14:10:16.0448 0x14d4  HDAudBus - ok
14:10:16.0462 0x14d4  [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt         C:\Windows\system32\drivers\HidBatt.sys
14:10:16.0490 0x14d4  HidBatt - ok
14:10:16.0503 0x14d4  [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth          C:\Windows\system32\drivers\hidbth.sys
14:10:16.0525 0x14d4  HidBth - ok
14:10:16.0570 0x14d4  [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr           C:\Windows\system32\drivers\hidir.sys
14:10:16.0613 0x14d4  HidIr - ok
14:10:16.0632 0x14d4  [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv         C:\Windows\System32\hidserv.dll
14:10:16.0654 0x14d4  hidserv - ok
14:10:16.0735 0x14d4  [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
14:10:16.0753 0x14d4  HidUsb - ok
14:10:16.0785 0x14d4  [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc          C:\Windows\system32\kmsvc.dll
14:10:16.0846 0x14d4  hkmsvc - ok
14:10:16.0897 0x14d4  [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
14:10:16.0937 0x14d4  HomeGroupListener - ok
14:10:16.0981 0x14d4  [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
14:10:17.0007 0x14d4  HomeGroupProvider - ok
14:10:17.0041 0x14d4  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
14:10:17.0052 0x14d4  HpSAMD - ok
14:10:17.0144 0x14d4  [ 0EA7DE1ACB728DD5A369FD742D6EEE28, 21C489412EB33A12B22290EB701C19BA57006E8702E76F730954F0784DDE9779 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
14:10:17.0176 0x14d4  HTTP - ok
14:10:17.0186 0x14d4  [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
14:10:17.0192 0x14d4  hwpolicy - ok
14:10:17.0210 0x14d4  [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
14:10:17.0219 0x14d4  i8042prt - ok
14:10:17.0318 0x14d4  [ AAAF44DB3BD0B9D1FB6969B23ECC8366, 805AA4A9464002D1AB3832E4106B2AAA1331F4281367E75956062AAE99699385 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
14:10:17.0330 0x14d4  iaStorV - ok
14:10:17.0534 0x14d4  [ C98A5B9D932430AD8EEBD3EF73756EF7, DF7E1D391A0F3345AD61154363922C27BD557DEEACE395A6A8A8A16BFD1BB9A8 ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
14:10:17.0573 0x14d4  idsvc - ok
14:10:17.0582 0x14d4  IEEtwCollectorService - ok
14:10:18.0161 0x14d4  [ 095DC17F47DA78D214949931C049D33A, 828B12F12D46DA1C85F0F872236E715CA5D9068E3F2792196D854960CC338BD0 ] igfx            C:\Windows\system32\DRIVERS\igdkmd64.sys
14:10:18.0270 0x14d4  igfx - ok
14:10:18.0370 0x14d4  [ 6F236DFAF988C07F0A9332B0CD5E15AF, DFC0A1246FB2DD3476A795F8F9D0E9FE7B48732B6C27826D81345548EDCDC541 ] igfxCUIService1.0.0.0 C:\Windows\system32\igfxCUIService.exe
14:10:18.0382 0x14d4  igfxCUIService1.0.0.0 - ok
14:10:18.0424 0x14d4  [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
14:10:18.0431 0x14d4  iirsp - ok
14:10:18.0592 0x14d4  [ 344789398EC3EE5A4E00C52B31847946, 3DA5F08E4B46F4E63456AA588D49E39A6A09A97D0509880C00F327623DB6122D ] IKEEXT          C:\Windows\System32\ikeext.dll
14:10:18.0623 0x14d4  IKEEXT - ok
14:10:18.0846 0x14d4  [ 4E2D335FF1A7773B40C2E2EBA5E7D6D1, CE9CFD246AFC763EBF3CAD126F3AB048362DC5F75D85D7667331804371D016A0 ] Installer Service C:\ProgramData\NokiaInstallerCache\ProductCache\{D5878294-C113-43c5-A24F-FC333C52015A}\{0C808377-8C23-44ED-9016-05F42E6D4900}\Installer\InstallerService.exe
14:10:18.0857 0x14d4  Installer Service - ok
14:10:19.0779 0x14d4  [ E4FD2A81EF844C01E3BA6FBED1644A23, 022419EDDA4694536FD677EB3C6BA79A0B318982F0F7644918FD828D1FF64758 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
14:10:19.0852 0x14d4  IntcAzAudAddService - ok
14:10:19.0994 0x14d4  [ CBF7341E55A8348C7AB01A9870C7D948, A5084DF3C6321788C88A9E6B5F43FE5BCFDBB579BDE3A4D5F55558C6D13035A5 ] Intel(R) PROSet Monitoring Service C:\Windows\system32\IProsetMonitor.exe
14:10:20.0003 0x14d4  Intel(R) PROSet Monitoring Service - ok
14:10:20.0033 0x14d4  [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide        C:\Windows\system32\drivers\intelide.sys
14:10:20.0039 0x14d4  intelide - ok
14:10:20.0088 0x14d4  [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
14:10:20.0121 0x14d4  intelppm - ok
14:10:20.0156 0x14d4  [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
14:10:20.0221 0x14d4  IPBusEnum - ok
14:10:20.0284 0x14d4  [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
14:10:20.0317 0x14d4  IpFilterDriver - ok
14:10:20.0408 0x14d4  [ 08C2957BB30058E663720C5606885653, E13EDF6701512E2A9977A531454932CA5023087CB50E1D2F416B8BCDD92B67BE ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
14:10:20.0470 0x14d4  iphlpsvc - ok
14:10:20.0485 0x14d4  [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
14:10:20.0493 0x14d4  IPMIDRV - ok
14:10:20.0502 0x14d4  [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
14:10:20.0533 0x14d4  IPNAT - ok
14:10:20.0563 0x14d4  [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM          C:\Windows\system32\drivers\irenum.sys
14:10:20.0589 0x14d4  IRENUM - ok
14:10:20.0637 0x14d4  [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
14:10:20.0661 0x14d4  isapnp - ok
14:10:20.0736 0x14d4  [ 96BB922A0981BC7432C8CF52B5410FE6, 236C05509B1040059B15021CBBDBDAF3B9C0F00910142BE5887B2C7561BAAFBA ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
14:10:20.0761 0x14d4  iScsiPrt - ok
14:10:20.0864 0x14d4  [ 23A70C99813D554337500396188B9A07, 38AC132EB64948CC9544293349BACC9C32D592F41FB446D57B5C519FF1CE9A11 ] JRAID           C:\Windows\system32\DRIVERS\jraid.sys
14:10:20.0878 0x14d4  JRAID - ok
14:10:20.0912 0x14d4  [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
14:10:20.0924 0x14d4  kbdclass - ok
14:10:20.0945 0x14d4  [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
14:10:20.0965 0x14d4  kbdhid - ok
14:10:21.0000 0x14d4  [ B6C7729936AAF8E0697F0A7DCA82CED8, 9706E5234364488DD18527AAC82760E5ECB6EC9EBFDD4D04D2708D3C9C576FE6 ] KeyIso          C:\Windows\system32\lsass.exe
14:10:21.0014 0x14d4  KeyIso - ok
14:10:21.0124 0x14d4  [ D93E72DCC2A99E67931BB79485563146, 7EF496A82E69A53465ED7D45E890275E44C979AD5E9C5E482E0DBE5DC9AD9AD3 ] kl1             C:\Windows\system32\DRIVERS\kl1.sys
14:10:21.0151 0x14d4  kl1 - ok
14:10:21.0178 0x14d4  [ CEF0410B784E8CEB0175103CDE52E7FA, 729A45D76D1886E5ECDF23F96925CEBB90A31EFA5A798D69D9C5A684380B6E36 ] kldisk          C:\Windows\system32\DRIVERS\kldisk.sys
14:10:21.0186 0x14d4  kldisk - ok
14:10:21.0272 0x14d4  [ 09F851161CB4B3D92CDE85B3845DCECC, C86EE26F13DB904CD0CB92BEE282188D5E56ECE071F4D6E53F9AAB6D911C5DE0 ] klflt           C:\Windows\system32\DRIVERS\klflt.sys
14:10:21.0283 0x14d4  klflt - ok
14:10:21.0364 0x14d4  [ 7A64190934B66C17F41D3921353BAEDD, D212A6ECB1CBCC665336DF982B5061A72CD88CB5BF6B2EB14B11B8BE756A670E ] klhk            C:\Windows\system32\DRIVERS\klhk.sys
14:10:21.0377 0x14d4  klhk - ok
14:10:21.0606 0x14d4  [ B8B20727DD8B9753614E089682473563, CA39E9A517CC8B1E04860E0AFB03B0CD7FBDE66143B6CA26FB9DC0EBF80F8F48 ] KLIF            C:\Windows\system32\DRIVERS\klif.sys
14:10:21.0665 0x14d4  KLIF - ok
14:10:21.0748 0x14d4  [ FEAD1F401CBE9383A642877A6EA1398F, 0529A96D406DAB1C0715692441BDBC1C05123EB62005B806A8EFF5B0B6DCD5DB ] KLIM6           C:\Windows\system32\DRIVERS\klim6.sys
14:10:21.0767 0x14d4  KLIM6 - ok
14:10:21.0793 0x14d4  [ 3FAE739F2AFEA18BCBB9C5E7DC6E889D, 5990C074BCB8E2172AE0A2AC0A31E6636B3C3EF0A5BB1F593E62D22D53FC5BF0 ] klkbdflt        C:\Windows\system32\DRIVERS\klkbdflt.sys
14:10:21.0811 0x14d4  klkbdflt - ok
14:10:21.0831 0x14d4  [ 72CF64FBF38CD681FA7F37176047E967, BE5683C119DCEF7E678EE477D6CADF873E32D42372A253B7E86B8C335DF28E1C ] klmouflt        C:\Windows\system32\DRIVERS\klmouflt.sys
14:10:21.0849 0x14d4  klmouflt - ok
14:10:21.0907 0x14d4  [ 8C0EC95AD65A0DE3D6C040591D02BF02, 272FB83752B73684FA7BDBE256FAFD56138E4755AAEFED9E7EF8F0E3D0ACFAF2 ] klpd            C:\Windows\system32\DRIVERS\klpd.sys
14:10:21.0917 0x14d4  klpd - ok
14:10:21.0940 0x14d4  [ 43957361D346A4263873932D572613F2, 719E61CADF6FB49C24370899329BDE198E55DEB175F5701382EE16311D8576D9 ] kltdi           C:\Windows\system32\DRIVERS\kltdi.sys
14:10:21.0951 0x14d4  kltdi - ok
14:10:21.0976 0x14d4  [ 926BA68DA79545EB6D99BB009B781E5E, EB1DB801044EB4228D38D85A8B6853EFE887B7D4E1EA1F0B8F75DD4886C96467 ] Klwtp           C:\Windows\system32\DRIVERS\klwtp.sys
14:10:21.0988 0x14d4  Klwtp - ok
14:10:22.0049 0x14d4  [ D4CEEAC11C65F49D0F42E74440E829BF, 7E289BB5E400326BADDD61CBB99CB268A3E99103CF16968E1D9141C205EE309C ] kneps           C:\Windows\system32\DRIVERS\kneps.sys
14:10:22.0062 0x14d4  kneps - ok
14:10:22.0099 0x14d4  [ 56ED3EE5FED6BF2FC1305CF872042868, 44F77AE3CD83284800FF106156ABCB63047327855E2535EE278289AF6F05579C ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
14:10:22.0111 0x14d4  KSecDD - ok
14:10:22.0130 0x14d4  [ 8BA90F480705D7153AD0060CCA62222A, B3E610DFAB382368114D026947084A72AFC4F5BF9C28317F411D4ED91E0B3192 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
14:10:22.0143 0x14d4  KSecPkg - ok
14:10:22.0186 0x14d4  [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
14:10:22.0262 0x14d4  ksthunk - ok
14:10:22.0342 0x14d4  [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm           C:\Windows\system32\msdtckrm.dll
14:10:22.0397 0x14d4  KtmRm - ok
14:10:22.0484 0x14d4  [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer    C:\Windows\System32\srvsvc.dll
14:10:22.0527 0x14d4  LanmanServer - ok
14:10:22.0558 0x14d4  [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
14:10:22.0585 0x14d4  LanmanWorkstation - ok
14:10:22.0635 0x14d4  [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
14:10:22.0673 0x14d4  lltdio - ok
14:10:22.0731 0x14d4  [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
14:10:22.0762 0x14d4  lltdsvc - ok
14:10:22.0788 0x14d4  [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts         C:\Windows\System32\lmhsvc.dll
14:10:22.0818 0x14d4  lmhosts - ok
14:10:22.0844 0x14d4  [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
14:10:22.0852 0x14d4  LSI_FC - ok
14:10:22.0872 0x14d4  [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
14:10:22.0880 0x14d4  LSI_SAS - ok
14:10:22.0910 0x14d4  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2        C:\Windows\system32\drivers\lsi_sas2.sys
14:10:22.0929 0x14d4  LSI_SAS2 - ok
14:10:22.0979 0x14d4  [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
14:10:23.0000 0x14d4  LSI_SCSI - ok
14:10:23.0018 0x14d4  [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv           C:\Windows\system32\drivers\luafv.sys
14:10:23.0054 0x14d4  luafv - ok
14:10:23.0206 0x14d4  [ B2085E335F2B57077B0CBADB6F1245CD, 69C81753B2ABAE8C89CEDADFCB73FB332E5FCD555576959AD412BF036EC9E343 ] lvpopf64        C:\Windows\system32\DRIVERS\lvpopf64.sys
14:10:23.0220 0x14d4  lvpopf64 - ok
14:10:23.0240 0x14d4  [ 986C1CB787A007BAA5F74E7D316D7246, 8846D5FF09A669816F57C98507FBCBE60F770B22BC784269765E46B36EE38D9D ] LVRS64          C:\Windows\system32\DRIVERS\lvrs64.sys
14:10:23.0255 0x14d4  LVRS64 - ok
14:10:24.0085 0x14d4  [ 5747BC465ABEA2858C5D037252AED84E, 1D62E05ED1D3265FEFDD02C8653B2901B05994091F1D417632E2FBF053C5D451 ] LVUVC64         C:\Windows\system32\DRIVERS\lvuvc64.sys
14:10:24.0190 0x14d4  LVUVC64 - ok
14:10:24.0638 0x14d4  [ 0307CF4184F4F22DB75F36ACCCEF7ED1, 32EAC5DADDD70175EA7AD4FC0A8624BECB138B9ED9E66AF74AC4A06EEB3EB4B7 ] mbamchameleon   C:\Windows\system32\drivers\mbamchameleon.sys
14:10:24.0660 0x14d4  mbamchameleon - ok
14:10:24.0728 0x14d4  [ E9CD058C79EA15B4AA93E259FA713B07, 2B09F65188D8782F9C797545F2F791EC7EAB85D8914B2C0B30BD869C412E3980 ] MBAMSwissArmy   C:\Windows\system32\drivers\MBAMSwissArmy.sys
14:10:24.0741 0x14d4  MBAMSwissArmy - ok
14:10:24.0771 0x14d4  [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
14:10:24.0788 0x14d4  Mcx2Svc - ok
14:10:24.0822 0x14d4  [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas         C:\Windows\system32\drivers\megasas.sys
14:10:24.0829 0x14d4  megasas - ok
14:10:24.0907 0x14d4  [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR          C:\Windows\system32\drivers\MegaSR.sys
14:10:24.0918 0x14d4  MegaSR - ok
14:10:24.0959 0x14d4  [ 2BB3EAE2EA641515D4B205CAB29E1624, D3F18EE393EB1B0F919484281269A3C55A092D023E62C59D74CB63A55612024B ] MEIx64          C:\Windows\system32\DRIVERS\HECIx64.sys
14:10:24.0967 0x14d4  MEIx64 - ok
14:10:25.0093 0x14d4  Microsoft SharePoint Workspace Audit Service - ok
14:10:25.0139 0x14d4  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS           C:\Windows\system32\mmcss.dll
14:10:25.0203 0x14d4  MMCSS - ok
14:10:25.0223 0x14d4  [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem           C:\Windows\system32\drivers\modem.sys
14:10:25.0261 0x14d4  Modem - ok
14:10:25.0330 0x14d4  [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
14:10:25.0342 0x14d4  monitor - ok
14:10:25.0401 0x14d4  [ C030F9E822A057C1A7A9BB4EA3E8877E, 2CCEC87DEB972B6B0196A08D3781002929E9107137FE3A61F1626D3BEE26630A ] MotioninJoyXFilter C:\Windows\system32\DRIVERS\MijXfilt.sys
14:10:25.0424 0x14d4  MotioninJoyXFilter - detected UnsignedFile.Multi.Generic ( 1 )
14:10:35.0463 0x14d4  MotioninJoyXFilter ( UnsignedFile.Multi.Generic ) - warning
14:10:35.0463 0x14d4  Force sending object to P2P due to detect: MotioninJoyXFilter
14:10:38.0238 0x14d4  Object send P2P result: true
14:10:41.0019 0x14d4  [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
14:10:41.0026 0x14d4  mouclass - ok
14:10:41.0054 0x14d4  [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
14:10:41.0068 0x14d4  mouhid - ok
14:10:41.0139 0x14d4  [ 87BCD1034CBF33537D4D4C251D39BA26, CB9DD235B62B79383F99873D75E26EEA5EE7914CA89E4B75992207F83420437F ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
14:10:41.0147 0x14d4  mountmgr - ok
14:10:41.0179 0x14d4  [ 269BDB3CB77EB77BABE2862BEAB1F208, EC693365C73D59244CB77E181042128A9901BA5C1109CD4F1B9A2008DF1F9582 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
14:10:41.0187 0x14d4  MozillaMaintenance - ok
14:10:41.0210 0x14d4  [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio            C:\Windows\system32\drivers\mpio.sys
14:10:41.0219 0x14d4  mpio - ok
14:10:41.0246 0x14d4  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
14:10:41.0268 0x14d4  mpsdrv - ok
14:10:41.0296 0x14d4  [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc          C:\Windows\system32\mpssvc.dll
14:10:41.0343 0x14d4  MpsSvc - ok
14:10:41.0372 0x14d4  [ AE3334958D8F631FF14A0AEB3D7EFB3A, F5FD6B61F896104C20DFC43FEE2FCE6930B73F78DF876BD19A333EABB9139C6D ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
14:10:41.0381 0x14d4  MRxDAV - ok
14:10:41.0429 0x14d4  [ A5D9106A73DC88564C825D317CAC68AC, 0457B2AEA4E05A91D0E43F317894A614434D8CEBE35020785387F307E231FBE4 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
14:10:41.0464 0x14d4  mrxsmb - ok
14:10:41.0550 0x14d4  [ D711B3C1D5F42C0C2415687BE09FC163, 9B3013AC60BD2D0FF52086658BA5FF486ADE15954A552D7DD590580E8BAE3EFF ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
14:10:41.0592 0x14d4  mrxsmb10 - ok
14:10:41.0615 0x14d4  [ 9423E9D355C8D303E76B8CFBD8A5C30C, 220B33F120C2DD937FE4D5664F4B581DC0ACF78D62EB56B7720888F67B9644CC ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
14:10:41.0628 0x14d4  mrxsmb20 - ok
14:10:41.0644 0x14d4  [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci          C:\Windows\system32\drivers\msahci.sys
14:10:41.0654 0x14d4  msahci - ok
14:10:41.0688 0x14d4  [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
14:10:41.0700 0x14d4  msdsm - ok
14:10:41.0717 0x14d4  [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC           C:\Windows\System32\msdtc.exe
14:10:41.0740 0x14d4  MSDTC - ok
14:10:41.0769 0x14d4  [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
14:10:41.0797 0x14d4  Msfs - ok
14:10:41.0829 0x14d4  [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
14:10:41.0873 0x14d4  mshidkmdf - ok
14:10:41.0885 0x14d4  [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
14:10:41.0892 0x14d4  msisadrv - ok
14:10:41.0936 0x14d4  [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
14:10:41.0959 0x14d4  MSiSCSI - ok
14:10:41.0961 0x14d4  msiserver - ok
14:10:41.0985 0x14d4  [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
14:10:42.0005 0x14d4  MSKSSRV - ok
14:10:42.0030 0x14d4  [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
14:10:42.0051 0x14d4  MSPCLOCK - ok
14:10:42.0108 0x14d4  [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
14:10:42.0128 0x14d4  MSPQM - ok
14:10:42.0149 0x14d4  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
14:10:42.0160 0x14d4  MsRPC - ok
14:10:42.0171 0x14d4  [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
14:10:42.0178 0x14d4  mssmbios - ok
14:10:42.0189 0x14d4  [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
14:10:42.0219 0x14d4  MSTEE - ok
14:10:42.0233 0x14d4  [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig        C:\Windows\system32\drivers\MTConfig.sys
14:10:42.0240 0x14d4  MTConfig - ok
14:10:42.0251 0x14d4  [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup             C:\Windows\system32\Drivers\mup.sys
14:10:42.0258 0x14d4  Mup - ok
14:10:42.0297 0x14d4  [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent        C:\Windows\system32\qagentRT.dll
14:10:42.0324 0x14d4  napagent - ok
14:10:42.0379 0x14d4  [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
14:10:42.0400 0x14d4  NativeWifiP - ok
14:10:42.0501 0x14d4  [ 760E38053BF56E501D562B70AD796B88, F856E81A975D44F8684A6F2466549CEEDFAEB3950191698555A93A1206E0A42D ] NDIS            C:\Windows\system32\drivers\ndis.sys
14:10:42.0549 0x14d4  NDIS - ok
14:10:42.0583 0x14d4  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
14:10:42.0626 0x14d4  NdisCap - ok
14:10:42.0659 0x14d4  [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
14:10:42.0695 0x14d4  NdisTapi - ok
14:10:42.0714 0x14d4  [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
14:10:42.0747 0x14d4  Ndisuio - ok
14:10:42.0763 0x14d4  [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
14:10:42.0785 0x14d4  NdisWan - ok
14:10:42.0800 0x14d4  [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
14:10:42.0820 0x14d4  NDProxy - ok
14:10:42.0827 0x14d4  [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
14:10:42.0848 0x14d4  NetBIOS - ok
14:10:42.0865 0x14d4  [ 09594D1089C523423B32A4229263F068, 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
14:10:42.0888 0x14d4  NetBT - ok
14:10:42.0915 0x14d4  [ B6C7729936AAF8E0697F0A7DCA82CED8, 9706E5234364488DD18527AAC82760E5ECB6EC9EBFDD4D04D2708D3C9C576FE6 ] Netlogon        C:\Windows\system32\lsass.exe
14:10:42.0928 0x14d4  Netlogon - ok
14:10:42.0957 0x14d4  [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman          C:\Windows\System32\netman.dll
14:10:43.0010 0x14d4  Netman - ok
14:10:43.0107 0x14d4  [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
14:10:43.0116 0x14d4  NetMsmqActivator - ok
14:10:43.0119 0x14d4  [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
14:10:43.0128 0x14d4  NetPipeActivator - ok
14:10:43.0174 0x14d4  [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm        C:\Windows\System32\netprofm.dll
14:10:43.0202 0x14d4  netprofm - ok
14:10:43.0206 0x14d4  [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
14:10:43.0215 0x14d4  NetTcpActivator - ok
14:10:43.0219 0x14d4  [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
14:10:43.0228 0x14d4  NetTcpPortSharing - ok
14:10:43.0252 0x14d4  [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
14:10:43.0259 0x14d4  nfrd960 - ok
14:10:43.0353 0x14d4  [ 8B301D474B478E9A92823BAB50A7BC49, 8181816035F41B1DABEC05E65E4F67BCD785F56760A61F1049E91BA39D42F01D ] NlaSvc          C:\Windows\System32\nlasvc.dll
14:10:43.0365 0x14d4  NlaSvc - ok
14:10:43.0395 0x14d4  [ 1381E95D4E0F94F22DD484B5F8C1D61D, E91C10A62E3B5A610063F48354C6F4A1AAB7300A69EAD59E89ED8EEFDBD99062 ] nmwcd           C:\Windows\system32\drivers\ccdcmbx64.sys
14:10:43.0410 0x14d4  nmwcd - ok
14:10:43.0431 0x14d4  [ 205510CDB7B6084BF31760B5D06F9242, F3EAC6A7127DC5A0FEE7A9AFA561A8CA9B6E83FECCD731C890E85C33514B533B ] nmwcdc          C:\Windows\system32\drivers\ccdcmbox64.sys
14:10:43.0446 0x14d4  nmwcdc - ok
14:10:43.0457 0x14d4  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs            C:\Windows\system32\drivers\Npfs.sys
14:10:43.0478 0x14d4  Npfs - ok
14:10:43.0500 0x14d4  [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi             C:\Windows\system32\nsisvc.dll
14:10:43.0530 0x14d4  nsi - ok
14:10:43.0543 0x14d4  [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
14:10:43.0576 0x14d4  nsiproxy - ok
14:10:43.0662 0x14d4  [ 1A29A59A4C5BA6F8C85062A613B7E2B2, CC137F499A12C724D4166C2D85E9F447413419A0683DAC6F1A802B7F210C77F1 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
14:10:43.0693 0x14d4  Ntfs - ok
14:10:43.0703 0x14d4  [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null            C:\Windows\system32\drivers\Null.sys
14:10:43.0735 0x14d4  Null - ok
14:10:43.0783 0x14d4  [ 7E4355930B28C2798D9F09AB9F81151F, 941C730F3B75BDF99639E76350031EDD15F18D8D860F3B1282C28B62096E7717 ] NVHDA           C:\Windows\system32\drivers\nvhda64v.sys
14:10:43.0792 0x14d4  NVHDA - ok
14:10:44.0129 0x14d4  [ ED4D88A04D22E6B00DB6BC8FACDBAFED, 38DDB9B353D3A24DD8390C6FB58FD513B46F9F715BC7E68D0958E78EACC3D3FA ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
14:10:44.0288 0x14d4  nvlddmkm - ok
14:10:44.0555 0x14d4  [ 064DDEC72C818AB8881B607A3836E265, 11A2821B874A7B990C81651F54600F9E1064C67AB94CEC7B36DCCC6EE971DEA0 ] NvNetworkService C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
14:10:44.0603 0x14d4  NvNetworkService - ok
14:10:44.0646 0x14d4  [ 0A92CB65770442ED0DC44834632F66AD, 581327F07A68DBD5CC749214BE5F1211FC2CE41C7A4F0656B680AFB51A35ACE7 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
14:10:44.0658 0x14d4  nvraid - ok
14:10:44.0681 0x14d4  [ DAB0E87525C10052BF65F06152F37E4A, AD9BFF0D5FD3FFB95C758B478E1F6A9FE45E7B37AEC71EB5070D292FEAAEDF37 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
14:10:44.0690 0x14d4  nvstor - ok
14:10:44.0741 0x14d4  [ 9971592B39A038341E8AAE28EA14B95B, 08FCE3B00913DD0F36286A3DFB0C79933B20A5279FD351B99E31F895CBDBA636 ] NvStreamKms     C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys
14:10:44.0748 0x14d4  NvStreamKms - ok
14:10:45.0631 0x14d4  [ 4E4FBA5CE1395937206B85098DEB6321, E0C3D1D667CB2C4EBAEA779767466065F21A1D6EBFD69115FE7A2EEC1C133E64 ] NvStreamSvc     C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
14:10:45.0965 0x14d4  NvStreamSvc - ok
14:10:46.0103 0x14d4  [ B7CD89EFA562A991F2864EFD3147473A, D38BAE7883BC073562C3C77DF59663B820CFE8305A3319C6E5CF8E48752E18C1 ] nvsvc           C:\Windows\system32\nvvsvc.exe
14:10:46.0126 0x14d4  nvsvc - ok
14:10:46.0202 0x14d4  [ DBFE7B2DF103F74AE51840B3C5F25FE9, 436CAA417FD24BA870F117FA4BABA2AB694825795508BCFCC8C927CC2D5BBC5E ] nvvad_WaveExtensible C:\Windows\system32\drivers\nvvad64v.sys
14:10:46.0208 0x14d4  nvvad_WaveExtensible - ok
14:10:46.0256 0x14d4  [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
14:10:46.0265 0x14d4  nv_agp - ok
14:10:46.0293 0x14d4  [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
14:10:46.0302 0x14d4  ohci1394 - ok
14:10:46.0372 0x14d4  [ 4965B005492CBA7719E82B71E3245495, 52AD72C05FACC1E0E416A1FA25F34FDD3CB274FAB973BEAAE911A2FACA42B650 ] ose64           C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
14:10:46.0380 0x14d4  ose64 - ok
14:10:46.0623 0x14d4  [ 61BFFB5F57AD12F83AB64B7181829B34, 1DD0DD35E4158F95765EE6639F217DF03A0A19E624E020DBA609268C08A13846 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
14:10:46.0709 0x14d4  osppsvc - ok
14:10:46.0794 0x14d4  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
14:10:46.0816 0x14d4  p2pimsvc - ok
14:10:46.0849 0x14d4  [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc          C:\Windows\system32\p2psvc.dll
14:10:46.0876 0x14d4  p2psvc - ok
14:10:46.0917 0x14d4  [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport         C:\Windows\system32\drivers\parport.sys
14:10:46.0955 0x14d4  Parport - ok
14:10:46.0992 0x14d4  [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr         C:\Windows\system32\drivers\partmgr.sys
14:10:47.0009 0x14d4  partmgr - ok
14:10:47.0073 0x14d4  [ DB2D62AA2DF6B1F3D690A9EC9701AA2C, BEAC55E1AA0494565F1547DF5E6FE20FCEA66461764C016FCB68D8BFF0F0C375 ] PcaSvc          C:\Windows\System32\pcasvc.dll
14:10:47.0093 0x14d4  PcaSvc - ok
14:10:47.0139 0x14d4  [ 3FDE033DFB0D07F8B7D5C9A3044AA121, 2C23B4FA34BA3060884B0168A830DD395A3853855CD6DF4065FBB303DFB4A87E ] pccsmcfd        C:\Windows\system32\DRIVERS\pccsmcfdx64.sys
14:10:47.0148 0x14d4  pccsmcfd - ok
14:10:47.0163 0x14d4  [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci             C:\Windows\system32\drivers\pci.sys
14:10:47.0174 0x14d4  pci - ok
14:10:47.0190 0x14d4  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide          C:\Windows\system32\drivers\pciide.sys
14:10:47.0196 0x14d4  pciide - ok
14:10:47.0221 0x14d4  [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
14:10:47.0231 0x14d4  pcmcia - ok
14:10:47.0245 0x14d4  [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw             C:\Windows\system32\drivers\pcw.sys
14:10:47.0252 0x14d4  pcw - ok
14:10:47.0339 0x14d4  [ ED6E75158D28D33A2E2A020AC5B2B59D, 0F364D9A88304C45F31318605C417A70A9D0E4CF087D73E949B42C12CC76CD6C ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
14:10:47.0376 0x14d4  PEAUTH - ok
14:10:47.0477 0x14d4  [ B9B0A4299DD2D76A4243F75FD54DC680, BBF62E9628131FA396EB08D63B76D2D5FBDD61339E92B759125A066470D1C039 ] PeerDistSvc     C:\Windows\system32\peerdistsvc.dll
14:10:47.0519 0x14d4  PeerDistSvc - ok
14:10:47.0601 0x14d4  [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost        C:\Windows\SysWow64\perfhost.exe
14:10:47.0628 0x14d4  PerfHost - ok
14:10:47.0691 0x14d4  [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla             C:\Windows\system32\pla.dll
14:10:47.0741 0x14d4  pla - ok
14:10:47.0872 0x14d4  [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
14:10:47.0914 0x14d4  PlugPlay - ok
14:10:47.0942 0x14d4  [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
14:10:47.0949 0x14d4  PNRPAutoReg - ok
14:10:47.0970 0x14d4  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
14:10:47.0982 0x14d4  PNRPsvc - ok
14:10:48.0063 0x14d4  [ 4F15D75ADF6156BF56ECED6D4A55C389, 2ADA3EA69A5D7EC2A4D2DD89178DB94EAFDDF95F07B0070D654D9F7A5C12A044 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
14:10:48.0137 0x14d4  PolicyAgent - ok
14:10:48.0189 0x14d4  [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power           C:\Windows\system32\umpo.dll
14:10:48.0217 0x14d4  Power - ok
14:10:48.0252 0x14d4  [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
14:10:48.0274 0x14d4  PptpMiniport - ok
14:10:48.0282 0x14d4  [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor       C:\Windows\system32\drivers\processr.sys
14:10:48.0310 0x14d4  Processor - ok
14:10:48.0370 0x14d4  [ B6A58491307B4CADA572583D863DC602, 5C44936605E52C9533E4CE22F18FAB8211475877F71EFD88DA4D02FD608C90A3 ] ProfSvc         C:\Windows\system32\profsvc.dll
14:10:48.0381 0x14d4  ProfSvc - ok
14:10:48.0397 0x14d4  [ B6C7729936AAF8E0697F0A7DCA82CED8, 9706E5234364488DD18527AAC82760E5ECB6EC9EBFDD4D04D2708D3C9C576FE6 ] ProtectedStorage C:\Windows\system32\lsass.exe
14:10:48.0405 0x14d4  ProtectedStorage - ok
14:10:48.0770 0x14d4  [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
14:10:48.0800 0x14d4  Psched - ok
14:10:48.0874 0x14d4  [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300          C:\Windows\system32\drivers\ql2300.sys
14:10:48.0902 0x14d4  ql2300 - ok
14:10:48.0922 0x14d4  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
14:10:48.0930 0x14d4  ql40xx - ok
14:10:48.0973 0x14d4  [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE           C:\Windows\system32\qwave.dll
14:10:48.0987 0x14d4  QWAVE - ok
14:10:48.0993 0x14d4  [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
14:10:49.0012 0x14d4  QWAVEdrv - ok
14:10:49.0199 0x14d4  [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
14:10:49.0241 0x14d4  RasAcd - ok
14:10:49.0271 0x14d4  [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
14:10:49.0310 0x14d4  RasAgileVpn - ok
14:10:49.0324 0x14d4  [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto         C:\Windows\System32\rasauto.dll
14:10:49.0352 0x14d4  RasAuto - ok
14:10:49.0382 0x14d4  [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
14:10:49.0404 0x14d4  Rasl2tp - ok
14:10:49.0424 0x14d4  [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan          C:\Windows\System32\rasmans.dll
14:10:49.0449 0x14d4  RasMan - ok
14:10:49.0485 0x14d4  [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
14:10:49.0518 0x14d4  RasPppoe - ok
14:10:49.0553 0x14d4  [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
14:10:49.0594 0x14d4  RasSstp - ok
14:10:49.0673 0x14d4  [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
14:10:49.0744 0x14d4  rdbss - ok
14:10:49.0763 0x14d4  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
14:10:49.0777 0x14d4  rdpbus - ok
14:10:49.0814 0x14d4  [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
14:10:49.0846 0x14d4  RDPCDD - ok
14:10:49.0894 0x14d4  [ 1B6163C503398B23FF8B939C67747683, 339A5AA7970FF34FAAB213B655860C5B0DEC5F983A4A11A088017D849F320ACE ] RDPDR           C:\Windows\system32\drivers\rdpdr.sys
14:10:49.0903 0x14d4  RDPDR - ok
14:10:49.0931 0x14d4  [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
14:10:49.0969 0x14d4  RDPENCDD - ok
14:10:49.0989 0x14d4  [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
14:10:50.0011 0x14d4  RDPREFMP - ok
14:10:50.0113 0x14d4  [ 313F68E1A3E6345A4F47A36B07062F34, B8318A0AE06BDE278931CA52F960B9FE226FD9894B076858DDB755AE26E1E66F ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
14:10:50.0120 0x14d4  RdpVideoMiniport - ok
14:10:50.0178 0x14d4  [ FE571E088C2D83619D2D48D4E961BF41, 88C5A2FCB1D0E528657842E39963471A6E42FCA3FCDF37955AEC8258AB4C48EA ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
14:10:50.0214 0x14d4  RDPWD - ok
14:10:50.0247 0x14d4  [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
14:10:50.0276 0x14d4  rdyboost - ok
14:10:50.0302 0x14d4  [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess    C:\Windows\System32\mprdim.dll
14:10:50.0353 0x14d4  RemoteAccess - ok
14:10:50.0368 0x14d4  [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
14:10:50.0399 0x14d4  RemoteRegistry - ok
14:10:50.0427 0x14d4  [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
14:10:50.0465 0x14d4  RpcEptMapper - ok
14:10:50.0487 0x14d4  [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator      C:\Windows\system32\locator.exe
14:10:50.0495 0x14d4  RpcLocator - ok
14:10:50.0562 0x14d4  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] RpcSs           C:\Windows\system32\rpcss.dll
14:10:50.0590 0x14d4  RpcSs - ok
14:10:50.0622 0x14d4  [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
14:10:50.0644 0x14d4  rspndr - ok
14:10:50.0725 0x14d4  [ 39A719875F572241C585A629EE62EB14, EE42DB11710374A2A97ED5B58A9DA0AECC8AB0DF4DEEAC5970F33046255CE2F9 ] RTL8167         C:\Windows\system32\DRIVERS\Rt64win7.sys
14:10:50.0741 0x14d4  RTL8167 - ok
14:10:50.0804 0x14d4  [ FC00C0DE6DC83DE1B2B01420E2195B21, BA9670F67BEFE4DD39D9F98329AA69380E167383448C9488F4E500E0ECF22A97 ] RTL8192su       C:\Windows\system32\DRIVERS\RTL8192su.sys
14:10:50.0849 0x14d4  RTL8192su - ok
14:10:50.0856 0x14d4  [ B6C7729936AAF8E0697F0A7DCA82CED8, 9706E5234364488DD18527AAC82760E5ECB6EC9EBFDD4D04D2708D3C9C576FE6 ] SamSs           C:\Windows\system32\lsass.exe
14:10:50.0865 0x14d4  SamSs - ok
14:10:50.0940 0x14d4  [ 3289766038DB2CB14D07DC84392138D5, A7790B787690CC1A8B97E4532090C5295350A836A9474DEA74CEB3E81CF26124 ] SASDIFSV        C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
14:10:50.0961 0x14d4  SASDIFSV - ok
14:10:50.0976 0x14d4  [ 58A38E75F3316A83C23DF6173D41F2B5, B0A8CDA1D164B7534FB41AB80792861384709BF0F914F44553275CF20194F1A1 ] SASKUTIL        C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
14:10:50.0992 0x14d4  SASKUTIL - ok
14:10:51.0040 0x14d4  [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
14:10:51.0054 0x14d4  sbp2port - ok
14:10:51.0117 0x14d4  [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
14:10:51.0151 0x14d4  SCardSvr - ok
14:10:51.0211 0x14d4  [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
14:10:51.0232 0x14d4  scfilter - ok
14:10:51.0346 0x14d4  [ 262F6592C3299C005FD6BEC90FC4463A, 54095E37F0B6CC677A3E9BDD40F4647C713273D197DB341063AA7F342A60C4A7 ] Schedule        C:\Windows\system32\schedsvc.dll
14:10:51.0396 0x14d4  Schedule - ok
14:10:51.0422 0x14d4  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc     C:\Windows\System32\certprop.dll
14:10:51.0444 0x14d4  SCPolicySvc - ok
14:10:51.0489 0x14d4  [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
14:10:51.0500 0x14d4  SDRSVC - ok
14:10:51.0520 0x14d4  [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv          C:\Windows\system32\drivers\secdrv.sys
14:10:51.0556 0x14d4  secdrv - ok
14:10:51.0568 0x14d4  [ BC617A4E1B4FA8DF523A061739A0BD87, 10C4057F6B321EB5237FF619747B74F5401BC17D15A8C7060829E8204A2297F9 ] seclogon        C:\Windows\system32\seclogon.dll
14:10:51.0651 0x14d4  seclogon - ok
14:10:51.0696 0x14d4  [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS            C:\Windows\system32\sens.dll
14:10:51.0751 0x14d4  SENS - ok
14:10:51.0782 0x14d4  [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc        C:\Windows\system32\sensrsvc.dll
14:10:51.0792 0x14d4  SensrSvc - ok
14:10:51.0819 0x14d4  [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
14:10:51.0833 0x14d4  Serenum - ok
14:10:51.0853 0x14d4  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial          C:\Windows\system32\DRIVERS\serial.sys
14:10:51.0863 0x14d4  Serial - ok
14:10:51.0877 0x14d4  [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse        C:\Windows\system32\drivers\sermouse.sys
14:10:51.0885 0x14d4  sermouse - ok
14:10:51.0952 0x14d4  [ 78F7BB9F4924BE164294C59B8C3FC096, 75051A6A8B0DBB16CD70855A408134270EEAF0C127BAAE5B592DB53BB87C085B ] ServiceLayer    C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
14:10:51.0967 0x14d4  ServiceLayer - ok
14:10:52.0000 0x14d4  [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv      C:\Windows\system32\sessenv.dll
14:10:52.0023 0x14d4  SessionEnv - ok
14:10:52.0025 0x14d4  [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
14:10:52.0047 0x14d4  sffdisk - ok
14:10:52.0065 0x14d4  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
14:10:52.0074 0x14d4  sffp_mmc - ok
14:10:52.0077 0x14d4  [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
14:10:52.0087 0x14d4  sffp_sd - ok
14:10:52.0102 0x14d4  [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
14:10:52.0149 0x14d4  sfloppy - ok
14:10:52.0174 0x14d4  [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
14:10:52.0200 0x14d4  SharedAccess - ok
14:10:52.0233 0x14d4  [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
14:10:52.0263 0x14d4  ShellHWDetection - ok
14:10:52.0280 0x14d4  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2        C:\Windows\system32\drivers\SiSRaid2.sys
14:10:52.0287 0x14d4  SiSRaid2 - ok
14:10:52.0292 0x14d4  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
14:10:52.0299 0x14d4  SiSRaid4 - ok
14:10:52.0425 0x14d4  [ 050A4112B00BCA2E13314CDE48C1DEEE, 86C679CD494DEEB984372BF954EFBB8982AC7995FBF89FCF83BC228991D1B825 ] SkypeUpdate     C:\Program Files (x86)\Skype\Updater\Updater.exe
14:10:52.0447 0x14d4  SkypeUpdate - ok
14:10:52.0480 0x14d4  [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
14:10:52.0518 0x14d4  Smb - ok
14:10:52.0539 0x14d4  [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
14:10:52.0547 0x14d4  SNMPTRAP - ok
14:10:52.0585 0x14d4  [ 12583AF6CBE0050651EAF2723B3AD7B3, 965D4F981B54669A96C5AB02D09BF0A9850D13862425B8981F1A9271350F28BB ] speedfan        C:\Windows\syswow64\speedfan.sys
14:10:52.0591 0x14d4  speedfan - ok
14:10:52.0613 0x14d4  [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr           C:\Windows\system32\drivers\spldr.sys
14:10:52.0619 0x14d4  spldr - ok
14:10:52.0688 0x14d4  [ 85DAA09A98C9286D4EA2BA8D0E644377, F9C324E2EF81193FE831C7EECC44A100CA06F82FA731BF555D9EA4D91DA13329 ] Spooler         C:\Windows\System32\spoolsv.exe
14:10:52.0708 0x14d4  Spooler - ok
14:10:52.0946 0x14d4  [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc          C:\Windows\system32\sppsvc.exe
14:10:53.0018 0x14d4  sppsvc - ok
14:10:53.0032 0x14d4  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
14:10:53.0054 0x14d4  sppuinotify - ok
14:10:53.0217 0x14d4  [ 441FBA48BFF01FDB9D5969EBC1838F0B, 306128F1AD489F87161A089D1BDC1542A4CB742D91A0C12A7CD1863FDB8932C0 ] srv             C:\Windows\system32\DRIVERS\srv.sys
14:10:53.0248 0x14d4  srv - ok
14:10:53.0355 0x14d4  [ B4ADEBBF5E3677CCE9651E0F01F7CC28, 726DB2283113AB2A9681E8E9F61132303D6D86E9CD034C40EE4A8C9DB29E87F7 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
14:10:53.0404 0x14d4  srv2 - ok
14:10:53.0455 0x14d4  [ 27E461F0BE5BFF5FC737328F749538C3, AFA4704ED8FFC1A0BAB40DFB81D3AE3F3D933A3C9BF54DDAF39FF9AF3646D9E6 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
14:10:53.0473 0x14d4  srvnet - ok
14:10:53.0559 0x14d4  [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
14:10:53.0604 0x14d4  SSDPSRV - ok
14:10:53.0621 0x14d4  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc         C:\Windows\system32\sstpsvc.dll
14:10:53.0643 0x14d4  SstpSvc - ok
14:10:53.0775 0x14d4  [ 5317D001B40EAF91ECA71644F1B984C6, 43F2D5E025527EE19483D0FCA1C8559740556B8F60EE1B4D6AC4BFB826F4162D ] Steam Client Service C:\Program Files (x86)\Common Files\Steam\SteamService.exe
14:10:53.0792 0x14d4  Steam Client Service - ok
14:10:53.0902 0x14d4  [ E7AF8F82C69A5E9B2CC46633BCBBAAEE, D7FC81DB72A1A96219335AFF861ADD82BEC115CBCB70C6765058E1D76702403C ] Stereo Service  C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
14:10:53.0914 0x14d4  Stereo Service - ok
14:10:53.0946 0x14d4  [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor        C:\Windows\system32\drivers\stexstor.sys
14:10:53.0960 0x14d4  stexstor - ok
14:10:54.0099 0x14d4  [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc          C:\Windows\System32\wiaservc.dll
14:10:54.0144 0x14d4  stisvc - ok
14:10:54.0177 0x14d4  [ C40841817EF57D491F22EB103DA587CC, 5FAA2DE43BADC16A898C0C290C44C41E4411D919A95FE8C6FF45EA7A34495079 ] StorSvc         C:\Windows\system32\storsvc.dll
14:10:54.0196 0x14d4  StorSvc - ok
14:10:54.0222 0x14d4  [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
14:10:54.0228 0x14d4  swenum - ok
14:10:54.0276 0x14d4  [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv           C:\Windows\System32\swprv.dll
14:10:54.0305 0x14d4  swprv - ok
14:10:54.0460 0x14d4  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D, 3C13217548BE61F2BDB8BD41F77345CDDA1F97BF0AE17241C335B9807EB3DBB8 ] SysMain         C:\Windows\system32\sysmain.dll
14:10:54.0497 0x14d4  SysMain - ok
14:10:54.0532 0x14d4  [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\Windows\System32\TabSvc.dll
14:10:54.0545 0x14d4  TabletInputService - ok
14:10:54.0559 0x14d4  [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv         C:\Windows\System32\tapisrv.dll
14:10:54.0585 0x14d4  TapiSrv - ok
14:10:54.0613 0x14d4  [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS             C:\Windows\System32\tbssvc.dll
14:10:54.0636 0x14d4  TBS - ok
14:10:54.0828 0x14d4  [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
14:10:54.0888 0x14d4  Tcpip - ok
14:10:54.0945 0x14d4  [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
14:10:54.0982 0x14d4  TCPIP6 - ok
14:10:55.0019 0x14d4  [ 1B16D0BD9841794A6E0CDE0CEF744ABC, 7EB8BA97339199EEE7F2B09DA2DA6279DA64A510D4598D42CF86415D67CD674C ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
14:10:55.0026 0x14d4  tcpipreg - ok
14:10:55.0045 0x14d4  [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
14:10:55.0053 0x14d4  TDPIPE - ok
14:10:55.0086 0x14d4  [ 51C5ECEB1CDEE2468A1748BE550CFBC8, 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
14:10:55.0093 0x14d4  TDTCP - ok
14:10:55.0122 0x14d4  [ 70988118145F5F10EF24720B97F35F65, F80C806417A68047FFB3D63214BC4AE5445315219AC594E043293006B704A63D ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
14:10:55.0131 0x14d4  tdx - ok
14:10:55.0487 0x14d4  [ E1E13735B6D2FE4FFEAEB91989B9C46F, 32CCCDD17C72ECBD96BB15B9362AD5BC0B173E95F9A4045F084719A5E956932B ] TeamViewer      C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
14:10:55.0573 0x14d4  TeamViewer - ok
14:10:55.0619 0x14d4  [ F5520DBB47C60EE83024B38720ABDA24, B8E555D92440BF93E3B55A66E27CEF936477EF7528F870D3B78BD3B294A05CC0 ] teamviewervpn   C:\Windows\system32\DRIVERS\teamviewervpn.sys
14:10:55.0625 0x14d4  teamviewervpn - ok
14:10:55.0665 0x14d4  [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
14:10:55.0672 0x14d4  TermDD - ok
14:10:55.0798 0x14d4  [ 008CD4EBFABCF78D0F19B3778492648C, 9050490EEE0AD86E73F0A82D83E4FC29DF84F6B6FDB389AE135FD712B5F425BE ] TermService     C:\Windows\System32\termsrv.dll
14:10:55.0828 0x14d4  TermService - ok
14:10:55.0866 0x14d4  [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes          C:\Windows\system32\themeservice.dll
14:10:55.0877 0x14d4  Themes - ok
14:10:55.0912 0x14d4  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER     C:\Windows\system32\mmcss.dll
14:10:55.0934 0x14d4  THREADORDER - ok
14:10:55.0959 0x14d4  [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks          C:\Windows\System32\trkwks.dll
14:10:55.0983 0x14d4  TrkWks - ok
14:10:56.0052 0x14d4  [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
14:10:56.0127 0x14d4  TrustedInstaller - ok
14:10:56.0167 0x14d4  [ E232A3B43A894BB327FC161529BD9ED1, F2673DA8C920F21ACCECC25F7C59A05822E5E577D47F126EDF9C94FEB4B30C5F ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
14:10:56.0180 0x14d4  tssecsrv - ok
14:10:56.0210 0x14d4  [ E9981ECE8D894CEF7038FD1D040EB426, DCDDCE933CAECE8180A3447199B07F2F0413704EEC1A09606EE357901A84A7CF ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
14:10:56.0218 0x14d4  TsUsbFlt - ok
14:10:56.0251 0x14d4  [ AD64450A4ABE076F5CB34CC08EEACB07, B5C386635441A19178E7FEEE299BA430C8D72F9110866C13A216B12A1080AD12 ] TsUsbGD         C:\Windows\system32\drivers\TsUsbGD.sys
14:10:56.0258 0x14d4  TsUsbGD - ok
14:10:56.0314 0x14d4  [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
14:10:56.0336 0x14d4  tunnel - ok
14:10:56.0350 0x14d4  [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
14:10:56.0357 0x14d4  uagp35 - ok
14:10:56.0396 0x14d4  [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
14:10:56.0435 0x14d4  udfs - ok
14:10:56.0452 0x14d4  [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect       C:\Windows\system32\UI0Detect.exe
14:10:56.0461 0x14d4  UI0Detect - ok
14:10:56.0490 0x14d4  [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
14:10:56.0497 0x14d4  uliagpkx - ok
14:10:56.0535 0x14d4  [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
14:10:56.0565 0x14d4  umbus - ok
14:10:56.0593 0x14d4  [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass          C:\Windows\system32\drivers\umpass.sys
14:10:56.0621 0x14d4  UmPass - ok
14:10:56.0700 0x14d4  [ A293DCD756D04D8492A750D03B9A297C, 203600ED0B7F8BA4C6D6F4ED810F4DF5AB70928B06EC4131C5D8ADF628444ED1 ] UmRdpService    C:\Windows\System32\umrdp.dll
14:10:56.0713 0x14d4  UmRdpService - ok
14:10:56.0739 0x14d4  [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost        C:\Windows\System32\upnphost.dll
14:10:56.0766 0x14d4  upnphost - ok
14:10:56.0814 0x14d4  [ 311C90F0767A63000AC35DD0A7078A30, DB80E10015DCC595F90C31CE61590DB07E84F8B13DA904B2D59233678C366A2D ] upperdev        C:\Windows\system32\DRIVERS\usbser_lowerfltx64.sys
14:10:56.0853 0x14d4  upperdev - ok
14:10:56.0905 0x14d4  [ B0435098C81D04CAFFF80DDB746CD3A2, A17B207740382E38729571F0B0BC98FF874E856A7C7CE9EB930328A2AD88F52A ] usbaudio        C:\Windows\system32\drivers\usbaudio.sys
14:10:56.0914 0x14d4  usbaudio - ok
14:10:56.0949 0x14d4  [ DCA68B0943D6FA415F0C56C92158A83A, BEE5A5B33B22D1DF50B884D46D89FC3B8286EB16E38AD5A20F0A49E5C6766C57 ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
14:10:56.0957 0x14d4  usbccgp - ok
14:10:56.0983 0x14d4  [ 80B0F7D5CCF86CEB5D402EAAF61FEC31, 140C62116A425DEAD25FE8D82DE283BC92C482A9F643658D512F9F67061F28AD ] usbcir          C:\Windows\system32\drivers\usbcir.sys
14:10:57.0002 0x14d4  usbcir - ok
14:10:57.0037 0x14d4  [ 18A85013A3E0F7E1755365D287443965, 811C5EDF38C765BCF71BCE25CB6626FF6988C3699F5EF1846240EA0052F34C33 ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
14:10:57.0065 0x14d4  usbehci - ok
14:10:57.0158 0x14d4  [ 8D1196CFBB223621F2C67D45710F25BA, B5D7AFE51833B24FC9576F3AED3D8A2B290E5846060E73F9FFFAC1890A8B6003 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
14:10:57.0197 0x14d4  usbhub - ok
14:10:57.0237 0x14d4  [ 765A92D428A8DB88B960DA5A8D6089DC, 56DE8A2ED58E53B202C399CA7BACB1551136303C2EE0AB426BDBBF880E3C542C ] usbohci         C:\Windows\system32\DRIVERS\usbohci.sys
14:10:57.0245 0x14d4  usbohci - ok
14:10:57.0298 0x14d4  [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
14:10:57.0308 0x14d4  usbprint - ok
14:10:57.0338 0x14d4  [ 9661DA76B4531B2DA272ECCE25A8AF24, FEA93254A21E71A7EB8AD35FCCAD2C1E41F7329EC33B1734F5B41307A34D8637 ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
14:10:57.0359 0x14d4  usbscan - ok
14:10:57.0384 0x14d4  [ B57B4F0BEC4270A281B9F8537EB2FA04, 554273482EE85F010DC62E412C9933E65BD63AA09911BD25D86F86D2618EF382 ] usbser          C:\Windows\system32\DRIVERS\usbser.sys
14:10:57.0403 0x14d4  usbser - ok
14:10:57.0417 0x14d4  [ C03DA998E412D69D18DD11D835229AF0, DD43E370EF370767588A6D56A51A4ADF99B5E063C7AA0528F91FD431DE7C2932 ] UsbserFilt      C:\Windows\system32\DRIVERS\usbser_lowerfltjx64.sys
14:10:57.0446 0x14d4  UsbserFilt - ok
14:10:57.0465 0x14d4  [ FED648B01349A3C8395A5169DB5FB7D6, DC4D7594C24ADD076927B9347F1B50B91CF03A4ABDB284248D5711D9C19DEB96 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
14:10:57.0473 0x14d4  USBSTOR - ok
14:10:57.0482 0x14d4  [ DD253AFC3BC6CBA412342DE60C3647F3, 146F8613F1057AC054DC3593E84BC52899DA27EA33B0E72ACFB78C3699ADCDE7 ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
14:10:57.0509 0x14d4  usbuhci - ok
14:10:57.0531 0x14d4  [ 1F775DA4CF1A3A1834207E975A72E9D7, 6D3DE5BD3EF3A76E997E5BAF900C51D25308F5A9682D1F62017F577A24095B90 ] usbvideo        C:\Windows\System32\Drivers\usbvideo.sys
14:10:57.0545 0x14d4  usbvideo - ok
14:10:57.0562 0x14d4  [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms           C:\Windows\System32\uxsms.dll
14:10:57.0594 0x14d4  UxSms - ok
14:10:57.0620 0x14d4  [ B6C7729936AAF8E0697F0A7DCA82CED8, 9706E5234364488DD18527AAC82760E5ECB6EC9EBFDD4D04D2708D3C9C576FE6 ] VaultSvc        C:\Windows\system32\lsass.exe
14:10:57.0628 0x14d4  VaultSvc - ok
14:10:57.0656 0x14d4  [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
14:10:57.0663 0x14d4  vdrvroot - ok
14:10:57.0681 0x14d4  [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds             C:\Windows\System32\vds.exe
14:10:57.0709 0x14d4  vds - ok
14:10:57.0730 0x14d4  [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
14:10:57.0738 0x14d4  vga - ok
14:10:57.0756 0x14d4  [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave         C:\Windows\System32\drivers\vga.sys
14:10:57.0788 0x14d4  VgaSave - ok
14:10:57.0810 0x14d4  [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
14:10:57.0820 0x14d4  vhdmp - ok
14:10:57.0848 0x14d4  [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide          C:\Windows\system32\drivers\viaide.sys
14:10:57.0854 0x14d4  viaide - ok
14:10:57.0883 0x14d4  [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
14:10:57.0891 0x14d4  volmgr - ok
14:10:57.0929 0x14d4  [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
14:10:57.0941 0x14d4  volmgrx - ok
14:10:57.0954 0x14d4  [ 0D08D2F3B3FF84E433346669B5E0F639, 3D6716CEC95B8861A7CC5778E91F310528DC6BEE0E57A3C8757FC675154EBDEC ] volsnap         C:\Windows\system32\drivers\volsnap.sys
14:10:57.0965 0x14d4  volsnap - ok
14:10:57.0986 0x14d4  [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
14:10:57.0995 0x14d4  vsmraid - ok
14:10:58.0136 0x14d4  [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS             C:\Windows\system32\vssvc.exe
14:10:58.0215 0x14d4  VSS - ok
14:10:58.0226 0x14d4  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus        C:\Windows\System32\drivers\vwifibus.sys
14:10:58.0235 0x14d4  vwifibus - ok
14:10:58.0264 0x14d4  [ 6A3D66263414FF0D6FA754C646612F3F, 30F6BA594B0D3B94113064015A16D97811CD989DF1715CCE21CEAB9894C1B4FB ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
14:10:58.0296 0x14d4  vwififlt - ok
14:10:58.0366 0x14d4  [ 6A638FC4BFDDC4D9B186C28C91BD1A01, 5521F1DC515586777EC4837E0AEAA3E613CC178AF1074031C4D0D0C695A93168 ] vwifimp         C:\Windows\system32\DRIVERS\vwifimp.sys
14:10:58.0376 0x14d4  vwifimp - ok
14:10:58.0430 0x14d4  [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time         C:\Windows\system32\w32time.dll
14:10:58.0457 0x14d4  W32Time - ok
14:10:58.0470 0x14d4  [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
14:10:58.0490 0x14d4  WacomPen - ok
14:10:58.0524 0x14d4  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
14:10:58.0545 0x14d4  WANARP - ok
14:10:58.0554 0x14d4  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
14:10:58.0576 0x14d4  Wanarpv6 - ok
14:10:58.0703 0x14d4  [ 3CEC96DE223E49EAAE3651FCF8FAEA6C, 4150DAB33E8D61076F1D4767BCAFC9B4ECCCCBD58FD4FB3CFE5B8D27DCDCAB61 ] WatAdminSvc     C:\Windows\system32\Wat\WatAdminSvc.exe
14:10:58.0742 0x14d4  WatAdminSvc - ok
14:10:58.0793 0x14d4  [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine        C:\Windows\system32\wbengine.exe
14:10:58.0823 0x14d4  wbengine - ok
14:10:58.0883 0x14d4  [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
14:10:58.0896 0x14d4  WbioSrvc - ok
14:10:58.0924 0x14d4  [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc         C:\Windows\System32\wcncsvc.dll
14:10:58.0940 0x14d4  wcncsvc - ok
14:10:58.0983 0x14d4  [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
14:10:58.0992 0x14d4  WcsPlugInService - ok
14:10:59.0003 0x14d4  [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd              C:\Windows\system32\drivers\wd.sys
14:10:59.0009 0x14d4  Wd - ok
14:10:59.0061 0x14d4  [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
14:10:59.0079 0x14d4  Wdf01000 - ok
14:10:59.0157 0x14d4  [ C6F7473B55510F0B93961DA03D8E3B38, 4BAB9274DED8F7AC4A52B8739F501323FFFA0367CAA24BFAFDB5523812E0CE39 ] WdiServiceHost  C:\Windows\system32\wdi.dll
14:10:59.0190 0x14d4  WdiServiceHost - ok
14:10:59.0200 0x14d4  [ C6F7473B55510F0B93961DA03D8E3B38, 4BAB9274DED8F7AC4A52B8739F501323FFFA0367CAA24BFAFDB5523812E0CE39 ] WdiSystemHost   C:\Windows\system32\wdi.dll
14:10:59.0235 0x14d4  WdiSystemHost - ok
14:10:59.0282 0x14d4  [ 0EB0E5D22B1760F2DBCE632F2DD7A54D, B8A4CC62F88768947FB0A161CF9564DB28FD9C1C037B5475DF192982DE035C22 ] WebClient       C:\Windows\System32\webclnt.dll
14:10:59.0336 0x14d4  WebClient - ok
14:10:59.0358 0x14d4  [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc          C:\Windows\system32\wecsvc.dll
14:10:59.0405 0x14d4  Wecsvc - ok
14:10:59.0440 0x14d4  [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
14:10:59.0463 0x14d4  wercplsupport - ok
14:10:59.0511 0x14d4  [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc          C:\Windows\System32\WerSvc.dll
14:10:59.0534 0x14d4  WerSvc - ok
14:10:59.0598 0x14d4  [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
14:10:59.0619 0x14d4  WfpLwf - ok
14:10:59.0639 0x14d4  [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
14:10:59.0646 0x14d4  WIMMount - ok
14:10:59.0684 0x14d4  WinDefend - ok
14:10:59.0695 0x14d4  WinHttpAutoProxySvc - ok
14:10:59.0810 0x14d4  [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
14:10:59.0878 0x14d4  Winmgmt - ok
14:11:00.0027 0x14d4  [ D929ABD465A2DED963DA8B30946A8D5C, DE8DBFB01C11D2AE903CBD6A974D6F995E9813CE2D6484B7DA06EAE4C545842A ] WinRM           C:\Windows\system32\WsmSvc.dll
14:11:00.0067 0x14d4  WinRM - ok
14:11:00.0149 0x14d4  [ FE88B288356E7B47B74B13372ADD906D, A16B166F6BB32EF9D2A142F27B9EC54CBC7B3AC915799783CF4C40E525BC9E03 ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
14:11:00.0166 0x14d4  WinUsb - ok
14:11:00.0288 0x14d4  [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc         C:\Windows\System32\wlansvc.dll
14:11:00.0357 0x14d4  Wlansvc - ok
14:11:00.0367 0x14d4  [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
14:11:00.0374 0x14d4  WmiAcpi - ok
14:11:00.0443 0x14d4  [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
14:11:00.0497 0x14d4  wmiApSrv - ok
14:11:00.0553 0x14d4  WMPNetworkSvc - ok
14:11:00.0600 0x14d4  [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc          C:\Windows\System32\wpcsvc.dll
14:11:00.0614 0x14d4  WPCSvc - ok
14:11:00.0628 0x14d4  [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
14:11:00.0639 0x14d4  WPDBusEnum - ok
14:11:00.0702 0x14d4  [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
14:11:00.0740 0x14d4  ws2ifsl - ok
14:11:00.0787 0x14d4  [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc          C:\Windows\system32\wscsvc.dll
14:11:00.0800 0x14d4  wscsvc - ok
14:11:00.0802 0x14d4  WSearch - ok
14:11:01.0054 0x14d4  [ 61FF576450CCC80564B850BC3FB6713A, B2843BC9E2F62D27DCF6787D063378926748CE75002BADA1873DCB5039883705 ] wuauserv        C:\Windows\system32\wuaueng.dll
14:11:01.0124 0x14d4  wuauserv - ok
14:11:01.0196 0x14d4  [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
14:11:01.0211 0x14d4  WudfPf - ok
14:11:01.0303 0x14d4  [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
14:11:01.0323 0x14d4  WUDFRd - ok
14:11:01.0380 0x14d4  [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
14:11:01.0393 0x14d4  wudfsvc - ok
14:11:01.0459 0x14d4  [ 04F82965C09CBDF646B487E145060301, 2CD8533EDBE24C3E42EB7550E20F8A2EB9E5E345B165DEF543163A6BC1FDD18B ] WwanSvc         C:\Windows\System32\wwansvc.dll
14:11:01.0512 0x14d4  WwanSvc - ok
14:11:01.0566 0x14d4  [ 9176C0822FAA649E45121875BE32F5D2, B7A7A906A7BB0F760ED241F998C647D728C4DB5D8778AFE585DF38331165803F ] xusb21          C:\Windows\system32\DRIVERS\xusb21.sys
14:11:01.0576 0x14d4  xusb21 - ok
14:11:01.0721 0x14d4  ================ Scan global ===============================
14:11:01.0737 0x14d4  [ BA0CD8C393E8C9F83354106093832C7B, 18D8A4780A2BAA6CEF7FBBBDA0EF6BF2DADF146E1E578A618DD5859E8ADBF1A8 ] C:\Windows\system32\basesrv.dll
14:11:01.0793 0x14d4  [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll
14:11:01.0823 0x14d4  [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll
14:11:01.0843 0x14d4  [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\Windows\system32\sxssrv.dll
14:11:01.0959 0x14d4  [ 24ACB7E5BE595468E3B9AA488B9B4FCB, 63541E3432FCE953F266AE553E7A394978D6EE3DB52388D885F668CF42C5E7E2 ] C:\Windows\system32\services.exe
14:11:01.0964 0x14d4  [ Global ] - ok
14:11:01.0965 0x14d4  ================ Scan MBR ==================================
14:11:01.0979 0x14d4  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk2\DR2
14:11:02.0520 0x14d4  \Device\Harddisk2\DR2 - ok
14:11:02.0523 0x14d4  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
14:11:02.0583 0x14d4  \Device\Harddisk0\DR0 - ok
14:11:02.0584 0x14d4  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk1\DR1
14:11:02.0654 0x14d4  \Device\Harddisk1\DR1 - ok
14:11:02.0655 0x14d4  ================ Scan VBR ==================================
14:11:02.0689 0x14d4  [ 1D95CB92E2BD4D6D50D93F4DA3044C9C ] \Device\Harddisk2\DR2\Partition1
14:11:02.0730 0x14d4  \Device\Harddisk2\DR2\Partition1 - ok
14:11:02.0753 0x14d4  [ 645CA0A920317C66D26B241EEA82DA60 ] \Device\Harddisk2\DR2\Partition2
14:11:02.0754 0x14d4  \Device\Harddisk2\DR2\Partition2 - ok
14:11:02.0788 0x14d4  [ D3FC3B88E6C1388CEDDD7CF009B6FB01 ] \Device\Harddisk2\DR2\Partition3
14:11:02.0926 0x14d4  \Device\Harddisk2\DR2\Partition3 - ok
14:11:02.0929 0x14d4  [ CD097DB8308AEA0075E0E29171573534 ] \Device\Harddisk0\DR0\Partition1
14:11:02.0930 0x14d4  \Device\Harddisk0\DR0\Partition1 - ok
14:11:02.0932 0x14d4  [ 09FABCE3DD9D9CCE7495468411FB3EEC ] \Device\Harddisk1\DR1\Partition1
14:11:02.0993 0x14d4  \Device\Harddisk1\DR1\Partition1 - ok
14:11:02.0993 0x14d4  ================ Scan generic autorun ======================
14:11:03.0543 0x14d4  [ 2936EA1AB4B2F7DF9BAD7F78671C2093, 3DE4BE1866A02DA291DAFEE100E378B152D1387C7444B4CE2528F558729628B5 ] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
14:11:03.0742 0x14d4  RTHDVCPL - ok
14:11:03.0838 0x14d4  [ 39CF316EB5842AE27CC0D3CC4E2840DE, BC4D4ED926F988B7B70CC87B7EC92D148DA6BC39C5C514751F1B0CA69D0F9081 ] C:\Program Files\Microsoft Office\Office14\BCSSync.exe
14:11:03.0931 0x14d4  BCSSync - ok
14:11:04.0400 0x14d4  [ 06F39071A9E3635F4258FD7F5E3F5988, 1582466DB06AE129196C2ADC7E87BE51561D11A28AB90FE6F57539B65553910C ] C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe
14:11:04.0422 0x14d4  NokiaSuite.exe - ok
14:11:04.0542 0x14d4  [ E3BF29CED96790CDAAFA981FFDDF53A3, 76CB27EF7B27E5636EDA9D95229519B2A2870729A0BB694F1FD11CD602BAC4DC ] C:\Program Files\Windows Sidebar\sidebar.exe
14:11:04.0572 0x14d4  Sidebar - ok
14:11:04.0684 0x14d4  GoogleDriveSync - ok
14:11:04.0776 0x14d4  Skype - ok
14:11:04.0781 0x14d4  Waiting for KSN requests completion. In queue: 255
14:11:05.0781 0x14d4  Waiting for KSN requests completion. In queue: 255
14:11:06.0781 0x14d4  Waiting for KSN requests completion. In queue: 255
14:11:07.0781 0x14d4  Waiting for KSN requests completion. In queue: 255
14:11:08.0781 0x14d4  Waiting for KSN requests completion. In queue: 255
14:11:09.0781 0x14d4  Waiting for KSN requests completion. In queue: 255
14:11:10.0781 0x14d4  Waiting for KSN requests completion. In queue: 255
14:11:11.0781 0x14d4  Waiting for KSN requests completion. In queue: 255
14:11:12.0781 0x14d4  Waiting for KSN requests completion. In queue: 255
14:11:13.0781 0x14d4  Waiting for KSN requests completion. In queue: 255
14:11:14.0781 0x14d4  Waiting for KSN requests completion. In queue: 255
14:11:15.0781 0x14d4  Waiting for KSN requests completion. In queue: 255
14:11:16.0820 0x14d4  AV detected via SS2: Kaspersky Internet Security, C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\wmiav.exe ( 15.0.1.415 ), 0x41000 ( enabled : updated )
14:11:16.0827 0x14d4  FW detected via SS2: Kaspersky Internet Security, C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\wmifw.exe ( 15.0.1.415 ), 0x41010 ( enabled )
14:11:19.0487 0x14d4  ============================================================
14:11:19.0487 0x14d4  Scan finished
14:11:19.0487 0x14d4  ============================================================
14:11:19.0491 0x1790  Detected object count: 1
14:11:19.0491 0x1790  Actual detected object count: 1
14:14:09.0242 0x1790  MotioninJoyXFilter ( UnsignedFile.Multi.Generic ) - skipped by user
14:14:09.0242 0x1790  MotioninJoyXFilter ( UnsignedFile.Multi.Generic ) - User select action: Skip
Hier das Logfile von Mbytes Anti-Rootkit:
Code:
ATTFilter
Malwarebytes Anti-Rootkit BETA 1.09.1.1004
www.malwarebytes.org

Database version:
  main:    v2015.04.13.04
  rootkit: v2015.03.31.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.17691
admin :: CROCUZ-PC [administrator]

13.04.2015 14:06:59
mbar-log-2015-04-13 (14-06-59).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: 
Objects scanned: 521566
Time elapsed: 9 minute(s), 51 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)
Danke schonmal im Voraus fürs Anschauen und Bewerten.

Besten Gruss
Karl

Alt 13.04.2015, 18:50   #9
schrauber
/// the machine
/// TB-Ausbilder
 
Windows 7 - Evtl. Highjacking/ Trojaner-Infektion nach unvorsichtigem Download - Standard

Windows 7 - Evtl. Highjacking/ Trojaner-Infektion nach unvorsichtigem Download


hi,

Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 13.04.2015, 20:29   #10
muy_raro
 
Windows 7 - Evtl. Highjacking/ Trojaner-Infektion nach unvorsichtigem Download - Standard

Windows 7 - Evtl. Highjacking/ Trojaner-Infektion nach unvorsichtigem Download


ComboFix habe ich mit Adminrechten im eingeschränkten Benutzerkonto laufen lassen. Kaspersky war deaktiviert, Verbindung zum Router gekappt. Nach dem Neustart hat ComboFix verrückt gespielt und kaskadenartig Fenster geöffnet und geschlossen. Bedienung des OS unmöglich. Per Affengriff abgemeldet und im Adminkonto gestartet, war das Problem gelöst und ComboFix hat brav sein Protokoll erstellt.
Code:
ATTFilter
ComboFix 15-04-09.01 - admin 13.04.2015  18:58:31.4.4 - x64
Microsoft Windows 7 Professional   6.1.7601.1.1252.49.1031.18.7842.5825 [GMT 2:00]
ausgeführt von:: c:\users\crocuz\Downloads\ComboFix.exe
AV: Kaspersky Internet Security *Disabled/Updated* {179979E8-273D-D14E-0543-2861940E4886}
FW: Kaspersky Internet Security *Disabled* {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD}
SP: Kaspersky Internet Security *Disabled/Updated* {ACF8980C-0107-DEC0-3FF3-1313EF89023B}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\admin\AppData\Local\Temp\sfamcc00001.dll
c:\users\admin\AppData\Local\temp\sfareca00001.dll
.
---- Vorheriger Suchlauf -------
.
c:\users\admin\AppData\Local\Temp\sfamcc00001.dll
c:\users\admin\AppData\Local\temp\sfareca00001.dll
.
.
(((((((((((((((((((((((   Dateien erstellt von 2015-03-13 bis 2015-04-13  ))))))))))))))))))))))))))))))
.
.
2015-04-13 17:02 . 2015-04-13 17:06	--------	d-----w-	c:\users\admin\AppData\Local\temp
2015-04-13 17:02 . 2015-04-13 17:02	--------	d-----w-	c:\users\Default\AppData\Local\temp
2015-04-13 17:02 . 2015-04-13 17:02	--------	d-----w-	c:\users\Administrator.crocuz-PC\AppData\Local\temp
2015-04-13 12:06 . 2015-04-13 12:18	--------	d-----w-	c:\programdata\Malwarebytes' Anti-Malware (portable)
2015-04-13 12:06 . 2015-04-13 12:06	136408	----a-w-	c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-04-13 12:06 . 2015-04-13 12:06	107736	----a-w-	c:\windows\system32\drivers\mbamchameleon.sys
2015-04-11 11:14 . 2015-04-11 11:15	--------	d-----w-	c:\users\testuser
2015-04-10 15:03 . 2015-04-13 17:05	--------	d-sh--w-	c:\users\admin\IntelGraphicsProfiles
2015-04-10 14:28 . 2015-04-10 14:28	118	----a-w-	c:\windows\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2015-04-08 16:34 . 2015-04-08 16:34	401	----a-w-	c:\windows\system32\{F33C3B9B-72AF-418A-B3FD-560646F7CDA2}.bat
2015-04-08 16:34 . 2015-04-13 17:04	--------	d-sh--w-	c:\users\crocuz\IntelGraphicsProfiles
2015-04-08 16:21 . 2015-04-08 16:21	--------	d-----w-	c:\program files (x86)\Intel
2015-04-08 16:21 . 2015-04-10 14:28	--------	d-----w-	C:\Intel
2015-04-08 16:21 . 2015-04-08 16:21	--------	d-----w-	c:\program files (x86)\Common Files\Intel
2015-04-07 22:21 . 2015-01-20 09:45	20240	----a-w-	c:\windows\system32\Spool\prtprocs\x64\TeamViewer_PrintProcessor.dll
2015-04-07 22:20 . 2015-04-07 22:20	--------	d-----w-	c:\users\admin\AppData\Roaming\TeamViewer
2015-04-07 22:20 . 2015-01-20 09:45	35112	----a-w-	c:\windows\system32\drivers\teamviewervpn.sys
2015-04-07 22:20 . 2015-04-13 14:42	--------	d-----w-	c:\program files (x86)\TeamViewer
2015-04-07 17:04 . 2015-04-07 17:35	--------	d-----r-	c:\users\crocuz\Google Drive
2015-04-05 01:00 . 2015-04-07 06:47	--------	d-s---w-	c:\windows\system32\GWX
2015-04-05 01:00 . 2015-04-05 01:00	--------	d-s---w-	c:\windows\SysWow64\GWX
2015-04-03 13:56 . 2015-04-03 13:56	--------	d-----w-	c:\program files\Inkscape
2015-03-31 17:01 . 2015-03-31 17:01	24003648	----a-w-	c:\windows\SysWow64\igdumdim32.dll
2015-03-31 17:00 . 2015-03-31 17:00	9504256	----a-w-	c:\windows\system32\ig75icd64.dll
2015-03-31 17:00 . 2015-03-31 17:00	7484416	----a-w-	c:\windows\SysWow64\ig75icd32.dll
2015-03-31 17:00 . 2015-03-31 17:00	94208	----a-w-	c:\windows\system32\IccLibDll_x64.dll
2015-03-31 17:00 . 2015-03-31 17:00	1029008	----a-w-	c:\windows\system32\Gfxv4_0.exe
2015-03-31 17:00 . 2015-03-31 17:00	1025936	----a-w-	c:\windows\system32\Gfxv2_0.exe
2015-03-31 17:00 . 2015-03-31 17:00	448912	----a-w-	c:\windows\system32\GfxUIEx.exe
2015-03-31 17:00 . 2015-03-31 17:00	339344	----a-w-	c:\windows\system32\DPTopologyApp.exe
2015-03-31 17:00 . 2015-03-31 17:00	338832	----a-w-	c:\windows\system32\DPTopologyAppv2_0.exe
2015-03-31 17:00 . 2015-03-31 17:00	157072	----a-w-	c:\windows\system32\difx64.exe
2015-03-31 17:00 . 2015-03-31 17:00	1131008	----a-w-	c:\windows\system32\GfxResources.dll
2015-03-27 16:10 . 2015-03-27 16:13	--------	d-----w-	c:\program files (x86)\Google Books Downloader
2015-03-27 11:46 . 2015-04-03 19:04	--------	d-----w-	c:\users\crocuz\AppData\Roaming\MediaMonkey
2015-03-27 11:46 . 2015-03-27 11:46	--------	d-----w-	c:\users\crocuz\AppData\Local\MediaMonkey
2015-03-27 11:46 . 2015-03-27 11:46	--------	d-----w-	c:\users\admin\AppData\Roaming\MediaMonkey
2015-03-27 11:46 . 2015-03-27 11:46	--------	d-----w-	c:\programdata\MediaMonkey
2015-03-27 11:46 . 2015-03-27 11:46	--------	d-----w-	c:\program files (x86)\MediaMonkey
2015-03-25 18:48 . 2015-03-11 04:06	677888	----a-w-	c:\windows\system32\generaltel.dll
2015-03-25 18:48 . 2015-03-11 04:06	760832	----a-w-	c:\windows\system32\invagent.dll
2015-03-25 18:48 . 2015-03-11 04:06	414720	----a-w-	c:\windows\system32\devinv.dll
2015-03-25 18:48 . 2015-03-11 04:06	943616	----a-w-	c:\windows\system32\appraiser.dll
2015-03-25 18:48 . 2015-03-11 04:05	30720	----a-w-	c:\windows\system32\acmigration.dll
2015-03-25 18:48 . 2015-03-11 04:05	227328	----a-w-	c:\windows\system32\aepdu.dll
2015-03-25 18:48 . 2015-03-11 04:05	192000	----a-w-	c:\windows\system32\aepic.dll
2015-03-25 18:48 . 2015-03-11 04:02	1107456	----a-w-	c:\windows\system32\aeinv.dll
2015-03-22 14:52 . 2015-03-22 14:52	--------	d-----w-	c:\users\crocuz\AppData\Local\PDFCreator
2015-03-22 14:52 . 2015-03-22 14:52	--------	d-----w-	c:\users\admin\AppData\Roaming\pdfforge
2015-03-22 14:52 . 2015-03-22 14:52	--------	d-----w-	c:\program files\PDFCreator
2015-03-22 14:52 . 2015-03-22 14:52	115592	----a-w-	c:\windows\system32\pdfcmon.dll
2015-03-22 14:11 . 2015-03-22 14:11	--------	d-----w-	c:\users\admin\AppData\Local\Apps
2015-03-22 14:11 . 2015-03-22 14:15	--------	d-----w-	c:\users\admin\AppData\Local\Deployment
2015-03-19 20:38 . 2015-03-19 20:38	--------	d-----w-	c:\users\crocuz\AppData\Roaming\SketchUp
2015-03-19 20:38 . 2015-03-19 20:38	--------	d---a-w-	c:\programdata\Reprise
2015-03-19 20:37 . 2015-03-19 20:37	--------	d-----w-	c:\programdata\SketchUp
2015-03-19 20:37 . 2015-03-19 20:37	--------	d-----w-	c:\program files\SketchUp
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-03-31 17:02 . 2014-12-29 22:59	86528	----a-w-	c:\windows\SysWow64\OpenCL.dll
2015-03-31 17:02 . 2014-12-29 22:59	82432	----a-w-	c:\windows\system32\OpenCL.dll
2015-03-12 02:03 . 2013-01-22 03:10	122905848	----a-w-	c:\windows\system32\MRT.exe
2015-03-11 15:34 . 2014-08-20 17:04	819896	----a-w-	c:\windows\system32\drivers\klif.sys
2015-03-06 05:56 . 2015-03-11 15:48	95680	----a-w-	c:\windows\system32\drivers\ksecdd.sys
2015-03-06 05:56 . 2015-03-11 15:48	155576	----a-w-	c:\windows\system32\drivers\ksecpkg.sys
2015-03-06 05:42 . 2015-03-11 15:48	210944	----a-w-	c:\windows\system32\wdigest.dll
2015-03-06 05:42 . 2015-03-11 15:48	86528	----a-w-	c:\windows\system32\TSpkg.dll
2015-03-06 05:42 . 2015-03-11 15:48	29184	----a-w-	c:\windows\system32\sspisrv.dll
2015-03-06 05:42 . 2015-03-11 15:48	136192	----a-w-	c:\windows\system32\sspicli.dll
2015-03-06 05:42 . 2015-03-11 15:48	341504	----a-w-	c:\windows\system32\schannel.dll
2015-03-06 05:42 . 2015-03-11 15:48	28160	----a-w-	c:\windows\system32\secur32.dll
2015-03-06 05:42 . 2015-03-11 15:48	314880	----a-w-	c:\windows\system32\msv1_0.dll
2015-03-06 05:42 . 2015-03-11 15:48	309760	----a-w-	c:\windows\system32\ncrypt.dll
2015-03-06 05:42 . 2015-03-11 15:48	728064	----a-w-	c:\windows\system32\kerberos.dll
2015-03-06 05:42 . 2015-03-11 15:48	1461760	----a-w-	c:\windows\system32\lsasrv.dll
2015-03-06 05:42 . 2015-03-11 15:48	22016	----a-w-	c:\windows\system32\credssp.dll
2015-03-06 05:41 . 2015-03-11 15:48	31232	----a-w-	c:\windows\system32\lsass.exe
2015-03-06 05:41 . 2015-03-11 15:48	64000	----a-w-	c:\windows\system32\auditpol.exe
2015-03-06 05:39 . 2015-03-11 15:48	60416	----a-w-	c:\windows\system32\msobjs.dll
2015-03-06 05:38 . 2015-03-11 15:48	146432	----a-w-	c:\windows\system32\msaudite.dll
2015-03-06 05:36 . 2015-03-11 15:48	686080	----a-w-	c:\windows\system32\adtschema.dll
2015-03-06 05:10 . 2015-03-11 15:48	172032	----a-w-	c:\windows\SysWow64\wdigest.dll
2015-03-06 05:10 . 2015-03-11 15:48	65536	----a-w-	c:\windows\SysWow64\TSpkg.dll
2015-03-06 05:10 . 2015-03-11 15:48	248832	----a-w-	c:\windows\SysWow64\schannel.dll
2015-03-06 05:10 . 2015-03-11 15:48	22016	----a-w-	c:\windows\SysWow64\secur32.dll
2015-03-06 05:10 . 2015-03-11 15:48	259584	----a-w-	c:\windows\SysWow64\msv1_0.dll
2015-03-06 05:10 . 2015-03-11 15:48	221184	----a-w-	c:\windows\SysWow64\ncrypt.dll
2015-03-06 05:10 . 2015-03-11 15:48	550912	----a-w-	c:\windows\SysWow64\kerberos.dll
2015-03-06 05:10 . 2015-03-11 15:48	17408	----a-w-	c:\windows\SysWow64\credssp.dll
2015-03-06 05:09 . 2015-03-11 15:48	50176	----a-w-	c:\windows\SysWow64\auditpol.exe
2015-03-06 05:09 . 2015-03-11 15:48	96768	----a-w-	c:\windows\SysWow64\sspicli.dll
2015-03-06 05:07 . 2015-03-11 15:48	60416	----a-w-	c:\windows\SysWow64\msobjs.dll
2015-03-06 05:07 . 2015-03-11 15:48	146432	----a-w-	c:\windows\SysWow64\msaudite.dll
2015-03-06 05:06 . 2015-03-11 15:48	686080	----a-w-	c:\windows\SysWow64\adtschema.dll
2015-02-26 03:25 . 2015-03-11 15:48	3204096	----a-w-	c:\windows\system32\win32k.sys
2015-02-24 03:15 . 2015-03-11 15:48	389800	----a-w-	c:\windows\system32\iedkcs32.dll
2015-02-21 01:16 . 2015-03-11 15:48	25021440	----a-w-	c:\windows\system32\mshtml.dll
2015-02-20 23:58 . 2015-03-11 15:48	92160	----a-w-	c:\windows\system32\mshtmled.dll
2015-02-20 04:41 . 2015-03-11 15:49	41984	----a-w-	c:\windows\system32\lpk.dll
2015-02-20 04:40 . 2015-03-11 15:49	100864	----a-w-	c:\windows\system32\fontsub.dll
2015-02-20 04:40 . 2015-03-11 15:49	14336	----a-w-	c:\windows\system32\dciman32.dll
2015-02-20 04:40 . 2015-03-11 15:49	46080	----a-w-	c:\windows\system32\atmlib.dll
2015-02-20 04:13 . 2015-03-11 15:49	70656	----a-w-	c:\windows\SysWow64\fontsub.dll
2015-02-20 04:13 . 2015-03-11 15:49	10240	----a-w-	c:\windows\SysWow64\dciman32.dll
2015-02-20 04:13 . 2015-03-11 15:49	34304	----a-w-	c:\windows\SysWow64\atmlib.dll
2015-02-20 04:12 . 2015-03-11 15:49	25600	----a-w-	c:\windows\SysWow64\lpk.dll
2015-02-20 03:29 . 2015-03-11 15:49	372224	----a-w-	c:\windows\system32\atmfd.dll
2015-02-20 03:09 . 2015-03-11 15:49	299008	----a-w-	c:\windows\SysWow64\atmfd.dll
2015-02-20 03:06 . 2015-03-11 15:48	2724864	----a-w-	c:\windows\system32\mshtml.tlb
2015-02-20 03:05 . 2015-03-11 15:48	4096	----a-w-	c:\windows\system32\ieetwcollectorres.dll
2015-02-20 02:50 . 2015-03-11 15:48	66560	----a-w-	c:\windows\system32\iesetup.dll
2015-02-20 02:49 . 2015-03-11 15:48	48640	----a-w-	c:\windows\system32\ieetwproxystub.dll
2015-02-20 02:49 . 2015-03-11 15:48	584192	----a-w-	c:\windows\system32\vbscript.dll
2015-02-20 02:48 . 2015-03-11 15:48	2886144	----a-w-	c:\windows\system32\iertutil.dll
2015-02-20 02:47 . 2015-03-11 15:48	88064	----a-w-	c:\windows\system32\MshtmlDac.dll
2015-02-20 02:41 . 2015-03-11 15:48	54784	----a-w-	c:\windows\system32\jsproxy.dll
2015-02-20 02:40 . 2015-03-11 15:48	34304	----a-w-	c:\windows\system32\iernonce.dll
2015-02-20 02:36 . 2015-03-11 15:48	633856	----a-w-	c:\windows\system32\ieui.dll
2015-02-20 02:35 . 2015-03-11 15:48	144384	----a-w-	c:\windows\system32\ieUnatt.exe
2015-02-20 02:35 . 2015-03-11 15:48	114688	----a-w-	c:\windows\system32\ieetwcollector.exe
2015-02-20 02:34 . 2015-03-11 15:48	814080	----a-w-	c:\windows\system32\jscript9diag.dll
2015-02-20 02:32 . 2015-03-11 15:48	6035456	----a-w-	c:\windows\system32\jscript9.dll
2015-02-20 02:26 . 2015-03-11 15:48	968704	----a-w-	c:\windows\system32\MsSpellCheckingFacility.exe
2015-02-20 02:22 . 2015-03-11 15:48	2724864	----a-w-	c:\windows\SysWow64\mshtml.tlb
2015-02-20 02:22 . 2015-03-11 15:48	490496	----a-w-	c:\windows\system32\dxtmsft.dll
2015-02-20 02:13 . 2015-03-11 15:48	77824	----a-w-	c:\windows\system32\JavaScriptCollectionAgent.dll
2015-02-20 02:09 . 2015-03-11 15:48	503296	----a-w-	c:\windows\SysWow64\vbscript.dll
2015-02-20 02:08 . 2015-03-11 15:48	62464	----a-w-	c:\windows\SysWow64\iesetup.dll
2015-02-20 02:08 . 2015-03-11 15:48	199680	----a-w-	c:\windows\system32\msrating.dll
2015-02-20 02:08 . 2015-03-11 15:48	47616	----a-w-	c:\windows\SysWow64\ieetwproxystub.dll
2015-02-20 02:06 . 2015-03-11 15:48	64000	----a-w-	c:\windows\SysWow64\MshtmlDac.dll
2015-02-20 02:05 . 2015-03-11 15:48	316928	----a-w-	c:\windows\system32\dxtrans.dll
2015-02-20 01:56 . 2015-03-11 15:48	115712	----a-w-	c:\windows\SysWow64\ieUnatt.exe
2015-02-20 01:56 . 2015-03-11 15:48	620032	----a-w-	c:\windows\SysWow64\jscript9diag.dll
2015-02-20 01:49 . 2015-03-11 15:48	718848	----a-w-	c:\windows\system32\ie4uinit.exe
2015-02-20 01:49 . 2015-03-11 15:48	801280	----a-w-	c:\windows\system32\msfeeds.dll
2015-02-20 01:47 . 2015-03-11 15:48	1359360	----a-w-	c:\windows\system32\mshtmlmedia.dll
2015-02-20 01:46 . 2015-03-11 15:48	2125824	----a-w-	c:\windows\system32\inetcpl.cpl
2015-02-20 01:43 . 2015-03-11 15:48	14398976	----a-w-	c:\windows\system32\ieframe.dll
2015-02-20 01:41 . 2015-03-11 15:48	60416	----a-w-	c:\windows\SysWow64\JavaScriptCollectionAgent.dll
2015-02-20 01:30 . 2015-03-11 15:48	4300288	----a-w-	c:\windows\SysWow64\jscript9.dll
2015-02-20 01:28 . 2015-03-11 15:48	2358784	----a-w-	c:\windows\system32\wininet.dll
2015-02-20 01:24 . 2015-03-11 15:48	2052608	----a-w-	c:\windows\SysWow64\inetcpl.cpl
2015-02-20 01:23 . 2015-03-11 15:48	1155072	----a-w-	c:\windows\SysWow64\mshtmlmedia.dll
2015-02-20 01:16 . 2015-03-11 15:48	1548288	----a-w-	c:\windows\system32\urlmon.dll
2015-02-20 01:03 . 2015-03-11 15:48	800768	----a-w-	c:\windows\system32\ieapfltr.dll
2015-02-20 01:01 . 2015-03-11 15:48	1888256	----a-w-	c:\windows\SysWow64\wininet.dll
2015-02-18 13:33 . 2015-02-18 13:33	5242880	----a-w-	C:\test.tmp
2015-02-17 14:19 . 2015-02-17 14:19	1614496	----a-w-	c:\windows\system32\FM20.DLL
2015-02-13 11:47 . 2015-02-13 11:47	4575232	----a-w-	c:\windows\SysWow64\GPhotos.scr
2015-02-13 05:22 . 2015-03-11 15:48	14177280	----a-w-	c:\windows\system32\shell32.dll
2015-02-11 19:53 . 2014-11-11 19:38	71344	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-02-11 19:53 . 2014-11-11 19:38	701616	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2015-02-04 03:16 . 2015-03-11 15:46	465920	----a-w-	c:\windows\system32\WMPhoto.dll
2015-02-04 02:54 . 2015-03-11 15:46	417792	----a-w-	c:\windows\SysWow64\WMPhoto.dll
2015-02-03 03:34 . 2015-03-11 15:49	693176	----a-w-	c:\windows\system32\winload.efi
2015-02-03 03:34 . 2015-03-11 15:49	5554104	----a-w-	c:\windows\system32\ntoskrnl.exe
2015-02-03 03:34 . 2015-03-11 15:49	94656	----a-w-	c:\windows\system32\drivers\mountmgr.sys
2015-02-03 03:33 . 2015-03-11 15:49	616360	----a-w-	c:\windows\system32\winresume.efi
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2014-11-18 30520936]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
R2 AVP15.0.1;Kaspersky Anti-Virus Service 15.0.1;c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\avp.exe;c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\avp.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 Installer Service;Installer Service;c:\programdata\NokiaInstallerCache\ProductCache\{D5878294-C113-43c5-A24F-FC333C52015A}\{0C808377-8C23-44ED-9016-05F42E6D4900}\Installer\InstallerService.exe;c:\programdata\NokiaInstallerCache\ProductCache\{D5878294-C113-43c5-A24F-FC333C52015A}\{0C808377-8C23-44ED-9016-05F42E6D4900}\Installer\InstallerService.exe [x]
R3 lvpopf64;Logitech POP Suppression Filter;c:\windows\system32\DRIVERS\lvpopf64.sys;c:\windows\SYSNATIVE\DRIVERS\lvpopf64.sys [x]
R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys;c:\windows\SYSNATIVE\DRIVERS\lvrs64.sys [x]
R3 LVUVC64;QuickCam for Notebooks Pro(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys;c:\windows\SYSNATIVE\DRIVERS\lvuvc64.sys [x]
R3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;c:\windows\system32\DRIVERS\MijXfilt.sys;c:\windows\SYSNATIVE\DRIVERS\MijXfilt.sys [x]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
R3 RTL8192su;%RTL8192su.DeviceDesc.DispName%;c:\windows\system32\DRIVERS\RTL8192su.sys;c:\windows\SYSNATIVE\DRIVERS\RTL8192su.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 cm_km_w;Kaspersky Lab Crypto Module (FDE PDK);c:\windows\system32\DRIVERS\cm_km_w.sys;c:\windows\SYSNATIVE\DRIVERS\cm_km_w.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S1 klhk;klhk;c:\windows\system32\DRIVERS\klhk.sys;c:\windows\SYSNATIVE\DRIVERS\klhk.sys [x]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys;c:\windows\SYSNATIVE\DRIVERS\klim6.sys [x]
S1 klpd;klpd;c:\windows\system32\DRIVERS\klpd.sys;c:\windows\SYSNATIVE\DRIVERS\klpd.sys [x]
S1 kltdi;kltdi;c:\windows\system32\DRIVERS\kltdi.sys;c:\windows\SYSNATIVE\DRIVERS\kltdi.sys [x]
S1 Klwtp;Klwtp;c:\windows\system32\DRIVERS\klwtp.sys;c:\windows\SYSNATIVE\DRIVERS\klwtp.sys [x]
S1 kneps;kneps;c:\windows\system32\DRIVERS\kneps.sys;c:\windows\SYSNATIVE\DRIVERS\kneps.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [x]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [x]
S2 GfExperienceService;NVIDIA GeForce Experience Service;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [x]
S2 igfxCUIService1.0.0.0;Intel(R) HD Graphics Control Panel Service;c:\windows\system32\igfxCUIService.exe;c:\windows\SYSNATIVE\igfxCUIService.exe [x]
S2 Intel(R) PROSet Monitoring Service;Intel(R) PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe;c:\windows\SYSNATIVE\IProsetMonitor.exe [x]
S2 kldisk;kldisk;c:\windows\system32\DRIVERS\kldisk.sys;c:\windows\SYSNATIVE\DRIVERS\kldisk.sys [x]
S2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S3 dvdfab;dvdfab;c:\windows\system32\drivers\dvdfab.sys;c:\windows\SYSNATIVE\drivers\dvdfab.sys [x]
S3 e1dexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver D;c:\windows\system32\DRIVERS\e1d62x64.sys;c:\windows\SYSNATIVE\DRIVERS\e1d62x64.sys [x]
S3 klflt;Kaspersky Lab Kernel DLL;c:\windows\system32\DRIVERS\klflt.sys;c:\windows\SYSNATIVE\DRIVERS\klflt.sys [x]
S3 klkbdflt;Kaspersky Lab KLKBDFLT;c:\windows\system32\DRIVERS\klkbdflt.sys;c:\windows\SYSNATIVE\DRIVERS\klkbdflt.sys [x]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys;c:\windows\SYSNATIVE\DRIVERS\klmouflt.sys [x]
S3 NvStreamKms;NvStreamKms;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
S3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\DRIVERS\teamviewervpn.sys;c:\windows\SYSNATIVE\DRIVERS\teamviewervpn.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-04-03 17:27	1061704	----a-w-	c:\program files (x86)\Google\Chrome\Application\41.0.2272.118\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2015-04-13 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-11-11 19:53]
.
2015-04-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-12-21 17:03]
.
2015-04-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-12-21 17:03]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt1"]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2014-08-17 04:10	164760	----a-w-	c:\users\crocuz\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt2"]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2014-08-17 04:10	164760	----a-w-	c:\users\crocuz\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt3"]
@="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]
2014-08-17 04:10	164760	----a-w-	c:\users\crocuz\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt4"]
@="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]
2014-08-17 04:10	164760	----a-w-	c:\users\crocuz\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt5"]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2014-08-17 04:10	164760	----a-w-	c:\users\crocuz\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt6"]
@="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]
2014-08-17 04:10	164760	----a-w-	c:\users\crocuz\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt7"]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2014-08-17 04:10	164760	----a-w-	c:\users\crocuz\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt8"]
@="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]
2014-08-17 04:10	164760	----a-w-	c:\users\crocuz\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2015-02-19 12:24	774472	----a-w-	c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2015-02-19 12:24	774472	----a-w-	c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2015-02-19 12:24	774472	----a-w-	c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2015-02-19 12:24	774472	----a-w-	c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2015-02-19 12:24	774472	----a-w-	c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2012-11-19 13260944]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2012-11-05 108144]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: {{09A10376-994C-4BBF-9121-F50CF7BA237E} - {F2A56BFE-7911-451A-BC74-A9C3C2E95126} - c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\IEExt\ie_plugin.dll
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gb8hs0xx.default\
FF - prefs.js: browser.startup.homepage - about:home|hxxp://www.giga.de/androidnews/
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
c:\users\crocuz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk - c:\users\admin\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup
SafeBoot-76396234.sys
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\TeamViewer\TeamViewer_Service.exe
c:\program files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler.exe
c:\program files (x86)\PC Connectivity Solution\ServiceLayer.exe
c:\program files (x86)\SpeedFan\speedfan.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2015-04-13  19:09:07 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2015-04-13 17:09
.
Vor Suchlauf: 9.661.108.224 Bytes frei
Nach Suchlauf: 9.510.461.440 Bytes frei
.
- - End Of File - - DB6FC3C1ECBD9A7565346CF477495263
A36C5E4F47E84449FF07ED3517B43A31


Bedeutet das was?
Geändert von muy_raro (13.04.2015 um 20:35 Uhr)

Alt 14.04.2015, 10:42   #11
schrauber
/// the machine
/// TB-Ausbilder
 
Windows 7 - Evtl. Highjacking/ Trojaner-Infektion nach unvorsichtigem Download - Standard

Windows 7 - Evtl. Highjacking/ Trojaner-Infektion nach unvorsichtigem Download


nö, das ist einfach ne Tempdatei.

Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 14.04.2015, 20:51   #12
muy_raro
 
Windows 7 - Evtl. Highjacking/ Trojaner-Infektion nach unvorsichtigem Download - Standard

Windows 7 - Evtl. Highjacking/ Trojaner-Infektion nach unvorsichtigem Download


Das log vom Mbytes ist sauber:

Code:
ATTFilter
 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlauf Datum: 14.04.2015
Suchlauf-Zeit: 18:56:01
Logdatei: 
Administrator: Nein

Version: 2.01.4.1018
Malware Datenbank: v2015.04.14.05
Rootkit Datenbank: v2015.03.31.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: crocuz

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 368493
Verstrichene Zeit: 7 Min, 3 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Aktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(Keine schädliche Elemente gefunden)

Module: 0
(Keine schädliche Elemente gefunden)

Registrierungsschlüssel: 0
(Keine schädliche Elemente gefunden)

Registrierungswerte: 0
(Keine schädliche Elemente gefunden)

Registrierungsdaten: 0
(Keine schädliche Elemente gefunden)

Ordner: 0
(Keine schädliche Elemente gefunden)

Dateien: 0
(Keine schädliche Elemente gefunden)

Physische Sektoren: 0
(Keine schädliche Elemente gefunden)


(end)
Das von AdwCleaner (Löschen ist erfolgt):AdwCleaner Logfile:
Code:
ATTFilter
# AdwCleaner v4.201 - Bericht erstellt 14/04/2015 um 18:59:09
# Aktualisiert 08/04/2015 von Xplode
# Datenbank : 2015-04-08.1 [Server]
# Betriebssystem : Windows 7 Professional Service Pack 1 (x64)
# Benutzername : admin - CROCUZ-PC
# Gestarted von : C:\Users\crocuz\Downloads\AdwCleaner_4.201.exe
# Option : Suchlauf

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Datei Gefunden : C:\Users\testuser\AppData\Roaming\Mozilla\Firefox\Profiles\bpx9i8su.default\user.js
Ordner Gefunden : C:\Users\admin\AppData\Roaming\pdfforge
Ordner Gefunden : C:\Users\crocuz\AppData\Local\Google\Chrome\User Data\Default\Extensions\iobcbdgacfkninlcbphihhdlkobkehia

***** [ Geplante Tasks ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****


***** [ Internetbrowser ] *****

-\\ Internet Explorer v11.0.9600.17689


-\\ Mozilla Firefox v37.0.1 (x86 de)


-\\ Google Chrome v41.0.2272.118

[C:\Users\crocuz\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Gefunden [Extension] : iobcbdgacfkninlcbphihhdlkobkehia

*************************

AdwCleaner[R0].txt - [1625 Bytes] - [04/03/2015 19:54:28]
AdwCleaner[R1].txt - [1585 Bytes] - [04/03/2015 20:56:24]
AdwCleaner[R2].txt - [1439 Bytes] - [14/04/2015 18:53:54]
AdwCleaner[R3].txt - [1498 Bytes] - [14/04/2015 18:56:35]
AdwCleaner[R4].txt - [1362 Bytes] - [14/04/2015 18:59:09]
AdwCleaner[S0].txt - [1646 Bytes] - [04/03/2015 21:03:09]

########## EOF - \AdwCleaner\AdwCleaner[R4].txt - [1480 Bytes] ##########
--- --- ---

Hier noch das AdwCleaner Quarantäne-Log:

Code:
ATTFilter
C:\Users\Administrator.crocuz-PC\AppData\Roaming\Mozilla\Firefox\Profiles\qez40x2w.default\user.js->\AdwCleaner\Quarantine\C\Users\Administrator.crocuz-PC\AppData\Roaming\Mozilla\Firefox\Profiles\qez40x2w.default\user.js.vir
C:\Users\crocuz\AppData\Roaming\Mozilla\Firefox\Profiles\a5frw0pj.default\user.js->\AdwCleaner\Quarantine\C\Users\crocuz\AppData\Roaming\Mozilla\Firefox\Profiles\a5frw0pj.default\user.js.vir
C:\Users\crocuz\AppData\Roaming\Mozilla\Firefox\Profiles\pgbv7w5j.default\user.js->\AdwCleaner\Quarantine\C\Users\crocuz\AppData\Roaming\Mozilla\Firefox\Profiles\pgbv7w5j.default\user.js.vir
C:\Users\admin\AppData\Roaming\pdfforge\Images2PDF\Images2PDF.settings->\AdwCleaner\Quarantine\C\Users\admin\AppData\Roaming\pdfforge\Images2PDF\Images2PDF.settings.vir
C:\Users\crocuz\AppData\Local\Google\Chrome\User Data\Default\Extensions\iobcbdgacfkninlcbphihhdlkobkehia\1.3.2.4_0\background.html->\AdwCleaner\Quarantine\C\Users\crocuz\AppData\Local\Google\Chrome\User Data\Default\Extensions\iobcbdgacfkninlcbphihhdlkobkehia\1.3.2.4_0\background.html.vir
C:\Users\crocuz\AppData\Local\Google\Chrome\User Data\Default\Extensions\iobcbdgacfkninlcbphihhdlkobkehia\1.3.2.4_0\manifest.json->\AdwCleaner\Quarantine\C\Users\crocuz\AppData\Local\Google\Chrome\User Data\Default\Extensions\iobcbdgacfkninlcbphihhdlkobkehia\1.3.2.4_0\manifest.json.vir
C:\Users\crocuz\AppData\Local\Google\Chrome\User Data\Default\Extensions\iobcbdgacfkninlcbphihhdlkobkehia\1.3.2.4_0\manifest_template.json->\AdwCleaner\Quarantine\C\Users\crocuz\AppData\Local\Google\Chrome\User Data\Default\Extensions\iobcbdgacfkninlcbphihhdlkobkehia\1.3.2.4_0\manifest_template.json.vir
C:\Users\crocuz\AppData\Local\Google\Chrome\User Data\Default\Extensions\iobcbdgacfkninlcbphihhdlkobkehia\1.3.2.4_0\popup.html->\AdwCleaner\Quarantine\C\Users\crocuz\AppData\Local\Google\Chrome\User Data\Default\Extensions\iobcbdgacfkninlcbphihhdlkobkehia\1.3.2.4_0\popup.html.vir
C:\Users\crocuz\AppData\Local\Google\Chrome\User Data\Default\Extensions\iobcbdgacfkninlcbphihhdlkobkehia\1.3.2.4_0\_metadata\computed_hashes.json->\AdwCleaner\Quarantine\C\Users\crocuz\AppData\Local\Google\Chrome\User Data\Default\Extensions\iobcbdgacfkninlcbphihhdlkobkehia\1.3.2.4_0\_metadata\computed_hashes.json.vir
C:\Users\crocuz\AppData\Local\Google\Chrome\User Data\Default\Extensions\iobcbdgacfkninlcbphihhdlkobkehia\1.3.2.4_0\_metadata\verified_contents.json->\AdwCleaner\Quarantine\C\Users\crocuz\AppData\Local\Google\Chrome\User Data\Default\Extensions\iobcbdgacfkninlcbphihhdlkobkehia\1.3.2.4_0\_metadata\verified_contents.json.vir
C:\Users\crocuz\AppData\Local\Google\Chrome\User Data\Default\Extensions\iobcbdgacfkninlcbphihhdlkobkehia\1.3.2.4_0\stylesheets\main.css->\AdwCleaner\Quarantine\C\Users\crocuz\AppData\Local\Google\Chrome\User Data\Default\Extensions\iobcbdgacfkninlcbphihhdlkobkehia\1.3.2.4_0\stylesheets\main.css.vir
C:\Users\crocuz\AppData\Local\Google\Chrome\User Data\Default\Extensions\iobcbdgacfkninlcbphihhdlkobkehia\1.3.2.4_0\javascripts\background.js->\AdwCleaner\Quarantine\C\Users\crocuz\AppData\Local\Google\Chrome\User Data\Default\Extensions\iobcbdgacfkninlcbphihhdlkobkehia\1.3.2.4_0\javascripts\background.js.vir
C:\Users\crocuz\AppData\Local\Google\Chrome\User Data\Default\Extensions\iobcbdgacfkninlcbphihhdlkobkehia\1.3.2.4_0\javascripts\common.js->\AdwCleaner\Quarantine\C\Users\crocuz\AppData\Local\Google\Chrome\User Data\Default\Extensions\iobcbdgacfkninlcbphihhdlkobkehia\1.3.2.4_0\javascripts\common.js.vir
C:\Users\crocuz\AppData\Local\Google\Chrome\User Data\Default\Extensions\iobcbdgacfkninlcbphihhdlkobkehia\1.3.2.4_0\javascripts\copypopup.js->\AdwCleaner\Quarantine\C\Users\crocuz\AppData\Local\Google\Chrome\User Data\Default\Extensions\iobcbdgacfkninlcbphihhdlkobkehia\1.3.2.4_0\javascripts\copypopup.js.vir
C:\Users\crocuz\AppData\Local\Google\Chrome\User Data\Default\Extensions\iobcbdgacfkninlcbphihhdlkobkehia\1.3.2.4_0\javascripts\gdocs_editwindow.js->\AdwCleaner\Quarantine\C\Users\crocuz\AppData\Local\Google\Chrome\User Data\Default\Extensions\iobcbdgacfkninlcbphihhdlkobkehia\1.3.2.4_0\javascripts\gdocs_editwindow.js.vir
C:\Users\crocuz\AppData\Local\Google\Chrome\User Data\Default\Extensions\iobcbdgacfkninlcbphihhdlkobkehia\1.3.2.4_0\javascripts\gdocs_rightpanel.js->\AdwCleaner\Quarantine\C\Users\crocuz\AppData\Local\Google\Chrome\User Data\Default\Extensions\iobcbdgacfkninlcbphihhdlkobkehia\1.3.2.4_0\javascripts\gdocs_rightpanel.js.vir
C:\Users\crocuz\AppData\Local\Google\Chrome\User Data\Default\Extensions\iobcbdgacfkninlcbphihhdlkobkehia\1.3.2.4_0\javascripts\jquery-1.4.4.js->\AdwCleaner\Quarantine\C\Users\crocuz\AppData\Local\Google\Chrome\User Data\Default\Extensions\iobcbdgacfkninlcbphihhdlkobkehia\1.3.2.4_0\javascripts\jquery-1.4.4.js.vir
C:\Users\crocuz\AppData\Local\Google\Chrome\User Data\Default\Extensions\iobcbdgacfkninlcbphihhdlkobkehia\1.3.2.4_0\javascripts\jquery.json.js->\AdwCleaner\Quarantine\C\Users\crocuz\AppData\Local\Google\Chrome\User Data\Default\Extensions\iobcbdgacfkninlcbphihhdlkobkehia\1.3.2.4_0\javascripts\jquery.json.js.vir
C:\Users\crocuz\AppData\Local\Google\Chrome\User Data\Default\Extensions\iobcbdgacfkninlcbphihhdlkobkehia\1.3.2.4_0\javascripts\jquery.outerClick.js->\AdwCleaner\Quarantine\C\Users\crocuz\AppData\Local\Google\Chrome\User Data\Default\Extensions\iobcbdgacfkninlcbphihhdlkobkehia\1.3.2.4_0\javascripts\jquery.outerClick.js.vir
C:\Users\crocuz\AppData\Local\Google\Chrome\User Data\Default\Extensions\iobcbdgacfkninlcbphihhdlkobkehia\1.3.2.4_0\javascripts\leftpanel.js->\AdwCleaner\Quarantine\C\Users\crocuz\AppData\Local\Google\Chrome\User Data\Default\Extensions\iobcbdgacfkninlcbphihhdlkobkehia\1.3.2.4_0\javascripts\leftpanel.js.vir
C:\Users\crocuz\AppData\Local\Google\Chrome\User Data\Default\Extensions\iobcbdgacfkninlcbphihhdlkobkehia\1.3.2.4_0\javascripts\main.js->\AdwCleaner\Quarantine\C\Users\crocuz\AppData\Local\Google\Chrome\User Data\Default\Extensions\iobcbdgacfkninlcbphihhdlkobkehia\1.3.2.4_0\javascripts\main.js.vir
C:\Users\crocuz\AppData\Local\Google\Chrome\User Data\Default\Extensions\iobcbdgacfkninlcbphihhdlkobkehia\1.3.2.4_0\javascripts\our_rightpanel.js->\AdwCleaner\Quarantine\C\Users\crocuz\AppData\Local\Google\Chrome\User Data\Default\Extensions\iobcbdgacfkninlcbphihhdlkobkehia\1.3.2.4_0\javascripts\our_rightpanel.js.vir
C:\Users\crocuz\AppData\Local\Google\Chrome\User Data\Default\Extensions\iobcbdgacfkninlcbphihhdlkobkehia\1.3.2.4_0\javascripts\popup.js->\AdwCleaner\Quarantine\C\Users\crocuz\AppData\Local\Google\Chrome\User Data\Default\Extensions\iobcbdgacfkninlcbphihhdlkobkehia\1.3.2.4_0\javascripts\popup.js.vir
C:\Users\crocuz\AppData\Local\Google\Chrome\User Data\Default\Extensions\iobcbdgacfkninlcbphihhdlkobkehia\1.3.2.4_0\javascripts\synchpopup.js->\AdwCleaner\Quarantine\C\Users\crocuz\AppData\Local\Google\Chrome\User Data\Default\Extensions\iobcbdgacfkninlcbphihhdlkobkehia\1.3.2.4_0\javascripts\synchpopup.js.vir
C:\Users\crocuz\AppData\Local\Google\Chrome\User Data\Default\Extensions\iobcbdgacfkninlcbphihhdlkobkehia\1.3.2.4_0\javascripts\jsTree\jquery.jstree.js->\AdwCleaner\Quarantine\C\Users\crocuz\AppData\Local\Google\Chrome\User Data\Default\Extensions\iobcbdgacfkninlcbphihhdlkobkehia\1.3.2.4_0\javascripts\jsTree\jquery.jstree.js.vir
C:\Users\crocuz\AppData\Local\Google\Chrome\User Data\Default\Extensions\iobcbdgacfkninlcbphihhdlkobkehia\1.3.2.4_0\javascripts\jsTree\_lib\jquery.cookie.js->\AdwCleaner\Quarantine\C\Users\crocuz\AppData\Local\Google\Chrome\User Data\Default\Extensions\iobcbdgacfkninlcbphihhdlkobkehia\1.3.2.4_0\javascripts\jsTree\_lib\jquery.cookie.js.vir
C:\Users\crocuz\AppData\Local\Google\Chrome\User Data\Default\Extensions\iobcbdgacfkninlcbphihhdlkobkehia\1.3.2.4_0\javascripts\jsTree\_lib\jquery.hotkeys.js->\AdwCleaner\Quarantine\C\Users\crocuz\AppData\Local\Google\Chrome\User Data\Default\Extensions\iobcbdgacfkninlcbphihhdlkobkehia\1.3.2.4_0\javascripts\jsTree\_lib\jquery.hotkeys.js.vir
C:\Users\crocuz\AppData\Local\Google\Chrome\User Data\Default\Extensions\iobcbdgacfkninlcbphihhdlkobkehia\1.3.2.4_0\javascripts\jsTree\_lib\jquery.js->\AdwCleaner\Quarantine\C\Users\crocuz\AppData\Local\Google\Chrome\User Data\Default\Extensions\iobcbdgacfkninlcbphihhdlkobkehia\1.3.2.4_0\javascripts\jsTree\_lib\jquery.js.vir
C:\Users\crocuz\AppData\Local\Google\Chrome\User Data\Default\Extensions\iobcbdgacfkninlcbphihhdlkobkehia\1.3.2.4_0\javascripts\jsTree\_docs\!style.css->\AdwCleaner\Quarantine\C\Users\crocuz\AppData\Local\Google\Chrome\User Data\Default\Extensions\iobcbdgacfkninlcbphihhdlkobkehia\1.3.2.4_0\javascripts\jsTree\_docs\!style.css.vir
C:\Users\crocuz\AppData\Local\Google\Chrome\User Data\Default\Extensions\iobcbdgacfkninlcbphihhdlkobkehia\1.3.2.4_0\javascripts\jsTree\_docs\checkbox.html->\AdwCleaner\Quarantine\C\Users\crocuz\AppData\Local\Google\Chrome\User Data\Default\Extensions\iobcbdgacfkninlcbphihhdlkobkehia\1.3.2.4_0\javascripts\jsTree\_docs\checkbox.html.vir
C:\Users\crocuz\AppData\Local\Google\Chrome\User Data\Default\Extensions\iobcbdgacfkninlcbphihhdlkobkehia\1.3.2.4_0\javascripts\jsTree\_docs\contextmenu.html->\AdwCleaner\Quarantine\C\Users\crocuz\AppData\Local\Google\Chrome\User Data\Default\Extensions\iobcbdgacfkninlcbphihhdlkobkehia\1.3.2.4_0\javascripts\jsTree\_docs\contextmenu.html.vir
C:\Users\crocuz\AppData\Local\Google\Chrome\User Data\Default\Extensions\iobcbdgacfkninlcbphihhdlkobkehia\1.3.2.4_0\javascripts\jsTree\_docs\cookies.html->\AdwCleaner\Quarantine\C\Users\crocuz\AppData\Local\Google\Chrome\User Data\Default\Extensions\iobcbdgacfkninlcbphihhdlkobkehia\1.3.2.4_0\javascripts\jsTree\_docs\cookies.html.vir
C:\Users\crocuz\AppData\Local\Google\Chrome\User Data\Default\Extensions\iobcbdgacfkninlcbphihhdlkobkehia\1.3.2.4_0\javascripts\jsTree\_docs\core.html->\AdwCleaner\Quarantine\C\Users\crocuz\AppData\Local\Google\Chrome\User Data\Default\Extensions\iobcbdgacfkninlcbphihhdlkobkehia\1.3.2.4_0\javascripts\jsTree\_docs\core.html.vir
C:\Users\crocuz\AppData\Local\Google\Chrome\User Data\Default\Extensions\iobcbdgacfkninlcbphihhdlkobkehia\1.3.2.4_0\javascripts\jsTree\_docs\crrm.html->\AdwCleaner\Quarantine\C\Users\crocuz\AppData\Local\Google\Chrome\User Data\Default\Extensions\iobcbdgacfkninlcbphihhdlkobkehia\1.3.2.4_0\javascripts\jsTree\_docs\crrm.html.vir
C:\Users\crocuz\AppData\Local\Google\Chrome\User Data\Default\Extensions\iobcbdgacfkninlcbphihhdlkobkehia\1.3.2.4_0\javascripts\jsTree\_docs\dnd.html->\AdwCleaner\Quarantine\C\Users\crocuz\AppData\Local\Google\Chrome\User Data\Default\Extensions\iobcbdgacfkninlcbphihhdlkobkehia\1.3.2.4_0\javascripts\jsTree\_docs\dnd.html.vir
C:\Users\crocuz\AppData\Local\Google\Chrome\User Data\Default\Extensions\iobcbdgacfkninlcbphihhdlkobkehia\1.3.2.4_0\javascripts\jsTree\_docs\hotkeys.html->\AdwCleaner\Quarantine\C\Users\crocuz\AppData\Local\Google\Chrome\User Data\Default\Extensions\iobcbdgacfkninlcbphihhdlkobkehia\1.3.2.4_0\javascripts\jsTree\_docs\hotkeys.html.vir
C:\Users\crocuz\AppData\Local\Google\Chrome\User Data\Default\Extensions\iobcbdgacfkninlcbphihhdlkobkehia\1.3.2.4_0\javascripts\jsTree\_docs\html_data.html->\AdwCleaner\Quarantine\C\Users\crocuz\AppData\Local\Google\Chrome\User Data\Default\Extensions\iobcbdgacfkninlcbphihhdlkobkehia\1.3.2.4_0\javascripts\jsTree\_docs\html_data.html.vir
C:\Users\crocuz\AppData\Local\Google\Chrome\User Data\Default\Extensions\iobcbdgacfkninlcbphihhdlkobkehia\1.3.2.4_0\javascripts\jsTree\_docs\index.html->\AdwCleaner\Quarantine\C\Users\crocuz\AppData\Local\Google\Chrome\User Data\Default\Extensions\iobcbdgacfkninlcbphihhdlkobkehia\1.3.2.4_0\javascripts\jsTree\_docs\index.html.vir
C:\Users\crocuz\AppData\Local\Google\Chrome\User Data\Default\Extensions\iobcbdgacfkninlcbphihhdlkobkehia\1.3.2.4_0\javascripts\jsTree\_docs\json_data.html->\AdwCleaner\Quarantine\C\Users\crocuz\AppData\Local\Google\Chrome\User Data\Default\Extensions\iobcbdgacfkninlcbphihhdlkobkehia\1.3.2.4_0\javascripts\jsTree\_docs\json_data.html.vir
C:\Users\crocuz\AppData\Local\Google\Chrome\User Data\Default\Extensions\iobcbdgacfkninlcbphihhdlkobkehia\1.3.2.4_0\javascripts\jsTree\_docs\languages.html->\AdwCleaner\Quarantine\C\Users\crocuz\AppData\Local\Google\Chrome\User Data\Default\Extensions\iobcbdgacfkninlcbphihhdlkobkehia\1.3.2.4_0\javascripts\jsTree\_docs\languages.html.vir
C:\Users\crocuz\AppData\Local\Google\Chrome\User Data\Default\Extensions\iobcbdgacfkninlcbphihhdlkobkehia\1.3.2.4_0\javascripts\jsTree\_docs\search.html->\AdwCleaner\Quarantine\C\Users\crocuz\AppData\Local\Google\Chrome\User Data\Default\Extensions\iobcbdgacfkninlcbphihhdlkobkehia\1.3.2.4_0\javascripts\jsTree\_docs\search.html.vir
C:\Users\crocuz\AppData\Local\Google\Chrome\User Data\Default\Extensions\iobcbdgacfkninlcbphihhdlkobkehia\1.3.2.4_0\javascripts\jsTree\_docs\sort.html->\AdwCleaner\Quarantine\C\Users\crocuz\AppData\Local\Google\Chrome\User Data\Default\Extensions\iobcbdgacfkninlcbphihhdlkobkehia\1.3.2.4_0\javascripts\jsTree\_docs\sort.html.vir
C:\Users\crocuz\AppData\Local\Google\Chrome\User Data\Default\Extensions\iobcbdgacfkninlcbphihhdlkobkehia\1.3.2.4_0\javascripts\jsTree\_docs\themeroller.html->\AdwCleaner\Quarantine\C\Users\crocuz\AppData\Local\Google\Chrome\User Data\Default\Extensions\iobcbdgacfkninlcbphihhdlkobkehia\1.3.2.4_0\javascripts\jsTree\_docs\themeroller.html.vir
C:\Users\crocuz\AppData\Local\Google\Chrome\User Data\Default\Extensions\iobcbdgacfkninlcbphihhdlkobkehia\1.3.2.4_0\javascripts\jsTree\_docs\themes.html->\AdwCleaner\Quarantine\C\Users\crocuz\AppData\Local\Google\Chrome\User Data\Default\Extensions\iobcbdgacfkninlcbphihhdlkobkehia\1.3.2.4_0\javascripts\jsTree\_docs\themes.html.vir
C:\Users\crocuz\AppData\Local\Google\Chrome\User Data\Default\Extensions\iobcbdgacfkninlcbphihhdlkobkehia\1.3.2.4_0\javascripts\jsTree\_docs\types.html->\AdwCleaner\Quarantine\C\Users\crocuz\AppData\Local\Google\Chrome\User Data\Default\Extensions\iobcbdgacfkninlcbphihhdlkobkehia\1.3.2.4_0\javascripts\jsTree\_docs\types.html.vir
C:\Users\crocuz\AppData\Local\Google\Chrome\User Data\Default\Extensions\iobcbdgacfkninlcbphihhdlkobkehia\1.3.2.4_0\javascripts\jsTree\_docs\ui.html->\AdwCleaner\Quarantine\C\Users\crocuz\AppData\Local\Google\Chrome\User Data\Default\Extensions\iobcbdgacfkninlcbphihhdlkobkehia\1.3.2.4_0\javascripts\jsTree\_docs\ui.html.vir
C:\Users\crocuz\AppData\Local\Google\Chrome\User Data\Default\Extensions\iobcbdgacfkninlcbphihhdlkobkehia\1.3.2.4_0\javascripts\jsTree\_docs\unique.html->\AdwCleaner\Quarantine\C\Users\crocuz\AppData\Local\Google\Chrome\User Data\Default\Extensions\iobcbdgacfkninlcbphihhdlkobkehia\1.3.2.4_0\javascripts\jsTree\_docs\unique.html.vir
C:\Users\crocuz\AppData\Local\Google\Chrome\User Data\Default\Extensions\iobcbdgacfkninlcbphihhdlkobkehia\1.3.2.4_0\javascripts\jsTree\_docs\xml_data.html->\AdwCleaner\Quarantine\C\Users\crocuz\AppData\Local\Google\Chrome\User Data\Default\Extensions\iobcbdgacfkninlcbphihhdlkobkehia\1.3.2.4_0\javascripts\jsTree\_docs\xml_data.html.vir
C:\Users\crocuz\AppData\Local\Google\Chrome\User Data\Default\Extensions\iobcbdgacfkninlcbphihhdlkobkehia\1.3.2.4_0\javascripts\jsTree\_docs\_drive.png->\AdwCleaner\Quarantine\C\Users\crocuz\AppData\Local\Google\Chrome\User Data\Default\Extensions\iobcbdgacfkninlcbphihhdlkobkehia\1.3.2.4_0\javascripts\jsTree\_docs\_drive.png.vir
C:\Users\crocuz\AppData\Local\Google\Chrome\User Data\Default\Extensions\iobcbdgacfkninlcbphihhdlkobkehia\1.3.2.4_0\javascripts\jsTree\_docs\_html_data.html->\AdwCleaner\Quarantine\C\Users\crocuz\AppData\Local\Google\Chrome\User Data\Default\Extensions\iobcbdgacfkninlcbphihhdlkobkehia\1.3.2.4_0\javascripts\jsTree\_docs\_html_data.html.vir
C:\Users\crocuz\AppData\Local\Google\Chrome\User Data\Default\Extensions\iobcbdgacfkninlcbphihhdlkobkehia\1.3.2.4_0\javascripts\jsTree\_docs\_json_data.json->\AdwCleaner\Quarantine\C\Users\crocuz\AppData\Local\Google\Chrome\User Data\Default\Extensions\iobcbdgacfkninlcbphihhdlkobkehia\1.3.2.4_0\javascripts\jsTree\_docs\_json_data.json.vir
C:\Users\crocuz\AppData\Local\Google\Chrome\User Data\Default\Extensions\iobcbdgacfkninlcbphihhdlkobkehia\1.3.2.4_0\javascripts\jsTree\_docs\_search_data.json->\AdwCleaner\Quarantine\C\Users\crocuz\AppData\Local\Google\Chrome\User Data\Default\Extensions\iobcbdgacfkninlcbphihhdlkobkehia\1.3.2.4_0\javascripts\jsTree\_docs\_search_data.json.vir
C:\Users\crocuz\AppData\Local\Google\Chrome\User Data\Default\Extensions\iobcbdgacfkninlcbphihhdlkobkehia\1.3.2.4_0\javascripts\jsTree\_docs\_search_result.json->\AdwCleaner\Quarantine\C\Users\crocuz\AppData\Local\Google\Chrome\User Data\Default\Extensions\iobcbdgacfkninlcbphihhdlkobkehia\1.3.2.4_0\javascripts\jsTree\_docs\_search_result.json.vir
C:\Users\crocuz\AppData\Local\Google\Chrome\User Data\Default\Extensions\iobcbdgacfkninlcbphihhdlkobkehia\1.3.2.4_0\javascripts\jsTree\_docs\_xml_flat.xml->\AdwCleaner\Quarantine\C\Users\crocuz\AppData\Local\Google\Chrome\User Data\Default\Extensions\iobcbdgacfkninlcbphihhdlkobkehia\1.3.2.4_0\javascripts\jsTree\_docs\_xml_flat.xml.vir
C:\Users\crocuz\AppData\Local\Google\Chrome\User Data\Default\Extensions\iobcbdgacfkninlcbphihhdlkobkehia\1.3.2.4_0\javascripts\jsTree\_docs\_xml_nest.xml->\AdwCleaner\Quarantine\C\Users\crocuz\AppData\Local\Google\Chrome\User Data\Default\Extensions\iobcbdgacfkninlcbphihhdlkobkehia\1.3.2.4_0\javascripts\jsTree\_docs\_xml_nest.xml.vir
C:\Users\crocuz\AppData\Local\Google\Chrome\User Data\Default\Extensions\iobcbdgacfkninlcbphihhdlkobkehia\1.3.2.4_0\javascripts\jsTree\_docs\syntax\!script.js->\AdwCleaner\Quarantine\C\Users\crocuz\AppData\Local\Google\Chrome\User Data\Default\Extensions\iobcbdgacfkninlcbphihhdlkobkehia\1.3.2.4_0\javascripts\jsTree\_docs\syntax\!script.js.vir
C:\Users\crocuz\AppData\Local\Google\Chrome\User Data\Default\Extensions\iobcbdgacfkninlcbphihhdlkobkehia\1.3.2.4_0\javascripts\jsTree\_docs\syntax\!style.css->\AdwCleaner\Quarantine\C\Users\crocuz\AppData\Local\Google\Chrome\User Data\Default\Extensions\iobcbdgacfkninlcbphihhdlkobkehia\1.3.2.4_0\javascripts\jsTree\_docs\syntax\!style.css.vir
C:\Users\crocuz\AppData\Local\Google\Chrome\User Data\Default\Extensions\iobcbdgacfkninlcbphihhdlkobkehia\1.3.2.4_0\javascripts\jsTree\_docs\syntax\clipboard.swf->\AdwCleaner\Quarantine\C\Users\crocuz\AppData\Local\Google\Chrome\User Data\Default\Extensions\iobcbdgacfkninlcbphihhdlkobkehia\1.3.2.4_0\javascripts\jsTree\_docs\syntax\clipboard.swf.vir
C:\Users\crocuz\AppData\Local\Google\Chrome\User Data\Default\Extensions\iobcbdgacfkninlcbphihhdlkobkehia\1.3.2.4_0\javascripts\jsTree\_docs\syntax\help.png->\AdwCleaner\Quarantine\C\Users\crocuz\AppData\Local\Google\Chrome\User Data\Default\Extensions\iobcbdgacfkninlcbphihhdlkobkehia\1.3.2.4_0\javascripts\jsTree\_docs\syntax\help.png.vir
C:\Users\crocuz\AppData\Local\Google\Chrome\User Data\Default\Extensions\iobcbdgacfkninlcbphihhdlkobkehia\1.3.2.4_0\javascripts\jsTree\_docs\syntax\magnifier.png->\AdwCleaner\Quarantine\C\Users\crocuz\AppData\Local\Google\Chrome\User Data\Default\Extensions\iobcbdgacfkninlcbphihhdlkobkehia\1.3.2.4_0\javascripts\jsTree\_docs\syntax\magnifier.png.vir
C:\Users\crocuz\AppData\Local\Google\Chrome\User Data\Default\Extensions\iobcbdgacfkninlcbphihhdlkobkehia\1.3.2.4_0\javascripts\jsTree\_docs\syntax\page_white_code.png->\AdwCleaner\Quarantine\C\Users\crocuz\AppData\Local\Google\Chrome\User Data\Default\Extensions\iobcbdgacfkninlcbphihhdlkobkehia\1.3.2.4_0\javascripts\jsTree\_docs\syntax\page_white_code.png.vir
C:\Users\crocuz\AppData\Local\Google\Chrome\User Data\Default\Extensions\iobcbdgacfkninlcbphihhdlkobkehia\1.3.2.4_0\javascripts\jsTree\_docs\syntax\page_white_copy.png->\AdwCleaner\Quarantine\C\Users\crocuz\AppData\Local\Google\Chrome\User Data\Default\Extensions\iobcbdgacfkninlcbphihhdlkobkehia\1.3.2.4_0\javascripts\jsTree\_docs\syntax\page_white_copy.png.vir
C:\Users\crocuz\AppData\Local\Google\Chrome\User Data\Default\Extensions\iobcbdgacfkninlcbphihhdlkobkehia\1.3.2.4_0\javascripts\jsTree\_docs\syntax\printer.png->\AdwCleaner\Quarantine\C\Users\crocuz\AppData\Local\Google\Chrome\User Data\Default\Extensions\iobcbdgacfkninlcbphihhdlkobkehia\1.3.2.4_0\javascripts\jsTree\_docs\syntax\printer.png.vir
C:\Users\crocuz\AppData\Local\Google\Chrome\User Data\Default\Extensions\iobcbdgacfkninlcbphihhdlkobkehia\1.3.2.4_0\javascripts\jsTree\_docs\syntax\wrapping.png->\AdwCleaner\Quarantine\C\Users\crocuz\AppData\Local\Google\Chrome\User Data\Default\Extensions\iobcbdgacfkninlcbphihhdlkobkehia\1.3.2.4_0\javascripts\jsTree\_docs\syntax\wrapping.png.vir
C:\Users\crocuz\AppData\Local\Google\Chrome\User Data\Default\Extensions\iobcbdgacfkninlcbphihhdlkobkehia\1.3.2.4_0\javascripts\jsTree\_demo\config.php->\AdwCleaner\Quarantine\C\Users\crocuz\AppData\Local\Google\Chrome\User Data\Default\Extensions\iobcbdgacfkninlcbphihhdlkobkehia\1.3.2.4_0\javascripts\jsTree\_demo\config.php.vir
C:\Users\crocuz\AppData\Local\Google\Chrome\User Data\Default\Extensions\iobcbdgacfkninlcbphihhdlkobkehia\1.3.2.4_0\javascripts\jsTree\_demo\file.png->\AdwCleaner\Quarantine\C\Users\crocuz\AppData\Local\Google\Chrome\User Data\Default\Extensions\iobcbdgacfkninlcbphihhdlkobkehia\1.3.2.4_0\javascripts\jsTree\_demo\file.png.vir
C:\Users\crocuz\AppData\Local\Google\Chrome\User Data\Default\Extensions\iobcbdgacfkninlcbphihhdlkobkehia\1.3.2.4_0\javascripts\jsTree\_demo\folder.png->\AdwCleaner\Quarantine\C\Users\crocuz\AppData\Local\Google\Chrome\User Data\Default\Extensions\iobcbdgacfkninlcbphihhdlkobkehia\1.3.2.4_0\javascripts\jsTree\_demo\folder.png.vir
C:\Users\crocuz\AppData\Local\Google\Chrome\User Data\Default\Extensions\iobcbdgacfkninlcbphihhdlkobkehia\1.3.2.4_0\javascripts\jsTree\_demo\index.html->\AdwCleaner\Quarantine\C\Users\crocuz\AppData\Local\Google\Chrome\User Data\Default\Extensions\iobcbdgacfkninlcbphihhdlkobkehia\1.3.2.4_0\javascripts\jsTree\_demo\index.html.vir
C:\Users\crocuz\AppData\Local\Google\Chrome\User Data\Default\Extensions\iobcbdgacfkninlcbphihhdlkobkehia\1.3.2.4_0\javascripts\jsTree\_demo\root.png->\AdwCleaner\Quarantine\C\Users\crocuz\AppData\Local\Google\Chrome\User Data\Default\Extensions\iobcbdgacfkninlcbphihhdlkobkehia\1.3.2.4_0\javascripts\jsTree\_demo\root.png.vir
C:\Users\crocuz\AppData\Local\Google\Chrome\User Data\Default\Extensions\iobcbdgacfkninlcbphihhdlkobkehia\1.3.2.4_0\javascripts\jsTree\_demo\server.php->\AdwCleaner\Quarantine\C\Users\crocuz\AppData\Local\Google\Chrome\User Data\Default\Extensions\iobcbdgacfkninlcbphihhdlkobkehia\1.3.2.4_0\javascripts\jsTree\_demo\server.php.vir
C:\Users\crocuz\AppData\Local\Google\Chrome\User Data\Default\Extensions\iobcbdgacfkninlcbphihhdlkobkehia\1.3.2.4_0\javascripts\jsTree\_demo\_dump.sql->\AdwCleaner\Quarantine\C\Users\crocuz\AppData\Local\Google\Chrome\User Data\Default\Extensions\iobcbdgacfkninlcbphihhdlkobkehia\1.3.2.4_0\javascripts\jsTree\_demo\_dump.sql.vir
C:\Users\crocuz\AppData\Local\Google\Chrome\User Data\Default\Extensions\iobcbdgacfkninlcbphihhdlkobkehia\1.3.2.4_0\javascripts\jsTree\_demo\_install.txt->\AdwCleaner\Quarantine\C\Users\crocuz\AppData\Local\Google\Chrome\User Data\Default\Extensions\iobcbdgacfkninlcbphihhdlkobkehia\1.3.2.4_0\javascripts\jsTree\_demo\_install.txt.vir
C:\Users\crocuz\AppData\Local\Google\Chrome\User Data\Default\Extensions\iobcbdgacfkninlcbphihhdlkobkehia\1.3.2.4_0\javascripts\jsTree\_demo\_inc\class.tree.php->\AdwCleaner\Quarantine\C\Users\crocuz\AppData\Local\Google\Chrome\User Data\Default\Extensions\iobcbdgacfkninlcbphihhdlkobkehia\1.3.2.4_0\javascripts\jsTree\_demo\_inc\class.tree.php.vir
C:\Users\crocuz\AppData\Local\Google\Chrome\User Data\Default\Extensions\iobcbdgacfkninlcbphihhdlkobkehia\1.3.2.4_0\javascripts\jsTree\_demo\_inc\class._database.php->\AdwCleaner\Quarantine\C\Users\crocuz\AppData\Local\Google\Chrome\User Data\Default\Extensions\iobcbdgacfkninlcbphihhdlkobkehia\1.3.2.4_0\javascripts\jsTree\_demo\_inc\class._database.php.vir
C:\Users\crocuz\AppData\Local\Google\Chrome\User Data\Default\Extensions\iobcbdgacfkninlcbphihhdlkobkehia\1.3.2.4_0\javascripts\jsTree\_demo\_inc\class._database_i.php->\AdwCleaner\Quarantine\C\Users\crocuz\AppData\Local\Google\Chrome\User Data\Default\Extensions\iobcbdgacfkninlcbphihhdlkobkehia\1.3.2.4_0\javascripts\jsTree\_demo\_inc\class._database_i.php.vir
C:\Users\crocuz\AppData\Local\Google\Chrome\User Data\Default\Extensions\iobcbdgacfkninlcbphihhdlkobkehia\1.3.2.4_0\javascripts\jsTree\_demo\_inc\__mysql_errors.log->\AdwCleaner\Quarantine\C\Users\crocuz\AppData\Local\Google\Chrome\User Data\Default\Extensions\iobcbdgacfkninlcbphihhdlkobkehia\1.3.2.4_0\javascripts\jsTree\_demo\_inc\__mysql_errors.log.vir
C:\Users\crocuz\AppData\Local\Google\Chrome\User Data\Default\Extensions\iobcbdgacfkninlcbphihhdlkobkehia\1.3.2.4_0\javascripts\jsTree\themes\default-rtl\d.gif->\AdwCleaner\Quarantine\C\Users\crocuz\AppData\Local\Google\Chrome\User Data\Default\Extensions\iobcbdgacfkninlcbphihhdlkobkehia\1.3.2.4_0\javascripts\jsTree\themes\default-rtl\d.gif.vir
C:\Users\crocuz\AppData\Local\Google\Chrome\User Data\Default\Extensions\iobcbdgacfkninlcbphihhdlkobkehia\1.3.2.4_0\javascripts\jsTree\themes\default-rtl\d.png->\AdwCleaner\Quarantine\C\Users\crocuz\AppData\Local\Google\Chrome\User Data\Default\Extensions\iobcbdgacfkninlcbphihhdlkobkehia\1.3.2.4_0\javascripts\jsTree\themes\default-rtl\d.png.vir
C:\Users\crocuz\AppData\Local\Google\Chrome\User Data\Default\Extensions\iobcbdgacfkninlcbphihhdlkobkehia\1.3.2.4_0\javascripts\jsTree\themes\default-rtl\dots.gif->\AdwCleaner\Quarantine\C\Users\crocuz\AppData\Local\Google\Chrome\User Data\Default\Extensions\iobcbdgacfkninlcbphihhdlkobkehia\1.3.2.4_0\javascripts\jsTree\themes\default-rtl\dots.gif.vir
C:\Users\crocuz\AppData\Local\Google\Chrome\User Data\Default\Extensions\iobcbdgacfkninlcbphihhdlkobkehia\1.3.2.4_0\javascripts\jsTree\themes\default-rtl\style.css->\AdwCleaner\Quarantine\C\Users\crocuz\AppData\Local\Google\Chrome\User Data\Default\Extensions\iobcbdgacfkninlcbphihhdlkobkehia\1.3.2.4_0\javascripts\jsTree\themes\default-rtl\style.css.vir
C:\Users\crocuz\AppData\Local\Google\Chrome\User Data\Default\Extensions\iobcbdgacfkninlcbphihhdlkobkehia\1.3.2.4_0\javascripts\jsTree\themes\default-rtl\throbber.gif->\AdwCleaner\Quarantine\C\Users\crocuz\AppData\Local\Google\Chrome\User Data\Default\Extensions\iobcbdgacfkninlcbphihhdlkobkehia\1.3.2.4_0\javascripts\jsTree\themes\default-rtl\throbber.gif.vir
C:\Users\crocuz\AppData\Local\Google\Chrome\User Data\Default\Extensions\iobcbdgacfkninlcbphihhdlkobkehia\1.3.2.4_0\javascripts\jsTree\themes\default\d.gif->\AdwCleaner\Quarantine\C\Users\crocuz\AppData\Local\Google\Chrome\User Data\Default\Extensions\iobcbdgacfkninlcbphihhdlkobkehia\1.3.2.4_0\javascripts\jsTree\themes\default\d.gif.vir
C:\Users\crocuz\AppData\Local\Google\Chrome\User Data\Default\Extensions\iobcbdgacfkninlcbphihhdlkobkehia\1.3.2.4_0\javascripts\jsTree\themes\default\d.png->\AdwCleaner\Quarantine\C\Users\crocuz\AppData\Local\Google\Chrome\User Data\Default\Extensions\iobcbdgacfkninlcbphihhdlkobkehia\1.3.2.4_0\javascripts\jsTree\themes\default\d.png.vir
C:\Users\crocuz\AppData\Local\Google\Chrome\User Data\Default\Extensions\iobcbdgacfkninlcbphihhdlkobkehia\1.3.2.4_0\javascripts\jsTree\themes\default\style.css->\AdwCleaner\Quarantine\C\Users\crocuz\AppData\Local\Google\Chrome\User Data\Default\Extensions\iobcbdgacfkninlcbphihhdlkobkehia\1.3.2.4_0\javascripts\jsTree\themes\default\style.css.vir
C:\Users\crocuz\AppData\Local\Google\Chrome\User Data\Default\Extensions\iobcbdgacfkninlcbphihhdlkobkehia\1.3.2.4_0\javascripts\jsTree\themes\default\throbber.gif->\AdwCleaner\Quarantine\C\Users\crocuz\AppData\Local\Google\Chrome\User Data\Default\Extensions\iobcbdgacfkninlcbphihhdlkobkehia\1.3.2.4_0\javascripts\jsTree\themes\default\throbber.gif.vir
C:\Users\crocuz\AppData\Local\Google\Chrome\User Data\Default\Extensions\iobcbdgacfkninlcbphihhdlkobkehia\1.3.2.4_0\javascripts\jsTree\themes\cloudhq\bg.jpg->\AdwCleaner\Quarantine\C\Users\crocuz\AppData\Local\Google\Chrome\User Data\Default\Extensions\iobcbdgacfkninlcbphihhdlkobkehia\1.3.2.4_0\javascripts\jsTree\themes\cloudhq\bg.jpg.vir
C:\Users\crocuz\AppData\Local\Google\Chrome\User Data\Default\Extensions\iobcbdgacfkninlcbphihhdlkobkehia\1.3.2.4_0\javascripts\jsTree\themes\cloudhq\cloudhq_d.png->\AdwCleaner\Quarantine\C\Users\crocuz\AppData\Local\Google\Chrome\User Data\Default\Extensions\iobcbdgacfkninlcbphihhdlkobkehia\1.3.2.4_0\javascripts\jsTree\themes\cloudhq\cloudhq_d.png.vir
C:\Users\crocuz\AppData\Local\Google\Chrome\User Data\Default\Extensions\iobcbdgacfkninlcbphihhdlkobkehia\1.3.2.4_0\javascripts\jsTree\themes\cloudhq\cloudhq_e.png->\AdwCleaner\Quarantine\C\Users\crocuz\AppData\Local\Google\Chrome\User Data\Default\Extensions\iobcbdgacfkninlcbphihhdlkobkehia\1.3.2.4_0\javascripts\jsTree\themes\cloudhq\cloudhq_e.png.vir
C:\Users\crocuz\AppData\Local\Google\Chrome\User Data\Default\Extensions\iobcbdgacfkninlcbphihhdlkobkehia\1.3.2.4_0\javascripts\jsTree\themes\cloudhq\d.png->\AdwCleaner\Quarantine\C\Users\crocuz\AppData\Local\Google\Chrome\User Data\Default\Extensions\iobcbdgacfkninlcbphihhdlkobkehia\1.3.2.4_0\javascripts\jsTree\themes\cloudhq\d.png.vir
C:\Users\crocuz\AppData\Local\Google\Chrome\User Data\Default\Extensions\iobcbdgacfkninlcbphihhdlkobkehia\1.3.2.4_0\javascripts\jsTree\themes\cloudhq\dot_for_ie.gif->\AdwCleaner\Quarantine\C\Users\crocuz\AppData\Local\Google\Chrome\User Data\Default\Extensions\iobcbdgacfkninlcbphihhdlkobkehia\1.3.2.4_0\javascripts\jsTree\themes\cloudhq\dot_for_ie.gif.vir
C:\Users\crocuz\AppData\Local\Google\Chrome\User Data\Default\Extensions\iobcbdgacfkninlcbphihhdlkobkehia\1.3.2.4_0\javascripts\jsTree\themes\cloudhq\folder_gdocs.png->\AdwCleaner\Quarantine\C\Users\crocuz\AppData\Local\Google\Chrome\User Data\Default\Extensions\iobcbdgacfkninlcbphihhdlkobkehia\1.3.2.4_0\javascripts\jsTree\themes\cloudhq\folder_gdocs.png.vir
C:\Users\crocuz\AppData\Local\Google\Chrome\User Data\Default\Extensions\iobcbdgacfkninlcbphihhdlkobkehia\1.3.2.4_0\javascripts\jsTree\themes\cloudhq\style.css->\AdwCleaner\Quarantine\C\Users\crocuz\AppData\Local\Google\Chrome\User Data\Default\Extensions\iobcbdgacfkninlcbphihhdlkobkehia\1.3.2.4_0\javascripts\jsTree\themes\cloudhq\style.css.vir
C:\Users\crocuz\AppData\Local\Google\Chrome\User Data\Default\Extensions\iobcbdgacfkninlcbphihhdlkobkehia\1.3.2.4_0\javascripts\jsTree\themes\cloudhq\style_chrome_extension.css->\AdwCleaner\Quarantine\C\Users\crocuz\AppData\Local\Google\Chrome\User Data\Default\Extensions\iobcbdgacfkninlcbphihhdlkobkehia\1.3.2.4_0\javascripts\jsTree\themes\cloudhq\style_chrome_extension.css.vir
C:\Users\crocuz\AppData\Local\Google\Chrome\User Data\Default\Extensions\iobcbdgacfkninlcbphihhdlkobkehia\1.3.2.4_0\javascripts\jsTree\themes\cloudhq\throbber.gif->\AdwCleaner\Quarantine\C\Users\crocuz\AppData\Local\Google\Chrome\User Data\Default\Extensions\iobcbdgacfkninlcbphihhdlkobkehia\1.3.2.4_0\javascripts\jsTree\themes\cloudhq\throbber.gif.vir
C:\Users\crocuz\AppData\Local\Google\Chrome\User Data\Default\Extensions\iobcbdgacfkninlcbphihhdlkobkehia\1.3.2.4_0\javascripts\jsTree\themes\classic\d.png->\AdwCleaner\Quarantine\C\Users\crocuz\AppData\Local\Google\Chrome\User Data\Default\Extensions\iobcbdgacfkninlcbphihhdlkobkehia\1.3.2.4_0\javascripts\jsTree\themes\classic\d.png.vir
C:\Users\crocuz\AppData\Local\Google\Chrome\User Data\Default\Extensions\iobcbdgacfkninlcbphihhdlkobkehia\1.3.2.4_0\javascripts\jsTree\themes\classic\dot_for_ie.gif->\AdwCleaner\Quarantine\C\Users\crocuz\AppData\Local\Google\Chrome\User Data\Default\Extensions\iobcbdgacfkninlcbphihhdlkobkehia\1.3.2.4_0\javascripts\jsTree\themes\classic\dot_for_ie.gif.vir
C:\Users\crocuz\AppData\Local\Google\Chrome\User Data\Default\Extensions\iobcbdgacfkninlcbphihhdlkobkehia\1.3.2.4_0\javascripts\jsTree\themes\classic\style.css->\AdwCleaner\Quarantine\C\Users\crocuz\AppData\Local\Google\Chrome\User Data\Default\Extensions\iobcbdgacfkninlcbphihhdlkobkehia\1.3.2.4_0\javascripts\jsTree\themes\classic\style.css.vir
C:\Users\crocuz\AppData\Local\Google\Chrome\User Data\Default\Extensions\iobcbdgacfkninlcbphihhdlkobkehia\1.3.2.4_0\javascripts\jsTree\themes\classic\throbber.gif->\AdwCleaner\Quarantine\C\Users\crocuz\AppData\Local\Google\Chrome\User Data\Default\Extensions\iobcbdgacfkninlcbphihhdlkobkehia\1.3.2.4_0\javascripts\jsTree\themes\classic\throbber.gif.vir
C:\Users\crocuz\AppData\Local\Google\Chrome\User Data\Default\Extensions\iobcbdgacfkninlcbphihhdlkobkehia\1.3.2.4_0\javascripts\jsTree\themes\apple\bg.jpg->\AdwCleaner\Quarantine\C\Users\crocuz\AppData\Local\Google\Chrome\User Data\Default\Extensions\iobcbdgacfkninlcbphihhdlkobkehia\1.3.2.4_0\javascripts\jsTree\themes\apple\bg.jpg.vir
C:\Users\crocuz\AppData\Local\Google\Chrome\User Data\Default\Extensions\iobcbdgacfkninlcbphihhdlkobkehia\1.3.2.4_0\javascripts\jsTree\themes\apple\d.png->\AdwCleaner\Quarantine\C\Users\crocuz\AppData\Local\Google\Chrome\User Data\Default\Extensions\iobcbdgacfkninlcbphihhdlkobkehia\1.3.2.4_0\javascripts\jsTree\themes\apple\d.png.vir
C:\Users\crocuz\AppData\Local\Google\Chrome\User Data\Default\Extensions\iobcbdgacfkninlcbphihhdlkobkehia\1.3.2.4_0\javascripts\jsTree\themes\apple\dot_for_ie.gif->\AdwCleaner\Quarantine\C\Users\crocuz\AppData\Local\Google\Chrome\User Data\Default\Extensions\iobcbdgacfkninlcbphihhdlkobkehia\1.3.2.4_0\javascripts\jsTree\themes\apple\dot_for_ie.gif.vir
C:\Users\crocuz\AppData\Local\Google\Chrome\User Data\Default\Extensions\iobcbdgacfkninlcbphihhdlkobkehia\1.3.2.4_0\javascripts\jsTree\themes\apple\style.css->\AdwCleaner\Quarantine\C\Users\crocuz\AppData\Local\Google\Chrome\User Data\Default\Extensions\iobcbdgacfkninlcbphihhdlkobkehia\1.3.2.4_0\javascripts\jsTree\themes\apple\style.css.vir
C:\Users\crocuz\AppData\Local\Google\Chrome\User Data\Default\Extensions\iobcbdgacfkninlcbphihhdlkobkehia\1.3.2.4_0\javascripts\jsTree\themes\apple\style_chrome_extension.css->\AdwCleaner\Quarantine\C\Users\crocuz\AppData\Local\Google\Chrome\User Data\Default\Extensions\iobcbdgacfkninlcbphihhdlkobkehia\1.3.2.4_0\javascripts\jsTree\themes\apple\style_chrome_extension.css.vir
C:\Users\crocuz\AppData\Local\Google\Chrome\User Data\Default\Extensions\iobcbdgacfkninlcbphihhdlkobkehia\1.3.2.4_0\javascripts\jsTree\themes\apple\throbber.gif->\AdwCleaner\Quarantine\C\Users\crocuz\AppData\Local\Google\Chrome\User Data\Default\Extensions\iobcbdgacfkninlcbphihhdlkobkehia\1.3.2.4_0\javascripts\jsTree\themes\apple\throbber.gif.vir
C:\Users\crocuz\AppData\Local\Google\Chrome\User Data\Default\Extensions\iobcbdgacfkninlcbphihhdlkobkehia\1.3.2.4_0\icons\icon-128x128.png->\AdwCleaner\Quarantine\C\Users\crocuz\AppData\Local\Google\Chrome\User Data\Default\Extensions\iobcbdgacfkninlcbphihhdlkobkehia\1.3.2.4_0\icons\icon-128x128.png.vir
C:\Users\crocuz\AppData\Local\Google\Chrome\User Data\Default\Extensions\iobcbdgacfkninlcbphihhdlkobkehia\1.3.2.4_0\icons\icon-48x48.png->\AdwCleaner\Quarantine\C\Users\crocuz\AppData\Local\Google\Chrome\User Data\Default\Extensions\iobcbdgacfkninlcbphihhdlkobkehia\1.3.2.4_0\icons\icon-48x48.png.vir
C:\Users\crocuz\AppData\Local\Google\Chrome\User Data\Default\Extensions\iobcbdgacfkninlcbphihhdlkobkehia\1.3.2.4_0\icons\icon.png->\AdwCleaner\Quarantine\C\Users\crocuz\AppData\Local\Google\Chrome\User Data\Default\Extensions\iobcbdgacfkninlcbphihhdlkobkehia\1.3.2.4_0\icons\icon.png.vir
C:\Users\crocuz\AppData\Local\Google\Chrome\User Data\Default\Extensions\iobcbdgacfkninlcbphihhdlkobkehia\1.3.2.4_0\icons\logo.png->\AdwCleaner\Quarantine\C\Users\crocuz\AppData\Local\Google\Chrome\User Data\Default\Extensions\iobcbdgacfkninlcbphihhdlkobkehia\1.3.2.4_0\icons\logo.png.vir
C:\Users\crocuz\AppData\Local\Google\Chrome\User Data\Default\Extensions\iobcbdgacfkninlcbphihhdlkobkehia\1.3.2.4_0\icons\spinner.gif->\AdwCleaner\Quarantine\C\Users\crocuz\AppData\Local\Google\Chrome\User Data\Default\Extensions\iobcbdgacfkninlcbphihhdlkobkehia\1.3.2.4_0\icons\spinner.gif.vir
C:\Users\testuser\AppData\Roaming\Mozilla\Firefox\Profiles\bpx9i8su.default\user.js->\AdwCleaner\Quarantine\C\Users\testuser\AppData\Roaming\Mozilla\Firefox\Profiles\bpx9i8su.default\user.js.vir
und das AdwCleaner Log nach Neustart und Löschen:

Code:
ATTFilter
# AdwCleaner v4.201 - Bericht erstellt 14/04/2015 um 19:16:01
# Aktualisiert 08/04/2015 von Xplode
# Datenbank : 2015-04-08.1 [Server]
# Betriebssystem : Windows 7 Professional Service Pack 1 (x64)
# Benutzername : admin - CROCUZ-PC
# Gestarted von : C:\Users\crocuz\Downloads\AdwCleaner_4.201.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\Users\admin\AppData\Roaming\pdfforge
Ordner Gelöscht : C:\Users\crocuz\AppData\Local\Google\Chrome\User Data\Default\Extensions\iobcbdgacfkninlcbphihhdlkobkehia
Datei Gelöscht : C:\Users\testuser\AppData\Roaming\Mozilla\Firefox\Profiles\bpx9i8su.default\user.js

***** [ Geplante Tasks ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****


***** [ Internetbrowser ] *****

-\\ Internet Explorer v11.0.9600.17689


-\\ Mozilla Firefox v37.0.1 (x86 de)


-\\ Google Chrome v41.0.2272.118

[C:\Users\crocuz\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Gelöscht [Extension] : iobcbdgacfkninlcbphihhdlkobkehia

*************************

AdwCleaner[R0].txt - [1625 Bytes] - [04/03/2015 19:54:28]
AdwCleaner[R1].txt - [1585 Bytes] - [04/03/2015 20:56:24]
AdwCleaner[R2].txt - [1439 Bytes] - [14/04/2015 18:53:54]
AdwCleaner[R3].txt - [1498 Bytes] - [14/04/2015 18:56:35]
AdwCleaner[R4].txt - [1557 Bytes] - [14/04/2015 18:59:09]
AdwCleaner[S0].txt - [1646 Bytes] - [04/03/2015 21:03:09]
AdwCleaner[S1].txt - [1479 Bytes] - [14/04/2015 19:16:01]

########## EOF - \AdwCleaner\AdwCleaner[S1].txt - [1538  Bytes] ##########
und hier noch das JRT-Log:

Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.5.4 (04.13.2015:1)
OS: Windows 7 Professional x64
Ran by admin on 14.04.2015 at 19:27:54,74
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 14.04.2015 at 19:30:23,16
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
aktuelles FRST-Log:


FRST Logfile:

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-04-2015
Ran by crocuz (ATTENTION: The logged in user is not administrator) on CROCUZ-PC on 14-04-2015 19:48:23
Running from C:\Users\crocuz\Downloads
Loaded Profiles: crocuz & admin (Available profiles: crocuz & admin & testuser & Administrator)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

Failed to access process -> smss.exe
Failed to access process -> csrss.exe
Failed to access process -> wininit.exe
Failed to access process -> csrss.exe
Failed to access process -> services.exe
Failed to access process -> lsass.exe
Failed to access process -> lsm.exe
Failed to access process -> svchost.exe
Failed to access process -> winlogon.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> avp.exe
Failed to access process -> svchost.exe
Failed to access process -> TeamViewer_Service.exe
Failed to access process -> svchost.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\avpui.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
Failed to access process -> tv_w32.exe
Failed to access process -> tv_x64.exe
Failed to access process -> SearchIndexer.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> SASCore64.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
Failed to access process -> TrustedInstaller.exe
Failed to access process -> SearchProtocolHost.exe
Failed to access process -> SearchFilterHost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13260944 2012-11-19] (Realtek Semiconductor)
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [108144 2012-11-05] (Microsoft Corporation)
HKU\S-1-5-21-2859920938-3614251155-1635578748-1000\...\Run: [NokiaSuite.exe] => C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe [1090912 2013-04-19] (Nokia)
HKU\S-1-5-21-2859920938-3614251155-1635578748-1000\...\Run: [dualmonitor] => [X]
HKU\S-1-5-21-2859920938-3614251155-1635578748-1000\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [26232152 2015-02-19] (Google)
HKU\S-1-5-21-2859920938-3614251155-1635578748-1000\...\MountPoints2: {f9c13ab5-647d-11e2-a49a-806e6f6e6963} - F:\Astart.exe
HKU\S-1-5-21-2859920938-3614251155-1635578748-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\PhotoScreensaver.scr [477696 2010-11-21] (Microsoft Corporation)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\crocuz\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\crocuz\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\crocuz\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\crocuz\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\crocuz\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\crocuz\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\crocuz\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\crocuz\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-2859920938-3614251155-1635578748-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
URLSearchHook: [S-1-5-21-2859920938-3614251155-1635578748-1004] ATTENTION ==> Default URLSearchHook is missing.
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Content Blocker Plugin -> {03C04F0A-E2A3-4F7F-BA30-BFA06FFD1358} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\x64\IEExt\ie_plugin.dll [2014-12-06] (Kaspersky Lab ZAO)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: Virtual Keyboard Plugin -> {B5D5BB14-C8E2-478D-9C97-574AC10AF9E8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\x64\IEExt\ie_plugin.dll [2014-12-06] (Kaspersky Lab ZAO)
BHO: Safe Money Plugin -> {E3D96E85-529D-4269-AC6A-97CF9E2221E3} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\x64\IEExt\ie_plugin.dll [2014-12-06] (Kaspersky Lab ZAO)
BHO-x32: Content Blocker Plugin -> {03C04F0A-E2A3-4F7F-BA30-BFA06FFD1358} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\IEExt\ie_plugin.dll [2014-12-06] (Kaspersky Lab ZAO)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Virtual Keyboard Plugin -> {B5D5BB14-C8E2-478D-9C97-574AC10AF9E8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\IEExt\ie_plugin.dll [2014-12-06] (Kaspersky Lab ZAO)
BHO-x32: Safe Money Plugin -> {E3D96E85-529D-4269-AC6A-97CF9E2221E3} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\IEExt\ie_plugin.dll [2014-12-06] (Kaspersky Lab ZAO)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\crocuz\AppData\Roaming\Mozilla\Firefox\Profiles\a5frw0pj.default
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll [2015-02-11] ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-30] (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-11] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-02-13] (Google, Inc.)
FF Plugin-x32: @kaspersky.com/content_blocker_6418E0D362104DADA084DC312DFA8ABC -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\content_blocker@kaspersky.com [2014-12-06] ()
FF Plugin-x32: @kaspersky.com/online_banking_69A4E213815F42BD863D889007201D82 -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\online_banking@kaspersky.com [2014-12-06] ()
FF Plugin-x32: @kaspersky.com/virtual_keyboard_294FF26A1D5B455495946778FDE7CEDB -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\virtual_keyboard@kaspersky.com [2014-12-06] ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @nokia.com/EnablerPlugin -> C:\Program Files (x86)\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll [2013-04-19] ( )
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2014-12-13] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2014-12-13] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-11] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-11] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Extension: NetVideoHunter - C:\Users\crocuz\AppData\Roaming\Mozilla\Firefox\Profiles\a5frw0pj.default\Extensions\netvideohunter@netvideohunter.com [2015-04-13]
FF Extension: LastPass - C:\Users\crocuz\AppData\Roaming\Mozilla\Firefox\Profiles\a5frw0pj.default\Extensions\support@lastpass.com [2014-03-24]
FF Extension: DownThemAll! AntiContainer - C:\Users\crocuz\AppData\Roaming\Mozilla\Firefox\Profiles\a5frw0pj.default\Extensions\anticontainer@downthemall.net.xpi [2014-06-29]
FF Extension: Right Inbox for Gmail - C:\Users\crocuz\AppData\Roaming\Mozilla\Firefox\Profiles\a5frw0pj.default\Extensions\firefox@rightinbox.com.xpi [2015-01-17]
FF Extension: printpdf - C:\Users\crocuz\AppData\Roaming\Mozilla\Firefox\Profiles\a5frw0pj.default\Extensions\printpdf@pavlov.net.xpi [2015-01-19]
FF Extension: NoScript - C:\Users\crocuz\AppData\Roaming\Mozilla\Firefox\Profiles\a5frw0pj.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2014-06-29]
FF Extension: DownThemAll! - C:\Users\crocuz\AppData\Roaming\Mozilla\Firefox\Profiles\a5frw0pj.default\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2014-06-29]
FF HKLM-x32\...\Firefox\Extensions: [content_blocker_6418E0D362104DADA084DC312DFA8ABC@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\content_blocker@kaspersky.com
FF Extension: Модуль блокування небезпечних веб-сайтів - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\content_blocker@kaspersky.com [2014-12-06]
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard_294FF26A1D5B455495946778FDE7CEDB@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Віртуальна клавіатура - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\virtual_keyboard@kaspersky.com [2014-12-06]
FF HKLM-x32\...\Firefox\Extensions: [online_banking_69A4E213815F42BD863D889007201D82@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\online_banking@kaspersky.com
FF Extension: Безпечні платежі - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\online_banking@kaspersky.com [2014-12-06]
FF HKLM-x32\...\Firefox\Extensions: [send.to.picturerelate@walthelm.net] - C:\Program Files (x86)\PictureRelate\SendToPictureRelate
FF Extension: SendToPictureRelate - C:\Program Files (x86)\PictureRelate\SendToPictureRelate [2014-12-21]
FF HKLM-x32\...\Firefox\Extensions: [{8AA36F4F-6DC7-4c06-77AF-5035170634FE}] - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox
FF Extension: Citavi Picker - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox [2014-12-22]

Chrome: 
=======
CHR Profile: C:\Users\crocuz\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\crocuz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-12-21]
CHR Extension: (Google Docs) - C:\Users\crocuz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-12-21]
CHR Extension: (Google Drive) - C:\Users\crocuz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-12-21]
CHR Extension: (YouTube) - C:\Users\crocuz\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-12-21]
CHR Extension: (Google Search) - C:\Users\crocuz\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-12-21]
CHR Extension: (Kaspersky Protection) - C:\Users\crocuz\AppData\Local\Google\Chrome\User Data\Default\Extensions\dbhjdbfgekjfcfkkfjjmlmojhbllhbho [2014-12-21]
CHR Extension: (Google Sheets) - C:\Users\crocuz\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-12-21]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\crocuz\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-04]
CHR Extension: (Google Wallet) - C:\Users\crocuz\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-12-21]
CHR Extension: (Citavi Picker) - C:\Users\crocuz\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohgndokldibnndfnjnagojmheejlengn [2015-02-25]
CHR Extension: (Gmail) - C:\Users\crocuz\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-12-21]
CHR HKLM\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho [Not Found]
CHR HKU\S-1-5-21-2859920938-3614251155-1635578748-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [ohgndokldibnndfnjnagojmheejlengn] - https://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-23] (SUPERAntiSpyware.com)
R2 AVP15.0.1; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\avp.exe [234520 2014-08-30] (Kaspersky Lab ZAO)
S2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148560 2014-12-13] (NVIDIA Corporation)
S2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [344976 2015-03-31] (Intel Corporation)
S3 Installer Service; C:\ProgramData\NokiaInstallerCache\ProductCache\{D5878294-C113-43c5-A24F-FC333C52015A}\{0C808377-8C23-44ED-9016-05F42E6D4900}\Installer\InstallerService.exe [125288 2013-09-20] ()
R2 lmhosts; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 lmhosts; C:\Windows\SysWOW64\svchost.exe [20992 2009-07-14] (Microsoft Corporation)
S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1080120 2015-03-17] (Malwarebytes Corporation)
R2 NlaSvc; C:\Windows\System32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 NlaSvc; C:\Windows\SysWOW64\svchost.exe [20992 2009-07-14] (Microsoft Corporation)
R2 nsi; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 nsi; C:\Windows\SysWOW64\svchost.exe [20992 2009-07-14] (Microsoft Corporation)
S2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1701520 2014-12-13] (NVIDIA Corporation)
S2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19823248 2014-12-13] (NVIDIA Corporation)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5436176 2015-02-17] (TeamViewer GmbH)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 cmuda3; C:\Windows\System32\drivers\cmudax3.sys [1155072 2009-05-22] (C-Media Inc)
R0 cm_km_w; C:\Windows\System32\DRIVERS\cm_km_w.sys [238288 2013-01-14] (Kaspersky Lab UK Ltd)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-11-10] (Disc Soft Ltd)
R3 dvdfab; C:\Windows\System32\drivers\dvdfab.sys [79232 2011-08-15] (Fengtao Software Inc.)
R3 e1dexpress; C:\Windows\System32\DRIVERS\e1d62x64.sys [495376 2013-05-30] (Intel Corporation)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [468576 2014-03-31] (Kaspersky Lab ZAO)
R2 kldisk; C:\Windows\System32\DRIVERS\kldisk.sys [46144 2014-07-02] (Kaspersky Lab ZAO)
R3 klflt; C:\Windows\System32\DRIVERS\klflt.sys [150536 2014-12-06] (Kaspersky Lab ZAO)
R1 klhk; C:\Windows\System32\DRIVERS\klhk.sys [246456 2014-08-12] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [819896 2015-03-11] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [30304 2014-02-25] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [28768 2014-03-28] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-08-08] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [55872 2014-06-05] (Kaspersky Lab ZAO)
R1 Klwtp; C:\Windows\System32\DRIVERS\klwtp.sys [77512 2014-12-06] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [179776 2014-07-09] (Kaspersky Lab ZAO)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-03-17] (Malwarebytes Corporation)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [136408 2015-04-14] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-03-17] (Malwarebytes Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2014-12-13] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-14 19:48 - 2015-04-14 19:48 - 00000000 ____D () C:\Users\crocuz\Downloads\FRST-OlderVersion
2015-04-14 19:41 - 2015-04-14 19:41 - 00000625 _____ () C:\Users\admin\Desktop\JRT.txt
2015-04-14 18:54 - 2015-04-14 18:54 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-CROCUZ-PC-Windows-7-Professional-(64-bit).dat
2015-04-14 18:54 - 2015-04-14 18:54 - 00000000 ____D () C:\RegBackup
2015-04-14 18:52 - 2015-04-14 18:52 - 00001118 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-04-14 18:52 - 2015-04-14 18:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-04-14 18:52 - 2015-04-14 18:52 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2015-04-14 18:52 - 2015-03-17 06:15 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-04-14 18:52 - 2015-03-17 06:15 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-04-14 18:45 - 2015-04-14 18:45 - 02687136 _____ (Thisisu) C:\Users\crocuz\Downloads\JRT(1).exe
2015-04-14 18:44 - 2015-04-14 18:45 - 21540440 _____ (Malwarebytes Corporation ) C:\Users\crocuz\Downloads\mbam-setup-2.1.4.1018.exe
2015-04-14 18:44 - 2015-04-14 18:45 - 02217984 _____ () C:\Users\crocuz\Downloads\AdwCleaner_4.201.exe
2015-04-14 17:50 - 2015-04-14 17:50 - 00000000 ___SD () C:\Users\crocuz\Documents\Meine Datenquellen
2015-04-14 17:06 - 2015-04-14 17:07 - 07969808 _____ (TeamViewer GmbH) C:\Users\crocuz\Downloads\TeamViewer_Setup_de(2).exe
2015-04-14 17:06 - 2015-04-14 17:06 - 07969808 _____ (TeamViewer GmbH) C:\Users\crocuz\Downloads\TeamViewer_Setup_de(1).exe
2015-04-13 19:13 - 2015-04-13 19:13 - 00000000 ____D () C:\Users\testuser\AppData\Roaming\Macromedia
2015-04-13 19:11 - 2015-04-13 19:11 - 00000000 ____D () C:\Users\testuser\AppData\Roaming\Mozilla
2015-04-13 19:09 - 2015-04-13 19:09 - 00029038 _____ () C:\ComboFix.txt
2015-04-13 19:05 - 2015-04-13 19:05 - 00000000 ____D () C:\Users\testuser\AppData\Roaming\PC Suite
2015-04-13 14:08 - 2015-04-13 14:08 - 04197016 _____ (Kaspersky Lab ZAO) C:\Users\crocuz\Downloads\tdsskiller(3).exe
2015-04-13 14:06 - 2015-04-14 18:52 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-04-13 14:06 - 2015-04-13 14:18 - 00000000 ____D () C:\Users\admin\Desktop\mbar
2015-04-13 14:06 - 2015-04-13 14:18 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-04-13 14:06 - 2015-03-17 06:15 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-04-13 14:05 - 2015-04-13 14:05 - 16502728 _____ (Malwarebytes Corp.) C:\Users\crocuz\Downloads\mbar-1.09.1.1004.exe
2015-04-11 13:17 - 2015-04-11 13:33 - 00000000 ____D () C:\Users\testuser\AppData\Roaming\Swiss Academic Software
2015-04-11 13:15 - 2015-04-11 13:18 - 00000000 ____D () C:\Users\testuser\AppData\Roaming\Adobe
2015-04-11 13:14 - 2015-04-11 13:14 - 00000020 ___SH () C:\Users\testuser\ntuser.ini
2015-04-11 13:14 - 2015-04-11 13:14 - 00000000 _SHDL () C:\Users\testuser\Vorlagen
2015-04-11 13:14 - 2015-04-11 13:14 - 00000000 _SHDL () C:\Users\testuser\Startmenü
2015-04-11 13:14 - 2015-04-11 13:14 - 00000000 _SHDL () C:\Users\testuser\Netzwerkumgebung
2015-04-11 13:14 - 2015-04-11 13:14 - 00000000 _SHDL () C:\Users\testuser\Lokale Einstellungen
2015-04-11 13:14 - 2015-04-11 13:14 - 00000000 _SHDL () C:\Users\testuser\Eigene Dateien
2015-04-11 13:14 - 2015-04-11 13:14 - 00000000 _SHDL () C:\Users\testuser\Druckumgebung
2015-04-11 13:14 - 2015-04-11 13:14 - 00000000 _SHDL () C:\Users\testuser\Anwendungsdaten
2015-04-10 17:00 - 2015-04-10 17:00 - 00380416 _____ () C:\Users\crocuz\Downloads\Gmer-19357.exe
2015-04-10 17:00 - 2015-04-10 17:00 - 00000472 _____ () C:\Users\crocuz\Downloads\defogger_disable.log
2015-04-10 17:00 - 2015-04-10 17:00 - 00000000 _____ () C:\Users\admin\defogger_reenable
2015-04-10 16:58 - 2015-04-10 16:58 - 00050477 _____ () C:\Users\crocuz\Downloads\Defogger.exe
2015-04-10 16:28 - 2015-04-10 16:28 - 00000118 _____ () C:\Windows\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2015-04-09 12:54 - 2015-04-09 12:54 - 00015871 _____ () C:\Users\crocuz\Desktop\Ziegler1.xltx
2015-04-08 18:34 - 2015-04-08 18:34 - 00000401 _____ () C:\Windows\system32\{F33C3B9B-72AF-418A-B3FD-560646F7CDA2}.bat
2015-04-08 18:28 - 2015-04-13 16:41 - 00001524 _____ () C:\Windows\system32\TeamViewer10_Hooks.log
2015-04-08 18:21 - 2015-04-10 16:28 - 00000000 ____D () C:\Intel
2015-04-08 18:21 - 2015-04-08 18:21 - 00000000 ____D () C:\Program Files (x86)\Intel
2015-04-08 00:20 - 2015-04-13 16:42 - 00000000 ____D () C:\Program Files (x86)\TeamViewer
2015-04-08 00:20 - 2015-04-08 00:20 - 00001059 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 10.lnk
2015-04-08 00:20 - 2015-04-08 00:20 - 00001047 _____ () C:\Users\Public\Desktop\TeamViewer 10.lnk
2015-04-08 00:20 - 2015-04-08 00:20 - 00000000 ____D () C:\Users\admin\AppData\Roaming\TeamViewer
2015-04-08 00:20 - 2015-01-20 11:45 - 00035112 _____ (TeamViewer GmbH) C:\Windows\system32\Drivers\teamviewervpn.sys
2015-04-07 19:04 - 2015-04-07 19:36 - 00001597 _____ () C:\Users\crocuz\Desktop\Google Drive.lnk
2015-04-07 19:04 - 2015-04-07 19:35 - 00000000 ___RD () C:\Users\crocuz\Google Drive
2015-04-07 19:03 - 2015-04-07 19:03 - 00002054 _____ () C:\Users\Public\Desktop\Google Slides.lnk
2015-04-07 19:03 - 2015-04-07 19:03 - 00002052 _____ () C:\Users\Public\Desktop\Google Sheets.lnk
2015-04-07 19:03 - 2015-04-07 19:03 - 00002042 _____ () C:\Users\Public\Desktop\Google Docs.lnk
2015-04-07 19:03 - 2015-04-07 19:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2015-04-07 19:02 - 2015-04-07 19:02 - 00880208 _____ (Google Inc.) C:\Users\crocuz\Downloads\googledrivesync.exe
2015-04-05 03:00 - 2015-04-07 08:47 - 00000000 ___SD () C:\Windows\system32\GWX
2015-04-05 03:00 - 2015-04-05 03:00 - 00000000 ___SD () C:\Windows\SysWOW64\GWX
2015-04-04 21:58 - 2015-04-04 21:58 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-04-04 15:00 - 2015-04-04 15:00 - 00001965 _____ () C:\Users\crocuz\AppData\Local\recently-used.xbel
2015-04-04 14:20 - 2015-04-04 14:20 - 00000000 ___HD () C:\Users\crocuz\Desktop\.picasaoriginals
2015-04-03 15:56 - 2015-04-03 15:56 - 00000907 _____ () C:\Users\Public\Desktop\Inkscape 0.91.lnk
2015-04-03 15:56 - 2015-04-03 15:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Inkscape 0.91
2015-04-03 15:56 - 2015-04-03 15:56 - 00000000 ____D () C:\Program Files\Inkscape
2015-04-03 15:48 - 2015-04-03 15:50 - 97868152 _____ () C:\Users\crocuz\Downloads\inkscape-0.91-x64.msi
2015-04-03 15:46 - 2015-04-03 15:46 - 00040059 _____ () C:\Users\crocuz\Desktop\logo_aktuell_argb_final_illu_neu_srgb2_gerader daumen_ohne kontur.svg
2015-03-31 19:02 - 2015-03-31 19:02 - 24802928 _____ (Intel Corporation) C:\Windows\system32\igdumdim64.dll
2015-03-31 19:02 - 2015-03-31 19:02 - 06067760 _____ (Intel Corporation) C:\Windows\system32\igdusc64.dll
2015-03-31 19:02 - 2015-03-31 19:02 - 04782296 _____ (Intel Corporation) C:\Windows\SysWOW64\igdusc32.dll
2015-03-31 19:02 - 2015-03-31 19:02 - 02813952 _____ () C:\Windows\system32\iglhxa64.cpa
2015-03-31 19:02 - 2015-03-31 19:02 - 02024960 _____ (Intel Corporation) C:\Windows\system32\igfxLHM.dll
2015-03-31 19:02 - 2015-03-31 19:02 - 01402336 _____ (Intel Corporation) C:\Windows\system32\iglhsip64.dll
2015-03-31 19:02 - 2015-03-31 19:02 - 01399240 _____ (Intel Corporation) C:\Windows\SysWOW64\iglhsip32.dll
2015-03-31 19:02 - 2015-03-31 19:02 - 01369088 _____ (Intel Corporation) C:\Windows\system32\igfxcmjit64.dll
2015-03-31 19:02 - 2015-03-31 19:02 - 01063936 _____ (Intel Corporation) C:\Windows\SysWOW64\igfxcmjit32.dll
2015-03-31 19:02 - 2015-03-31 19:02 - 00695808 _____ (Intel Corporation) C:\Windows\system32\igfxDH.dll
2015-03-31 19:02 - 2015-03-31 19:02 - 00623616 _____ (Intel Corporation) C:\Windows\system32\MetroIntelGenericUIFramework.dll
2015-03-31 19:02 - 2015-03-31 19:02 - 00403671 _____ () C:\Windows\system32\ImageStabilization.wmv
2015-03-31 19:02 - 2015-03-31 19:02 - 00392592 _____ () C:\Windows\system32\igfxTray.exe
2015-03-31 19:02 - 2015-03-31 19:02 - 00385024 _____ (Intel Corporation) C:\Windows\system32\igfxOSP.dll
2015-03-31 19:02 - 2015-03-31 19:02 - 00372224 _____ (Intel Corporation) C:\Windows\system32\IntelOpenCL64.dll
2015-03-31 19:02 - 2015-03-31 19:02 - 00344976 _____ (Intel Corporation) C:\Windows\system32\igfxCUIService.exe
2015-03-31 19:02 - 2015-03-31 19:02 - 00314256 _____ (Intel Corporation) C:\Windows\system32\igfxEM.exe
2015-03-31 19:02 - 2015-03-31 19:02 - 00304128 _____ (Intel Corporation) C:\Windows\SysWOW64\IntelOpenCL32.dll
2015-03-31 19:02 - 2015-03-31 19:02 - 00279952 _____ (Intel Corporation) C:\Windows\SysWOW64\IntelCpHeciSvc.exe
2015-03-31 19:02 - 2015-03-31 19:02 - 00278528 _____ (Intel Corporation) C:\Windows\system32\igfxDI.dll
2015-03-31 19:02 - 2015-03-31 19:02 - 00255488 _____ () C:\Windows\system32\igfxCPL.cpl
2015-03-31 19:02 - 2015-03-31 19:02 - 00249232 _____ (Intel Corporation) C:\Windows\system32\igfxHK.exe
2015-03-31 19:02 - 2015-03-31 19:02 - 00229888 _____ (Intel Corporation) C:\Windows\system32\igfxDTCM.dll
2015-03-31 19:02 - 2015-03-31 19:02 - 00220432 _____ (Intel Corporation) C:\Windows\system32\iglhcp64.dll
2015-03-31 19:02 - 2015-03-31 19:02 - 00218512 _____ (Intel Corporation) C:\Windows\system32\igfxext.exe
2015-03-31 19:02 - 2015-03-31 19:02 - 00213504 _____ (Intel Corporation) C:\Windows\system32\igfx11cmrt64.dll
2015-03-31 19:02 - 2015-03-31 19:02 - 00211656 _____ (Intel Corporation) C:\Windows\system32\igfxcmrt64.dll
2015-03-31 19:02 - 2015-03-31 19:02 - 00184352 _____ (Intel Corporation) C:\Windows\SysWOW64\iglhcp32.dll
2015-03-31 19:02 - 2015-03-31 19:02 - 00183296 _____ (Intel Corporation) C:\Windows\system32\igfxCoIn_v4156.dll
2015-03-31 19:02 - 2015-03-31 19:02 - 00178672 _____ (Intel Corporation) C:\Windows\SysWOW64\igfxcmrt32.dll
2015-03-31 19:02 - 2015-03-31 19:02 - 00178176 _____ (Intel Corporation) C:\Windows\SysWOW64\igfx11cmrt32.dll
2015-03-31 19:02 - 2015-03-31 19:02 - 00086528 _____ (Khronos Group) C:\Windows\SysWOW64\Intel_OpenCL_ICD32.dll
2015-03-31 19:02 - 2015-03-31 19:02 - 00086528 _____ () C:\Windows\system32\igfxCUIServicePS.dll
2015-03-31 19:02 - 2015-03-31 19:02 - 00082432 _____ (Khronos Group) C:\Windows\system32\Intel_OpenCL_ICD64.dll
2015-03-31 19:02 - 2015-03-31 19:02 - 00069632 _____ ( ) C:\Windows\system32\igfxDHLibv2_0.dll
2015-03-31 19:02 - 2015-03-31 19:02 - 00059904 _____ ( ) C:\Windows\system32\igfxDHLib.dll
2015-03-31 19:02 - 2015-03-31 19:02 - 00044025 _____ () C:\Windows\system32\iglhxo64.vp
2015-03-31 19:02 - 2015-03-31 19:02 - 00043816 _____ () C:\Windows\system32\iglhxc64_dev.vp
2015-03-31 19:02 - 2015-03-31 19:02 - 00043494 _____ () C:\Windows\system32\iglhxc64.vp
2015-03-31 19:02 - 2015-03-31 19:02 - 00043298 _____ () C:\Windows\system32\iglhxg64_dev.vp
2015-03-31 19:02 - 2015-03-31 19:02 - 00043256 _____ () C:\Windows\system32\iglhxg64.vp
2015-03-31 19:02 - 2015-03-31 19:02 - 00042079 _____ () C:\Windows\system32\iglhxo64_dev.vp
2015-03-31 19:02 - 2015-03-31 19:02 - 00036616 _____ (Intel Corporation) C:\Windows\system32\igfxexps.dll
2015-03-31 19:02 - 2015-03-31 19:02 - 00035328 _____ (Intel Corporation) C:\Windows\SysWOW64\igfxexps32.dll
2015-03-31 19:02 - 2015-03-31 19:02 - 00010752 _____ ( ) C:\Windows\system32\igfxDILibv2_0.dll
2015-03-31 19:02 - 2015-03-31 19:02 - 00010752 _____ ( ) C:\Windows\system32\igfxDILib.dll
2015-03-31 19:02 - 2015-03-31 19:02 - 00010240 _____ ( ) C:\Windows\system32\igfxEMLibv2_0.dll
2015-03-31 19:02 - 2015-03-31 19:02 - 00010240 _____ ( ) C:\Windows\system32\igfxEMLib.dll
2015-03-31 19:02 - 2015-03-31 19:02 - 00005120 _____ ( ) C:\Windows\system32\igfxLHMLibv2_0.dll
2015-03-31 19:02 - 2015-03-31 19:02 - 00005120 _____ ( ) C:\Windows\system32\igfxLHMLib.dll
2015-03-31 19:02 - 2015-03-31 19:02 - 00004016 _____ () C:\Windows\system32\iglhxs64.vp
2015-03-31 19:02 - 2015-03-31 19:02 - 00001125 _____ () C:\Windows\system32\iglhxa64.vp
2015-03-31 19:01 - 2015-03-31 19:01 - 24003648 _____ (Intel Corporation) C:\Windows\SysWOW64\igdumdim32.dll
2015-03-31 19:01 - 2015-03-31 19:01 - 17761872 _____ () C:\Windows\system32\igd11dxva64.dll
2015-03-31 19:01 - 2015-03-31 19:01 - 17285440 _____ () C:\Windows\SysWOW64\igd11dxva32.dll
2015-03-31 19:01 - 2015-03-31 19:01 - 15982080 _____ (Intel Corporation) C:\Windows\system32\igdfcl64.dll
2015-03-31 19:01 - 2015-03-31 19:01 - 10853888 _____ (Intel Corporation) C:\Windows\SysWOW64\igdfcl32.dll
2015-03-31 19:01 - 2015-03-31 19:01 - 09396160 _____ (Intel Corporation) C:\Windows\system32\igd10iumd64.dll
2015-03-31 19:01 - 2015-03-31 19:01 - 08605632 _____ (Intel Corporation) C:\Windows\SysWOW64\igd10iumd32.dll
2015-03-31 19:01 - 2015-03-31 19:01 - 06021437 _____ () C:\Windows\system32\igdclbif.bin
2015-03-31 19:01 - 2015-03-31 19:01 - 04877240 _____ (Intel Corporation) C:\Windows\system32\Drivers\igdkmd64.sys
2015-03-31 19:01 - 2015-03-31 19:01 - 03550208 _____ (Intel Corporation) C:\Windows\system32\igdrcl64.dll
2015-03-31 19:01 - 2015-03-31 19:01 - 03320320 _____ (Intel Corporation) C:\Windows\SysWOW64\igdrcl32.dll
2015-03-31 19:01 - 2015-03-31 19:01 - 00636016 _____ (Intel Corporation) C:\Windows\system32\igdmd64.dll
2015-03-31 19:01 - 2015-03-31 19:01 - 00515488 _____ (Intel Corporation) C:\Windows\SysWOW64\igdmd32.dll
2015-03-31 19:01 - 2015-03-31 19:01 - 00398848 _____ (Intel Corporation) C:\Windows\system32\igdbcl64.dll
2015-03-31 19:01 - 2015-03-31 19:01 - 00350208 _____ (Intel Corporation) C:\Windows\SysWOW64\igdbcl32.dll
2015-03-31 19:01 - 2015-03-31 19:01 - 00282696 _____ (Intel Corporation) C:\Windows\system32\igd10idpp64.dll
2015-03-31 19:01 - 2015-03-31 19:01 - 00263120 _____ (Intel Corporation) C:\Windows\SysWOW64\igd10idpp32.dll
2015-03-31 19:01 - 2015-03-31 19:01 - 00227328 _____ () C:\Windows\system32\igdde64.dll
2015-03-31 19:01 - 2015-03-31 19:01 - 00187392 _____ () C:\Windows\SysWOW64\igdde32.dll
2015-03-31 19:01 - 2015-03-31 19:01 - 00169984 _____ (Intel Corporation) C:\Windows\system32\igdail64.dll
2015-03-31 19:01 - 2015-03-31 19:01 - 00152064 _____ (Intel Corporation) C:\Windows\SysWOW64\igdail32.dll
2015-03-31 19:00 - 2015-03-31 19:00 - 09504256 _____ (Intel Corporation) C:\Windows\system32\ig75icd64.dll
2015-03-31 19:00 - 2015-03-31 19:00 - 07484416 _____ (Intel Corporation) C:\Windows\SysWOW64\ig75icd32.dll
2015-03-31 19:00 - 2015-03-31 19:00 - 01131008 _____ (Intel Corporation) C:\Windows\system32\GfxResources.dll
2015-03-31 19:00 - 2015-03-31 19:00 - 01029008 _____ (Intel Corporation) C:\Windows\system32\Gfxv4_0.exe
2015-03-31 19:00 - 2015-03-31 19:00 - 01025936 _____ (Intel Corporation) C:\Windows\system32\Gfxv2_0.exe
2015-03-31 19:00 - 2015-03-31 19:00 - 00641530 _____ () C:\Windows\system32\FilmModeDetection.wmv
2015-03-31 19:00 - 2015-03-31 19:00 - 00448912 _____ (Intel Corporation) C:\Windows\system32\GfxUIEx.exe
2015-03-31 19:00 - 2015-03-31 19:00 - 00375173 _____ () C:\Windows\system32\ColorImageEnhancement.wmv
2015-03-31 19:00 - 2015-03-31 19:00 - 00339344 _____ (Intel Corporation) C:\Windows\system32\DPTopologyApp.exe
2015-03-31 19:00 - 2015-03-31 19:00 - 00338832 _____ (Intel Corporation) C:\Windows\system32\DPTopologyAppv2_0.exe
2015-03-31 19:00 - 2015-03-31 19:00 - 00157072 _____ (Intel Corporation) C:\Windows\system32\difx64.exe
2015-03-31 19:00 - 2015-03-31 19:00 - 00094208 _____ () C:\Windows\system32\IccLibDll_x64.dll
2015-03-27 18:13 - 2015-03-27 18:13 - 00595145 _____ (GBOOKSDOWNLOADER.COM ) C:\Users\crocuz\Downloads\gbooks_latest.exe
2015-03-27 18:10 - 2015-03-27 18:13 - 00001116 _____ () C:\Users\Public\Desktop\Google Books Downloader.lnk
2015-03-27 18:10 - 2015-03-27 18:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Books Downloader
2015-03-27 18:10 - 2015-03-27 18:13 - 00000000 ____D () C:\Program Files (x86)\Google Books Downloader
2015-03-27 18:10 - 2015-03-27 18:10 - 00657781 _____ (GBOOKSDOWNLOADER.COM ) C:\Users\crocuz\Downloads\google-book-downloader_19557.exe
2015-03-27 13:46 - 2015-04-03 21:04 - 00000000 ____D () C:\Users\crocuz\AppData\Roaming\MediaMonkey
2015-03-27 13:46 - 2015-03-27 13:46 - 15621448 _____ (Ventis Media Inc. ) C:\Users\crocuz\Downloads\MediaMonkey_4.1.6.1736.exe
2015-03-27 13:46 - 2015-03-27 13:46 - 00001059 _____ () C:\Users\Public\Desktop\MediaMonkey.lnk
2015-03-27 13:46 - 2015-03-27 13:46 - 00000000 ____D () C:\Users\crocuz\AppData\Local\MediaMonkey
2015-03-27 13:46 - 2015-03-27 13:46 - 00000000 ____D () C:\Users\admin\AppData\Roaming\MediaMonkey
2015-03-27 13:46 - 2015-03-27 13:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MediaMonkey
2015-03-27 13:46 - 2015-03-27 13:46 - 00000000 ____D () C:\ProgramData\MediaMonkey
2015-03-27 13:46 - 2015-03-27 13:46 - 00000000 ____D () C:\Program Files (x86)\MediaMonkey
2015-03-25 20:48 - 2015-03-11 06:06 - 00943616 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-03-25 20:48 - 2015-03-11 06:06 - 00760832 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-03-25 20:48 - 2015-03-11 06:06 - 00677888 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-03-25 20:48 - 2015-03-11 06:06 - 00414720 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-03-25 20:48 - 2015-03-11 06:05 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-03-25 20:48 - 2015-03-11 06:05 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-03-25 20:48 - 2015-03-11 06:05 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-03-25 20:48 - 2015-03-11 06:02 - 01107456 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-03-24 14:52 - 2015-04-14 19:17 - 00007944 _____ () C:\Windows\PFRO.log
2015-03-22 16:52 - 2015-03-22 16:52 - 00115592 _____ (pdfforge GmbH) C:\Windows\system32\pdfcmon.dll
2015-03-22 16:52 - 2015-03-22 16:52 - 00000848 _____ () C:\Users\Public\Desktop\PDFCreator.lnk
2015-03-22 16:52 - 2015-03-22 16:52 - 00000000 ____D () C:\Users\crocuz\AppData\Local\PDFCreator
2015-03-22 16:52 - 2015-03-22 16:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator
2015-03-22 16:52 - 2015-03-22 16:52 - 00000000 ____D () C:\Program Files\PDFCreator
2015-03-22 16:50 - 2015-03-22 16:50 - 27834848 _____ (pdfforge ) C:\Users\crocuz\Downloads\PDFCreator-2_1_0-setup.exe
2015-03-22 16:13 - 2015-03-22 16:13 - 06305280 _____ () C:\Users\crocuz\Downloads\Word2007RedactionTool(1).exe
2015-03-22 16:11 - 2015-03-22 16:15 - 00000000 ____D () C:\Users\admin\AppData\Local\Deployment
2015-03-22 16:11 - 2015-03-22 16:11 - 00000000 ____D () C:\Users\admin\AppData\Local\Apps\2.0
2015-03-22 16:10 - 2015-03-22 16:10 - 06305280 _____ () C:\Users\crocuz\Downloads\Word2007RedactionTool.exe
2015-03-22 00:05 - 2015-03-22 00:05 - 00000000 ____D () C:\Windows\Minidump
2015-03-19 22:38 - 2015-03-19 22:38 - 00002170 _____ () C:\Users\Public\Desktop\Style Builder 2015.lnk
2015-03-19 22:38 - 2015-03-19 22:38 - 00002084 _____ () C:\Users\Public\Desktop\LayOut 2015.lnk
2015-03-19 22:38 - 2015-03-19 22:38 - 00001999 _____ () C:\Users\Public\Desktop\SketchUp 2015.lnk
2015-03-19 22:38 - 2015-03-19 22:38 - 00000000 ____D () C:\Users\crocuz\AppData\Roaming\SketchUp
2015-03-19 22:38 - 2015-03-19 22:38 - 00000000 ____D () C:\ProgramData\Reprise
2015-03-19 22:38 - 2015-03-19 22:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SketchUp 2015
2015-03-19 22:37 - 2015-03-19 22:37 - 00000000 ____D () C:\ProgramData\SketchUp
2015-03-19 22:37 - 2015-03-19 22:37 - 00000000 ____D () C:\Program Files\SketchUp
2015-03-19 22:34 - 2015-03-19 22:37 - 119538880 _____ (Trimble Navigation Limited) C:\Users\crocuz\Downloads\SketchUpMake153-de-x64.exe
2015-03-19 22:21 - 2015-03-19 22:28 - 321350968 _____ () C:\Users\crocuz\Downloads\Desjet3D-V110-4144-64bit.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-14 19:48 - 2015-03-04 20:43 - 00020205 _____ () C:\Users\crocuz\Downloads\FRST.txt
2015-04-14 19:48 - 2015-03-04 20:43 - 00000000 ____D () C:\FRST
2015-04-14 19:48 - 2015-03-04 18:21 - 02096640 _____ (Farbar) C:\Users\crocuz\Downloads\FRST64.exe
2015-04-14 19:27 - 2015-03-04 19:00 - 02060664 _____ () C:\Windows\WindowsUpdate.log
2015-04-14 19:26 - 2014-12-21 19:03 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-04-14 19:25 - 2014-10-03 18:49 - 00011824 _____ () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-04-14 19:25 - 2014-10-03 18:49 - 00011824 _____ () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-04-14 19:23 - 2013-01-22 05:17 - 00000000 ____D () C:\Program Files (x86)\SpeedFan
2015-04-14 19:18 - 2014-12-21 19:03 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-04-14 19:18 - 2013-01-22 03:37 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2015-04-14 19:17 - 2015-03-12 04:31 - 00006104 _____ () C:\Windows\setupact.log
2015-04-14 19:17 - 2014-12-30 01:08 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-04-14 19:17 - 2014-10-03 18:50 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-04-14 19:16 - 2015-03-04 19:54 - 00000000 ____D () C:\AdwCleaner
2015-04-14 18:53 - 2014-12-12 23:50 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-04-14 17:25 - 2015-03-02 18:03 - 00000000 ____D () C:\Users\crocuz\AppData\Roaming\TeamViewer
2015-04-13 19:09 - 2015-03-04 18:27 - 00000000 ____D () C:\Qoobox
2015-04-13 19:09 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Default
2015-04-13 19:08 - 2015-03-04 18:27 - 00000000 ____D () C:\Windows\erdnt
2015-04-13 19:06 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini
2015-04-13 18:24 - 2015-03-04 19:02 - 05617275 ____R (Swearware) C:\Users\crocuz\Desktop\ComboFix.exe
2015-04-13 18:22 - 2015-03-04 18:27 - 05617275 ____R (Swearware) C:\Users\crocuz\Downloads\ComboFix.exe
2015-04-13 17:11 - 2014-10-03 18:50 - 00709900 _____ () C:\Windows\system32\perfh007.dat
2015-04-13 17:11 - 2014-10-03 18:50 - 00154336 _____ () C:\Windows\system32\perfc007.dat
2015-04-13 17:11 - 2014-10-03 18:49 - 01649556 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-04-13 16:44 - 2014-12-06 17:31 - 00000000 ____D () C:\Users\crocuz\AppData\Roaming\Dropbox
2015-04-13 14:06 - 2015-03-04 19:38 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-04-11 13:13 - 2013-02-17 22:30 - 00109280 _____ () C:\Users\admin\AppData\Local\GDIPFONTCACHEV1.DAT
2015-04-10 17:03 - 2013-01-22 12:39 - 00000000 ____D () C:\Users\admin
2015-04-10 16:54 - 2014-12-06 17:34 - 00001033 _____ () C:\Users\crocuz\Desktop\Dropbox.lnk
2015-04-10 16:54 - 2014-12-06 17:18 - 00000000 ____D () C:\Users\crocuz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-04-09 22:16 - 2015-01-02 16:51 - 00000000 ____D () C:\Program Files (x86)\Steam
2015-04-08 18:34 - 2013-01-11 20:21 - 00000000 ____D () C:\Users\crocuz
2015-04-08 18:21 - 2014-12-30 06:25 - 00000000 ____D () C:\Program Files\Intel
2015-04-08 16:37 - 2014-10-03 18:49 - 00109280 _____ () C:\Users\crocuz\AppData\Local\GDIPFONTCACHEV1.DAT
2015-04-08 14:28 - 2014-10-03 18:49 - 00409912 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-04-08 00:35 - 2013-01-31 13:07 - 00000000 ____D () C:\Users\crocuz\AppData\Roaming\foobar2000
2015-04-07 21:42 - 2014-11-25 19:00 - 00000000 ____D () C:\Users\crocuz\AppData\Roaming\Skype
2015-04-07 19:03 - 2014-12-21 17:52 - 00000000 ____D () C:\Users\admin\AppData\Local\Google
2015-04-07 19:03 - 2013-01-22 04:32 - 00000000 ____D () C:\Users\crocuz\AppData\Local\Google
2015-04-07 19:03 - 2013-01-22 04:32 - 00000000 ____D () C:\Program Files (x86)\Google
2015-04-07 15:59 - 2013-01-22 03:37 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-04-07 08:25 - 2014-12-22 15:47 - 00000000 ____D () C:\Users\crocuz\AppData\Roaming\Swiss Academic Software
2015-04-03 20:07 - 2013-01-22 05:11 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-04-03 19:28 - 2014-12-21 19:05 - 00002187 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-04-03 18:11 - 2013-12-08 17:05 - 00000000 ____D () C:\Users\crocuz\Documents\Citavi 4
2015-04-02 14:39 - 2015-01-19 17:18 - 00000000 ____D () C:\Users\crocuz\AppData\Local\CutePDF Writer
2015-04-01 03:03 - 2013-02-17 22:23 - 01622900 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2015-03-31 19:02 - 2014-12-30 00:59 - 00086528 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2015-03-31 19:02 - 2014-12-30 00:59 - 00082432 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2015-03-27 14:04 - 2014-11-15 23:50 - 00000000 ____D () C:\Users\crocuz\AppData\Roaming\vlc
2015-03-26 13:03 - 2014-12-21 18:29 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-03-26 13:03 - 2014-12-21 18:29 - 00000000 ____D () C:\Windows\system32\appraiser
2015-03-19 22:39 - 2014-12-31 18:38 - 00000000 ____D () C:\Users\crocuz\AppData\Roaming\NVIDIA
2015-03-17 09:18 - 2014-01-13 23:52 - 00000000 ____D () C:\Users\crocuz\AppData\Roaming\Adobe

==================== Files in the root of some directories =======

2014-12-21 18:55 - 2014-12-22 01:10 - 0003584 _____ () C:\Users\crocuz\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-02-17 23:13 - 2013-02-17 23:13 - 0000094 _____ () C:\Users\crocuz\AppData\Local\fusioncache.dat
2015-04-04 15:00 - 2015-04-04 15:00 - 0001965 _____ () C:\Users\crocuz\AppData\Local\recently-used.xbel

Some content of TEMP:
====================
C:\Users\admin\AppData\Local\temp\Quarantine.exe
C:\Users\admin\AppData\Local\temp\sfamcc00001.dll
C:\Users\admin\AppData\Local\temp\sfareca00001.dll
C:\Users\admin\AppData\Local\temp\sqlite3.dll
C:\Users\crocuz\AppData\Local\temp\NOSEventMessages.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

==================== End Of Log ============================
--- --- ---

--- --- ---

--- --- ---

plus Addition.txt (falls benötigt):

Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-04-2015
Ran by crocuz at 2015-04-14 19:48:53
Running from C:\Users\crocuz\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Kaspersky Internet Security (Enabled - Up to date) {179979E8-273D-D14E-0543-2861940E4886}
AS: Kaspersky Internet Security (Enabled - Up to date) {ACF8980C-0107-DEC0-3FF3-1313EF89023B}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security (Enabled) {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
AllDup 3.4.24 (HKLM-x32\...\AllDup_is1) (Version: 3.4.24 - Michael Thummerer Software Design)
Aureon 5.1 PCI (HKLM\...\C-Media PCI Audio Driver) (Version:  - )
Avidemux 2.6 (32-bit) (HKLM-x32\...\Avidemux 2.6) (Version: 2.6.8.9046 - )
Belkin Connect Wireless USB Adapter (HKLM-x32\...\InstallShield_{08B73C99-D071-488F-8861-5DDA897C510D}) (Version: 1.0.0.3 - Belkin)
Belkin Connect Wireless USB Adapter (x32 Version: 1.0.0.3 - Belkin) Hidden
Bluefish 2.0.0-1 (HKLM-x32\...\Bluefish) (Version: 2.0.0-1 - The Bluefish Developers)
burnatonce (HKLM-x32\...\burnatonce_is1) (Version:  - )
calibre (HKLM-x32\...\{8FAFEF8C-295D-4D71-95FC-91D9B7D75F3E}) (Version: 2.13.0 - Kovid Goyal)
Canon MG5100 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5100_series) (Version:  - )
CCleaner (HKLM\...\CCleaner) (Version: 3.26 - Piriform)
Citavi 4 (HKLM-x32\...\{CC0A85B2-734A-45B3-B678-05F6A6499AC7}) (Version: 4.4.0.28 - Swiss Academic Software)
CutePDF Writer 3.0 (HKLM\...\CutePDF Writer Installation) (Version:  3.0 - Acro Software Inc.)
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.49.1.0356 - Disc Soft Ltd)
Dropbox (HKU\S-1-5-21-2859920938-3614251155-1635578748-1000\...\Dropbox) (Version: 3.4.3 - Dropbox, Inc.)
Dual Monitor 1.22 (HKU\S-1-5-21-2859920938-3614251155-1635578748-1000\...\{64AA3F94-ED4A-4A4B-B72C-B7A1481ED5D8}_is1) (Version: 1.22.021813 - Cristi Diaconu)
DVDFab 9.1.8.1 (24/12/2014) (HKLM-x32\...\DVDFab 9_is1) (Version:  - Fengtao Software Inc.)
DVDFab Passkey 8.2.2.9 (28/11/2014) (HKLM-x32\...\DVDFab Passkey 8_is1) (Version:  - Fengtao Software Inc.)
Exact Audio Copy 1.0beta4 (HKLM-x32\...\Exact Audio Copy) (Version: 1.0beta4 - Andre Wiethoff)
foobar2000 v1.3.6 (HKLM-x32\...\foobar2000) (Version: 1.3.6 - Peter Pawlowski)
Google Books Downloader version 2.5 (HKLM-x32\...\{216729B6-014A-F413-814F-F17F74FBA113}_is1) (Version: 2.5 - GBOOKSDOWNLOADER.COM)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 41.0.2272.118 - Google Inc.)
Google Drive (HKLM-x32\...\{6C36881B-0E51-4231-9D02-BF2149664D34}) (Version: 1.20.8672.3137 - Google, Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
GPL Ghostscript (HKLM-x32\...\GPL Ghostscript 9.15) (Version: 9.15 - Artifex Software Inc.)
HandBrake 0.10.0 (HKLM-x32\...\HandBrake) (Version: 0.10.0 - )
HD Tune 2.55 (HKLM-x32\...\HD Tune_is1) (Version:  - EFD Software)
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
Inkscape 0.91 (HKLM\...\{81922150-317E-4BB0-A31D-FF1C14F707C5}) (Version: 0.91 - inkscape.org)
Intel(R) Network Connections 18.5.54.0 (HKLM\...\PROSetDX) (Version: 18.5.54.0 - Intel)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.14.4156 - Intel Corporation)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.38 - Irfan Skiljan)
JMicron JMB36X Driver (HKLM-x32\...\{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}) (Version: 1.17.65.11 - JMicron Technology Corp.)
Joe (HKLM-x32\...\{0AD3DEBC-5321-457E-8B43-8F546940169B}) (Version: 4.00.0050 - Wirth IT Design)
Kaspersky Internet Security (HKLM-x32\...\InstallWIX_{8ED07EBD-22AD-415A-B71E-C1AD86862C2E}) (Version: 15.0.1.415 - Kaspersky Lab)
Kaspersky Internet Security (x32 Version: 15.0.1.415 - Kaspersky Lab) Hidden
Malwarebytes Anti-Malware Version 2.1.4.1018 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.4.1018 - Malwarebytes Corporation)
MediaMonkey 4.1 (HKLM-x32\...\MediaMonkey_is1) (Version: 4.1 - Ventis Media Inc.)
Metro 2033 (HKLM-x32\...\Steam App 43110) (Version:  - 4A Games)
Microsoft .NET Framework 1.1 (HKLM-x32\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: 1.1.4322 - Microsoft)
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Pro Photo Tools (HKLM-x32\...\{A05CF147-BEED-4880-BF9B-4EAF22C77FFD}) (Version: 2.2 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
MotioninJoy Gamepad tool 0.7.1001 (HKLM\...\{330DAC67-5B62-452A-A0E4-6B4A5923940F}_is1) (Version: 0.7.1001 - www.motioninjoy.com)
Mozilla Firefox 37.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 37.0.1 (x86 de)) (Version: 37.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 33.1 - Mozilla)
Mozilla Thunderbird 12.0.1 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 12.0.1 (x86 de)) (Version: 12.0.1 - Mozilla)
Mp3tag v2.66 (HKLM-x32\...\Mp3tag) (Version: v2.66 - Florian Heidenreich)
MSVC80_x64_v2 (Version: 1.0.3.0 - Nokia) Hidden
MSVC80_x86_v2 (x32 Version: 1.0.3.0 - Nokia) Hidden
MSVC90_x64 (Version: 1.0.1.2 - Nokia) Hidden
MSVC90_x86 (x32 Version: 1.0.1.2 - Nokia) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MusicBrainz Picard (HKLM-x32\...\MusicBrainz Picard) (Version: 1.3 - MusicBrainz)
Nokia Connectivity Cable Driver (HKLM-x32\...\{29373274-977E-413C-A4DE-DC0F8E80C429}) (Version: 7.1.172.0 - Nokia)
Nokia Suite (HKLM-x32\...\Nokia Suite) (Version: 3.8.30.0 - Nokia)
Nokia Suite (x32 Version: 3.8.30.0 - Nokia) Hidden
NVIDIA 3D Vision Controller-Treiber 347.09 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 347.09 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 347.09 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 347.09 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.1.5 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.5 - NVIDIA Corporation)
NVIDIA Grafiktreiber 347.09 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 347.09 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.33.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.33.0 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation)
PC Connectivity Solution (HKLM-x32\...\{6D01D1B1-17BD-4F10-BB11-F08F0C47D42B}) (Version: 12.0.109.0 - Nokia)
PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 2.1.0 - pdfforge)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
PictureRelate (HKLM-x32\...\picture-relate@walthelm.net) (Version: 2.6.4 D - Axel Walthelm)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.53.216.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6782 - Realtek Semiconductor Corp.)
Roadkil's Unstoppable Copier Version 5.2 (HKLM-x32\...\{A306FD29-7D3A-4287-91AC-9A0180931395}_is1) (Version:  - Roadkil.Net)
Scribus 1.4.4 (64bit) (HKLM\...\Scribus 1.4.4) (Version: 1.4.4 - The Scribus Team)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{A3364707-2F53-4C83-8F68-C9877A9080C7}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (Version:  - Microsoft) Hidden
SHIELD Streaming (Version: 3.1.3000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 16.18.9 - NVIDIA Corporation) Hidden
SketchUp 2015 (HKLM\...\{A83795B9-570F-40FF-ACB4-710B568EBA22}) (Version: 15.3.331 - Trimble Navigation Limited)
Skype™ 6.22 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.22.106 - Skype Technologies S.A.)
SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version:  - )
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1170 - SUPERAntiSpyware.com)
TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.39052 - TeamViewer)
TeraCopy 2.3 (HKLM\...\TeraCopy_is1) (Version:  - Code Sector)
The Elder Scrolls V: Skyrim (HKLM-x32\...\Steam App 72850) (Version:  - Bethesda Game Studios)
TimeComX Basic (64-Bit) (HKLM-x32\...\TimeComX Basic 64-Bit) (Version: 1.3.2.7 - Bitdreamers)
TreeSize Free V3.2.1 (HKLM-x32\...\TreeSize Free_is1) (Version: 3.2.1 - JAM Software)
VC_CRT_x64 (Version: 1.02.0000 - Intel Corporation) Hidden
Visual Studio Tools for the Office system 3.0 Runtime (HKLM-x32\...\Visual Studio Tools for the Office system 3.0 Runtime) (Version:  - Microsoft Corporation)
Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258) (HKLM-x32\...\{8FB53850-246A-3507-8ADE-0060093FFEA6}.KB949258) (Version: 1 - Microsoft Corporation)
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Windows 7 USB/DVD Download Tool (HKLM-x32\...\{CCF298AF-9CE1-4B26-B251-486E98A34789}) (Version: 1.0.30 - Microsoft Corporation)
Windows-Treiberpaket - Nokia pccsmcfd LegacyDriver  (05/31/2012 7.1.2.0) (HKLM\...\62BBD193ADFDBB228C7E1ADB56463F5732FF7F6F) (Version: 05/31/2012 7.1.2.0 - Nokia)
WinRAR 5.20 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.20.0 - win.rar GmbH)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-2859920938-3614251155-1635578748-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\crocuz\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2859920938-3614251155-1635578748-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\crocuz\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2859920938-3614251155-1635578748-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\crocuz\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2859920938-3614251155-1635578748-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\crocuz\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2859920938-3614251155-1635578748-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\crocuz\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2859920938-3614251155-1635578748-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\crocuz\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2859920938-3614251155-1635578748-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\crocuz\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2859920938-3614251155-1635578748-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\crocuz\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2859920938-3614251155-1635578748-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\crocuz\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2859920938-3614251155-1635578748-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\crocuz\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)

==================== Restore Points  =========================

ATTENTION: System Restore is disabled.
Check "winmgmt" service or repair WMI.


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2015-04-13 19:06 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => 
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => 
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => 

==================== Loaded Modules (whitelisted) ==============


==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxldtlfudivq`qsp`26hfm

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2859920938-3614251155-1635578748-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\crocuz\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^Users^admin^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\Windows\pss\Dropbox.lnk.Startup
MSCONFIG\startupreg: CmPCIaudio => C:\Windows\syswow64\RunDll32.exe C:\Windows\Syswow64\CMICNFG3.dll,CMICtrlWnd
MSCONFIG\startupreg: DAEMON Tools Lite => "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
MSCONFIG\startupreg: DVDFab Passkey => "C:\Program Files (x86)\DVDFab Passkey\DVDFabPasskey.exe"
MSCONFIG\startupreg: JMB36X IDE Setup => C:\Windows\RaidTool\xInsIDE.exe
MSCONFIG\startupreg: Logitech Download Assistant => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
MSCONFIG\startupreg: NvBackend => "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
MSCONFIG\startupreg: ShadowPlay => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart

==================== Accounts: =============================

admin (S-1-5-21-2859920938-3614251155-1635578748-1004 - Administrator - Enabled) => C:\Users\admin
Administrator (S-1-5-21-2859920938-3614251155-1635578748-500 - Administrator - Enabled) => C:\Users\Administrator.crocuz-PC
ASPNET (S-1-5-21-2859920938-3614251155-1635578748-1006 - Limited - Enabled)
crocuz (S-1-5-21-2859920938-3614251155-1635578748-1000 - Limited - Enabled) => C:\Users\crocuz
Gast (S-1-5-21-2859920938-3614251155-1635578748-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2859920938-3614251155-1635578748-1002 - Limited - Enabled)
testuser (S-1-5-21-2859920938-3614251155-1635578748-1009 - Limited - Enabled) => C:\Users\testuser

==================== Faulty Device Manager Devices =============

Name: SM-Bus-Controller
Description: SM-Bus-Controller
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: USB (Universal Serial Bus)-Controller
Description: USB (Universal Serial Bus)-Controller
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================

System errors:
=============

Microsoft Office Sessions:
=========================

==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i5-4460 CPU @ 3.20GHz
Percentage of memory in use: 31%
Total physical RAM: 7842.27 MB
Available physical RAM: 5389.16 MB
Total Pagefile: 8864.45 MB
Available Pagefile: 5922.7 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: (Win7x64_Work) (Fixed) (Total:78.12 GB) (Free:8.16 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive g: () (Fixed) (Total:0.28 GB) (Free:0.27 GB) FAT32
Drive x: (media_stuff) (Fixed) (Total:931.51 GB) (Free:126.35 GB) NTFS
Drive z: (personals) (Fixed) (Total:292.97 GB) (Free:61.23 GB) NTFS

==================== MBR & Partition Table ==================

==================== End Of Log ============================

Alt 15.04.2015, 14:05   #13
schrauber
/// the machine
/// TB-Ausbilder
 
Windows 7 - Evtl. Highjacking/ Trojaner-Infektion nach unvorsichtigem Download - Standard

Windows 7 - Evtl. Highjacking/ Trojaner-Infektion nach unvorsichtigem Download


Unsere Tools brauchen immer Adminrechte.



ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 18.04.2015, 23:16   #14
muy_raro
 
Windows 7 - Evtl. Highjacking/ Trojaner-Infektion nach unvorsichtigem Download - Standard

Windows 7 - Evtl. Highjacking/ Trojaner-Infektion nach unvorsichtigem Download


hier mal das ESET-log (die gefundenen Dateien sind alles PUBS, hab auch danach suchen lassen):

C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZCTLVEZ1\SUChecker[1].exe Variante von Win32/Adware.PicColor.Z Anwendung Gesäubert durch Löschen - in Quarantäne kopiert
C:\Users\admin\Downloads\ccsetup502.exe Win32/Bundled.Toolbar.Google.D potenziell unsichere Anwendung gelöscht - in Quarantäne kopiert
C:\Users\crocuz\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\aaaalipaokhkccgmgkdglfinfnfhflko\30.10_0\background\ChromeUtilPlugin.dll Variante von Win32/Bundled.Toolbar.Ask.F potenziell unsichere Anwendung gelöscht - in Quarantäne kopiert
C:\Users\crocuz\Downloads\CuteWriter_v3.0.0.8.exe Variante von Win32/Bundled.Toolbar.Ask.G potenziell unsichere Anwendung gelöscht - in Quarantäne kopiert
C:\Users\crocuz\Downloads\PDFCreator-2_1_0-setup.exe Win32/InstallMonetizer.AQ evtl. unerwünschte Anwendung gelöscht - in Quarantäne kopiert
Z:\DATA\Treiber\MSI_K9APlatinum\K9APlatinum_Treiber_01-12_win7_x64\ccsetup326.exe Win32/Bundled.Toolbar.Google.D potenziell unsichere Anwendung gelöscht - in Quarantäne kopiert

Results of screen317's Security Check version 1.00
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Kaspersky Internet Security
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Adobe Flash Player 17.0.0.169
Adobe Reader XI
Mozilla Firefox (37.0.1)
Mozilla Thunderbird 12.0.1 Thunderbird out of Date!
Google Chrome (41.0.2272.118)
Google Chrome (42.0.2311.90)
````````Process Check: objlist.exe by Laurent````````
Kaspersky Lab Kaspersky Internet Security 15.0.1 avp.exe
Kaspersky Lab Kaspersky Internet Security 15.0.1 avpui.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:
````````````````````End of Log``````````````````````

und hier noch das frst-log:
FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 18-04-2015 01
Ran by admin (administrator) on CROCUZ-PC on 18-04-2015 23:55:15
Running from Z:\Dropbox\Virenscan
Loaded Profiles: crocuz & admin (Available profiles: crocuz & admin & testuser & Administrator)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Geeks to Go Forum

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\avp.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler64.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\avpui.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Nokia) C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Nokia) C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe
(Mozilla Messaging) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Almico Software (Almico's Home Page)) C:\Program Files (x86)\SpeedFan\speedfan.exe
(Piotr Pawlowski) C:\Program Files (x86)\foobar2000\foobar2000.exe
(Nokia) C:\Program Files (x86)\PC Connectivity Solution\Transports\NclUSBSrv64.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Windows\System32\prevhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\prevhost.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
() C:\Users\crocuz\Downloads\SecurityCheck.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13260944 2012-11-19] (Realtek Semiconductor)
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [108144 2012-11-05] (Microsoft Corporation)
HKU\S-1-5-21-2859920938-3614251155-1635578748-1000\...\Run: [NokiaSuite.exe] => C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe [1090912 2013-04-19] (Nokia)
HKU\S-1-5-21-2859920938-3614251155-1635578748-1000\...\Run: [dualmonitor] => [X]
HKU\S-1-5-21-2859920938-3614251155-1635578748-1000\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [26232152 2015-02-19] (Google)
HKU\S-1-5-21-2859920938-3614251155-1635578748-1000\...\MountPoints2: {f9c13ab5-647d-11e2-a49a-806e6f6e6963} - F:\Astart.exe
HKU\S-1-5-21-2859920938-3614251155-1635578748-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\PhotoScreensaver.scr [477696 2010-11-21] (Microsoft Corporation)
HKU\S-1-5-21-2859920938-3614251155-1635578748-1004\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [30877280 2014-12-11] (Skype Technologies S.A.)
HKU\S-1-5-21-2859920938-3614251155-1635578748-1004\...\RunOnce: [Report] => \AdwCleaner\AdwCleaner[S1].txt

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-2859920938-3614251155-1635578748-1004\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = MSN Deutschland ? mit Hotmail Nachfolger Outlook und Messenger Skype
HKU\S-1-5-21-2859920938-3614251155-1635578748-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = MSN Deutschland ? mit Hotmail Nachfolger Outlook und Messenger Skype
HKU\S-1-5-21-2859920938-3614251155-1635578748-1004\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Content Blocker Plugin -> {03C04F0A-E2A3-4F7F-BA30-BFA06FFD1358} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\x64\IEExt\ie_plugin.dll [2014-12-06] (Kaspersky Lab ZAO)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: Virtual Keyboard Plugin -> {B5D5BB14-C8E2-478D-9C97-574AC10AF9E8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\x64\IEExt\ie_plugin.dll [2014-12-06] (Kaspersky Lab ZAO)
BHO: Safe Money Plugin -> {E3D96E85-529D-4269-AC6A-97CF9E2221E3} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\x64\IEExt\ie_plugin.dll [2014-12-06] (Kaspersky Lab ZAO)
BHO-x32: Content Blocker Plugin -> {03C04F0A-E2A3-4F7F-BA30-BFA06FFD1358} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\IEExt\ie_plugin.dll [2014-12-06] (Kaspersky Lab ZAO)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Virtual Keyboard Plugin -> {B5D5BB14-C8E2-478D-9C97-574AC10AF9E8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\IEExt\ie_plugin.dll [2014-12-06] (Kaspersky Lab ZAO)
BHO-x32: Safe Money Plugin -> {E3D96E85-529D-4269-AC6A-97CF9E2221E3} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\IEExt\ie_plugin.dll [2014-12-06] (Kaspersky Lab ZAO)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\gb8hs0xx.default
FF Homepage: about:home|hxxp://www.giga.de/androidnews/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-04-16] ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-30] (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-16] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-02-13] (Google, Inc.)
FF Plugin-x32: @kaspersky.com/content_blocker_6418E0D362104DADA084DC312DFA8ABC -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\content_blocker@kaspersky.com [2014-12-06] ()
FF Plugin-x32: @kaspersky.com/online_banking_69A4E213815F42BD863D889007201D82 -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\online_banking@kaspersky.com [2014-12-06] ()
FF Plugin-x32: @kaspersky.com/virtual_keyboard_294FF26A1D5B455495946778FDE7CEDB -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\virtual_keyboard@kaspersky.com [2014-12-06] ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @nokia.com/EnablerPlugin -> C:\Program Files (x86)\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll [2013-04-19] ( )
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2014-12-13] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2014-12-13] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-11] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-11] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [content_blocker_6418E0D362104DADA084DC312DFA8ABC@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\content_blocker@kaspersky.com
FF Extension: Dangerous Websites Blocker - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\content_blocker@kaspersky.com [2014-12-06]
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard_294FF26A1D5B455495946778FDE7CEDB@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\virtual_keyboard@kaspersky.com [2014-12-06]
FF HKLM-x32\...\Firefox\Extensions: [online_banking_69A4E213815F42BD863D889007201D82@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\online_banking@kaspersky.com
FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\online_banking@kaspersky.com [2014-12-06]
FF HKLM-x32\...\Firefox\Extensions: [send.to.picturerelate@walthelm.net] - C:\Program Files (x86)\PictureRelate\SendToPictureRelate
FF Extension: SendToPictureRelate - C:\Program Files (x86)\PictureRelate\SendToPictureRelate [2014-12-21]
FF HKLM-x32\...\Firefox\Extensions: [{8AA36F4F-6DC7-4c06-77AF-5035170634FE}] - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox
FF Extension: Citavi Picker - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox [2014-12-22]

Chrome: 
=======
CHR Profile: C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-03-22]
CHR Extension: (Google Docs) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-03-22]
CHR Extension: (Google Drive) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-03-22]
CHR Extension: (YouTube) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-03-22]
CHR Extension: (Google Search) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-03-22]
CHR Extension: (Kaspersky Protection) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\dbhjdbfgekjfcfkkfjjmlmojhbllhbho [2015-03-22]
CHR Extension: (Google Sheets) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-03-22]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-04-03]
CHR Extension: (Google Wallet) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-03-22]
CHR Extension: (Citavi Picker) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohgndokldibnndfnjnagojmheejlengn [2015-03-22]
CHR Extension: (Gmail) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-22]
CHR HKLM\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho
CHR HKU\S-1-5-21-2859920938-3614251155-1635578748-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho
CHR HKLM-x32\...\Chrome\Extension: [ohgndokldibnndfnjnagojmheejlengn] - https://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-23] (SUPERAntiSpyware.com)
R2 AVP15.0.1; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\avp.exe [234520 2014-08-30] (Kaspersky Lab ZAO)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148560 2014-12-13] (NVIDIA Corporation)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [344976 2015-03-31] (Intel Corporation)
S3 Installer Service; C:\ProgramData\NokiaInstallerCache\ProductCache\{D5878294-C113-43c5-A24F-FC333C52015A}\{0C808377-8C23-44ED-9016-05F42E6D4900}\Installer\InstallerService.exe [125288 2013-09-20] ()
S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1080120 2015-03-17] (Malwarebytes Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1701520 2014-12-13] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19823248 2014-12-13] (NVIDIA Corporation)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5436176 2015-02-17] (TeamViewer GmbH)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 cmuda3; C:\Windows\System32\drivers\cmudax3.sys [1155072 2009-05-22] (C-Media Inc)
R0 cm_km_w; C:\Windows\System32\DRIVERS\cm_km_w.sys [238288 2013-01-14] (Kaspersky Lab UK Ltd)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-11-10] (Disc Soft Ltd)
R3 dvdfab; C:\Windows\System32\drivers\dvdfab.sys [79232 2011-08-15] (Fengtao Software Inc.)
R3 e1dexpress; C:\Windows\System32\DRIVERS\e1d62x64.sys [495376 2013-05-30] (Intel Corporation)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [468576 2014-03-31] (Kaspersky Lab ZAO)
R2 kldisk; C:\Windows\System32\DRIVERS\kldisk.sys [46144 2014-07-02] (Kaspersky Lab ZAO)
R3 klflt; C:\Windows\System32\DRIVERS\klflt.sys [150536 2014-12-06] (Kaspersky Lab ZAO)
R1 klhk; C:\Windows\System32\DRIVERS\klhk.sys [246456 2014-08-12] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [819896 2015-03-11] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [30304 2014-02-25] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [28768 2014-03-28] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-08-08] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [55872 2014-06-05] (Kaspersky Lab ZAO)
R1 Klwtp; C:\Windows\System32\DRIVERS\klwtp.sys [77512 2014-12-06] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [179776 2014-07-09] (Kaspersky Lab ZAO)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-03-17] (Malwarebytes Corporation)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [136408 2015-04-14] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-03-17] (Malwarebytes Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2014-12-13] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-17 00:50 - 2015-04-17 04:55 - 00019145 _____ () C:\Users\crocuz\Desktop\ZieglerRechnungsmappe.xlsm
2015-04-17 00:50 - 2015-04-17 00:50 - 00012070 _____ () C:\Users\crocuz\Desktop\ZieglerRechnungsmappe.xlsx
2015-04-17 00:12 - 2015-04-17 00:12 - 00016594 _____ () C:\Users\crocuz\Downloads\Sicherungskopie von Bewerbung Arxhof.wbk
2015-04-16 22:00 - 2015-04-16 22:01 - 00852616 _____ () C:\Users\crocuz\Downloads\SecurityCheck.exe
2015-04-16 22:00 - 2015-04-16 22:00 - 02347384 _____ (ESET) C:\Users\crocuz\Downloads\esetsmartinstaller_deu.exe
2015-04-16 10:25 - 2015-03-25 05:24 - 03298816 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-04-16 10:25 - 2015-03-25 05:24 - 02553856 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-04-16 10:25 - 2015-03-25 05:24 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-04-16 10:25 - 2015-03-25 05:24 - 00191488 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-04-16 10:25 - 2015-03-25 05:24 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-04-16 10:25 - 2015-03-25 05:24 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-04-16 10:25 - 2015-03-25 05:24 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-04-16 10:25 - 2015-03-25 05:24 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-04-16 10:25 - 2015-03-25 05:23 - 00135168 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-04-16 10:25 - 2015-03-25 05:23 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-04-16 10:25 - 2015-03-25 05:23 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-04-16 10:25 - 2015-03-25 05:00 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-04-16 10:25 - 2015-03-25 05:00 - 00173056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-04-16 10:25 - 2015-03-25 05:00 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-04-16 10:25 - 2015-03-25 05:00 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-04-16 10:25 - 2015-03-25 05:00 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-04-16 10:25 - 2015-03-23 05:25 - 00769536 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-04-16 10:25 - 2015-03-23 05:25 - 00726528 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-04-16 10:25 - 2015-03-23 05:24 - 00957952 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-04-16 10:25 - 2015-03-23 05:24 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-04-16 10:25 - 2015-03-23 05:24 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-04-16 10:25 - 2015-03-23 05:24 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-04-16 10:25 - 2015-03-23 05:24 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-04-16 10:25 - 2015-03-23 05:17 - 01111552 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-04-16 10:25 - 2015-03-17 07:22 - 05557696 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-04-16 10:25 - 2015-03-17 07:22 - 00155576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-04-16 10:25 - 2015-03-17 07:22 - 00095672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-04-16 10:25 - 2015-03-17 07:19 - 01727904 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-04-16 10:25 - 2015-03-17 07:17 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-04-16 10:25 - 2015-03-17 07:17 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-04-16 10:25 - 2015-03-17 07:17 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-04-16 10:25 - 2015-03-17 07:16 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-04-16 10:25 - 2015-03-17 07:16 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-04-16 10:25 - 2015-03-17 07:16 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-04-16 10:25 - 2015-03-17 07:16 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-04-16 10:25 - 2015-03-17 07:16 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-04-16 10:25 - 2015-03-17 07:16 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-04-16 10:25 - 2015-03-17 07:16 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-04-16 10:25 - 2015-03-17 07:16 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-04-16 10:25 - 2015-03-17 07:16 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-04-16 10:25 - 2015-03-17 07:16 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-04-16 10:25 - 2015-03-17 07:16 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-04-16 10:25 - 2015-03-17 07:16 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-04-16 10:25 - 2015-03-17 07:16 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-04-16 10:25 - 2015-03-17 07:16 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-04-16 10:25 - 2015-03-17 07:16 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-04-16 10:25 - 2015-03-17 07:16 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-04-16 10:25 - 2015-03-17 07:16 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-04-16 10:25 - 2015-03-17 07:16 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-04-16 10:25 - 2015-03-17 07:16 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-04-16 10:25 - 2015-03-17 07:16 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-04-16 10:25 - 2015-03-17 07:15 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-04-16 10:25 - 2015-03-17 07:15 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-04-16 10:25 - 2015-03-17 07:15 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-04-16 10:25 - 2015-03-17 07:13 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-04-16 10:25 - 2015-03-17 07:13 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-04-16 10:25 - 2015-03-17 07:11 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-04-16 10:25 - 2015-03-17 07:11 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-04-16 10:25 - 2015-03-17 07:11 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-04-16 10:25 - 2015-03-17 07:11 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-04-16 10:25 - 2015-03-17 07:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-04-16 10:25 - 2015-03-17 07:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-04-16 10:25 - 2015-03-17 07:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-04-16 10:25 - 2015-03-17 07:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-04-16 10:25 - 2015-03-17 07:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-04-16 10:25 - 2015-03-17 07:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-04-16 10:25 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-04-16 10:25 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-04-16 10:25 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-04-16 10:25 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-04-16 10:25 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-04-16 10:25 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-04-16 10:25 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-04-16 10:25 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-04-16 10:25 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-04-16 10:25 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-04-16 10:25 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-04-16 10:25 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-04-16 10:25 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-04-16 10:25 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-04-16 10:25 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-04-16 10:25 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-04-16 10:25 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-04-16 10:25 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-04-16 10:25 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-04-16 10:25 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-04-16 10:25 - 2015-03-17 07:01 - 03976632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-04-16 10:25 - 2015-03-17 07:01 - 03920824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-04-16 10:25 - 2015-03-17 06:59 - 01309696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-04-16 10:25 - 2015-03-17 06:57 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-04-16 10:25 - 2015-03-17 06:57 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-04-16 10:25 - 2015-03-17 06:57 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-04-16 10:25 - 2015-03-17 06:57 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-04-16 10:25 - 2015-03-17 06:57 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-04-16 10:25 - 2015-03-17 06:57 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-04-16 10:25 - 2015-03-17 06:57 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-04-16 10:25 - 2015-03-17 06:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-04-16 10:25 - 2015-03-17 06:57 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-04-16 10:25 - 2015-03-17 06:56 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-04-16 10:25 - 2015-03-17 06:56 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-04-16 10:25 - 2015-03-17 06:56 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-04-16 10:25 - 2015-03-17 06:56 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-04-16 10:25 - 2015-03-17 06:56 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-04-16 10:25 - 2015-03-17 06:56 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-04-16 10:25 - 2015-03-17 06:56 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-04-16 10:25 - 2015-03-17 06:53 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-04-16 10:25 - 2015-03-17 06:53 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-04-16 10:25 - 2015-03-17 06:50 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-04-16 10:25 - 2015-03-17 06:50 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-04-16 10:25 - 2015-03-17 06:50 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-04-16 10:25 - 2015-03-17 06:50 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-04-16 10:25 - 2015-03-17 06:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-04-16 10:25 - 2015-03-17 06:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-04-16 10:25 - 2015-03-17 06:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-04-16 10:25 - 2015-03-17 06:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-04-16 10:25 - 2015-03-17 06:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-04-16 10:25 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-04-16 10:25 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-04-16 10:25 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-04-16 10:25 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-04-16 10:25 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-04-16 10:25 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-04-16 10:25 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-04-16 10:25 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-04-16 10:25 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-04-16 10:25 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-04-16 10:25 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-04-16 10:25 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-04-16 10:25 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-04-16 10:25 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-04-16 10:25 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-04-16 10:25 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-04-16 10:25 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-04-16 10:25 - 2015-03-17 05:45 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-04-16 10:25 - 2015-03-17 05:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-04-16 10:25 - 2015-03-17 05:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-04-16 10:25 - 2015-03-17 05:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-04-16 10:25 - 2015-03-17 05:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-04-16 10:25 - 2015-03-17 05:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-04-16 10:25 - 2015-03-10 05:25 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-04-16 10:25 - 2015-03-10 05:21 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2015-04-16 10:25 - 2015-03-10 05:08 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2015-04-16 10:25 - 2015-03-10 05:05 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2015-04-16 10:25 - 2015-03-05 07:12 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-04-16 10:25 - 2015-03-05 06:05 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2015-04-16 10:24 - 2015-04-02 02:17 - 00389808 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-04-16 10:24 - 2015-04-02 01:49 - 00342704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-04-16 10:24 - 2015-03-13 06:32 - 24980480 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-04-16 10:24 - 2015-03-13 06:25 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-04-16 10:24 - 2015-03-13 06:25 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-04-16 10:24 - 2015-03-13 06:09 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-04-16 10:24 - 2015-03-13 06:08 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-04-16 10:24 - 2015-03-13 06:08 - 00417280 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-04-16 10:24 - 2015-03-13 06:08 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-04-16 10:24 - 2015-03-13 06:07 - 02886144 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-04-16 10:24 - 2015-03-13 06:06 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-04-16 10:24 - 2015-03-13 06:00 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-04-16 10:24 - 2015-03-13 05:59 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-04-16 10:24 - 2015-03-13 05:55 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-04-16 10:24 - 2015-03-13 05:54 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-04-16 10:24 - 2015-03-13 05:54 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-04-16 10:24 - 2015-03-13 05:53 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-04-16 10:24 - 2015-03-13 05:50 - 06025216 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-04-16 10:24 - 2015-03-13 05:44 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-04-16 10:24 - 2015-03-13 05:42 - 19695616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-04-16 10:24 - 2015-03-13 05:42 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-04-16 10:24 - 2015-03-13 05:40 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-04-16 10:24 - 2015-03-13 05:32 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-04-16 10:24 - 2015-03-13 05:28 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-04-16 10:24 - 2015-03-13 05:28 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-04-16 10:24 - 2015-03-13 05:27 - 00340992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-04-16 10:24 - 2015-03-13 05:27 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-04-16 10:24 - 2015-03-13 05:27 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-04-16 10:24 - 2015-03-13 05:26 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-04-16 10:24 - 2015-03-13 05:26 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-04-16 10:24 - 2015-03-13 05:23 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-04-16 10:24 - 2015-03-13 05:22 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-04-16 10:24 - 2015-03-13 05:20 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-04-16 10:24 - 2015-03-13 05:20 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-04-16 10:24 - 2015-03-13 05:17 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-04-16 10:24 - 2015-03-13 05:16 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-04-16 10:24 - 2015-03-13 05:15 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-04-16 10:24 - 2015-03-13 05:08 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-04-16 10:24 - 2015-03-13 05:07 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-04-16 10:24 - 2015-03-13 05:06 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-04-16 10:24 - 2015-03-13 05:05 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-04-16 10:24 - 2015-03-13 05:05 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-04-16 10:24 - 2015-03-13 05:01 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-04-16 10:24 - 2015-03-13 05:00 - 14397440 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-04-16 10:24 - 2015-03-13 04:57 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-04-16 10:24 - 2015-03-13 04:56 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-04-16 10:24 - 2015-03-13 04:54 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-04-16 10:24 - 2015-03-13 04:49 - 04305408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-04-16 10:24 - 2015-03-13 04:45 - 02358784 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-04-16 10:24 - 2015-03-13 04:44 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-04-16 10:24 - 2015-03-13 04:43 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-04-16 10:24 - 2015-03-13 04:42 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-04-16 10:24 - 2015-03-13 04:34 - 12825600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-04-16 10:24 - 2015-03-13 04:33 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-04-16 10:24 - 2015-03-13 04:22 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-04-16 10:24 - 2015-03-13 04:20 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-04-16 10:24 - 2015-03-13 04:16 - 01311232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-04-16 10:24 - 2015-03-13 04:14 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-04-16 10:24 - 2015-02-25 05:18 - 00754688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys
2015-04-16 10:23 - 2015-03-04 06:55 - 00367552 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
2015-04-16 10:23 - 2015-03-04 06:41 - 00079360 _____ (Microsoft Corporation) C:\Windows\system32\clfsw32.dll
2015-04-16 10:23 - 2015-03-04 06:10 - 00058880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\clfsw32.dll
2015-04-14 19:48 - 2015-04-14 19:48 - 00000000 ____D () C:\Users\crocuz\Downloads\FRST-OlderVersion
2015-04-14 19:41 - 2015-04-14 19:41 - 00000625 _____ () C:\Users\admin\Desktop\JRT.txt
2015-04-14 18:54 - 2015-04-14 18:54 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-CROCUZ-PC-Windows-7-Professional-(64-bit).dat
2015-04-14 18:54 - 2015-04-14 18:54 - 00000000 ____D () C:\RegBackup
2015-04-14 18:52 - 2015-04-14 18:52 - 00001118 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-04-14 18:52 - 2015-04-14 18:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-04-14 18:52 - 2015-04-14 18:52 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2015-04-14 18:52 - 2015-03-17 06:15 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-04-14 18:52 - 2015-03-17 06:15 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-04-14 18:45 - 2015-04-14 18:45 - 02687136 _____ (Thisisu) C:\Users\crocuz\Downloads\JRT(1).exe
2015-04-14 18:44 - 2015-04-14 18:45 - 21540440 _____ (Malwarebytes Corporation ) C:\Users\crocuz\Downloads\mbam-setup-2.1.4.1018.exe
2015-04-14 18:44 - 2015-04-14 18:45 - 02217984 _____ () C:\Users\crocuz\Downloads\AdwCleaner_4.201.exe
2015-04-14 17:50 - 2015-04-14 17:50 - 00000000 ___SD () C:\Users\crocuz\Documents\Meine Datenquellen
2015-04-14 17:06 - 2015-04-14 17:07 - 07969808 _____ (TeamViewer GmbH) C:\Users\crocuz\Downloads\TeamViewer_Setup_de(2).exe
2015-04-14 17:06 - 2015-04-14 17:06 - 07969808 _____ (TeamViewer GmbH) C:\Users\crocuz\Downloads\TeamViewer_Setup_de(1).exe
2015-04-13 19:13 - 2015-04-13 19:13 - 00000000 ____D () C:\Users\testuser\AppData\Roaming\Macromedia
2015-04-13 19:13 - 2015-04-13 19:13 - 00000000 ____D () C:\Users\testuser\AppData\Local\Macromedia
2015-04-13 19:11 - 2015-04-13 19:11 - 00000000 ____D () C:\Users\testuser\AppData\Roaming\Mozilla
2015-04-13 19:11 - 2015-04-13 19:11 - 00000000 ____D () C:\Users\testuser\AppData\Local\Mozilla
2015-04-13 19:09 - 2015-04-13 19:09 - 00029038 _____ () C:\ComboFix.txt
2015-04-13 19:05 - 2015-04-13 19:05 - 00000000 ____D () C:\Users\testuser\AppData\Roaming\PC Suite
2015-04-13 14:08 - 2015-04-13 14:08 - 04197016 _____ (Kaspersky Lab ZAO) C:\Users\crocuz\Downloads\tdsskiller(3).exe
2015-04-13 14:06 - 2015-04-14 18:52 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-04-13 14:06 - 2015-04-13 14:18 - 00000000 ____D () C:\Users\admin\Desktop\mbar
2015-04-13 14:06 - 2015-04-13 14:18 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-04-13 14:06 - 2015-03-17 06:15 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-04-13 14:05 - 2015-04-13 14:05 - 16502728 _____ (Malwarebytes Corp.) C:\Users\crocuz\Downloads\mbar-1.09.1.1004.exe
2015-04-11 13:18 - 2015-04-11 13:18 - 00000000 ____D () C:\Users\testuser\AppData\Local\Adobe
2015-04-11 13:17 - 2015-04-11 13:33 - 00000000 ____D () C:\Users\testuser\AppData\Roaming\Swiss Academic Software
2015-04-11 13:17 - 2015-04-11 13:17 - 00000000 ____D () C:\Users\testuser\Documents\Citavi 4
2015-04-11 13:16 - 2015-04-11 13:16 - 00109280 _____ () C:\Users\testuser\AppData\Local\GDIPFONTCACHEV1.DAT
2015-04-11 13:16 - 2015-04-11 13:16 - 00000000 ____D () C:\Users\testuser\AppData\Local\NVIDIA Corporation
2015-04-11 13:15 - 2015-04-11 13:18 - 00000000 ____D () C:\Users\testuser\AppData\Roaming\Adobe
2015-04-11 13:15 - 2015-04-11 13:15 - 00002346 _____ () C:\Users\testuser\Desktop\Sicherer Zahlungsverkehr.lnk
2015-04-11 13:15 - 2015-04-11 13:15 - 00001437 _____ () C:\Users\testuser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-04-11 13:15 - 2015-04-11 13:15 - 00000000 ____D () C:\Users\testuser\AppData\Local\NVIDIA
2015-04-11 13:14 - 2015-04-11 13:15 - 00000000 ____D () C:\Users\testuser\AppData\Local\Google
2015-04-11 13:14 - 2015-04-11 13:14 - 00000020 ___SH () C:\Users\testuser\ntuser.ini
2015-04-11 13:14 - 2015-04-11 13:14 - 00000000 _SHDL () C:\Users\testuser\Vorlagen
2015-04-11 13:14 - 2015-04-11 13:14 - 00000000 _SHDL () C:\Users\testuser\Startmenü
2015-04-11 13:14 - 2015-04-11 13:14 - 00000000 _SHDL () C:\Users\testuser\Netzwerkumgebung
2015-04-11 13:14 - 2015-04-11 13:14 - 00000000 _SHDL () C:\Users\testuser\Lokale Einstellungen
2015-04-11 13:14 - 2015-04-11 13:14 - 00000000 _SHDL () C:\Users\testuser\Eigene Dateien
2015-04-11 13:14 - 2015-04-11 13:14 - 00000000 _SHDL () C:\Users\testuser\Druckumgebung
2015-04-11 13:14 - 2015-04-11 13:14 - 00000000 _SHDL () C:\Users\testuser\Documents\Eigene Musik
2015-04-11 13:14 - 2015-04-11 13:14 - 00000000 _SHDL () C:\Users\testuser\Documents\Eigene Bilder
2015-04-11 13:14 - 2015-04-11 13:14 - 00000000 _SHDL () C:\Users\testuser\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2015-04-11 13:14 - 2015-04-11 13:14 - 00000000 _SHDL () C:\Users\testuser\AppData\Local\Verlauf
2015-04-11 13:14 - 2015-04-11 13:14 - 00000000 _SHDL () C:\Users\testuser\AppData\Local\Anwendungsdaten
2015-04-11 13:14 - 2015-04-11 13:14 - 00000000 _SHDL () C:\Users\testuser\Anwendungsdaten
2015-04-11 13:14 - 2015-04-11 13:14 - 00000000 ____D () C:\Users\testuser\AppData\Local\VirtualStore
2015-04-11 13:14 - 2014-11-10 23:39 - 00000000 ____D () C:\Users\testuser\AppData\Local\Microsoft Help
2015-04-11 13:14 - 2009-07-14 06:54 - 00000000 ___RD () C:\Users\testuser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-04-11 13:14 - 2009-07-14 06:49 - 00000000 ___RD () C:\Users\testuser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-04-10 17:00 - 2015-04-10 17:00 - 00380416 _____ () C:\Users\crocuz\Downloads\Gmer-19357.exe
2015-04-10 17:00 - 2015-04-10 17:00 - 00000472 _____ () C:\Users\crocuz\Downloads\defogger_disable.log
2015-04-10 17:00 - 2015-04-10 17:00 - 00000000 _____ () C:\Users\admin\defogger_reenable
2015-04-10 16:58 - 2015-04-10 16:58 - 00050477 _____ () C:\Users\crocuz\Downloads\Defogger.exe
2015-04-10 16:28 - 2015-04-10 16:28 - 00000118 _____ () C:\Windows\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2015-04-09 12:54 - 2015-04-09 12:54 - 00015871 _____ () C:\Users\crocuz\Desktop\Ziegler1.xltx
2015-04-08 18:34 - 2015-04-08 18:34 - 00000401 _____ () C:\Windows\system32\{F33C3B9B-72AF-418A-B3FD-560646F7CDA2}.bat
2015-04-08 18:28 - 2015-04-18 13:40 - 00002032 _____ () C:\Windows\system32\TeamViewer10_Hooks.log
2015-04-08 18:21 - 2015-04-10 16:28 - 00000000 ____D () C:\Intel
2015-04-08 18:21 - 2015-04-08 18:21 - 00000000 ____D () C:\Program Files (x86)\Intel
2015-04-08 00:20 - 2015-04-18 13:41 - 00000000 ____D () C:\Program Files (x86)\TeamViewer
2015-04-08 00:20 - 2015-04-08 00:20 - 00001059 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 10.lnk
2015-04-08 00:20 - 2015-04-08 00:20 - 00001047 _____ () C:\Users\Public\Desktop\TeamViewer 10.lnk
2015-04-08 00:20 - 2015-04-08 00:20 - 00000000 ____D () C:\Users\admin\AppData\Roaming\TeamViewer
2015-04-08 00:20 - 2015-01-20 11:45 - 00035112 _____ (TeamViewer GmbH) C:\Windows\system32\Drivers\teamviewervpn.sys
2015-04-07 19:04 - 2015-04-07 19:36 - 00001597 _____ () C:\Users\crocuz\Desktop\Google Drive.lnk
2015-04-07 19:04 - 2015-04-07 19:35 - 00000000 ___RD () C:\Users\crocuz\Google Drive
2015-04-07 19:03 - 2015-04-07 19:03 - 00002054 _____ () C:\Users\Public\Desktop\Google Slides.lnk
2015-04-07 19:03 - 2015-04-07 19:03 - 00002052 _____ () C:\Users\Public\Desktop\Google Sheets.lnk
2015-04-07 19:03 - 2015-04-07 19:03 - 00002042 _____ () C:\Users\Public\Desktop\Google Docs.lnk
2015-04-07 19:03 - 2015-04-07 19:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2015-04-07 19:02 - 2015-04-07 19:02 - 00880208 _____ (Google Inc.) C:\Users\crocuz\Downloads\googledrivesync.exe
2015-04-05 03:00 - 2015-04-07 08:47 - 00000000 ___SD () C:\Windows\system32\GWX
2015-04-05 03:00 - 2015-04-05 03:00 - 00000000 ___SD () C:\Windows\SysWOW64\GWX
2015-04-04 21:58 - 2015-04-04 21:58 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-04-04 15:00 - 2015-04-04 15:00 - 00001965 _____ () C:\Users\crocuz\AppData\Local\recently-used.xbel
2015-04-04 14:20 - 2015-04-04 14:20 - 00000000 ___HD () C:\Users\crocuz\Desktop\.picasaoriginals
2015-04-03 15:56 - 2015-04-03 15:56 - 00000907 _____ () C:\Users\Public\Desktop\Inkscape 0.91.lnk
2015-04-03 15:56 - 2015-04-03 15:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Inkscape 0.91
2015-04-03 15:56 - 2015-04-03 15:56 - 00000000 ____D () C:\Program Files\Inkscape
2015-04-03 15:48 - 2015-04-03 15:50 - 97868152 _____ () C:\Users\crocuz\Downloads\inkscape-0.91-x64.msi
2015-04-03 15:46 - 2015-04-03 15:46 - 00040059 _____ () C:\Users\crocuz\Desktop\logo_aktuell_argb_final_illu_neu_srgb2_gerader daumen_ohne kontur.svg
2015-03-31 19:02 - 2015-03-31 19:02 - 24802928 _____ (Intel Corporation) C:\Windows\system32\igdumdim64.dll
2015-03-31 19:02 - 2015-03-31 19:02 - 06067760 _____ (Intel Corporation) C:\Windows\system32\igdusc64.dll
2015-03-31 19:02 - 2015-03-31 19:02 - 04782296 _____ (Intel Corporation) C:\Windows\SysWOW64\igdusc32.dll
2015-03-31 19:02 - 2015-03-31 19:02 - 02813952 _____ () C:\Windows\system32\iglhxa64.cpa
2015-03-31 19:02 - 2015-03-31 19:02 - 02024960 _____ (Intel Corporation) C:\Windows\system32\igfxLHM.dll
2015-03-31 19:02 - 2015-03-31 19:02 - 01402336 _____ (Intel Corporation) C:\Windows\system32\iglhsip64.dll
2015-03-31 19:02 - 2015-03-31 19:02 - 01399240 _____ (Intel Corporation) C:\Windows\SysWOW64\iglhsip32.dll
2015-03-31 19:02 - 2015-03-31 19:02 - 01369088 _____ (Intel Corporation) C:\Windows\system32\igfxcmjit64.dll
2015-03-31 19:02 - 2015-03-31 19:02 - 01063936 _____ (Intel Corporation) C:\Windows\SysWOW64\igfxcmjit32.dll
2015-03-31 19:02 - 2015-03-31 19:02 - 00695808 _____ (Intel Corporation) C:\Windows\system32\igfxDH.dll
2015-03-31 19:02 - 2015-03-31 19:02 - 00623616 _____ (Intel Corporation) C:\Windows\system32\MetroIntelGenericUIFramework.dll
2015-03-31 19:02 - 2015-03-31 19:02 - 00403671 _____ () C:\Windows\system32\ImageStabilization.wmv
2015-03-31 19:02 - 2015-03-31 19:02 - 00392592 _____ () C:\Windows\system32\igfxTray.exe
2015-03-31 19:02 - 2015-03-31 19:02 - 00385024 _____ (Intel Corporation) C:\Windows\system32\igfxOSP.dll
2015-03-31 19:02 - 2015-03-31 19:02 - 00372224 _____ (Intel Corporation) C:\Windows\system32\IntelOpenCL64.dll
2015-03-31 19:02 - 2015-03-31 19:02 - 00344976 _____ (Intel Corporation) C:\Windows\system32\igfxCUIService.exe
2015-03-31 19:02 - 2015-03-31 19:02 - 00314256 _____ (Intel Corporation) C:\Windows\system32\igfxEM.exe
2015-03-31 19:02 - 2015-03-31 19:02 - 00304128 _____ (Intel Corporation) C:\Windows\SysWOW64\IntelOpenCL32.dll
2015-03-31 19:02 - 2015-03-31 19:02 - 00279952 _____ (Intel Corporation) C:\Windows\SysWOW64\IntelCpHeciSvc.exe
2015-03-31 19:02 - 2015-03-31 19:02 - 00278528 _____ (Intel Corporation) C:\Windows\system32\igfxDI.dll
2015-03-31 19:02 - 2015-03-31 19:02 - 00255488 _____ () C:\Windows\system32\igfxCPL.cpl
2015-03-31 19:02 - 2015-03-31 19:02 - 00249232 _____ (Intel Corporation) C:\Windows\system32\igfxHK.exe
2015-03-31 19:02 - 2015-03-31 19:02 - 00229888 _____ (Intel Corporation) C:\Windows\system32\igfxDTCM.dll
2015-03-31 19:02 - 2015-03-31 19:02 - 00220432 _____ (Intel Corporation) C:\Windows\system32\iglhcp64.dll
2015-03-31 19:02 - 2015-03-31 19:02 - 00218512 _____ (Intel Corporation) C:\Windows\system32\igfxext.exe
2015-03-31 19:02 - 2015-03-31 19:02 - 00213504 _____ (Intel Corporation) C:\Windows\system32\igfx11cmrt64.dll
2015-03-31 19:02 - 2015-03-31 19:02 - 00211656 _____ (Intel Corporation) C:\Windows\system32\igfxcmrt64.dll
2015-03-31 19:02 - 2015-03-31 19:02 - 00184352 _____ (Intel Corporation) C:\Windows\SysWOW64\iglhcp32.dll
2015-03-31 19:02 - 2015-03-31 19:02 - 00183296 _____ (Intel Corporation) C:\Windows\system32\igfxCoIn_v4156.dll
2015-03-31 19:02 - 2015-03-31 19:02 - 00178672 _____ (Intel Corporation) C:\Windows\SysWOW64\igfxcmrt32.dll
2015-03-31 19:02 - 2015-03-31 19:02 - 00178176 _____ (Intel Corporation) C:\Windows\SysWOW64\igfx11cmrt32.dll
2015-03-31 19:02 - 2015-03-31 19:02 - 00086528 _____ (Khronos Group) C:\Windows\SysWOW64\Intel_OpenCL_ICD32.dll
2015-03-31 19:02 - 2015-03-31 19:02 - 00086528 _____ () C:\Windows\system32\igfxCUIServicePS.dll
2015-03-31 19:02 - 2015-03-31 19:02 - 00082432 _____ (Khronos Group) C:\Windows\system32\Intel_OpenCL_ICD64.dll
2015-03-31 19:02 - 2015-03-31 19:02 - 00069632 _____ ( ) C:\Windows\system32\igfxDHLibv2_0.dll
2015-03-31 19:02 - 2015-03-31 19:02 - 00059904 _____ ( ) C:\Windows\system32\igfxDHLib.dll
2015-03-31 19:02 - 2015-03-31 19:02 - 00044025 _____ () C:\Windows\system32\iglhxo64.vp
2015-03-31 19:02 - 2015-03-31 19:02 - 00043816 _____ () C:\Windows\system32\iglhxc64_dev.vp
2015-03-31 19:02 - 2015-03-31 19:02 - 00043494 _____ () C:\Windows\system32\iglhxc64.vp
2015-03-31 19:02 - 2015-03-31 19:02 - 00043298 _____ () C:\Windows\system32\iglhxg64_dev.vp
2015-03-31 19:02 - 2015-03-31 19:02 - 00043256 _____ () C:\Windows\system32\iglhxg64.vp
2015-03-31 19:02 - 2015-03-31 19:02 - 00042079 _____ () C:\Windows\system32\iglhxo64_dev.vp
2015-03-31 19:02 - 2015-03-31 19:02 - 00036616 _____ (Intel Corporation) C:\Windows\system32\igfxexps.dll
2015-03-31 19:02 - 2015-03-31 19:02 - 00035328 _____ (Intel Corporation) C:\Windows\SysWOW64\igfxexps32.dll
2015-03-31 19:02 - 2015-03-31 19:02 - 00010752 _____ ( ) C:\Windows\system32\igfxDILibv2_0.dll
2015-03-31 19:02 - 2015-03-31 19:02 - 00010752 _____ ( ) C:\Windows\system32\igfxDILib.dll
2015-03-31 19:02 - 2015-03-31 19:02 - 00010240 _____ ( ) C:\Windows\system32\igfxEMLibv2_0.dll
2015-03-31 19:02 - 2015-03-31 19:02 - 00010240 _____ ( ) C:\Windows\system32\igfxEMLib.dll
2015-03-31 19:02 - 2015-03-31 19:02 - 00005120 _____ ( ) C:\Windows\system32\igfxLHMLibv2_0.dll
2015-03-31 19:02 - 2015-03-31 19:02 - 00005120 _____ ( ) C:\Windows\system32\igfxLHMLib.dll
2015-03-31 19:02 - 2015-03-31 19:02 - 00004016 _____ () C:\Windows\system32\iglhxs64.vp
2015-03-31 19:02 - 2015-03-31 19:02 - 00001125 _____ () C:\Windows\system32\iglhxa64.vp
2015-03-31 19:01 - 2015-03-31 19:01 - 24003648 _____ (Intel Corporation) C:\Windows\SysWOW64\igdumdim32.dll
2015-03-31 19:01 - 2015-03-31 19:01 - 17761872 _____ () C:\Windows\system32\igd11dxva64.dll
2015-03-31 19:01 - 2015-03-31 19:01 - 17285440 _____ () C:\Windows\SysWOW64\igd11dxva32.dll
2015-03-31 19:01 - 2015-03-31 19:01 - 15982080 _____ (Intel Corporation) C:\Windows\system32\igdfcl64.dll
2015-03-31 19:01 - 2015-03-31 19:01 - 10853888 _____ (Intel Corporation) C:\Windows\SysWOW64\igdfcl32.dll
2015-03-31 19:01 - 2015-03-31 19:01 - 09396160 _____ (Intel Corporation) C:\Windows\system32\igd10iumd64.dll
2015-03-31 19:01 - 2015-03-31 19:01 - 08605632 _____ (Intel Corporation) C:\Windows\SysWOW64\igd10iumd32.dll
2015-03-31 19:01 - 2015-03-31 19:01 - 06021437 _____ () C:\Windows\system32\igdclbif.bin
2015-03-31 19:01 - 2015-03-31 19:01 - 04877240 _____ (Intel Corporation) C:\Windows\system32\Drivers\igdkmd64.sys
2015-03-31 19:01 - 2015-03-31 19:01 - 03550208 _____ (Intel Corporation) C:\Windows\system32\igdrcl64.dll
2015-03-31 19:01 - 2015-03-31 19:01 - 03320320 _____ (Intel Corporation) C:\Windows\SysWOW64\igdrcl32.dll
2015-03-31 19:01 - 2015-03-31 19:01 - 00636016 _____ (Intel Corporation) C:\Windows\system32\igdmd64.dll
2015-03-31 19:01 - 2015-03-31 19:01 - 00515488 _____ (Intel Corporation) C:\Windows\SysWOW64\igdmd32.dll
2015-03-31 19:01 - 2015-03-31 19:01 - 00398848 _____ (Intel Corporation) C:\Windows\system32\igdbcl64.dll
2015-03-31 19:01 - 2015-03-31 19:01 - 00350208 _____ (Intel Corporation) C:\Windows\SysWOW64\igdbcl32.dll
2015-03-31 19:01 - 2015-03-31 19:01 - 00282696 _____ (Intel Corporation) C:\Windows\system32\igd10idpp64.dll
2015-03-31 19:01 - 2015-03-31 19:01 - 00263120 _____ (Intel Corporation) C:\Windows\SysWOW64\igd10idpp32.dll
2015-03-31 19:01 - 2015-03-31 19:01 - 00227328 _____ () C:\Windows\system32\igdde64.dll
2015-03-31 19:01 - 2015-03-31 19:01 - 00187392 _____ () C:\Windows\SysWOW64\igdde32.dll
2015-03-31 19:01 - 2015-03-31 19:01 - 00169984 _____ (Intel Corporation) C:\Windows\system32\igdail64.dll
2015-03-31 19:01 - 2015-03-31 19:01 - 00152064 _____ (Intel Corporation) C:\Windows\SysWOW64\igdail32.dll
2015-03-31 19:00 - 2015-03-31 19:00 - 09504256 _____ (Intel Corporation) C:\Windows\system32\ig75icd64.dll
2015-03-31 19:00 - 2015-03-31 19:00 - 07484416 _____ (Intel Corporation) C:\Windows\SysWOW64\ig75icd32.dll
2015-03-31 19:00 - 2015-03-31 19:00 - 01131008 _____ (Intel Corporation) C:\Windows\system32\GfxResources.dll
2015-03-31 19:00 - 2015-03-31 19:00 - 01029008 _____ (Intel Corporation) C:\Windows\system32\Gfxv4_0.exe
2015-03-31 19:00 - 2015-03-31 19:00 - 01025936 _____ (Intel Corporation) C:\Windows\system32\Gfxv2_0.exe
2015-03-31 19:00 - 2015-03-31 19:00 - 00641530 _____ () C:\Windows\system32\FilmModeDetection.wmv
2015-03-31 19:00 - 2015-03-31 19:00 - 00448912 _____ (Intel Corporation) C:\Windows\system32\GfxUIEx.exe
2015-03-31 19:00 - 2015-03-31 19:00 - 00375173 _____ () C:\Windows\system32\ColorImageEnhancement.wmv
2015-03-31 19:00 - 2015-03-31 19:00 - 00339344 _____ (Intel Corporation) C:\Windows\system32\DPTopologyApp.exe
2015-03-31 19:00 - 2015-03-31 19:00 - 00338832 _____ (Intel Corporation) C:\Windows\system32\DPTopologyAppv2_0.exe
2015-03-31 19:00 - 2015-03-31 19:00 - 00157072 _____ (Intel Corporation) C:\Windows\system32\difx64.exe
2015-03-31 19:00 - 2015-03-31 19:00 - 00094208 _____ () C:\Windows\system32\IccLibDll_x64.dll
2015-03-27 18:13 - 2015-03-27 18:13 - 00595145 _____ (GBOOKSDOWNLOADER.COM ) C:\Users\crocuz\Downloads\gbooks_latest.exe
2015-03-27 18:10 - 2015-03-27 18:13 - 00001116 _____ () C:\Users\Public\Desktop\Google Books Downloader.lnk
2015-03-27 18:10 - 2015-03-27 18:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Books Downloader
2015-03-27 18:10 - 2015-03-27 18:13 - 00000000 ____D () C:\Program Files (x86)\Google Books Downloader
2015-03-27 18:10 - 2015-03-27 18:10 - 00657781 _____ (GBOOKSDOWNLOADER.COM ) C:\Users\crocuz\Downloads\google-book-downloader_19557.exe
2015-03-27 13:46 - 2015-04-03 21:04 - 00000000 ____D () C:\Users\crocuz\AppData\Roaming\MediaMonkey
2015-03-27 13:46 - 2015-03-27 13:46 - 15621448 _____ (Ventis Media Inc. ) C:\Users\crocuz\Downloads\MediaMonkey_4.1.6.1736.exe
2015-03-27 13:46 - 2015-03-27 13:46 - 00001059 _____ () C:\Users\Public\Desktop\MediaMonkey.lnk
2015-03-27 13:46 - 2015-03-27 13:46 - 00000000 ____D () C:\Users\crocuz\AppData\Local\MediaMonkey
2015-03-27 13:46 - 2015-03-27 13:46 - 00000000 ____D () C:\Users\admin\AppData\Roaming\MediaMonkey
2015-03-27 13:46 - 2015-03-27 13:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MediaMonkey
2015-03-27 13:46 - 2015-03-27 13:46 - 00000000 ____D () C:\ProgramData\MediaMonkey
2015-03-27 13:46 - 2015-03-27 13:46 - 00000000 ____D () C:\Program Files (x86)\MediaMonkey
2015-03-24 14:52 - 2015-04-14 19:17 - 00007944 _____ () C:\Windows\PFRO.log
2015-03-22 16:52 - 2015-03-22 16:52 - 00115592 _____ (pdfforge GmbH) C:\Windows\system32\pdfcmon.dll
2015-03-22 16:52 - 2015-03-22 16:52 - 00000848 _____ () C:\Users\Public\Desktop\PDFCreator.lnk
2015-03-22 16:52 - 2015-03-22 16:52 - 00000000 ____D () C:\Users\crocuz\AppData\Local\PDFCreator
2015-03-22 16:52 - 2015-03-22 16:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator
2015-03-22 16:52 - 2015-03-22 16:52 - 00000000 ____D () C:\Program Files\PDFCreator
2015-03-22 16:13 - 2015-03-22 16:13 - 06305280 _____ () C:\Users\crocuz\Downloads\Word2007RedactionTool(1).exe
2015-03-22 16:11 - 2015-03-22 16:15 - 00000000 ____D () C:\Users\admin\AppData\Local\Deployment
2015-03-22 16:11 - 2015-03-22 16:11 - 00000000 ____D () C:\Users\admin\AppData\Local\Apps\2.0
2015-03-22 16:10 - 2015-03-22 16:10 - 06305280 _____ () C:\Users\crocuz\Downloads\Word2007RedactionTool.exe
2015-03-22 00:05 - 2015-03-22 00:06 - 00385880 _____ () C:\Windows\Minidump\032115-18330-01.dmp
2015-03-22 00:05 - 2015-03-22 00:05 - 00000000 ____D () C:\Windows\Minidump
2015-03-19 22:38 - 2015-03-19 22:38 - 00002170 _____ () C:\Users\Public\Desktop\Style Builder 2015.lnk
2015-03-19 22:38 - 2015-03-19 22:38 - 00002084 _____ () C:\Users\Public\Desktop\LayOut 2015.lnk
2015-03-19 22:38 - 2015-03-19 22:38 - 00001999 _____ () C:\Users\Public\Desktop\SketchUp 2015.lnk
2015-03-19 22:38 - 2015-03-19 22:38 - 00000000 ____D () C:\Users\crocuz\AppData\Roaming\SketchUp
2015-03-19 22:38 - 2015-03-19 22:38 - 00000000 ____D () C:\ProgramData\Reprise
2015-03-19 22:38 - 2015-03-19 22:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SketchUp 2015
2015-03-19 22:37 - 2015-03-19 22:37 - 00000000 ____D () C:\ProgramData\SketchUp
2015-03-19 22:37 - 2015-03-19 22:37 - 00000000 ____D () C:\Program Files\SketchUp
2015-03-19 22:34 - 2015-03-19 22:37 - 119538880 _____ (Trimble Navigation Limited) C:\Users\crocuz\Downloads\SketchUpMake153-de-x64.exe
2015-03-19 22:21 - 2015-03-19 22:28 - 321350968 _____ () C:\Users\crocuz\Downloads\Desjet3D-V110-4144-64bit.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-18 23:55 - 2015-03-04 20:43 - 00000000 ____D () C:\FRST
2015-04-18 23:53 - 2014-12-12 23:50 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-04-18 23:26 - 2014-12-21 19:03 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-04-18 22:09 - 2015-03-04 19:00 - 01130437 _____ () C:\Windows\WindowsUpdate.log
2015-04-18 22:09 - 2014-12-21 19:03 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-04-18 14:02 - 2013-01-31 13:07 - 00000000 ____D () C:\Users\crocuz\AppData\Roaming\foobar2000
2015-04-18 13:45 - 2013-01-22 05:17 - 00000000 ____D () C:\Program Files (x86)\SpeedFan
2015-04-18 13:40 - 2013-01-22 03:37 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2015-04-18 13:03 - 2014-10-03 18:49 - 00011824 _____ () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-04-18 13:03 - 2014-10-03 18:49 - 00011824 _____ () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-04-18 12:53 - 2015-03-12 04:31 - 00007224 _____ () C:\Windows\setupact.log
2015-04-18 12:53 - 2014-12-30 01:08 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-04-18 12:53 - 2014-10-03 18:50 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-04-17 18:38 - 2014-10-03 18:50 - 00709900 _____ () C:\Windows\system32\perfh007.dat
2015-04-17 18:38 - 2014-10-03 18:50 - 00154336 _____ () C:\Windows\system32\perfc007.dat
2015-04-17 18:38 - 2014-10-03 18:49 - 01649556 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-04-17 17:05 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2015-04-17 17:03 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\AppCompat
2015-04-17 02:33 - 2013-01-22 05:11 - 00000000 ____D () C:\Users\crocuz\AppData\Local\Microsoft Help
2015-04-16 20:40 - 2014-12-21 18:29 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-04-16 20:40 - 2014-12-21 18:29 - 00000000 ____D () C:\Windows\system32\appraiser
2015-04-16 11:53 - 2013-01-22 05:11 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-04-16 11:52 - 2013-02-17 22:23 - 01622900 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2015-04-16 11:50 - 2014-11-25 19:00 - 00000000 ___RD () C:\Program Files (x86)\Skype
2015-04-16 11:50 - 2014-11-25 19:00 - 00000000 ____D () C:\ProgramData\Skype
2015-04-16 11:50 - 2013-09-21 01:06 - 00000000 ____D () C:\Windows\system32\MRT
2015-04-16 11:45 - 2013-01-22 05:10 - 128913832 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-04-16 11:43 - 2009-07-14 04:34 - 00000478 _____ () C:\Windows\win.ini
2015-04-16 10:53 - 2014-12-12 23:50 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-04-16 10:53 - 2014-11-11 21:38 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-04-16 10:53 - 2014-11-11 21:38 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-04-16 10:27 - 2014-12-21 19:05 - 00002187 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-04-15 00:22 - 2015-01-02 16:51 - 00000000 ____D () C:\Program Files (x86)\Steam
2015-04-14 19:48 - 2015-03-04 20:43 - 00047684 _____ () C:\Users\crocuz\Downloads\FRST.txt
2015-04-14 19:48 - 2015-03-04 20:43 - 00020666 _____ () C:\Users\crocuz\Downloads\Addition.txt
2015-04-14 19:48 - 2015-03-04 18:21 - 02096640 _____ (Farbar) C:\Users\crocuz\Downloads\FRST64.exe
2015-04-14 19:16 - 2015-03-04 19:54 - 00000000 ____D () C:\AdwCleaner
2015-04-14 17:25 - 2015-03-02 18:03 - 00000000 ____D () C:\Users\crocuz\AppData\Roaming\TeamViewer
2015-04-13 19:09 - 2015-03-04 18:27 - 00000000 ____D () C:\Qoobox
2015-04-13 19:09 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Default
2015-04-13 19:08 - 2015-03-04 18:27 - 00000000 ____D () C:\Windows\erdnt
2015-04-13 19:06 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini
2015-04-13 18:24 - 2015-03-04 19:02 - 05617275 ____R (Swearware) C:\Users\crocuz\Desktop\ComboFix.exe
2015-04-13 18:22 - 2015-03-04 18:27 - 05617275 ____R (Swearware) C:\Users\crocuz\Downloads\ComboFix.exe
2015-04-13 16:44 - 2014-12-06 17:31 - 00000000 ____D () C:\Users\crocuz\AppData\Roaming\Dropbox
2015-04-13 14:06 - 2015-03-04 19:38 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-04-11 13:13 - 2013-02-17 22:30 - 00109280 _____ () C:\Users\admin\AppData\Local\GDIPFONTCACHEV1.DAT
2015-04-10 17:03 - 2013-01-22 12:39 - 00000000 ____D () C:\Users\admin
2015-04-10 16:54 - 2014-12-06 17:34 - 00001033 _____ () C:\Users\crocuz\Desktop\Dropbox.lnk
2015-04-10 16:54 - 2014-12-06 17:18 - 00000000 ____D () C:\Users\crocuz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-04-08 18:34 - 2013-01-11 20:21 - 00000000 ____D () C:\Users\crocuz
2015-04-08 18:21 - 2014-12-30 06:25 - 00000000 ____D () C:\Program Files\Intel
2015-04-08 16:37 - 2014-10-03 18:49 - 00109280 _____ () C:\Users\crocuz\AppData\Local\GDIPFONTCACHEV1.DAT
2015-04-08 14:28 - 2014-10-03 18:49 - 00409912 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-04-07 21:42 - 2014-11-25 19:00 - 00000000 ____D () C:\Users\crocuz\AppData\Roaming\Skype
2015-04-07 19:03 - 2014-12-21 17:52 - 00000000 ____D () C:\Users\admin\AppData\Local\Google
2015-04-07 19:03 - 2013-01-22 04:32 - 00000000 ____D () C:\Users\crocuz\AppData\Local\Google
2015-04-07 19:03 - 2013-01-22 04:32 - 00000000 ____D () C:\Program Files (x86)\Google
2015-04-07 15:59 - 2013-01-22 03:37 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-04-07 08:25 - 2014-12-22 15:47 - 00000000 ____D () C:\Users\crocuz\AppData\Roaming\Swiss Academic Software
2015-04-03 18:11 - 2013-12-08 17:05 - 00000000 ____D () C:\Users\crocuz\Documents\Citavi 4
2015-04-02 14:39 - 2015-01-19 17:18 - 00000000 ____D () C:\Users\crocuz\AppData\Local\CutePDF Writer
2015-03-31 19:02 - 2014-12-30 00:59 - 00086528 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2015-03-31 19:02 - 2014-12-30 00:59 - 00082432 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2015-03-27 14:04 - 2014-11-15 23:50 - 00000000 ____D () C:\Users\crocuz\AppData\Roaming\vlc
2015-03-19 22:39 - 2014-12-31 18:38 - 00000000 ____D () C:\Users\crocuz\AppData\Roaming\NVIDIA

==================== Files in the root of some directories =======

2013-02-17 22:29 - 2013-02-17 22:29 - 0000093 _____ () C:\Users\admin\AppData\Local\fusioncache.dat

Some content of TEMP:
====================
C:\Users\admin\AppData\Local\temp\Quarantine.exe
C:\Users\admin\AppData\Local\temp\sfamcc00001.dll
C:\Users\admin\AppData\Local\temp\sfareca00001.dll
C:\Users\admin\AppData\Local\temp\sqlite3.dll
C:\Users\crocuz\AppData\Local\temp\NOSEventMessages.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-04-14 13:00

==================== End Of Log ============================
--- --- ---

--- --- ---

Alt 19.04.2015, 07:48   #15
schrauber
/// the machine
/// TB-Ausbilder
 
Windows 7 - Evtl. Highjacking/ Trojaner-Infektion nach unvorsichtigem Download - Standard

Windows 7 - Evtl. Highjacking/ Trojaner-Infektion nach unvorsichtigem Download


Noch Probleme?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Antwort
Seite 1 von 2 1 2

Themen zu Windows 7 - Evtl. Highjacking/ Trojaner-Infektion nach unvorsichtigem Download
aufsetzen, avira, befall, bitdefender, blöd, defender, desktop, download, dvd, fehler, freeze, infiziert, internet, kaspersky, keylogger, malwarebytes, maus, nicht mehr, probleme, programme, rechner, system, unbedingt, windows, öffnen


« Windows8 Polizei Info | Abuse@Telekom.de - Sicherheitswarnung zum Internetzugang 1 PC mit Trojaner generic infiziert »


Ähnliche Themen: Windows 7 - Evtl. Highjacking/ Trojaner-Infektion nach unvorsichtigem Download


  1. Windows 8 Evtl Malware nach Fehlklick während eines Livestreams
    Log-Analyse und Auswertung - 29.09.2015 (13)
  2. Win7: Nach unvorsichtigem Klick auf "updateflashplayer.***.exe" lädt iexplore.exe von selbst
    Log-Analyse und Auswertung - 12.09.2014 (24)
  3. Infektion nach Download vermeintlicher Vodafone Rechnung
    Plagegeister aller Art und deren Bekämpfung - 30.06.2014 (17)
  4. Evtl erneute Infektion nach Format C?
    Plagegeister aller Art und deren Bekämpfung - 01.05.2014 (12)
  5. Windows 7 Trojaner infektion nach Plugin installation
    Log-Analyse und Auswertung - 15.04.2014 (15)
  6. Windows 7: Infektion mit Bitguard/BHO.Bprotector.1.4, Lizardlink und evtl. anderen Viren
    Log-Analyse und Auswertung - 05.12.2013 (13)
  7. Windows 8: potentieller Virus/Trojaner nach Download von "Free m4a to mp3 converter" von chip.de - Einblendungen in Firefox und am Desktop
    Log-Analyse und Auswertung - 30.10.2013 (9)
  8. windows xp/pro/sp3 totalschaden nach download
    Log-Analyse und Auswertung - 04.10.2013 (17)
  9. Nach Download einer Amazon-Rechnung (nicht geöffnet) TR/Buzus Trojaner per Avira gefunden nach Virenprüfung hier der Bericht
    Log-Analyse und Auswertung - 16.09.2013 (6)
  10. Windows 7: Problem nach qvO6-Infektion
    Log-Analyse und Auswertung - 17.08.2013 (7)
  11. Evtl. Trojaner nach Mahnungsschreiben
    Log-Analyse und Auswertung - 05.06.2013 (1)
  12. diverse Trojaner und Malware gefunden, infektion evtl. durch 22kB dateianhang
    Log-Analyse und Auswertung - 31.01.2013 (3)
  13. nach GVU-Trojaner evtl. noch andere Viren drauf
    Plagegeister aller Art und deren Bekämpfung - 12.09.2012 (3)
  14. Datenentschlüsselung nach Infektion mit Windows-Verschlüsselungs-Trojaner
    Plagegeister aller Art und deren Bekämpfung - 16.06.2012 (2)
  15. antivir findet trojaner nach download, ist mein pc sicher nach Dateilöschung
    Log-Analyse und Auswertung - 19.02.2010 (11)
  16. Evtl. Infektion?
    Plagegeister aller Art und deren Bekämpfung - 18.02.2010 (3)
  17. windows nach download kaputt
    Alles rund um Windows - 09.09.2009 (7)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Windows 7 - Evtl. Highjacking/ Trojaner-Infektion nach unvorsichtigem Download - Hallo zusammen Da ich nicht mehr weiter weiss und mich vor einer evtl. Neuinstallation absichern möchte, würde ich mich über Hilfe sehr freuen. Situation: Ich habe vor etwa 4 Wochen - Windows 7 - Evtl. Highjacking/ Trojaner-Infektion nach unvorsichtigem Download...
Archiv
Du betrachtest: Windows 7 - Evtl. Highjacking/ Trojaner-Infektion nach unvorsichtigem Download auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131