| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Re-Infekt mit Malaha.net und diverse BeobachtungenWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
27.04.2015, 19:53
| #1 |
 |  Re-Infekt mit Malaha.net und diverse Beobachtungen Hallo. Habe mir vor kurzem wegen malaha.net hier helfen lassen. Nun ist diese Site zurück. Und das nicht nur unter Win8.1 sondern auch unter Ubuntu. Außerdem scheint mir der Rechner sehr lange beim runterfahren zu brauchen. Genauer: alles ist runtergefahren, dennoch braucht der Rechner noch eine gewisse Zeit (geschätzt: 30/40 sec.) bis er sich dann tatsächlich abschaltet. Außerdem hab ich den Eindruck Alles zwei mal klicken zu müssen, um eine Reaktion zu erzeugen. Z.B. der Aufruf von Chrome aus der Startleiste. Oder ein Link auf einer Site. Und irgendwie muß ich immer mal wieder Pass- und Kennwörter eintragen. So bei WLan-Verbindung, LastPass oder anderen Verbindungen, bei denen das Kennwort gespeichert werden soll. Zu Win: defogger - gemacht FRST Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 27-04-2015 01 Ran by Kay (administrator) on *** on 27-04-2015 20:35:11 Running from C:\Users\Kay\Downloads Loaded Profiles: Kay (Available profiles: Kay) Platform: Windows 8.1 Pro (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 (Default browser: IE) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AMD) C:\Windows\System32\atiesrxx.exe (AMD) C:\Windows\System32\atieclxx.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe (Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe (Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe (Microsoft Corporation) C:\Windows\System32\dasHost.exe (Malwarebytes Corporation) D:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe (Malwarebytes Corporation) D:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe (Ralink Technology, Corp.) C:\Program Files (x86)\Ralink\Common\RaRegistry.exe (Ralink Technology, Corp.) C:\Program Files (x86)\Ralink\Common\RaRegistry64.exe (Secunia) C:\Program Files (x86)\Secunia\PSI\psia.exe (DEVGURU Co., LTD.) D:\Program Files (x86)\USB Drivers\25_escape\conn\ss_conn_service.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe (Malwarebytes Corporation) D:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe (IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe (Microsoft Corporation) C:\Windows\System32\SkyDrive.exe (Atheros Communications) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe () C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe (Akamai Technologies, Inc.) C:\Users\Kay\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.) C:\Users\Kay\AppData\Local\Akamai\netsession_win.exe (Hewlett-Packard Co.) C:\Program Files\HP\HP Photosmart Plus B210 series\Bin\ScanToPCActivationApp.exe (Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe (Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe (VideoLAN) D:\Program Files\VideoLAN\VLC\vlc.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe (Farbar) C:\Users\Kay\Downloads\FRST64 (1).exe (Hewlett-Packard Co.) C:\Program Files\HP\HP Photosmart Plus B210 series\Bin\HPNetworkCommunicator.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [161984 2014-04-20] (IvoSoft) HKLM\...\Run: [IntelliPoint] => C:\Program Files\Microsoft IntelliPoint\ipoint.exe [2417032 2011-08-01] (Microsoft Corporation) HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation) HKLM-x32\...\Run: [WISO Mein Geld 2015 Professional .NET] => D:\Program Files (x86)\Buhl\WISO Mein Geld 2015\mg.exe [1120568 2015-04-01] (Buhl Data Service) HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2014-11-20] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard) HKLM-x32\...\Run: [] => [X] HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [134784 2014-11-30] (Atheros Communications) HKU\S-1-5-21-1888364831-2858631773-2981139133-1001\...\Run: [Google Update] => C:\Users\Kay\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2014-03-16] (Google Inc.) HKU\S-1-5-21-1888364831-2858631773-2981139133-1001\...\Run: [Google+ Auto Backup] => C:\Users\Kay\AppData\Local\Programs\Google\Google+ Auto Backup\Google+ Auto Backup.exe [3754312 2015-02-13] (Google Inc.) HKU\S-1-5-21-1888364831-2858631773-2981139133-1001\...\Run: [WEB.DE Application {sync-000021}] => C:\Users\Kay\AppData\Local\WEB.DE Application {sync-000021}\webde_onlinespeicher.exe [781312 2015-02-18] (1&1 Mail & Media GmbH) HKU\S-1-5-21-1888364831-2858631773-2981139133-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7451928 2015-03-13] (Piriform Ltd) HKU\S-1-5-21-1888364831-2858631773-2981139133-1001\...\Run: [Akamai NetSession Interface] => C:\Users\Kay\AppData\Local\Akamai\netsession_win.exe [4673432 2014-10-29] (Akamai Technologies, Inc.) HKU\S-1-5-21-1888364831-2858631773-2981139133-1001\...\Run: [HP Photosmart Plus B210 series (NET)] => C:\Program Files\HP\HP Photosmart Plus B210 series\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass FF RunOnce.lnk [2014-10-06] ShortcutTarget: Install LastPass FF RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe (LastPass) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass IE RunOnce.lnk [2014-01-20] ShortcutTarget: Install LastPass IE RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe (LastPass) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Ralink Wireless Utility.lnk [2015-02-19] Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk [2014-10-02] ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia) Startup: C:\Users\Kay\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\WISO Mein Steuer-Sparbuch heute.lnk [2014-03-19] ShortcutTarget: WISO Mein Steuer-Sparbuch heute.lnk -> D:\Program Files (x86)\WISO\Steuersoftware 2014\mshaktuell.exe () ShellIconOverlayIdentifiers: [ 1&1 Sync Overlay 1] -> {02B2B772-B8A8-4DA4-9B18-42551A54A1A8} => C:\Program Files\Common Files\1&1 Sync\1&1SyncShellExtension64_1_0_0_1_20150212142954828.dll [2014-11-27] (1&1 Mail & Media GmbH) ShellIconOverlayIdentifiers: [ 1&1 Sync Overlay 2] -> {0575AB16-E932-4160-8936-4DBE195BDBD7} => C:\Program Files\Common Files\1&1 Sync\1&1SyncShellExtension64_1_0_0_1_20150212142954828.dll [2014-11-27] (1&1 Mail & Media GmbH) ShellIconOverlayIdentifiers: [ 1&1 Sync Overlay 3] -> {0E9EF89A-96D3-4DE6-B2F8-E9548AA5321E} => C:\Program Files\Common Files\1&1 Sync\1&1SyncShellExtension64_1_0_0_1_20150212142954828.dll [2014-11-27] (1&1 Mail & Media GmbH) ShellIconOverlayIdentifiers: [ 1&1 Sync Overlay 4] -> {1A4AFFE1-B2F9-483D-B627-D9A339DBFD34} => C:\Program Files\Common Files\1&1 Sync\1&1SyncShellExtension64_1_0_0_1_20150212142954828.dll [2014-11-27] (1&1 Mail & Media GmbH) ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll [2014-04-20] (IvoSoft) ShellIconOverlayIdentifiers-x32: [ 1&1 Sync Overlay 1] -> {02B2B772-B8A8-4DA4-9B18-42551A54A1A8} => C:\Program Files (x86)\Common Files\1&1 Sync\1&1SyncShellExtension_1_0_0_1_20150212142954828.dll [2014-11-27] (1&1 Mail & Media GmbH) ShellIconOverlayIdentifiers-x32: [ 1&1 Sync Overlay 2] -> {0575AB16-E932-4160-8936-4DBE195BDBD7} => C:\Program Files (x86)\Common Files\1&1 Sync\1&1SyncShellExtension_1_0_0_1_20150212142954828.dll [2014-11-27] (1&1 Mail & Media GmbH) ShellIconOverlayIdentifiers-x32: [ 1&1 Sync Overlay 3] -> {0E9EF89A-96D3-4DE6-B2F8-E9548AA5321E} => C:\Program Files (x86)\Common Files\1&1 Sync\1&1SyncShellExtension_1_0_0_1_20150212142954828.dll [2014-11-27] (1&1 Mail & Media GmbH) ShellIconOverlayIdentifiers-x32: [ 1&1 Sync Overlay 4] -> {1A4AFFE1-B2F9-483D-B627-D9A339DBFD34} => C:\Program Files (x86)\Common Files\1&1 Sync\1&1SyncShellExtension_1_0_0_1_20150212142954828.dll [2014-11-27] (1&1 Mail & Media GmbH) ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-02-10] (Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-02-10] (Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-02-10] (Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll [2014-04-20] (IvoSoft) CHR HKU\S-1-5-21-1888364831-2858631773-2981139133-1001\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKU\S-1-5-21-1888364831-2858631773-2981139133-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie HKU\S-1-5-21-1888364831-2858631773-2981139133-1001\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie HKU\S-1-5-21-1888364831-2858631773-2981139133-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.giga.de/androidnews/ SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-1888364831-2858631773-2981139133-1001 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={sear BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-02-10] (Microsoft Corporation) BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll [2014-04-20] (IvoSoft) BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation) BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll [2015-01-22] (Oracle Corporation) BHO: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> d:\Program Files (x86)\LastPass\LPToolbar_x64.dll [2014-10-06] (LastPass) BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation) BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-02-10] (Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-22] (Oracle Corporation) BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_64.dll [2014-04-20] (IvoSoft) BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll [2015-02-10] (Microsoft Corporation) BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll [2014-04-20] (IvoSoft) BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation) BHO-x32: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> d:\Program Files (x86)\LastPass\LPToolbar.dll [2014-10-06] (LastPass) BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation) BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-02-10] (Microsoft Corporation) BHO-x32: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_32.dll [2014-04-20] (IvoSoft) Toolbar: HKLM - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - d:\Program Files (x86)\LastPass\LPToolbar_x64.dll [2014-10-06] (LastPass) Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll [2014-04-20] (IvoSoft) Toolbar: HKLM-x32 - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - d:\Program Files (x86)\LastPass\LPToolbar.dll [2014-10-06] (LastPass) Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll [2014-04-20] (IvoSoft) Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation) Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation) Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation) Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 FireFox: ======== FF ProfilePath: C:\Users\Kay\AppData\Roaming\Mozilla\Firefox\Profiles\xj48727q.default-1427810809798 FF Homepage: hxxp://www.diesiedleronline.de/de/spielen FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-04-26] () FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> d:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll [2014-02-17] (Tracker Software Products (Canada) Ltd.) FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-01-22] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-22] (Oracle Corporation) FF Plugin: @lastpass.com/NPLastPass -> d:\Program Files (x86)\LastPass\nplastpass64.dll [2014-10-06] (LastPass) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> D:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll [2014-02-17] (Tracker Software Products (Canada) Ltd.) FF Plugin: @videolan.org/vlc,version=2.1.2 -> d:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-30] (VideoLAN) FF Plugin: @videolan.org/vlc,version=2.1.4 -> d:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-30] (VideoLAN) FF Plugin: @videolan.org/vlc,version=2.1.5 -> d:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-30] (VideoLAN) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-26] () FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1218158.dll [2015-04-17] (Adobe Systems, Inc.) FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> d:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [2014-02-17] (Tracker Software Products (Canada) Ltd.) FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> d:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2014-08-13] (Google, Inc.) FF Plugin-x32: @lastpass.com/NPLastPass -> d:\Program Files (x86)\LastPass\nplastpass.dll [2014-10-06] (LastPass) FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2014-05-11] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2014-05-11] (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-06] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-06] (Google Inc.) FF Plugin-x32: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> D:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [2014-02-17] (Tracker Software Products (Canada) Ltd.) FF Plugin HKU\S-1-5-21-1888364831-2858631773-2981139133-1001: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> d:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [2014-02-17] (Tracker Software Products (Canada) Ltd.) FF Plugin HKU\S-1-5-21-1888364831-2858631773-2981139133-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Kay\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-07] (Google Inc.) FF Plugin HKU\S-1-5-21-1888364831-2858631773-2981139133-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Kay\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-07] (Google Inc.) FF Plugin HKU\S-1-5-21-1888364831-2858631773-2981139133-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Kay\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-12-05] (Unity Technologies ApS) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll [2014-02-17] (Tracker Software Products (Canada) Ltd.) FF Extension: LastPass - C:\Users\Kay\AppData\Roaming\Mozilla\Firefox\Profiles\xj48727q.default-1427810809798\Extensions\support@lastpass.com [2015-03-31] FF Extension: WOT - C:\Users\Kay\AppData\Roaming\Mozilla\Firefox\Profiles\xj48727q.default-1427810809798\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2015-03-31] FF Extension: ProxMate - C:\Users\Kay\AppData\Roaming\Mozilla\Firefox\Profiles\xj48727q.default-1427810809798\Extensions\jid1-QpHD8URtZWJC2A@jetpack.xpi [2015-04-18] FF Extension: NoScript - C:\Users\Kay\AppData\Roaming\Mozilla\Firefox\Profiles\xj48727q.default-1427810809798\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2015-03-31] FF Extension: Adblock Plus - C:\Users\Kay\AppData\Roaming\Mozilla\Firefox\Profiles\xj48727q.default-1427810809798\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-03-31] FF Extension: BetterPrivacy - C:\Users\Kay\AppData\Roaming\Mozilla\Firefox\Profiles\xj48727q.default-1427810809798\Extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi [2015-03-31] FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2015-04-21] Chrome: ======= CHR HomePage: Default -> hxxp://www.google.com/ CHR StartupUrls: Default -> "hxxp://www.spiegel.de/", "hxxp://forum.ubuntuusers.de/topic/kann-keine-programme-per-software-center-downl/", "hxxp://www.happypainting.de/", "hxxp://www.pentaxians.de/", "hxxp://www.web.de/", "hxxp://www.t-online.de/" CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter} CHR Profile: C:\Users\Kay\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (ProxFlow) - C:\Users\Kay\AppData\Local\Google\Chrome\User Data\Default\Extensions\aakchaleigkohafkfjfjbblobjifikek [2015-01-03] CHR Extension: (Do Not Track Me Facebook) - C:\Users\Kay\AppData\Local\Google\Chrome\User Data\Default\Extensions\aignbmbaeiglnodbalalclggpjjihmjg [2014-02-09] CHR Extension: (Dr.Web Anti-Virus Link Checker) - C:\Users\Kay\AppData\Local\Google\Chrome\User Data\Default\Extensions\aleggpabliehgbeagmfhnodcijcmbonb [2014-02-09] CHR Extension: (Google Docs) - C:\Users\Kay\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-02-09] CHR Extension: (Google Drive) - C:\Users\Kay\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-02-09] CHR Extension: (TV) - C:\Users\Kay\AppData\Local\Google\Chrome\User Data\Default\Extensions\beobeededemalmllhkmnkinmfembdimh [2014-02-09] CHR Extension: (WOT) - C:\Users\Kay\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2014-02-09] CHR Extension: (YouTube) - C:\Users\Kay\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-02-09] CHR Extension: (My IP address) - C:\Users\Kay\AppData\Local\Google\Chrome\User Data\Default\Extensions\ccfphbgnmmhjfalloifioeeeokjemobf [2014-02-09] CHR Extension: (Adblock Plus) - C:\Users\Kay\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-02-09] CHR Extension: (TrafficLight) - C:\Users\Kay\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfnpidifppmenkapgihekkeednfoenal [2014-02-09] CHR Extension: (Google Search) - C:\Users\Kay\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-02-09] CHR Extension: (Facebook Customizer (by Adblock Plus)) - C:\Users\Kay\AppData\Local\Google\Chrome\User Data\Default\Extensions\deoeenbkoccjaefmmhpmlegngdjohdcm [2014-09-18] CHR Extension: (Best Utility Apps) - C:\Users\Kay\AppData\Local\Google\Chrome\User Data\Default\Extensions\dnfkmehkjocihlfmcjkmdiekloihfaog [2014-02-09] CHR Extension: (VTchromizer) - C:\Users\Kay\AppData\Local\Google\Chrome\User Data\Default\Extensions\efbjojhplkelaegfbieplglfidafgoka [2014-02-09] CHR Extension: (Facebook Disconnect) - C:\Users\Kay\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpepffjfmamnambagiibghpglaidiec [2014-02-09] CHR Extension: (BetaFish Adblocker) - C:\Users\Kay\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-02-09] CHR Extension: (Bookmark Manager) - C:\Users\Kay\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-04-22] CHR Extension: (Pin It Button) - C:\Users\Kay\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic [2015-01-16] CHR Extension: (LastPass: Free Password Manager) - C:\Users\Kay\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2015-03-27] CHR Extension: (PDF Mergy) - C:\Users\Kay\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgecghmkcdefnknohcimkoemhaofpoha [2014-02-09] CHR Extension: (Subscriptions for YouTube™) - C:\Users\Kay\AppData\Local\Google\Chrome\User Data\Default\Extensions\ibcngljpkdlakkbhmbfhjabcblbcldbl [2015-02-27] CHR Extension: (ProxMate) - C:\Users\Kay\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifalmiidchkjjmkkbkoaibpmoeichmki [2015-01-03] CHR Extension: (Dropbox) - C:\Users\Kay\AppData\Local\Google\Chrome\User Data\Default\Extensions\ioekoebejdcmnlefjiknokhhafglcjdl [2014-02-09] CHR Extension: (Interstellar) - C:\Users\Kay\AppData\Local\Google\Chrome\User Data\Default\Extensions\kackgkhdbldcojljaeoaghlhfbbldkil [2014-12-28] CHR Extension: (Translator Context) - C:\Users\Kay\AppData\Local\Google\Chrome\User Data\Default\Extensions\kkdkohkdahffmjhcehilamblbpnjpmlo [2015-02-19] CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Kay\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-13] CHR Extension: (Pinterest ™ ) - C:\Users\Kay\AppData\Local\Google\Chrome\User Data\Default\Extensions\ldekkfiehnegbjkcmalkfcgfecambndd [2014-02-09] CHR Extension: (Skype Click to Call) - C:\Users\Kay\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2014-08-16] CHR Extension: (Google Maps) - C:\Users\Kay\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh [2014-02-09] CHR Extension: (Ghostery) - C:\Users\Kay\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij [2014-02-19] CHR Extension: (Google Wallet) - C:\Users\Kay\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-02-09] CHR Extension: (Hover Zoom) - C:\Users\Kay\AppData\Local\Google\Chrome\User Data\Default\Extensions\nonjdcjchghhkdoolnlbekcfllmednbl [2014-03-16] CHR Extension: (Adblock Pro) - C:\Users\Kay\AppData\Local\Google\Chrome\User Data\Default\Extensions\ocifcklkibdehekfnmflempfgjhbedch [2014-02-09] CHR Extension: (QVIVO) - C:\Users\Kay\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohdmoikcfdlgffkebhcojlghnccgngbg [2015-02-27] CHR Extension: (Enhanced Steam) - C:\Users\Kay\AppData\Local\Google\Chrome\User Data\Default\Extensions\okadibdjfemgnhjiembecghcbfknbfhg [2014-12-05] CHR Extension: (My IP address) - C:\Users\Kay\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfhoeoiodcebkkigjiooibeccnfmmkoe [2014-05-10] CHR Extension: (Gmail) - C:\Users\Kay\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-02-09] CHR HKLM-x32\...\Chrome\Extension: [fknfdieimobmimhdkfkheeejenmdjhoe] - C:\Program Files (x86)\pandasecuritytb\chrome-newtab-search.crx [Not Found] CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14] CHR HKLM-x32\...\Chrome\Extension: [ocbnpbkmjpgbdcgiflkgkpnkinifpgpj] - C:\Users\Kay\ChromeExtensions\ocbnpbkmjpgbdcgiflkgkpnkinifpgpj\amazon-icon-2.crx [2015-02-15] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [322176 2014-11-30] (Windows (R) Win 7 DDK provider) [File not signed] S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-29] (Microsoft Corporation) R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation) R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation) R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2714800 2015-02-10] (Microsoft Corporation) S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed] R2 MBAMScheduler; d:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2015-03-17] (Malwarebytes Corporation) R2 MBAMService; d:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1080120 2015-03-17] (Malwarebytes Corporation) S3 RaMediaServer; C:\Program Files (x86)\Ralink\Common\RaMediaServer.exe [1863680 2012-07-06] (Ralink) [File not signed] R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1229528 2013-12-06] (Secunia) R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [662232 2013-12-06] (Secunia) R2 ss_conn_service; D:\Program Files (x86)\USB Drivers\25_escape\conn\ss_conn_service.exe [743688 2014-10-13] (DEVGURU Co., LTD.) R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-04] (Microsoft Corporation) R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-04] (Microsoft Corporation) S3 SophosVirusRemovalTool; D:\Program Files (x86)\Sophos\Sophos Virus Removal Tool\SVRTservice.exe [X] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S0 amdkmafd; C:\Windows\System32\drivers\amdkmafd.sys [21160 2012-09-23] (Advanced Micro Devices, Inc.) R3 AmUHubftr; C:\Windows\System32\drivers\AmUHubftr.sys [25880 2013-12-20] (Alcor Micro, Corp.) R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [223232 2014-06-21] (Advanced Micro Devices) R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2014-11-30] (Qualcomm Atheros) S3 Bulk1528; C:\Windows\System32\Drivers\Bulk1528.sys [17792 2009-10-20] (SunPlus) S2 Ca1528av; C:\Windows\System32\Drivers\Ca1528av.sys [533760 2008-12-17] (Digital Camera) R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-03-17] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [136408 2015-04-27] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-03-17] (Malwarebytes Corporation) S3 MEMSWEEP2; C:\WINDOWS\system32\15E3.tmp [6144 2009-06-18] (Sophos Plc) [File not signed] R3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2013-12-06] (Secunia) S1 UimBus; C:\Windows\System32\drivers\UimBus.sys [102664 2014-05-19] () S1 Uim_DEVIM; C:\Windows\System32\drivers\uim_devim.sys [25992 2014-05-19] () S1 Uim_IM; C:\Windows\System32\drivers\uim_im.sys [700296 2014-05-19] () R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-04] (Microsoft Corporation) S3 EagleX64; \??\C:\WINDOWS\system32\drivers\EagleX64.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-04-27 20:35 - 2015-04-27 20:35 - 00033031 _____ () C:\Users\Kay\Downloads\FRST.txt 2015-04-27 20:34 - 2015-04-27 20:35 - 00000000 ____D () C:\FRST 2015-04-27 20:34 - 2015-04-27 20:34 - 02100736 _____ (Farbar) C:\Users\Kay\Downloads\FRST64.exe 2015-04-27 20:34 - 2015-04-27 20:34 - 02100736 _____ (Farbar) C:\Users\Kay\Downloads\FRST64 (1).exe 2015-04-27 20:33 - 2015-04-27 20:33 - 00050477 _____ () C:\Users\Kay\Downloads\Defogger.exe 2015-04-27 20:33 - 2015-04-27 20:33 - 00000468 _____ () C:\Users\Kay\Downloads\defogger_disable.log 2015-04-26 20:17 - 2015-04-26 20:17 - 05008664 _____ (Adobe Systems Inc.) C:\Users\Kay\Downloads\Shockwave_Installer_Slim.exe 2015-04-26 20:17 - 2015-04-26 20:17 - 00000000 ____D () C:\WINDOWS\SysWOW64\Adobe 2015-04-26 20:12 - 2015-04-26 20:12 - 01124544 _____ (Adobe Systems Incorporated) C:\Users\Kay\Downloads\flashplayer17_ha_install (1).exe 2015-04-26 18:46 - 2015-03-17 19:26 - 00467776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS 2015-04-26 18:46 - 2015-03-09 04:02 - 00057856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthhfenum.sys 2015-04-26 18:46 - 2015-03-04 03:32 - 00172544 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Input.Inking.dll 2015-04-26 18:46 - 2015-03-04 03:12 - 00141824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Input.Inking.dll 2015-04-26 18:45 - 2015-04-03 02:35 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhotoMetadataHandler.dll 2015-04-26 18:45 - 2015-04-03 02:14 - 00364544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PhotoMetadataHandler.dll 2015-04-26 18:45 - 2015-03-14 04:03 - 04179968 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys 2015-04-26 18:45 - 2015-03-13 06:03 - 00239424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys 2015-04-26 18:45 - 2015-03-13 06:03 - 00154432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys 2015-04-26 18:45 - 2015-03-13 04:59 - 00430080 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll 2015-04-26 18:45 - 2015-03-13 04:38 - 00358912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll 2015-04-26 18:45 - 2015-03-13 04:02 - 00316416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\udfs.sys 2015-04-26 18:45 - 2015-03-13 03:11 - 02162176 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll 2015-04-26 18:45 - 2015-03-13 02:39 - 01812992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRH.dll 2015-04-26 18:45 - 2015-03-06 05:08 - 02067968 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpdshext.dll 2015-04-26 18:45 - 2015-03-06 04:47 - 01696256 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll 2015-04-26 18:45 - 2015-03-06 04:43 - 01969664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wpdshext.dll 2015-04-26 18:45 - 2015-02-18 01:19 - 00186368 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpapisrv.dll 2015-04-26 18:45 - 2015-02-13 04:22 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll 2015-04-26 18:45 - 2015-02-13 03:46 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll 2015-04-26 18:45 - 2015-01-30 02:53 - 02819584 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers.dll 2015-04-25 10:47 - 2015-04-25 10:47 - 00000000 ___RD () C:\Users\Kay\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices 2015-04-23 18:13 - 2015-04-23 18:13 - 00001484 _____ () C:\Users\Public\Desktop\LibreOffice 4.4.lnk 2015-04-23 18:13 - 2015-04-23 18:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LibreOffice 4.4 2015-04-23 17:50 - 2015-04-23 17:59 - 224325632 _____ () C:\Users\Kay\Downloads\LibreOffice_4.4.2_Win_x86.msi 2015-04-23 17:45 - 2015-04-26 20:00 - 00000000 ____D () C:\Users\Kay\Documents\Meike 2015-04-21 19:26 - 2015-04-21 19:27 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2015-04-19 14:23 - 2015-01-06 05:01 - 00072192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndproxy.sys 2015-04-19 14:23 - 2015-01-06 04:59 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wanarp.sys 2015-04-19 14:23 - 2015-01-06 03:12 - 00185856 _____ (Microsoft Corporation) C:\WINDOWS\system32\rascfg.dll 2015-04-19 14:23 - 2015-01-06 03:02 - 00164864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rascfg.dll 2015-04-15 15:46 - 2015-03-23 23:59 - 07476032 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe 2015-04-15 15:46 - 2015-03-23 23:59 - 01733952 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll 2015-04-15 15:46 - 2015-03-23 23:59 - 00360480 _____ (Microsoft Corporation) C:\WINDOWS\system32\sechost.dll 2015-04-15 15:46 - 2015-03-23 23:58 - 01498872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll 2015-04-15 15:46 - 2015-03-23 23:45 - 00257216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sechost.dll 2015-04-15 15:46 - 2015-03-20 06:12 - 00246272 _____ (Microsoft Corporation) C:\WINDOWS\system32\microsoft-windows-system-events.dll 2015-04-15 15:46 - 2015-03-20 06:10 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64.dll 2015-04-15 15:46 - 2015-03-20 06:10 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64cpu.dll 2015-04-15 15:46 - 2015-03-20 05:17 - 00411648 _____ (Microsoft Corporation) C:\WINDOWS\system32\tracerpt.exe 2015-04-15 15:46 - 2015-03-20 04:41 - 00369152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tracerpt.exe 2015-04-15 15:46 - 2015-03-20 04:40 - 00950784 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdh.dll 2015-04-15 15:46 - 2015-03-20 04:16 - 00749568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdh.dll 2015-04-15 15:46 - 2015-03-14 10:54 - 00133256 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe 2015-04-15 15:46 - 2015-03-14 03:56 - 00066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll 2015-04-15 15:46 - 2015-03-14 03:56 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll 2015-04-15 15:46 - 2015-03-14 03:51 - 00015360 _____ (Microsoft Corporation) C:\WINDOWS\system32\wu.upgrade.ps.dll 2015-04-15 15:46 - 2015-03-14 03:37 - 00267264 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinSetupUI.dll 2015-04-15 15:46 - 2015-03-14 03:14 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wups.dll 2015-04-15 15:46 - 2015-03-14 02:22 - 03678720 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll 2015-04-15 15:46 - 2015-03-14 02:12 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll 2015-04-15 15:46 - 2015-03-14 02:12 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe 2015-04-15 15:46 - 2015-03-14 02:09 - 00200192 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll 2015-04-15 15:46 - 2015-03-14 02:08 - 00408064 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll 2015-04-15 15:46 - 2015-03-14 02:08 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll 2015-04-15 15:46 - 2015-03-14 02:06 - 02373632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll 2015-04-15 15:46 - 2015-03-14 02:06 - 00891392 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll 2015-04-15 15:46 - 2015-03-14 02:02 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll 2015-04-15 15:46 - 2015-03-14 02:02 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe 2015-04-15 15:46 - 2015-03-14 01:59 - 00721920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll 2015-04-15 15:46 - 2015-03-14 01:59 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll 2015-04-15 15:46 - 2015-03-13 06:32 - 24980480 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll 2015-04-15 15:46 - 2015-03-13 06:08 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll 2015-04-15 15:46 - 2015-03-13 06:07 - 02886144 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll 2015-04-15 15:46 - 2015-03-13 05:53 - 00816128 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll 2015-04-15 15:46 - 2015-03-13 05:50 - 06025216 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll 2015-04-15 15:46 - 2015-03-13 05:42 - 19695616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll 2015-04-15 15:46 - 2015-03-13 05:28 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll 2015-04-15 15:46 - 2015-03-13 05:26 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll 2015-04-15 15:46 - 2015-03-13 05:22 - 02278400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll 2015-04-15 15:46 - 2015-03-13 05:17 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll 2015-04-15 15:46 - 2015-03-13 05:16 - 00664064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll 2015-04-15 15:46 - 2015-03-13 05:08 - 00720384 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe 2015-04-15 15:46 - 2015-03-13 05:07 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll 2015-04-15 15:46 - 2015-03-13 05:00 - 14397440 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll 2015-04-15 15:46 - 2015-03-13 04:58 - 00259072 _____ (Microsoft Corporation) C:\WINDOWS\system32\pku2u.dll 2015-04-15 15:46 - 2015-03-13 04:50 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll 2015-04-15 15:46 - 2015-03-13 04:49 - 04305408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll 2015-04-15 15:46 - 2015-03-13 04:45 - 02358784 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll 2015-04-15 15:46 - 2015-03-13 04:44 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll 2015-04-15 15:46 - 2015-03-13 04:37 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\pku2u.dll 2015-04-15 15:46 - 2015-03-13 04:34 - 12825600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll 2015-04-15 15:46 - 2015-03-13 04:33 - 01548288 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll 2015-04-15 15:46 - 2015-03-13 04:22 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll 2015-04-15 15:46 - 2015-03-13 04:20 - 01888256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll 2015-04-15 15:46 - 2015-03-13 04:16 - 01311232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll 2015-04-15 15:46 - 2015-03-13 04:14 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll 2015-04-15 15:46 - 2015-03-04 12:25 - 00377152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys 2015-04-15 15:46 - 2015-03-04 05:04 - 00075264 _____ (Microsoft Corporation) C:\WINDOWS\system32\clfsw32.dll 2015-04-15 15:46 - 2015-03-04 04:19 - 00058880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\clfsw32.dll 2015-04-15 15:46 - 2015-02-24 10:32 - 00991552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys 2015-04-08 19:32 - 2015-03-23 00:45 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll 2015-04-08 19:32 - 2015-03-23 00:09 - 01111552 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll 2015-04-08 19:32 - 2015-03-23 00:09 - 00957440 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll 2015-04-08 19:32 - 2015-03-23 00:09 - 00769024 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll 2015-04-08 19:32 - 2015-03-23 00:09 - 00726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll 2015-04-08 19:32 - 2015-03-23 00:09 - 00419328 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll 2015-04-08 19:32 - 2015-03-23 00:09 - 00030720 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll 2015-04-08 19:32 - 2015-02-21 01:49 - 00780800 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsm.dll 2015-04-07 19:31 - 2015-04-07 19:31 - 00000000 ____D () C:\Users\Kay\AppData\Roaming\WinRAR 2015-04-07 19:31 - 2015-04-07 19:31 - 00000000 ____D () C:\Users\Kay\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR 2015-04-07 19:31 - 2015-04-07 19:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR 2015-04-07 19:31 - 2010-10-17 17:46 - 00000000 ____D () C:\Users\Kay\Documents\Turbine 2015-04-07 19:31 - 2010-10-12 14:17 - 00000000 ____D () C:\Users\Kay\Documents\Betsiel 2015-04-07 19:30 - 2015-04-07 19:31 - 00000000 ____D () C:\Program Files\WinRAR 2015-04-07 19:30 - 2015-04-07 19:30 - 02058768 _____ () C:\Users\Kay\Downloads\winrar-x64-521d.exe 2015-04-07 19:29 - 2015-04-07 19:29 - 00029357 _____ () C:\Users\Kay\Downloads\FilterBag.rar 2015-04-07 17:52 - 2015-04-07 17:52 - 00000000 ____D () C:\Users\Kay\AppData\Local\PluginCompendium 2015-04-07 17:49 - 2015-04-11 18:18 - 00003059 _____ () C:\Users\Kay\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Plugin Compendium.lnk 2015-04-07 17:47 - 2015-04-07 17:47 - 01116025 _____ () C:\Users\Kay\Downloads\PluginCompendiumSetup-1.0.3.0.zip 2015-04-04 19:47 - 2015-04-04 19:47 - 00000000 ____D () C:\Users\Kay\AppData\Local\Chromium 2015-04-04 19:44 - 2015-04-08 19:53 - 00000000 ____D () C:\Users\Kay\AppData\Local\The Lord of the Rings Online 2015-04-04 17:05 - 2015-04-04 17:05 - 00281728 _____ () C:\WINDOWS\Minidump\040415-21484-01.dmp 2015-04-04 15:05 - 2015-04-04 15:05 - 00000000 ____D () C:\Users\Kay\AppData\Local\Akamai 2015-04-04 15:04 - 2015-04-04 18:27 - 00000000 ____D () C:\Users\Kay\AppData\Local\Turbine 2015-04-04 15:03 - 2015-04-12 14:44 - 00000000 ____D () C:\Users\Kay\Documents\The Lord of the Rings Online 2015-04-04 15:03 - 2015-04-04 15:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Turbine 2015-04-04 15:02 - 2015-04-04 15:03 - 64386312 _____ (Turbine, Inc. ) C:\Users\Kay\Downloads\lotrolive.exe 2015-04-02 20:31 - 2015-04-02 20:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games 2015-04-02 19:14 - 2015-04-02 19:14 - 02210270 _____ () C:\Users\Kay\Downloads\wsusoffline954.zip 2015-03-31 16:06 - 2015-03-31 16:06 - 00000000 ____D () C:\Users\Kay\Desktop\Alte Firefox-Daten 2015-03-31 15:42 - 2015-03-31 15:42 - 00000000 ___SD () C:\WINDOWS\SysWOW64\GWX 2015-03-31 15:42 - 2015-03-31 15:42 - 00000000 ___SD () C:\WINDOWS\system32\GWX 2015-03-31 15:40 - 2015-04-09 17:34 - 00004532 _____ () C:\WINDOWS\PFRO.log 2015-03-30 17:09 - 2015-03-30 17:09 - 00243648 _____ () C:\Users\Kay\Downloads\Firefox Setup Stub 36.0.4.exe 2015-03-30 16:58 - 2015-03-30 16:58 - 05344528 _____ (Piriform Ltd) C:\Users\Kay\Downloads\ccsetup504.exe 2015-03-30 16:32 - 2015-03-30 16:39 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable) 2015-03-30 16:31 - 2015-03-30 16:31 - 16502728 _____ (Malwarebytes Corp.) C:\Users\Kay\Downloads\mbar-1.09.1.1004.exe 2015-03-30 16:29 - 2015-03-30 16:31 - 00000000 ____D () C:\Users\Kay\Downloads\RootkitRevealer 2015-03-30 16:29 - 2015-03-30 16:29 - 00231390 _____ () C:\Users\Kay\Downloads\RootkitRevealer.zip 2015-03-30 16:02 - 2009-06-18 12:54 - 00006144 ____N (Sophos Plc) C:\WINDOWS\system32\15E3.tmp 2015-03-30 15:59 - 2015-03-30 16:53 - 00000000 ____D () C:\Program Files (x86)\Sophos 2015-03-30 15:59 - 2015-03-30 15:59 - 01339288 _____ () C:\Users\Kay\Downloads\sar_15_sfx.exe 2015-03-30 15:59 - 2009-06-18 12:54 - 00006144 ____N (Sophos Plc) C:\WINDOWS\system32\F208.tmp 2015-03-29 19:04 - 2015-04-04 16:08 - 00016338 _____ () C:\Users\Kay\Desktop\Tai Chi Chuan – Yang Stile nach Ip Tai Tak.ods ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-04-27 20:34 - 2014-01-20 22:19 - 00001136 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job 2015-04-27 20:20 - 2014-03-16 13:40 - 00001130 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1888364831-2858631773-2981139133-1001UA.job 2015-04-27 20:20 - 2014-03-16 13:40 - 00001078 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1888364831-2858631773-2981139133-1001Core.job 2015-04-27 20:11 - 2015-03-18 16:12 - 01961252 _____ () C:\WINDOWS\WindowsUpdate.log 2015-04-27 18:00 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\sru 2015-04-27 17:56 - 2015-01-22 20:52 - 00000884 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job 2015-04-27 17:51 - 2014-10-26 16:05 - 00003922 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{687F2EEC-A316-484A-B958-97FEC835D3B2} 2015-04-27 17:48 - 2014-01-20 21:52 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1888364831-2858631773-2981139133-1001 2015-04-27 17:47 - 2014-02-20 14:54 - 00000000 ___DO () C:\Users\Kay\SkyDrive 2015-04-27 17:46 - 2013-11-14 09:26 - 01767420 _____ () C:\WINDOWS\system32\PerfStringBackup.INI 2015-04-27 17:46 - 2013-11-14 09:11 - 00757720 _____ () C:\WINDOWS\system32\perfh007.dat 2015-04-27 17:46 - 2013-11-14 09:11 - 00155508 _____ () C:\WINDOWS\system32\perfc007.dat 2015-04-27 17:43 - 2015-03-24 18:45 - 00136408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2015-04-27 17:43 - 2014-01-20 22:19 - 00001132 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job 2015-04-27 17:41 - 2015-03-27 15:36 - 00004543 _____ () C:\WINDOWS\setupact.log 2015-04-27 17:41 - 2015-03-01 11:40 - 00000000 ____D () C:\Users\Kay\AppData\Roaming\ClassicShell 2015-04-27 17:41 - 2013-08-22 16:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT 2015-04-27 17:41 - 2013-08-22 15:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI 2015-04-26 21:33 - 2014-03-22 16:30 - 00000000 ____D () C:\Users\Kay\Documents\WISO Mein Geld 2015-04-26 20:14 - 2014-10-17 21:33 - 00000000 ____D () C:\Users\Kay\AppData\Local\Adobe 2015-04-26 20:13 - 2015-01-22 20:52 - 00003772 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater 2015-04-26 18:56 - 2013-08-22 16:44 - 00549272 _____ () C:\WINDOWS\system32\FNTCACHE.DAT 2015-04-26 18:46 - 2013-08-22 17:36 - 00000000 ___RD () C:\WINDOWS\ImmersiveControlPanel 2015-04-26 18:46 - 2013-08-22 15:36 - 00000000 ____D () C:\WINDOWS\system32\AdvancedInstallers 2015-04-26 18:46 - 2012-07-26 09:59 - 00000000 ____D () C:\WINDOWS\CbsTemp 2015-04-26 12:17 - 2015-02-14 17:51 - 00000000 ____D () C:\Users\Kay\AppData\Local\CrashDumps 2015-04-26 12:17 - 2014-05-07 19:37 - 00000000 ____D () C:\Users\Kay\AppData\Roaming\vlc 2015-04-25 10:48 - 2015-03-12 15:20 - 00000000 ____D () C:\Users\Kay\AppData\Roaming\dvdcss 2015-04-23 19:51 - 2014-07-02 17:11 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2015-04-23 18:13 - 2014-03-27 13:46 - 00000000 ____D () C:\Program Files (x86)\LibreOffice 4 2015-04-23 18:13 - 2014-02-24 22:22 - 00336896 ___SH () C:\Users\Kay\Desktop\Thumbs.db 2015-04-18 16:35 - 2014-01-20 22:20 - 00002195 _____ () C:\Users\Public\Desktop\Google Chrome.lnk 2015-04-17 15:59 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\AppReadiness 2015-04-16 20:44 - 2014-02-20 14:49 - 00000000 ____D () C:\Users\Kay 2015-04-16 20:43 - 2014-01-20 22:56 - 00000000 ____D () C:\Users\Kay\AppData\Roaming\Skype 2015-04-16 19:30 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\rescache 2015-04-15 16:12 - 2014-05-10 14:38 - 00000000 ____D () C:\ProgramData\Microsoft Help 2015-04-15 16:12 - 2014-01-20 22:10 - 00000000 ____D () C:\WINDOWS\system32\MRT 2015-04-15 16:08 - 2014-01-20 22:10 - 128913832 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2015-04-15 16:07 - 2013-08-22 15:25 - 00000167 _____ () C:\WINDOWS\win.ini 2015-04-14 01:24 - 2013-08-22 17:38 - 00792056 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe 2015-04-14 01:24 - 2013-08-22 17:38 - 00178168 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl 2015-04-11 18:18 - 2014-12-03 18:33 - 00000000 ____D () C:\Users\Kay\Desktop\Spiele 2015-04-09 18:05 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\AppCompat 2015-04-08 20:47 - 2014-04-04 17:44 - 00000000 ____D () C:\Users\Kay\AppData\Local\Battle.net 2015-04-08 19:32 - 2014-12-10 17:37 - 00000000 ____D () C:\WINDOWS\system32\appraiser 2015-04-08 19:32 - 2014-07-15 16:13 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel 2015-04-08 19:29 - 2014-04-04 16:10 - 00000000 ____D () C:\Program Files (x86)\Battle.net 2015-04-07 17:14 - 2014-12-11 18:06 - 00190464 ___SH () C:\Users\Kay\Documents\Thumbs.db 2015-04-07 16:50 - 2015-02-14 11:57 - 00000000 ____D () C:\Users\Kay\AppData\Local\HP 2015-04-04 17:05 - 2015-03-27 20:50 - 00000000 ____D () C:\WINDOWS\Minidump 2015-04-04 15:03 - 2013-08-22 17:36 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories 2015-04-02 21:01 - 2015-02-23 23:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung 2015-04-02 21:01 - 2015-02-15 19:21 - 00000000 ____D () C:\Users\Kay\AppData\Roaming\Samsung 2015-04-02 21:01 - 2015-02-15 19:21 - 00000000 ____D () C:\Users\Kay\AppData\Local\Samsung 2015-04-02 21:01 - 2015-02-15 19:09 - 00000000 ____D () C:\ProgramData\Samsung 2015-04-02 20:48 - 2014-09-30 15:56 - 00000000 ____D () C:\Users\Kay\AppData\Local\Deployment 2015-04-02 20:48 - 2014-09-18 14:43 - 00000000 ____D () C:\Users\Kay\AppData\Local\Glyph 2015-04-02 20:48 - 2014-09-18 14:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glyph 2015-03-30 17:08 - 2015-03-24 19:05 - 00000000 ____D () C:\Users\Kay\Desktop\Sicherheit 2015-03-30 16:58 - 2015-03-01 11:44 - 00000000 ____D () C:\Program Files\CCleaner 2015-03-30 16:56 - 2015-01-01 15:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Thrustmaster 2015-03-30 16:40 - 2015-02-14 11:58 - 00000000 ____D () C:\Program Files (x86)\HP 2015-03-30 16:39 - 2015-03-27 21:20 - 00000406 _____ () C:\DelFix.txt 2015-03-30 16:32 - 2015-03-24 18:45 - 00107736 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys ==================== Files in the root of some directories ======= 2014-01-20 23:03 - 2014-10-06 18:29 - 13024768 _____ (LastPass) C:\Program Files (x86)\Common Files\lpuninstall.exe 2014-10-04 14:43 - 2014-10-04 14:43 - 0001285 _____ () C:\Users\Kay\AppData\Local\recently-used.xbel 2014-02-22 20:41 - 2014-02-22 20:41 - 0210145 _____ () C:\ProgramData\1393094319.bdinstall.bin 2015-03-21 14:06 - 2015-03-21 14:06 - 0037755 _____ () C:\ProgramData\1426939573.bdinstall.bin 2015-03-21 14:06 - 2015-03-21 14:06 - 0098733 _____ () C:\ProgramData\1426939582.bdinstall.bin 2015-02-14 11:57 - 2015-02-14 11:57 - 0000057 _____ () C:\ProgramData\Ament.ini 2015-02-12 19:15 - 2015-02-12 19:15 - 0000000 ____H () C:\ProgramData\DP45977C.lfl 2014-11-06 16:41 - 2014-11-28 14:36 - 0000215 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc Files to move or delete: ==================== C:\Users\Kay\fbchathistory.dat Some content of TEMP: ==================== C:\Users\Kay\AppData\Local\Temp\AFWOESQAP.exe C:\Users\Kay\AppData\Local\Temp\FZYVGIVTUMMXC.exe C:\Users\Kay\AppData\Local\Temp\HKUXA.exe C:\Users\Kay\AppData\Local\Temp\KURBHFG.exe C:\Users\Kay\AppData\Local\Temp\Quarantine.exe C:\Users\Kay\AppData\Local\Temp\sqlite3.dll C:\Users\Kay\AppData\Local\Temp\tmp5FCD.exe C:\Users\Kay\AppData\Local\Temp\unrar.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-04-26 21:13 ==================== End Of Log ============================ Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 27-04-2015 01
Ran by *** at 2015-04-27 20:35:45
Running from C:\Users\***\Downloads
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-1888364831-2858631773-2981139133-500 - Administrator - Disabled)
Gast (S-1-5-21-1888364831-2858631773-2981139133-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1888364831-2858631773-2981139133-1003 - Limited - Enabled)
*** (S-1-5-21-1888364831-2858631773-2981139133-1001 - Administrator - Enabled) => C:\Users\***
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
„Der Herr der Ringe Online™“ v1301.0055.0535.4025 (HKLM-x32\...\12bbe590-c890-11d9-9669-0800200c9a66_is1) (Version: 1301.0055.0535.4025 - Turbine, Inc.)
7-Zip 9.20 (HKLM-x32\...\{23170F69-40C1-2701-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Photoshop Lightroom 5.7.1 64-bit (HKLM\...\{BC86B82C-8C0E-4408-9AC1-6B0F2D636963}) (Version: 5.7.1 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.8.158 - Adobe Systems, Inc.)
Akamai NetSession Interface (HKU\S-1-5-21-1888364831-2858631773-2981139133-1001\...\Akamai) (Version: - Akamai Technologies, Inc)
Alcor Micro Generic Hub Filter Driver (HKLM-x32\...\AmUHubftr) (Version: 2.0.11.0 - Alcor Micro Corp.)
Alcor Micro Generic Hub Filter Driver (x32 Version: 2.0.11.0 - Alcor Micro Corp.) Hidden
Alcor Micro USB Card Reader Driver (HKLM-x32\...\AmUStor) (Version: 20.26.3317.04170 - Alcor Micro Corp.)
Alcor Micro USB Card Reader Driver (x32 Version: 20.26.3317.04170 - Alcor Micro Corp.) Hidden
AMD Catalyst Install Manager (HKLM\...\{F2A7CE36-57BF-5C86-952D-90DBF3746D82}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
Catalyst Control Center (HKLM-x32\...\WUCCCApp) (Version: 1.00.0000 - AMD)
CCleaner (HKLM\...\CCleaner) (Version: 5.04 - Piriform)
Classic Shell (HKLM\...\{840C85B7-D3D6-4143-9AF9-DAE80FD54CFC}) (Version: 4.1.0 - IvoSoft)
Diablo III (HKLM-x32\...\Diablo III) (Version: - Blizzard Entertainment)
Dota 2 (HKLM-x32\...\Steam App 570) (Version: - Valve)
Double Action: Boogaloo (HKLM-x32\...\Steam App 317360) (Version: - Double Action Factory)
Dungeon Defenders (HKLM-x32\...\Steam App 65800) (Version: - Trendy Entertainment)
DxO Optics Pro 7 (HKLM\...\{64579E10-6249-4BB1-B1D1-8EF55042DB45}) (Version: 7.5.5 - DxO Labs)
Elite Dangerous Launcher version 0.4.2220.0 (HKLM-x32\...\{696F8871-C91D-4CB1-825D-36BE18065575}_is1) (Version: 0.4.2220.0 - Frontier Developments)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 42.0.2311.90 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
Google+ Auto Backup (HKU\S-1-5-21-1888364831-2858631773-2981139133-1001\...\Google+ Auto Backup) (Version: 1.0.27.161 - Google, Inc.)
HP Photosmart Plus B210 series - Grundlegende Software für das Gerät (HKLM\...\{1686185A-3D85-428D-8786-ACB403B9D420}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Photosmart Plus B210 series Hilfe (HKLM-x32\...\{7F5FDEA1-D0AC-4D80-9D95-59775FCCFA40}) (Version: 140.0.54.54 - Hewlett Packard)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0001 - Microsoft) Hidden
Inkscape 0.48.5 (HKLM-x32\...\Inkscape) (Version: 0.48.5 - )
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.38 - Irfan Skiljan)
Java 8 Update 31 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418031F0}) (Version: 8.0.310 - Oracle Corporation)
LastPass (Nur deinstallieren) (HKLM-x32\...\LastPass) (Version: - LastPass)
LibreOffice 4.4.2.2 (HKLM-x32\...\{99A395EF-A310-40BB-B7A3-E3FF07CC38FC}) (Version: 4.4.2.2 - The Document Foundation)
LOTRO Plugin Compendium (HKLM-x32\...\{3BF7818D-2482-4676-A237-915A11A97847}) (Version: 1.0.3 - Lunarwater)
Malwarebytes Anti-Malware Version 2.1.4.1018 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.4.1018 - Malwarebytes Corporation)
Microsoft IntelliPoint 8.2 (HKLM\...\Microsoft IntelliPoint 8.2) (Version: 8.20.468.0 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 - de-de (HKLM\...\ProPlusRetail - de-de) (Version: 15.0.4701.1002 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Mozilla Firefox 37.0.2 (x86 de) (HKLM-x32\...\Mozilla Firefox 37.0.2 (x86 de)) (Version: 37.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 33.0 - Mozilla)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser und SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB973685) (HKLM-x32\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation)
MyFreeCodec (HKU\S-1-5-21-1888364831-2858631773-2981139133-1001\...\MyFreeCodec) (Version: - )
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4701.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4701.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4701.1002 - Microsoft Corporation) Hidden
PDF-Viewer (HKLM\...\{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1) (Version: 2.5.214.2 - Tracker Software Products Ltd)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.336 - Qualcomm Atheros Communications)
Ralink RT2870 Wireless LAN Card (HKLM-x32\...\{28DA7D8B-F9A4-4F18-8AA0-551B1E084D0D}) (Version: 1.5.35.0 - Ralink)
RawTherapee Version 4.1 (HKLM\...\{128459AB-59A7-430A-8BD0-3D8803D50400}_is1) (Version: 4.1 - rawtherapee.com)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.37.1119.2014 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7383 - Realtek Semiconductor Corp.)
Samsung Kies3 (HKLM-x32\...\InstallShield_{88547073-C566-4895-9005-EBE98EA3F7C7}) (Version: 3.2.15022.8 - Samsung Electronics Co., Ltd.)
Samsung Kies3 (x32 Version: 3.2.15022.8 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.49.0 - SAMSUNG Electronics Co., Ltd.)
Secunia PSI (3.0.0.9016) (HKLM-x32\...\Secunia PSI) (Version: 3.0.0.9016 - Secunia)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Sigils of Elohim (HKLM-x32\...\Steam App 321480) (Version: - Croteam)
Ski Challenge 15 (HKU\S-1-5-21-1888364831-2858631773-2981139133-1001\...\sc15-GAMETWIST_MAIN) (Version: - )
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
SPCA1528 PC Driver (HKLM-x32\...\{570C2A84-A145-4DF0-AE9D-012584DF09DC}) (Version: 2.2.4.0 - )
Spore (HKLM-x32\...\Steam App 17390) (Version: - Maxis™)
Spore: Creepy & Cute Parts Pack (HKLM-x32\...\Steam App 17440) (Version: - Maxis™)
Spore: Galactic Adventures (HKLM-x32\...\Steam App 24720) (Version: - EA - Maxis)
StarCraft II (HKLM-x32\...\StarCraft II) (Version: - Blizzard Entertainment)
Steam (HKLM-x32\...\Steam) (Version: - Valve Corporation)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Terraria (HKLM-x32\...\Steam App 105600) (Version: - Re-Logic)
The Elder Scrolls V: Skyrim (HKLM-x32\...\Steam App 72850) (Version: - Bethesda Game Studios)
Thrustmaster Force Feedback Driver (HKLM-x32\...\{8F5A0981-5CDC-41D0-BCA2-AD3B777FC358}) (Version: 2.FFD.2009 - Thrustmaster)
Total Commander (Remove or Repair) (HKLM-x32\...\Totalcmd) (Version: 8.51a - Ghisler Software GmbH)
Unity Web Player (HKU\S-1-5-21-1888364831-2858631773-2981139133-1001\...\UnityWebPlayer) (Version: 4.6.1f1 - Unity Technologies ApS)
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
WEB.DE Club SmartFax (HKLM-x32\...\WEB.DE Club SmartFax) (Version: 2.00.235 - 1&1 Mail & Media GmbH)
WEB.DE Online-Speicher 1.11.4174.0 (HKU\S-1-5-21-1888364831-2858631773-2981139133-1001\...\WEB.DE Application {sync-000021}) (Version: 1.11.4174.0 - 1&1 Mail & Media GmbH)
WinRAR 5.21 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)
WISO Mein Geld 2015 Professional .NET (HKLM-x32\...\WISO Mein Geld 2015 Professional .NET) (Version: - Buhl Data Service GmbH)
WISO Mein Geld 2015 Professional .NET (x32 Version: 20.0.0.0 - Buhl Data Service GmbH) Hidden
WISO Steuer-Sparbuch 2014 (HKU\S-1-5-21-1888364831-2858631773-2981139133-1001\...\{E1438C8A-2806-4C22-89EE-5A4B24A91358}) (Version: 21.04.8571 - Buhl Data Service GmbH)
XP Codec Pack (HKLM-x32\...\XP Codec Pack) (Version: - )
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-1888364831-2858631773-2981139133-1001_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\***\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1888364831-2858631773-2981139133-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\***\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll (Google Inc.)
==================== Restore Points =========================
19-04-2015 14:23:15 Windows Update
23-04-2015 18:08:28 Installed LibreOffice 4.4.2.2
26-04-2015 18:46:09 Windows Update
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2013-08-22 15:25 - 2013-08-22 15:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {010E7686-1413-4B97-B29D-1346B0475713} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
Task: {011B42D3-DFDF-4C79-BC17-EF6717F44986} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1888364831-2858631773-2981139133-1001UA => C:\Users\***\AppData\Local\Google\Update\GoogleUpdate.exe [2014-03-16] (Google Inc.)
Task: {12B50314-F009-4C5B-939B-73CCCD536726} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-04-15] (Microsoft Corporation)
Task: {13896B67-0FCD-42C2-A928-DC02BAFFFCAD} - System32\Tasks\{6644215F-D573-4448-B8E2-12B972183707} => pcalua.exe -a "C:\Program Files (x86)\pandasecuritytb\uninstall.exe"
Task: {187B46F7-A8B8-4F63-94EF-393FD2B00E9E} - System32\Tasks\{70F927D6-EBE1-457D-A298-444941E8E902} => pcalua.exe -a "C:\Users\***\Desktop\Galaxy S3 - Mini\SAMSUNG_USB_Driver_for_Mobile_Phones.exe" -d "C:\Users\***\Desktop\Galaxy S3 - Mini"
Task: {223F329D-8215-47C4-AA31-63FB0AA849B8} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-02-03] (Microsoft Corporation)
Task: {2F19BF84-ECD9-489B-B717-18E7D00AD177} - System32\Tasks\Microsoft_Hardware_Launch_rundll32_exe => Rundll32.exe url.dll,OpenURL e:\e67415113b809610ca462725cd5d34\ipoint\Setup64\Files\1031\Deu.rtf
Task: {32B7C5A6-BB23-410F-B2AE-CBB4CC1E0E3D} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
Task: {3AF644C2-3E4D-4A96-8523-77213AB94E38} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1888364831-2858631773-2981139133-1001Core => C:\Users\***\AppData\Local\Google\Update\GoogleUpdate.exe [2014-03-16] (Google Inc.)
Task: {429F3195-6748-4F5E-96B8-3E37FA18CCE7} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
Task: {4679C4EE-C734-4604-BD63-6160E8463D64} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {53F8794E-726C-4A97-9BB8-347ECDC5CB94} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => C:\Program Files\Microsoft IntelliPoint\IPoint.exe [2011-08-01] (Microsoft Corporation)
Task: {5A73AB7F-ABDA-4DEA-ACE4-066E9E744A0C} - System32\Tasks\{A8A0A7FB-B363-4CBD-91B8-947FA6EA8EAA} => pcalua.exe -a C:\Users\***\Downloads\k30v106.EXE -d C:\Users\***\Downloads
Task: {A5E82587-9B7C-48C7-9AC0-1CB1E18567C4} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-02-10] (Microsoft Corporation)
Task: {B671B73A-6466-4C62-8944-AB4234A03A18} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-02-03] (Microsoft Corporation)
Task: {C1A592A2-0BE6-40DF-8D3F-C4054E83B55A} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-02-10] (Microsoft Corporation)
Task: {C21A6710-6FA5-4A4D-A3DF-E78657BB0A88} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-03-24] (Microsoft Corporation)
Task: {CCD12F32-F26B-4D65-AC15-47067E5AFC39} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-04-26] (Adobe Systems Incorporated)
Task: {E4DB78B9-F79B-43E6-ADAA-5FFD26A4E94B} - System32\Tasks\drivers => C:\Program Files (x86)\UpdateStar Drivers\drivers.exe
Task: {E6473095-90EA-4F76-8B45-7E3BF6D1CCF9} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-01-20] (Google Inc.)
Task: {F6FDE532-F25A-40C7-AAAF-B33AF91282B9} - System32\Tasks\{2B43B2A3-A783-4ECE-BEF2-BEE44272E399} => pcalua.exe -a "C:\Users\***\Desktop\Galaxy3 Mini - Android Update\SAMSUNG_USB_Driver (1)\SAMSUNG_USB_Driver_for_Mobile_Phones.exe" -d "C:\Users\***\Desktop\Galaxy3 Mini - Android Update\SAMSUNG_USB_Driver (1)"
Task: {F8B7D53C-30BE-4304-A3B5-8FF174B4638A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-01-20] (Google Inc.)
Task: {FA170A4D-7F12-467C-93EF-E7E6B2C86269} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-03-13] (Piriform Ltd)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1888364831-2858631773-2981139133-1001Core.job => C:\Users\***\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1888364831-2858631773-2981139133-1001UA.job => C:\Users\***\AppData\Local\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) ==============
2014-05-10 14:26 - 2014-05-20 09:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2013-09-05 00:17 - 2013-09-05 00:17 - 04300456 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2014-11-30 19:28 - 2014-11-30 19:28 - 00011264 _____ () C:\Program Files (x86)\Bluetooth Suite\Modules\ActivateDesktopDebugger\ActivateDesktopDebugger.dll
2014-11-30 19:24 - 2014-11-30 19:24 - 00086016 _____ () C:\Program Files (x86)\Bluetooth Suite\Modules\Map\MAP.dll
2014-11-30 19:30 - 2014-11-30 19:30 - 00012928 _____ () C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
2014-07-30 11:38 - 2014-07-30 11:38 - 00121363 _____ () d:\Program Files\VideoLAN\VLC\libvlc.dll
2014-07-30 11:38 - 2014-07-30 11:38 - 02524691 _____ () d:\Program Files\VideoLAN\VLC\libvlccore.dll
2014-07-30 11:38 - 2014-07-30 11:38 - 00713235 _____ () d:\Program Files\VideoLAN\VLC\plugins\access\libdshow_plugin.dll
2014-07-30 11:38 - 2014-07-30 11:38 - 00031251 _____ () d:\Program Files\VideoLAN\VLC\plugins\audio_output\libdirectsound_plugin.dll
2014-07-30 11:38 - 2014-07-30 11:38 - 00034323 _____ () d:\Program Files\VideoLAN\VLC\plugins\audio_output\libwaveout_plugin.dll
2014-07-30 11:38 - 2014-07-30 11:38 - 00070163 _____ () d:\Program Files\VideoLAN\VLC\plugins\video_output\libdirectdraw_plugin.dll
2014-07-30 11:38 - 2014-07-30 11:38 - 02376211 _____ () d:\Program Files\VideoLAN\VLC\plugins\access\liblibbluray_plugin.dll
2014-07-30 11:38 - 2014-07-30 11:38 - 00106515 _____ () d:\Program Files\VideoLAN\VLC\plugins\access\libaccess_bd_plugin.dll
2014-07-30 11:38 - 2014-07-30 11:38 - 00263699 _____ () d:\Program Files\VideoLAN\VLC\plugins\access\libdvdnav_plugin.dll
2014-07-30 11:38 - 2014-07-30 11:38 - 00080915 _____ () d:\Program Files\VideoLAN\VLC\plugins\access\libaccess_vdr_plugin.dll
2014-07-30 11:38 - 2014-07-30 11:38 - 00051219 _____ () d:\Program Files\VideoLAN\VLC\plugins\access\libfilesystem_plugin.dll
2014-07-30 11:38 - 2014-07-30 11:38 - 00063507 _____ () d:\Program Files\VideoLAN\VLC\plugins\stream_filter\libsmooth_plugin.dll
2014-07-30 11:38 - 2014-07-30 11:38 - 00608275 _____ () d:\Program Files\VideoLAN\VLC\plugins\stream_filter\libhttplive_plugin.dll
2014-07-30 11:38 - 2014-07-30 11:38 - 01022995 _____ () d:\Program Files\VideoLAN\VLC\plugins\stream_filter\libdash_plugin.dll
2014-07-30 11:38 - 2014-07-30 11:38 - 00125459 _____ () d:\Program Files\VideoLAN\VLC\plugins\access\libzip_plugin.dll
2014-07-30 11:38 - 2014-07-30 11:38 - 00043539 _____ () d:\Program Files\VideoLAN\VLC\plugins\access\libstream_filter_rar_plugin.dll
2014-07-30 11:38 - 2014-07-30 11:38 - 00017427 _____ () d:\Program Files\VideoLAN\VLC\plugins\stream_filter\librecord_plugin.dll
2014-07-30 11:38 - 2014-07-30 11:38 - 00140307 _____ () d:\Program Files\VideoLAN\VLC\plugins\demux\libplaylist_plugin.dll
2014-07-30 11:38 - 2014-07-30 11:38 - 02218003 _____ () d:\Program Files\VideoLAN\VLC\plugins\meta_engine\libtaglib_plugin.dll
2014-07-30 11:38 - 2014-07-30 11:38 - 00318995 _____ () d:\Program Files\VideoLAN\VLC\plugins\lua\liblua_plugin.dll
2014-07-30 11:38 - 2014-07-30 11:38 - 01470995 _____ () d:\Program Files\VideoLAN\VLC\plugins\misc\libxml_plugin.dll
2014-07-30 11:38 - 2014-07-30 11:38 - 00058387 _____ () d:\Program Files\VideoLAN\VLC\plugins\control\libhotkeys_plugin.dll
2014-07-30 11:38 - 2014-07-30 11:38 - 00043027 _____ () d:\Program Files\VideoLAN\VLC\plugins\control\libglobalhotkeys_plugin.dll
2014-07-30 11:38 - 2014-07-30 11:38 - 00190995 _____ () d:\Program Files\VideoLAN\VLC\plugins\demux\libmp4_plugin.dll
2014-07-30 11:38 - 2014-07-30 11:38 - 00091667 _____ () d:\Program Files\VideoLAN\VLC\plugins\demux\libavi_plugin.dll
2014-07-30 11:38 - 2014-07-30 11:38 - 12501523 _____ () d:\Program Files\VideoLAN\VLC\plugins\gui\libqt4_plugin.dll
2014-07-30 11:38 - 2014-07-30 11:38 - 00071187 _____ () d:\Program Files\VideoLAN\VLC\plugins\demux\libasf_plugin.dll
2014-07-30 11:38 - 2014-07-30 11:38 - 00123923 _____ () d:\Program Files\VideoLAN\VLC\plugins\access\libaccess_http_plugin.dll
2014-07-30 11:38 - 2014-07-30 11:38 - 00081939 _____ () d:\Program Files\VideoLAN\VLC\plugins\demux\libflacsys_plugin.dll
2014-07-30 11:38 - 2014-07-30 11:38 - 00028179 _____ () d:\Program Files\VideoLAN\VLC\plugins\demux\libes_plugin.dll
2014-07-30 11:38 - 2014-07-30 11:38 - 00085523 _____ () d:\Program Files\VideoLAN\VLC\plugins\demux\libmpc_plugin.dll
2014-07-30 11:38 - 2014-07-30 11:38 - 00018963 _____ () d:\Program Files\VideoLAN\VLC\plugins\demux\libtta_plugin.dll
2014-07-30 11:38 - 2014-07-30 11:38 - 00025619 _____ () d:\Program Files\VideoLAN\VLC\plugins\demux\libnuv_plugin.dll
2014-07-30 11:38 - 2014-07-30 11:38 - 00024595 _____ () d:\Program Files\VideoLAN\VLC\plugins\demux\libwav_plugin.dll
2014-07-30 11:38 - 2014-07-30 11:38 - 01261075 _____ () d:\Program Files\VideoLAN\VLC\plugins\demux\libsid_plugin.dll
2014-07-30 11:38 - 2014-07-30 11:38 - 00126483 _____ () d:\Program Files\VideoLAN\VLC\plugins\services_discovery\libsap_plugin.dll
2014-07-30 11:38 - 2014-07-30 11:38 - 00152595 _____ () d:\Program Files\VideoLAN\VLC\plugins\demux\libogg_plugin.dll
2014-07-30 11:38 - 2014-07-30 11:38 - 01739283 _____ () d:\Program Files\VideoLAN\VLC\plugins\demux\libmkv_plugin.dll
2014-07-30 11:38 - 2014-07-30 11:38 - 00017939 _____ () d:\Program Files\VideoLAN\VLC\plugins\demux\libdirac_plugin.dll
2014-07-30 11:38 - 2014-07-30 11:38 - 00928787 _____ () d:\Program Files\VideoLAN\VLC\plugins\access\liblive555_plugin.dll
2014-07-30 11:38 - 2014-07-30 11:38 - 00023571 _____ () d:\Program Files\VideoLAN\VLC\plugins\demux\libsmf_plugin.dll
2014-07-30 11:38 - 2014-07-30 11:38 - 00021011 _____ () d:\Program Files\VideoLAN\VLC\plugins\demux\libpva_plugin.dll
2014-07-30 11:38 - 2014-07-30 11:38 - 00017939 _____ () d:\Program Files\VideoLAN\VLC\plugins\demux\libxa_plugin.dll
2014-07-30 11:38 - 2014-07-30 11:38 - 00018963 _____ () d:\Program Files\VideoLAN\VLC\plugins\demux\libaiff_plugin.dll
2014-07-30 11:38 - 2014-07-30 11:38 - 00021011 _____ () d:\Program Files\VideoLAN\VLC\plugins\demux\libvoc_plugin.dll
2014-07-30 11:38 - 2014-07-30 11:38 - 00017939 _____ () d:\Program Files\VideoLAN\VLC\plugins\demux\libau_plugin.dll
2014-07-30 11:38 - 2014-07-30 11:38 - 00574483 _____ () d:\Program Files\VideoLAN\VLC\plugins\demux\libgme_plugin.dll
2014-07-30 11:38 - 2014-07-30 11:38 - 00039955 _____ () d:\Program Files\VideoLAN\VLC\plugins\meta_engine\libfolder_plugin.dll
2014-07-30 11:38 - 2014-07-30 11:38 - 00330771 _____ () d:\Program Files\VideoLAN\VLC\plugins\codec\libtheora_plugin.dll
2014-07-30 11:38 - 2014-07-30 11:38 - 00019475 _____ () d:\Program Files\VideoLAN\VLC\plugins\codec\librawvideo_plugin.dll
2014-07-30 11:38 - 2014-07-30 11:38 - 00192019 _____ () d:\Program Files\VideoLAN\VLC\plugins\codec\libspeex_plugin.dll
2014-07-30 11:38 - 2014-07-30 11:38 - 00833555 _____ () d:\Program Files\VideoLAN\VLC\plugins\codec\libvorbis_plugin.dll
2014-07-30 11:38 - 2014-07-30 11:38 - 00019475 _____ () d:\Program Files\VideoLAN\VLC\plugins\codec\libaes3_plugin.dll
2014-07-30 11:38 - 2014-07-30 11:38 - 00025619 _____ () d:\Program Files\VideoLAN\VLC\plugins\codec\liblpcm_plugin.dll
2014-07-30 11:38 - 2014-07-30 11:38 - 00024595 _____ () d:\Program Files\VideoLAN\VLC\plugins\packetizer\libpacketizer_flac_plugin.dll
2014-07-30 11:38 - 2014-07-30 11:38 - 00035859 _____ () d:\Program Files\VideoLAN\VLC\plugins\packetizer\libpacketizer_dirac_plugin.dll
2014-07-30 11:38 - 2014-07-30 11:38 - 00024083 _____ () d:\Program Files\VideoLAN\VLC\plugins\packetizer\libpacketizer_mlp_plugin.dll
2014-07-30 11:38 - 2014-07-30 11:38 - 00071699 _____ () d:\Program Files\VideoLAN\VLC\plugins\packetizer\libpacketizer_mpeg4audio_plugin.dll
2014-07-30 11:38 - 2014-07-30 11:38 - 00042003 _____ () d:\Program Files\VideoLAN\VLC\plugins\packetizer\libpacketizer_vc1_plugin.dll
2014-07-30 11:38 - 2014-07-30 11:38 - 00021523 _____ () d:\Program Files\VideoLAN\VLC\plugins\codec\libsvcdsub_plugin.dll
2014-07-30 11:38 - 2014-07-30 11:38 - 00023059 _____ () d:\Program Files\VideoLAN\VLC\plugins\codec\libspudec_plugin.dll
2014-07-30 11:38 - 2014-07-30 11:38 - 00029715 _____ () d:\Program Files\VideoLAN\VLC\plugins\packetizer\libpacketizer_mpeg4video_plugin.dll
2014-07-30 11:38 - 2014-07-30 11:38 - 00028691 _____ () d:\Program Files\VideoLAN\VLC\plugins\packetizer\libpacketizer_mpegvideo_plugin.dll
2014-07-30 11:38 - 2014-07-30 11:38 - 00021523 _____ () d:\Program Files\VideoLAN\VLC\plugins\codec\libcvdsub_plugin.dll
2014-07-30 11:38 - 2014-07-30 11:38 - 00085523 _____ () d:\Program Files\VideoLAN\VLC\plugins\packetizer\libpacketizer_h264_plugin.dll
2014-07-30 11:38 - 2014-07-30 11:38 - 00022035 _____ () d:\Program Files\VideoLAN\VLC\plugins\codec\libmpeg_audio_plugin.dll
2014-07-30 11:38 - 2014-07-30 11:38 - 00341011 _____ () d:\Program Files\VideoLAN\VLC\plugins\codec\libpng_plugin.dll
2014-07-30 11:38 - 2014-07-30 11:38 - 00021523 _____ () d:\Program Files\VideoLAN\VLC\plugins\codec\libcdg_plugin.dll
2014-07-30 11:38 - 2014-07-30 11:38 - 01505811 _____ () d:\Program Files\VideoLAN\VLC\plugins\codec\libschroedinger_plugin.dll
2014-07-30 11:38 - 2014-07-30 11:38 - 00023059 _____ () d:\Program Files\VideoLAN\VLC\plugins\codec\libdts_plugin.dll
2014-07-30 11:38 - 2014-07-30 11:38 - 00417811 _____ () d:\Program Files\VideoLAN\VLC\plugins\codec\libfaad_plugin.dll
2014-07-30 11:38 - 2014-07-30 11:38 - 00230931 _____ () d:\Program Files\VideoLAN\VLC\plugins\codec\libflac_plugin.dll
2014-07-30 11:38 - 2014-07-30 11:38 - 00029715 _____ () d:\Program Files\VideoLAN\VLC\plugins\codec\libg711_plugin.dll
2014-07-30 11:38 - 2014-07-30 11:38 - 01745427 _____ () d:\Program Files\VideoLAN\VLC\plugins\codec\liblibass_plugin.dll
2014-07-30 11:38 - 2014-07-30 11:38 - 00017427 _____ () d:\Program Files\VideoLAN\VLC\plugins\audio_mixer\libfloat_mixer_plugin.dll
2014-07-30 11:38 - 2014-07-30 11:38 - 00023059 _____ () d:\Program Files\VideoLAN\VLC\plugins\audio_filter\libscaletempo_plugin.dll
2014-07-30 11:38 - 2014-07-30 11:38 - 00139795 _____ () d:\Program Files\VideoLAN\VLC\plugins\audio_filter\libmpgatofixed32_plugin.dll
2014-07-30 11:38 - 2014-07-30 11:38 - 00186387 _____ () d:\Program Files\VideoLAN\VLC\plugins\audio_filter\libdtstofloat32_plugin.dll
2014-07-30 11:38 - 2014-07-30 11:38 - 00081939 _____ () d:\Program Files\VideoLAN\VLC\plugins\audio_filter\liba52tofloat32_plugin.dll
2014-07-30 11:38 - 2014-07-30 11:38 - 01506835 _____ () d:\Program Files\VideoLAN\VLC\plugins\audio_filter\libsamplerate_plugin.dll
2014-07-30 11:38 - 2014-07-30 11:38 - 00025619 _____ () d:\Program Files\VideoLAN\VLC\plugins\audio_filter\libsimple_channel_mixer_plugin.dll
2014-07-30 11:38 - 2014-07-30 11:38 - 00016915 _____ () d:\Program Files\VideoLAN\VLC\plugins\audio_filter\liba52tospdif_plugin.dll
2014-07-30 11:38 - 2014-07-30 11:38 - 00017939 _____ () d:\Program Files\VideoLAN\VLC\plugins\audio_filter\libdtstospdif_plugin.dll
2014-07-30 11:38 - 2014-07-30 11:38 - 00017939 _____ () d:\Program Files\VideoLAN\VLC\plugins\audio_filter\libdolby_surround_decoder_plugin.dll
2014-07-30 11:38 - 2014-07-30 11:38 - 00017427 _____ () d:\Program Files\VideoLAN\VLC\plugins\audio_filter\libugly_resampler_plugin.dll
2014-07-30 11:38 - 2014-07-30 11:38 - 00018963 _____ () d:\Program Files\VideoLAN\VLC\plugins\audio_filter\libtrivial_channel_mixer_plugin.dll
2014-07-30 11:38 - 2014-07-30 11:38 - 00029715 _____ () d:\Program Files\VideoLAN\VLC\plugins\audio_filter\libaudio_format_plugin.dll
2015-02-19 21:34 - 2014-01-10 18:21 - 00082944 ____R () C:\Program Files (x86)\Ralink\Common\ndisflt.dll
2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2015-03-31 16:08 - 2015-03-31 16:08 - 01020928 _____ () C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\xj48727q.default-1427810809798\extensions\support@lastpass.com\platform\WINNT_x86-msvc\components\lpxpcom.dll
2015-04-18 16:35 - 2015-04-13 23:55 - 01252680 _____ () C:\Program Files (x86)\Google\Chrome\Application\42.0.2311.90\libglesv2.dll
2015-04-18 16:35 - 2015-04-13 23:55 - 00080712 _____ () C:\Program Files (x86)\Google\Chrome\Application\42.0.2311.90\libegl.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
AlternateDataStreams: C:\Users\***\SkyDrive:ms-properties
AlternateDataStreams: C:\Users\***\Downloads\2009_FFD_2.exe:BDU
AlternateDataStreams: C:\Users\***\Downloads\br2014Free101.exe:BDU
AlternateDataStreams: C:\Users\***\Downloads\ClassicShellSetup_4_1_0.exe:BDU
AlternateDataStreams: C:\Users\***\Downloads\DNGConverter_8_7_1.exe:BDU
AlternateDataStreams: C:\Users\***\Downloads\Kies3Setup.exe:BDU
AlternateDataStreams: C:\Users\***\Downloads\KiesSetup.exe:BDU
AlternateDataStreams: C:\Users\***\Downloads\PSB210_1315-1.exe:BDU
AlternateDataStreams: C:\Users\***\Downloads\xq2pnrwj.exe:BDU
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SophosVirusRemovalTool => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SophosVirusRemovalTool => ""="Service"
==================== EXE Association (whitelisted) ===============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, the associated entry will be removed from the registry.)
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-1888364831-2858631773-2981139133-1001\Control Panel\Desktop\\Wallpaper -> E:\Bilder\Wallpapers\IMGP0918-1.jpg
DNS Servers: 192.168.2.1
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
HKLM\...\StartupApproved\StartupFolder: => "Install LastPass IE RunOnce.lnk"
HKLM\...\StartupApproved\StartupFolder: => "McAfee Security Scan Plus.lnk"
HKLM\...\StartupApproved\Run: => "StartCCC"
HKLM\...\StartupApproved\Run: => "IntelliPoint"
HKLM\...\StartupApproved\Run32: => "StartCCC"
HKLM\...\StartupApproved\Run32: => "KeePass 2 PreLoad"
HKLM\...\StartupApproved\Run32: => "BCSSync"
HKLM\...\StartupApproved\Run32: => "Raptr"
HKLM\...\StartupApproved\Run32: => "ThrustTSR"
HKLM\...\StartupApproved\Run32: => "WISO Mein Geld 2015 Professional .NET"
HKLM\...\StartupApproved\Run32: => "HP Software Update"
HKLM\...\StartupApproved\Run32: => "KiesTrayAgent"
HKU\S-1-5-21-1888364831-2858631773-2981139133-1001\...\StartupApproved\StartupFolder: => "WISO Mein Steuer-Sparbuch heute.lnk"
HKU\S-1-5-21-1888364831-2858631773-2981139133-1001\...\StartupApproved\Run: => "Google+ Auto Backup"
HKU\S-1-5-21-1888364831-2858631773-2981139133-1001\...\StartupApproved\Run: => "Google Update"
HKU\S-1-5-21-1888364831-2858631773-2981139133-1001\...\StartupApproved\Run: => "Skype"
HKU\S-1-5-21-1888364831-2858631773-2981139133-1001\...\StartupApproved\Run: => "Ubuntu One Icon"
HKU\S-1-5-21-1888364831-2858631773-2981139133-1001\...\StartupApproved\Run: => "Ubuntu One"
HKU\S-1-5-21-1888364831-2858631773-2981139133-1001\...\StartupApproved\Run: => "WEB.DE Application {sync-000021}"
HKU\S-1-5-21-1888364831-2858631773-2981139133-1001\...\StartupApproved\Run: => "CCleaner Monitoring"
==================== FirewallRules (whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppextcomobj.exe
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppextcomobj.exe
FirewallRules: [RemoteDesktop-Shadow-In-TCP] => (Allow) %SystemRoot%\system32\RdpSa.exe
FirewallRules: [WFDPRINT-DAFWSD-Out-Active] => (Allow) %SystemRoot%\system32\dashost.exe
FirewallRules: [WFDPRINT-DAFWSD-In-Active] => (Allow) %SystemRoot%\system32\dashost.exe
FirewallRules: [PlayTo-In-RTSP-PlayToScope] => (Allow) %SystemRoot%\system32\mdeserver.exe
FirewallRules: [PlayTo-In-RTSP-LocalSubnetScope] => (Allow) %SystemRoot%\system32\mdeserver.exe
FirewallRules: [PlayTo-In-RTSP-NoScope] => (Allow) %SystemRoot%\system32\mdeserver.exe
FirewallRules: [PlayTo-Out-UDP-PlayToScope] => (Allow) %SystemRoot%\system32\mdeserver.exe
FirewallRules: [PlayTo-Out-UDP-LocalSubnetScope] => (Allow) %SystemRoot%\system32\mdeserver.exe
FirewallRules: [PlayTo-Out-UDP-NoScope] => (Allow) %SystemRoot%\system32\mdeserver.exe
FirewallRules: [PlayTo-In-UDP-PlayToScope] => (Allow) %SystemRoot%\system32\mdeserver.exe
FirewallRules: [PlayTo-In-UDP-LocalSubnetScope] => (Allow) %SystemRoot%\system32\mdeserver.exe
FirewallRules: [PlayTo-In-UDP-NoScope] => (Allow) %SystemRoot%\system32\mdeserver.exe
FirewallRules: [TPMVSCMGR-Server-Out-TCP] => (Allow) %SystemRoot%\system32\RmtTpmVscMgrSvr.exe
FirewallRules: [TPMVSCMGR-Server-In-TCP] => (Allow) %SystemRoot%\system32\RmtTpmVscMgrSvr.exe
FirewallRules: [TPMVSCMGR-Server-Out-TCP-NoScope] => (Allow) %SystemRoot%\system32\RmtTpmVscMgrSvr.exe
FirewallRules: [TPMVSCMGR-Server-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\RmtTpmVscMgrSvr.exe
FirewallRules: [EventForwarder-In-TCP] => (Allow) %SystemRoot%\system32\NetEvtFwdr.exe
FirewallRules: [NETDIS-DAS-In-UDP] => (Allow) %SystemRoot%\system32\dashost.exe
FirewallRules: [NETDIS-DAS-In-UDP-Active] => (Allow) %SystemRoot%\system32\dashost.exe
FirewallRules: [ProximityUxHost-Sharing-Out-TCP-NoScope] => (Allow) %SystemRoot%\system32\proximityuxhost.exe
FirewallRules: [ProximityUxHost-Sharing-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\proximityuxhost.exe
FirewallRules: [Wininit-Shutdown-In-Rule-TCP-RPC-EPMapper] => (Allow) %systemroot%\system32\wininit.exe
FirewallRules: [Wininit-Shutdown-In-Rule-TCP-RPC] => (Allow) %systemroot%\system32\wininit.exe
FirewallRules: [TCP Query User{00AF6728-F0B0-4052-AE5F-8B3077E3FC0C}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{3C7AE69E-2733-4B32-86AE-9547DC1ADB4C}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{BE9AE20E-9FF2-43C6-B1D5-B9D9F47469F4}] => (Allow) D:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{2D215BD9-891E-4FA9-8DC3-65A0D9668FF4}] => (Allow) D:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{52C4A13B-C420-49DA-8CA1-97373B940B41}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\dota.exe
FirewallRules: [{D6281D2C-5F85-4386-B9A0-A660F06C8B76}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\dota.exe
FirewallRules: [{F0D2E862-1A47-4408-AF35-5F27AAC4DC22}] => (Allow) C:\Windows\SysWOW64\muzapp.exe
FirewallRules: [{2AA1DFD6-312E-4DD9-B109-C20E0ECCA36A}] => (Allow) C:\Windows\SysWOW64\muzapp.exe
FirewallRules: [TCP Query User{D81D86BC-E0B3-45BF-A894-6D9C2A82E449}C:\users\***\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\***\appdata\local\akamai\netsession_win.exe
FirewallRules: [UDP Query User{3CB4847B-E1E0-48F0-8699-4E71C654CE55}C:\users\***\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\***\appdata\local\akamai\netsession_win.exe
FirewallRules: [TCP Query User{EDCDA70B-DF1A-48F3-BD4E-B9F2853EDF8E}D:\program files (x86)\turbine\der herr der ringe online\lotroclient.exe] => (Allow) D:\program files (x86)\turbine\der herr der ringe online\lotroclient.exe
FirewallRules: [UDP Query User{E6EE7A41-8A78-4ABD-80E9-3FA2D53AF160}D:\program files (x86)\turbine\der herr der ringe online\lotroclient.exe] => (Allow) D:\program files (x86)\turbine\der herr der ringe online\lotroclient.exe
FirewallRules: [{7C6A2AAD-7F73-44E4-8E0C-F996237331A9}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{BE376B36-920A-4902-82BE-6CF699D14293}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{8E4C68F3-525B-491B-9D9A-273394BFC787}C:\program files\hp\hp photosmart plus b210 series\bin\hpnetworkcommunicatorcom.exe] => (Allow) C:\program files\hp\hp photosmart plus b210 series\bin\hpnetworkcommunicatorcom.exe
FirewallRules: [UDP Query User{E00CD392-19D4-434B-A05F-84142498B2F2}C:\program files\hp\hp photosmart plus b210 series\bin\hpnetworkcommunicatorcom.exe] => (Allow) C:\program files\hp\hp photosmart plus b210 series\bin\hpnetworkcommunicatorcom.exe
FirewallRules: [TCP Query User{71C511BF-12BB-4651-9031-6688F51B8BF9}C:\program files\hp\hp photosmart plus b210 series\bin\hpnetworkcommunicator.exe] => (Allow) C:\program files\hp\hp photosmart plus b210 series\bin\hpnetworkcommunicator.exe
FirewallRules: [UDP Query User{390EC187-5C6C-4A45-8FEA-AAEA00AF3977}C:\program files\hp\hp photosmart plus b210 series\bin\hpnetworkcommunicator.exe] => (Allow) C:\program files\hp\hp photosmart plus b210 series\bin\hpnetworkcommunicator.exe
FirewallRules: [TCP Query User{4D23AC9C-24EF-4146-B952-3A1065E63EC7}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{3D1DE240-0821-41A5-B028-7F55E3D43906}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{13DFE2D0-73A5-4A69-A21D-93EF4184CE6F}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [TCP Query User{767917D7-DC42-4B63-B01E-44195DA16C3C}C:\program files\hp\hp photosmart plus b210 series\bin\hpnetworkcommunicator.exe] => (Block) C:\program files\hp\hp photosmart plus b210 series\bin\hpnetworkcommunicator.exe
FirewallRules: [UDP Query User{FDBEA3A4-5B6A-4A48-BB4B-16D2C151F6C3}C:\program files\hp\hp photosmart plus b210 series\bin\hpnetworkcommunicator.exe] => (Block) C:\program files\hp\hp photosmart plus b210 series\bin\hpnetworkcommunicator.exe
==================== Faulty Device Manager Devices =============
Name: Realtek PCIe GBE Family Controller
Description: Realtek PCIe GBE Family Controller
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Realtek
Service: RTL8168
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
Name: Bluetooth-Gerät (RFCOMM-Protokoll-TDI)
Description: Bluetooth-Gerät (RFCOMM-Protokoll-TDI)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: RFCOMM
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
Name: Bluetooth-Gerät (PAN)
Description: Bluetooth-Gerät (PAN)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: BthPan
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
==================== Event log errors: =========================
Application errors:
==================
Error: (04/27/2015 05:41:12 PM) (Source: Microsoft-Windows-WMI) (EventID: 10) (User: NT-AUTORITÄT)
Description: Der Ereignisfilter mit der Abfrage "select * from __InstanceModificationEvent where targetinstance isa '__ArbitratorConfiguration'" konnte im Namespace "//./root" aufgrund des Fehlers "0x80041033" nicht reaktiviert werden. Solange dieses Problem besteht, können mit diesem Filter keine Ereignisse übermittelt werden.
Error: (04/26/2015 09:13:47 PM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: Das Volume "(H:)" wurde aufgrund eines Fehlers nicht optimiert: Falscher Parameter. (0x80070057)
Error: (04/26/2015 00:31:03 PM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: Das Volume "\\?\Volume{40074772-7e2b-407c-8063-16df5dc9932e}\" wurde aufgrund eines Fehlers nicht optimiert: Falscher Parameter. (0x80070057)
Error: (04/26/2015 00:30:38 PM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: Das Volume "(H:)" wurde aufgrund eines Fehlers nicht optimiert: Falscher Parameter. (0x80070057)
Error: (04/26/2015 00:24:24 PM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: Das Volume "(H:)" wurde aufgrund eines Fehlers nicht optimiert: Falscher Parameter. (0x80070057)
Error: (04/26/2015 00:17:19 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: vlc.exe, Version: 2.1.5.0, Zeitstempel: 0x00000000
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.3.9600.17736, Zeitstempel: 0x550f4336
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000000000005473b
ID des fehlerhaften Prozesses: 0x1570
Startzeit der fehlerhaften Anwendung: 0xvlc.exe0
Pfad der fehlerhaften Anwendung: vlc.exe1
Pfad des fehlerhaften Moduls: vlc.exe2
Berichtskennung: vlc.exe3
Vollständiger Name des fehlerhaften Pakets: vlc.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: vlc.exe5
Error: (04/26/2015 11:56:08 AM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: Das Volume "(H:)" wurde aufgrund eines Fehlers nicht optimiert: Falscher Parameter. (0x80070057)
Error: (04/25/2015 08:54:34 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: vlc.exe, Version: 2.1.5.0, Zeitstempel: 0x00000000
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.3.9600.17736, Zeitstempel: 0x550f4336
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000000000005473b
ID des fehlerhaften Prozesses: 0x2f48
Startzeit der fehlerhaften Anwendung: 0xvlc.exe0
Pfad der fehlerhaften Anwendung: vlc.exe1
Pfad des fehlerhaften Moduls: vlc.exe2
Berichtskennung: vlc.exe3
Vollständiger Name des fehlerhaften Pakets: vlc.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: vlc.exe5
Error: (04/25/2015 01:21:40 PM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: Das Volume "\\?\Volume{40074772-7e2b-407c-8063-16df5dc9932e}\" wurde aufgrund eines Fehlers nicht optimiert: Falscher Parameter. (0x80070057)
Error: (04/25/2015 01:08:58 PM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: Das Volume "(H:)" wurde aufgrund eines Fehlers nicht optimiert: Falscher Parameter. (0x80070057)
System errors:
=============
Error: (04/27/2015 08:08:40 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert und an den Remoteendpunkt gesendet. Dies kann dazu führen, dass die Verbindung beendet wird. Die schwerwiegende Warnung hat folgenden für das TLS-Protokoll definierten Code: 20. Der Windows-SChannel-Fehlerstatus lautet: 960.
Error: (04/27/2015 05:41:59 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "SPCA1528 Video Camera Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1058
Error: (04/27/2015 05:39:22 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "SPCA1528 Video Camera Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1058
Error: (04/26/2015 06:56:39 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "SPCA1528 Video Camera Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1058
Error: (04/26/2015 06:30:45 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "SPCA1528 Video Camera Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1058
Error: (04/26/2015 11:33:35 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "SPCA1528 Video Camera Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1058
Error: (04/25/2015 01:53:04 PM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 4
Error: (04/25/2015 10:45:02 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "SPCA1528 Video Camera Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1058
Error: (04/24/2015 07:55:08 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "SPCA1528 Video Camera Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1058
Error: (04/24/2015 04:04:02 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "SPCA1528 Video Camera Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1058
Microsoft Office Sessions:
=========================
Error: (04/27/2015 05:41:12 PM) (Source: Microsoft-Windows-WMI) (EventID: 10) (User: NT-AUTORITÄT)
Description: //./rootselect * from __InstanceModificationEvent where targetinstance isa '__ArbitratorConfiguration'0x80041033
Error: (04/26/2015 09:13:47 PM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: (H:)Falscher Parameter. (0x80070057)
Error: (04/26/2015 00:31:03 PM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: \\?\Volume{40074772-7e2b-407c-8063-16df5dc9932e}\Falscher Parameter. (0x80070057)
Error: (04/26/2015 00:30:38 PM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: (H:)Falscher Parameter. (0x80070057)
Error: (04/26/2015 00:24:24 PM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: (H:)Falscher Parameter. (0x80070057)
Error: (04/26/2015 00:17:19 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: vlc.exe2.1.5.000000000ntdll.dll6.3.9600.17736550f4336c0000005000000000005473b157001d0800a2abe018dd:\Program Files\VideoLAN\VLC\vlc.exeC:\WINDOWS\SYSTEM32\ntdll.dll6b264054-ebfd-11e4-8048-88f97f675951
Error: (04/26/2015 11:56:08 AM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: (H:)Falscher Parameter. (0x80070057)
Error: (04/25/2015 08:54:34 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: vlc.exe2.1.5.000000000ntdll.dll6.3.9600.17736550f4336c0000005000000000005473b2f4801d07f73d31db526d:\Program Files\VideoLAN\VLC\vlc.exeC:\WINDOWS\SYSTEM32\ntdll.dll82d39ae9-eb7c-11e4-8047-e8760068cc4d
Error: (04/25/2015 01:21:40 PM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: \\?\Volume{40074772-7e2b-407c-8063-16df5dc9932e}\Falscher Parameter. (0x80070057)
Error: (04/25/2015 01:08:58 PM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: (H:)Falscher Parameter. (0x80070057)
CodeIntegrity Errors:
===================================
Date: 2015-04-26 11:56:35.795
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\Emsisoft Anti-Malware\a2hooks32.dll that did not meet the Store signing level requirements.
Date: 2015-04-26 11:56:35.472
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\Emsisoft Anti-Malware\a2hooks32.dll that did not meet the Store signing level requirements.
Date: 2015-04-26 11:56:35.147
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\Emsisoft Anti-Malware\a2hooks32.dll that did not meet the Store signing level requirements.
Date: 2015-04-26 11:56:34.875
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\Emsisoft Anti-Malware\a2hooks32.dll that did not meet the Store signing level requirements.
Date: 2015-04-26 11:56:34.579
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\Emsisoft Anti-Malware\a2hooks32.dll that did not meet the Store signing level requirements.
Date: 2015-04-26 11:56:34.018
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\Emsisoft Anti-Malware\a2hooks32.dll that did not meet the Store signing level requirements.
Date: 2015-04-25 12:34:01.659
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\Emsisoft Anti-Malware\a2hooks32.dll that did not meet the Store signing level requirements.
Date: 2015-04-25 12:34:00.976
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\Emsisoft Anti-Malware\a2hooks32.dll that did not meet the Store signing level requirements.
Date: 2015-04-25 12:34:00.478
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\Emsisoft Anti-Malware\a2hooks32.dll that did not meet the Store signing level requirements.
Date: 2015-04-25 12:33:59.960
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\Emsisoft Anti-Malware\a2hooks32.dll that did not meet the Store signing level requirements.
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i5-2500 CPU @ 3.30GHz
Percentage of memory in use: 40%
Total physical RAM: 8159.15 MB
Available physical RAM: 4854.77 MB
Total Pagefile: 16351.15 MB
Available Pagefile: 12480.68 MB
Total Virtual: 131072 MB
Available Virtual: 131071.8 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:75.22 GB) (Free:16.55 GB) NTFS
Drive d: (Win) (Fixed) (Total:270.45 GB) (Free:46.25 GB) NTFS
Drive e: (Elements) (Fixed) (Total:465.64 GB) (Free:282.52 GB) FAT32
Drive h: () (Fixed) (Total:0.49 GB) (Free:0.48 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 111.8 GB) (Disk ID: 000AB2A8)
Partition: GPT Partition Type.
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: BDD4B8D6)
Partition 1: (Not Active) - (Size=270.4 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=195.3 GB) - (Type=83)
========================================================
Disk: 2 (Size: 465.8 GB) (Disk ID: 8D399BC0)
Partition 1: (Active) - (Size=465.8 GB) - (Type=0C)
==================== End Of Log ============================
Rechner friert vollständig ein. Kein An-/Aus-Schalter, kein "Affengriff". Noch nicht mal der Reset-Knopf geht. Und der geht durchaus. Habs getestet. Freue mich wieder mal über Hilfe... LG verrant |
|
27.04.2015, 20:24
| #2 |
| /// the machine /// TB-Ausbilder    | Re-Infekt mit Malaha.net und diverse Beobachtungen hi,
__________________Downloade dir bitte  Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ |
|
27.04.2015, 21:24
| #3 |
| | Re-Infekt mit Malaha.net und diverse Beobachtungen Hallo Schrauber.
__________________Danke für die schnelle Hilfe. Mbar: Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.09.1.1004
www.malwarebytes.org
Database version:
main: v2015.04.27.03
rootkit: v2015.04.21.01
Windows 8.1 x64 NTFS
Internet Explorer 11.0.9600.17728
*** :: *** [administrator]
27.04.2015 21:53:15
mbar-log-2015-04-27 (21-53-15).txt
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 382254
Time elapsed: 6 minute(s), 25 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
Physical Sectors Detected: 0
(No malicious items detected)
(end)
Code:
ATTFilter 22:15:01.0014 0x1588 TDSS rootkit removing tool 3.0.0.44 Jan 22 2015 08:27:04
22:15:01.0014 0x1588 UEFI system
22:15:06.0521 0x1588 ============================================================
22:15:06.0521 0x1588 Current date / time: 2015/04/27 22:15:06.0521
22:15:06.0521 0x1588 SystemInfo:
22:15:06.0521 0x1588
22:15:06.0521 0x1588 OS Version: 6.3.9600 ServicePack: 0.0
22:15:06.0521 0x1588 Product type: Workstation
22:15:06.0521 0x1588 ComputerName: ***
22:15:06.0521 0x1588 UserName: ***
22:15:06.0521 0x1588 Windows directory: C:\WINDOWS
22:15:06.0521 0x1588 System windows directory: C:\WINDOWS
22:15:06.0521 0x1588 Running under WOW64
22:15:06.0521 0x1588 Processor architecture: Intel x64
22:15:06.0521 0x1588 Number of processors: 4
22:15:06.0521 0x1588 Page size: 0x1000
22:15:06.0521 0x1588 Boot type: Normal boot
22:15:06.0521 0x1588 ============================================================
22:15:07.0180 0x1588 KLMD registered as C:\WINDOWS\system32\drivers\71916065.sys
22:15:07.0372 0x1588 System UUID: {0B5A5B54-B2F2-89F6-F0B5-AA09FE3E7769}
22:15:07.0876 0x1588 Drive \Device\Harddisk0\DR0 - Size: 0x1BF2976000 ( 111.79 Gb ), SectorSize: 0x200, Cylinders: 0x3901, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
22:15:07.0897 0x1588 Drive \Device\Harddisk1\DR1 - Size: 0x7470C06000 ( 465.76 Gb ), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
22:15:07.0898 0x1588 Drive \Device\Harddisk2\DR2 - Size: 0x7470C06000 ( 465.76 Gb ), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
22:15:07.0915 0x1588 ============================================================
22:15:07.0915 0x1588 \Device\Harddisk0\DR0:
22:15:07.0915 0x1588 GPT partitions:
22:15:07.0915 0x1588 \Device\Harddisk0\DR0\Partition1: GPT, TypeGUID: {C12A7328-F81F-11D2-BA4B-00A0C93EC93B}, UniqueGUID: {BCF91871-72BB-4CEF-8E7F-D9C0A4955E9D}, Name: EFI system partition, StartLBA 0x800, BlocksNum 0x32000
22:15:07.0915 0x1588 \Device\Harddisk0\DR0\Partition2: GPT, TypeGUID: {E3C9E316-0B5C-4DB8-817D-F92DF00215AE}, UniqueGUID: {10C44319-F5CB-4456-B544-BF94C4B5B9D6}, Name: Microsoft reserved partition, StartLBA 0x32800, BlocksNum 0x40000
22:15:07.0915 0x1588 \Device\Harddisk0\DR0\Partition3: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {2916D671-1614-44CF-BBA0-0B3B08A75243}, Name: Basic data partition, StartLBA 0x72800, BlocksNum 0x9673000
22:15:07.0915 0x1588 \Device\Harddisk0\DR0\Partition4: GPT, TypeGUID: {DE94BBA4-06D1-4D40-A16A-BFD50179D6AC}, UniqueGUID: {40074772-7E2B-407C-8063-16DF5DC9932E}, Name: , StartLBA 0x96E5800, BlocksNum 0xAF000
22:15:07.0915 0x1588 \Device\Harddisk0\DR0\Partition5: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {62BD0C43-E716-4F22-8881-2956BF62C438}, Name: , StartLBA 0xB91C000, BlocksNum 0xFD000
22:15:07.0915 0x1588 \Device\Harddisk0\DR0\Partition6: GPT, TypeGUID: {0FC63DAF-8483-4772-8E79-3D69D8477DE4}, UniqueGUID: {BEF882A5-816C-404E-98A9-38A8BE2AB8C6}, Name: , StartLBA 0xBA19000, BlocksNum 0x257B800
22:15:07.0915 0x1588 MBR partitions:
22:15:07.0915 0x1588 \Device\Harddisk1\DR1:
22:15:07.0916 0x1588 MBR partitions:
22:15:07.0916 0x1588 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x21CE4800
22:15:07.0916 0x1588 \Device\Harddisk2\DR2:
22:15:07.0916 0x1588 MBR partitions:
22:15:07.0916 0x1588 \Device\Harddisk2\DR2\Partition1: MBR, Type 0xC, StartLBA 0x3F, BlocksNum 0x3A380D41
22:15:07.0916 0x1588 ============================================================
22:15:07.0917 0x1588 C: <-> \Device\Harddisk0\DR0\Partition3
22:15:07.0932 0x1588 D: <-> \Device\Harddisk1\DR1\Partition1
22:15:07.0932 0x1588 E: <-> \Device\Harddisk2\DR2\Partition1
22:15:07.0933 0x1588 H: <-> \Device\Harddisk0\DR0\Partition5
22:15:07.0933 0x1588 ============================================================
22:15:07.0933 0x1588 Initialize success
22:15:07.0933 0x1588 ============================================================
22:15:24.0507 0x0de0 ============================================================
22:15:24.0507 0x0de0 Scan started
22:15:24.0507 0x0de0 Mode: Manual; SigCheck; TDLFS;
22:15:24.0507 0x0de0 ============================================================
22:15:24.0507 0x0de0 KSN ping started
22:15:26.0934 0x0de0 KSN ping finished: true
22:15:27.0265 0x0de0 ================ Scan system memory ========================
22:15:27.0265 0x0de0 System memory - ok
22:15:27.0266 0x0de0 ================ Scan services =============================
22:15:27.0342 0x0de0 [ E1832BD9FD7E0FC2DC9FA5935DE3E8C1, 41FF7418887AFC8B9C96EF21C5950DD342CC9E3C0D87AFD60A05B988C1D6CC23 ] 1394ohci C:\WINDOWS\System32\drivers\1394ohci.sys
22:15:27.0382 0x0de0 1394ohci - ok
22:15:27.0389 0x0de0 [ AD508A1A46EC21B740AB31C28EFDFDB1, 9B1046CF0B80723149BD359B55CC0B8B3ABBEAA9038469F542A4C345C503FB02 ] 3ware C:\WINDOWS\system32\drivers\3ware.sys
22:15:27.0398 0x0de0 3ware - ok
22:15:27.0412 0x0de0 [ E796AE43DDD1844281DB4D57294D17C0, 21AE69615044A96041E46476BE814B52C22624B6C7EA6BFC77BB64F69C3C21F5 ] ACPI C:\WINDOWS\system32\drivers\ACPI.sys
22:15:27.0429 0x0de0 ACPI - ok
22:15:27.0434 0x0de0 [ AC8279D229398BCF05C3154ADCA86813, 083E86CBE53244D24C334DB1511C77025133AE7875191845764B890A8CA5AFA9 ] acpiex C:\WINDOWS\system32\Drivers\acpiex.sys
22:15:27.0442 0x0de0 acpiex - ok
22:15:27.0444 0x0de0 [ A8970D9BF23CD309E0403978A1B58F3F, 9946C8477104EEC7DB197E2222F9905307F101C398CCED4B5FD0F86A5622C791 ] acpipagr C:\WINDOWS\System32\drivers\acpipagr.sys
22:15:27.0452 0x0de0 acpipagr - ok
22:15:27.0455 0x0de0 [ 111A89C99C5B4F1A7BCE5F643DD86F65, 41A2E49FF443927D05F7EF638518108227852984E68D4663C8761178C0B84A45 ] AcpiPmi C:\WINDOWS\System32\drivers\acpipmi.sys
22:15:27.0464 0x0de0 AcpiPmi - ok
22:15:27.0466 0x0de0 [ 5758387D68A20AE7D3245011B07E36E7, 77832E200E8B0D259552F6F60FE454A887E3EBBB9EA2F3590E6645289A04E293 ] acpitime C:\WINDOWS\System32\drivers\acpitime.sys
22:15:27.0473 0x0de0 acpitime - ok
22:15:27.0508 0x0de0 [ B04A4810C6CC205F9DC72DC22E4AB236, 547321F5C28C80D4818372D65E2A33D4BAC593015DD6613B24586FE4B4A95D5D ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
22:15:27.0517 0x0de0 AdobeFlashPlayerUpdateSvc - ok
22:15:27.0534 0x0de0 [ 7C1FDF1B48298CBA7CE4BDD4978951AD, 80F4D536E1231B30E836F72ADC8814AE6AA9FEC573FB5F3F965FAC8ABCCAF0F8 ] ADP80XX C:\WINDOWS\system32\drivers\ADP80XX.SYS
22:15:27.0555 0x0de0 ADP80XX - ok
22:15:27.0563 0x0de0 [ BCD58DACAA1EAAADC115EDD940478F6D, F31613F583C302F62A00E6766B031531C9E193CAED563689B178BA257715B992 ] AeLookupSvc C:\WINDOWS\System32\aelupsvc.dll
22:15:27.0577 0x0de0 AeLookupSvc - ok
22:15:27.0590 0x0de0 [ 374E27295F0A9DCAA8FC96370F9BEEA5, 51C394E0C2322D7D093941A1B8766171B5D1F47DF2FE0834209492891EA7D999 ] AFD C:\WINDOWS\system32\drivers\afd.sys
22:15:27.0607 0x0de0 AFD - ok
22:15:27.0612 0x0de0 [ 7DFAEBA9AD62D20102B576D5CAC45EC8, 9FA5207335303D1E8E9A3C9E1FB82C09AD21B04382F69D777A67E48EE91D2093 ] agp440 C:\WINDOWS\system32\drivers\agp440.sys
22:15:27.0618 0x0de0 agp440 - ok
22:15:27.0623 0x0de0 [ F0CB6DB513CAC393D04A0FCE0A59E1BF, E6EE159D0E6B1F666946B1FE421874044E89BB2EB60A521BAA111A1229FA7B2D ] ahcache C:\WINDOWS\system32\DRIVERS\ahcache.sys
22:15:27.0631 0x0de0 ahcache - ok
22:15:27.0635 0x0de0 [ 14A45BE6F5678339F0EC5752D9849410, DD0F60E96FAC68FBD5B86382E541408C613BD0F871D0E0A1EF9AB6E7B26E545C ] ALG C:\WINDOWS\System32\alg.exe
22:15:27.0643 0x0de0 ALG - ok
22:15:27.0651 0x0de0 [ 2998362D1E550F0C990D77E34415BEB6, 36BBC575DFE0CBD5BC4AF9AD8B54DCEF950E93AF48884D6523457071296514CC ] AMD External Events Utility C:\WINDOWS\system32\atiesrxx.exe
22:15:27.0671 0x0de0 AMD External Events Utility - ok
22:15:27.0676 0x0de0 [ 7589DE749DB6F71A68489DCE04158729, 5F35EDD50737985595C9D6703237CA2ADE49AA5443331020899698EB5114A0FB ] AmdK8 C:\WINDOWS\System32\drivers\amdk8.sys
22:15:27.0684 0x0de0 AmdK8 - ok
22:15:27.0687 0x0de0 [ F2FF8C1B41B3784EDBD5C6D5397F403C, 104873700D2BDF4812DC48200B4609F46A63E7A50594A0599100EF1438863708 ] amdkmafd C:\WINDOWS\system32\drivers\amdkmafd.sys
22:15:27.0695 0x0de0 amdkmafd - ok
22:15:28.0019 0x0de0 [ A87FC6E3670DB55788184FE3A3808712, 2366E7423B4EBC6E12F0C172246E4D2D3BDD702193FA6955A08180FFFCB217B9 ] amdkmdag C:\WINDOWS\system32\DRIVERS\atikmdag.sys
22:15:28.0351 0x0de0 amdkmdag - ok
22:15:28.0377 0x0de0 [ 971F3B12C24BB83B48F8CCA2ED019906, E4757480DFF2678E3C7897F6E720EEFF76D452707FC87401B209FE533BFC3210 ] amdkmdap C:\WINDOWS\system32\DRIVERS\atikmpag.sys
22:15:28.0397 0x0de0 amdkmdap - ok
22:15:28.0401 0x0de0 [ B46D2D89AFF8A9490FA8C98C7A5616E3, BE0765B5423B690E0F097FECD9717FAA95BFDFFDC6CF1B93DE5A19A1B7797879 ] AmdPPM C:\WINDOWS\System32\drivers\amdppm.sys
22:15:28.0410 0x0de0 AmdPPM - ok
22:15:28.0414 0x0de0 [ D2BF2F94A47D332814910FD47C6BBCD2, FE273D77D119D958676E1197D9EA7B008E3B05C6192B1962A81D4223ED204C35 ] amdsata C:\WINDOWS\system32\drivers\amdsata.sys
22:15:28.0422 0x0de0 amdsata - ok
22:15:28.0429 0x0de0 [ A8E04943C7BBA7219AA50400272C3C6E, 794C0BD12DF0392654E9A37AE4A24B5BE2D83F1F24F74DD48A1A0BF3AB8B1FF8 ] amdsbs C:\WINDOWS\system32\drivers\amdsbs.sys
22:15:28.0440 0x0de0 amdsbs - ok
22:15:28.0444 0x0de0 [ CEA5F4F27CFC08E3A44D576811B35F50, 89DF64B81BD109BAABAE93A4603C1617241219F38DDAF325EFE6BD35FF6FD717 ] amdxata C:\WINDOWS\system32\drivers\amdxata.sys
22:15:28.0450 0x0de0 amdxata - ok
22:15:28.0453 0x0de0 [ F3537882AA371C4DB220F82E63EA2D67, F92C5C2F9B0465E975AD5D0B407CD7BC50DADEB255356E2654C01EAD8F5951FE ] AmUHubftr C:\WINDOWS\System32\drivers\AmUHubftr.sys
22:15:28.0459 0x0de0 AmUHubftr - ok
22:15:28.0463 0x0de0 [ AAA5E63F19C0D95BFEBE85439E4C9274, EDF7DD9B47BD21522C1C4B52EF580FD2DB9C91B6276B3EDFE23244FDEC71FC4D ] AmUStor C:\WINDOWS\system32\drivers\AmUStor.SYS
22:15:28.0468 0x0de0 AmUStor - ok
22:15:28.0473 0x0de0 [ 415DD71628795197F7AFC176CBADC74E, 5F0359053A6CD6EE239139E0E6F46E1FA9A73F017C0CE9B7BC052216B2C846EC ] AppID C:\WINDOWS\system32\drivers\appid.sys
22:15:28.0481 0x0de0 AppID - ok
22:15:28.0485 0x0de0 [ 34B2E222F82D05398DAE7203B36B6A2B, AC04BC6B5A36A6807FFE302E9ACF073342B4D76B0BB386249251CB3CA1852CE8 ] AppIDSvc C:\WINDOWS\System32\appidsvc.dll
22:15:28.0492 0x0de0 AppIDSvc - ok
22:15:28.0498 0x0de0 [ 680BFB820C5A943AB709BAA2B1EF27F2, A51D2A7976A762FE470C13C6D1BA0319A0FB19C9E66BF02AA44F83EAEC7130F8 ] Appinfo C:\WINDOWS\System32\appinfo.dll
22:15:28.0508 0x0de0 Appinfo - ok
22:15:28.0514 0x0de0 [ 1A8EA3500576DD4B43E9318F10709E0E, 85F8581C319DE241B223366F08A5F9301858DA9DA1A0CAA10ED387A2B99EC216 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
22:15:28.0524 0x0de0 AppMgmt - ok
22:15:28.0538 0x0de0 [ 35E28923A23ADABAA5A1B43256D0AB58, A5F3AF8BBEE58B2165BAFACC5FF8B167B55B020998D3D1565C2229ED8753B269 ] AppReadiness C:\WINDOWS\system32\AppReadiness.dll
22:15:28.0556 0x0de0 AppReadiness - ok
22:15:28.0582 0x0de0 [ 573542B5E97772021B73E854DA861DAA, C3FD00FA28060F8D7CDFD455BBB5FF8239CB76DDFFF2BDAE6AA944674DD993D3 ] AppXSvc C:\WINDOWS\system32\appxdeploymentserver.dll
22:15:28.0614 0x0de0 AppXSvc - ok
22:15:28.0619 0x0de0 [ 65045784366F7EC5FB4E71BCF923187B, 53C215C64FF12E44B097F7CB88E8482438CE0ACBD3C68D8FD38BA0D0D8747FAA ] arcsas C:\WINDOWS\system32\drivers\arcsas.sys
22:15:28.0628 0x0de0 arcsas - ok
22:15:28.0631 0x0de0 [ 74B14192CF79A72F7536B27CB8814FBD, 0CF6BBB63FFE0C12777664D80B2797923844C8392D0FD81D7962EE5EE2C3C3D9 ] atapi C:\WINDOWS\system32\drivers\atapi.sys
22:15:28.0637 0x0de0 atapi - ok
22:15:28.0642 0x0de0 [ 8302D313DCC5536FE6BFB85165D9BB1E, CD9101D9CFE34F0D6CF5A6AD5C997CC5D32CCF5135B78604D0C3CD7252117C2D ] AthBTPort C:\WINDOWS\system32\DRIVERS\btath_flt.sys
22:15:28.0648 0x0de0 AthBTPort - ok
22:15:28.0651 0x0de0 [ 4ECC791539F23982411864037D1AC8FC, 063CBA00E453B5FF3CDFDFB5FA2E6A190A0DC3D399EC36F646262BE76F98A60C ] AthDfu C:\WINDOWS\System32\Drivers\AthDfu.sys
22:15:28.0656 0x0de0 AthDfu - ok
22:15:28.0667 0x0de0 [ 8FBDECF2E2979D6F292990EAB8BADB7C, C9A57BB139A72F1B72EB61FA8B8EA002FEA29B9E15B668E8FC81D238007DE408 ] AtherosSvc C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
22:15:28.0677 0x0de0 AtherosSvc - detected UnsignedFile.Multi.Generic ( 1 )
22:15:31.0207 0x0de0 Detect skipped due to KSN trusted
22:15:31.0207 0x0de0 AtherosSvc - ok
22:15:31.0260 0x0de0 [ 36322190763845975E0D001E90687BF2, EA3DB2D112015CA5C744C5A84CDEFF6D02CE7D0E7E6E141AE3E527C2FAB5600E ] athur C:\WINDOWS\system32\DRIVERS\athurx.sys
22:15:31.0302 0x0de0 athur - ok
22:15:31.0311 0x0de0 [ 8523AA8BD207F937E8C047F8713D4788, EB131C38F51DEDCE2445648CAAE7B7F04F0009EB823A77D1D08B2E9CA8EC9B7D ] AtiHDAudioService C:\WINDOWS\system32\drivers\AtihdWB6.sys
22:15:31.0322 0x0de0 AtiHDAudioService - ok
22:15:31.0329 0x0de0 [ 8779FDAE68BC948B0FE152E758CC8DA7, 13070C2073F8E7546B48AE9CF54067B9BB75DFCD98F2987B90FFAD20D40D54CF ] AudioEndpointBuilder C:\WINDOWS\System32\AudioEndpointBuilder.dll
22:15:31.0340 0x0de0 AudioEndpointBuilder - ok
22:15:31.0360 0x0de0 [ 61EA45A645854FE81D8A924E2D93DFFE, 34F79532297F609CA93C380B68BB8B7B0F027F9C8F4FB8E02A9A43EA3D155F1B ] Audiosrv C:\WINDOWS\System32\Audiosrv.dll
22:15:31.0382 0x0de0 Audiosrv - ok
22:15:31.0387 0x0de0 [ 3C6ED74AF41DD1A5585CE5EF3D00915F, A742F576407776634E5A8E49C60023FFDF395DE0B2DE36662A23F85B79405ED2 ] AxInstSV C:\WINDOWS\System32\AxInstSV.dll
22:15:31.0395 0x0de0 AxInstSV - ok
22:15:31.0408 0x0de0 [ A4A73F631FE2AA2826FBE4A399B04DEF, 973AACE8DC8DA669D0DF20F17EFDEEABB90AA046AC980948D16A62D39A606A79 ] b06bdrv C:\WINDOWS\system32\drivers\bxvbda.sys
22:15:31.0425 0x0de0 b06bdrv - ok
22:15:31.0429 0x0de0 [ 8CC7F7E4AFCBA605921B137ED7992C68, 71406E6D6E9964740A6D90B05329D5492BB90AF40E0630CF2FBF4BA4BA14F2DD ] BasicDisplay C:\WINDOWS\System32\drivers\BasicDisplay.sys
22:15:31.0436 0x0de0 BasicDisplay - ok
22:15:31.0440 0x0de0 [ 38A82F4EE8C416A6744B6D30381ED768, 9EAAE5F43BA09359130AC04B1DCA0F5D4DF32ED89C02DC5CEB640918948847F7 ] BasicRender C:\WINDOWS\System32\drivers\BasicRender.sys
22:15:31.0447 0x0de0 BasicRender - ok
22:15:31.0451 0x0de0 [ C1ABB0F7E3BEA48A0417BDF6FF14AB21, 1CAC63A1A0FB9855A27EE977794576A860F6650C9EF7667FFB27F2A2FF721857 ] bcmfn2 C:\WINDOWS\System32\drivers\bcmfn2.sys
22:15:31.0456 0x0de0 bcmfn2 - ok
22:15:31.0464 0x0de0 [ 77D760E9B477C21487C171F561497F98, 2393D466CEC863C771C5BB4CD81B251635DC084386134B8E13F74F3E1C6D68DF ] BDESVC C:\WINDOWS\System32\bdesvc.dll
22:15:31.0478 0x0de0 BDESVC - ok
22:15:31.0481 0x0de0 [ EC19013E4CF87609534165DF897274D6, 8ED45537CF2D58D759A587CCBFDADD5580C7447B0C3B172CF19ECC7585E073FC ] Beep C:\WINDOWS\system32\drivers\Beep.sys
22:15:31.0488 0x0de0 Beep - ok
22:15:31.0505 0x0de0 [ 22A5582ACF0CEE97268D7868C69F35CE, 78A44C10966FE467D3FCC76BE37647AE2CC2BCA9DE5715AD9E643162B23C3A19 ] BFE C:\WINDOWS\System32\bfe.dll
22:15:31.0526 0x0de0 BFE - ok
22:15:31.0545 0x0de0 [ 48554994279BFE17A3D2B00076D0CB1A, 6521B1EC0BC6B01F63976370D89FE7DC2E7404899F68B6FAC37A9173B9C5D489 ] BITS C:\WINDOWS\System32\qmgr.dll
22:15:31.0570 0x0de0 BITS - ok
22:15:31.0575 0x0de0 [ 6B4FFFDDC618FCF64473CAA86E305697, 29EA66071D5822920F5C50533673ADAB5204F8B25C11027AD27450D881F1142D ] bowser C:\WINDOWS\system32\DRIVERS\bowser.sys
22:15:31.0583 0x0de0 bowser - ok
22:15:31.0591 0x0de0 [ FA601515FF2B59F25FDD8EDB1D2A1104, 21DFB53241F8E880F7546B9ADF38F47D6AD0782EC7F8F0284ED69DE7CEF7DCB9 ] BrokerInfrastructure C:\WINDOWS\System32\bisrv.dll
22:15:31.0604 0x0de0 BrokerInfrastructure - ok
22:15:31.0609 0x0de0 [ BC111AADACD0BF59D56547461D13AB6E, 91E3619930C29EE4B2683683888BA7EE3CF6B1DDB0C19A14E0880470CBE40EF4 ] Browser C:\WINDOWS\System32\browser.dll
22:15:31.0618 0x0de0 Browser - ok
22:15:31.0627 0x0de0 [ 5F16F8A6923280BB76D0D16C6AA24F69, 0EAD3D5FD24A813547F7DA2DDF1503C5F5EB638F1602ED4FB812A1063F889EB4 ] BTATH_A2DP C:\WINDOWS\system32\drivers\btath_a2dp.sys
22:15:31.0636 0x0de0 BTATH_A2DP - ok
22:15:31.0641 0x0de0 [ 4C94E7449A56B6F09E3690433A0AFFA2, 6C5CE10EEF229FD109071B57462C8AB24CD6785A9CA11DD3EC265A61778552F0 ] btath_avdt C:\WINDOWS\system32\drivers\btath_avdt.sys
22:15:31.0647 0x0de0 btath_avdt - ok
22:15:31.0650 0x0de0 [ AF7DEA6A0E93AF8517A310D189B656BE, 008FE5102EE6B73A8D9AFC2B0E563C6A3567167380FCEDC538278240D2AE1FD4 ] BTATH_BUS C:\WINDOWS\system32\drivers\btath_bus.sys
22:15:31.0654 0x0de0 BTATH_BUS - ok
22:15:31.0660 0x0de0 [ 4AF7C20F94DAC343C01ED671C82DCB99, 2AABD85D9D76461DE883E0F13F61C391BA81E6198FF88268B319474E25A196C8 ] BTATH_HCRP C:\WINDOWS\System32\drivers\btath_hcrp.sys
22:15:31.0667 0x0de0 BTATH_HCRP - ok
22:15:31.0671 0x0de0 [ 785C38070043BEEE9E9D591DE4067244, 1C8D15B8A9E80A2799E7094C4AE111FEA9FBC6EAA4A61B13EFE59314C9794949 ] BTATH_LWFLT C:\WINDOWS\system32\DRIVERS\btath_lwflt.sys
22:15:31.0676 0x0de0 BTATH_LWFLT - ok
22:15:31.0681 0x0de0 [ 859A116D748FBA603AF94C251DC5CF97, D64061721BE01F86386C4B0168B166C6AD076630B2229036E1D368D877389D46 ] BTATH_RCP C:\WINDOWS\System32\drivers\btath_rcp.sys
22:15:31.0687 0x0de0 BTATH_RCP - ok
22:15:31.0701 0x0de0 [ B7CD2940F6524481976B7139137338E1, 7419A2DB60CD67ED51CBA32BC18CCCE88B2B5FBD2ACAA459E58A5178D836BE29 ] BtFilter C:\WINDOWS\system32\DRIVERS\btfilter.sys
22:15:31.0716 0x0de0 BtFilter - ok
22:15:31.0720 0x0de0 [ A8F23D453A424FF4DE04989C4727ECC7, AE4A9081395C7379F1C947EF8243F7609F90C843E086B8E77E1A2C06E36D4381 ] BthAvrcpTg C:\WINDOWS\System32\drivers\BthAvrcpTg.sys
22:15:31.0728 0x0de0 BthAvrcpTg - ok
22:15:31.0732 0x0de0 [ 1104A31260CCF4318C884E0AE6C513BF, A8F83B558944DEF0F84414A11DC3CB90C3A92377B46760EC0A9B8BC22FB0D5C7 ] BthEnum C:\WINDOWS\System32\drivers\BthEnum.sys
22:15:31.0739 0x0de0 BthEnum - ok
22:15:31.0743 0x0de0 [ 272A62B660A48AEF366F8A1836CED19F, 78EFAC6B1B2313482329BBFFBF0DDA6462BD88E5BE3C817C5E8E0EAF3074C925 ] BthHFEnum C:\WINDOWS\System32\drivers\bthhfenum.sys
22:15:31.0752 0x0de0 BthHFEnum - ok
22:15:31.0755 0x0de0 [ 71FE2A48E4C93DDB9798C024880B6C07, 8E93DE29C61A5FA64216231228CB3C4A1A693FE87CAA2C070BCAD7BE2D8ED000 ] bthhfhid C:\WINDOWS\System32\drivers\BthHFHid.sys
22:15:31.0763 0x0de0 bthhfhid - ok
22:15:31.0773 0x0de0 [ 9307A4B743D277C499CDA8E19E5687AC, 7A01989EC3D54581F292BDEDC9B9445F2ABD50165102617E3089BDD061C63A19 ] BthHFSrv C:\WINDOWS\System32\BthHFSrv.dll
22:15:31.0786 0x0de0 BthHFSrv - ok
22:15:31.0789 0x0de0 [ 07E33226AD218A2A162662A05CAFB52F, 0AC3D8B79EDA6DA232FA4E1CAF6592420A9EDE96350D1F0504C2434261684F0B ] BTHMODEM C:\WINDOWS\System32\drivers\bthmodem.sys
22:15:31.0797 0x0de0 BTHMODEM - ok
22:15:31.0803 0x0de0 [ 25BB93167DEF270188072603F92A1EF5, CE4637CE4B63420E218F53CAF89A8C85D036B879B80456FEF3C7C395590E26BB ] BthPan C:\WINDOWS\System32\drivers\bthpan.sys
22:15:31.0810 0x0de0 BthPan - ok
22:15:31.0839 0x0de0 [ C37F4930795B771400C63C3C87E7A6C2, 0D0F54184B2DAA45F646E4F69B85C4411E8DFA88EB4763BB0F386055A420F217 ] BTHPORT C:\WINDOWS\System32\Drivers\BTHport.sys
22:15:31.0865 0x0de0 BTHPORT - ok
22:15:31.0870 0x0de0 [ 043A0F37631BF453F16D478B71320F46, C368296B802984F438852927B8A40EA3F4205724A05828F3173F08EC17228356 ] bthserv C:\WINDOWS\system32\bthserv.dll
22:15:31.0879 0x0de0 bthserv - ok
22:15:31.0884 0x0de0 [ 08EA90955AED2D959EE67DF6EDF0E2B6, 0A70AA67E5DD24C473C66A570C0FEBA9D398A0F0AD8386FE05D01C4D16346968 ] BTHUSB C:\WINDOWS\System32\Drivers\BTHUSB.sys
22:15:31.0892 0x0de0 BTHUSB - ok
22:15:31.0895 0x0de0 [ 5B2459D05A4C04B84D1D4CCEB57FA77B, 11E7BBA4893145A00C06CBFE31484B098B23C884709845D5A6EE153FFAA5860E ] Bulk1528 C:\WINDOWS\System32\Drivers\Bulk1528.sys
22:15:31.0900 0x0de0 Bulk1528 - ok
22:15:31.0926 0x0de0 [ 1F79342D9EB530A48742F651E570983A, 99E0B613C23FA8591E248DFA6FF2D3EE19E262BE6E070A0E43E256B69687017F ] c2cautoupdatesvc C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
22:15:31.0955 0x0de0 c2cautoupdatesvc - ok
22:15:31.0989 0x0de0 [ E4938E0A376CF0B9D989EE5C0A146891, 9DF6AB5781CD60862D9664CA9A8AF0696A1FB6D09D804CD8DE9630F40DE59E90 ] c2cpnrsvc C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
22:15:32.0024 0x0de0 c2cpnrsvc - ok
22:15:32.0039 0x0de0 [ C211378E7D577EE3B04E9BD00FC24AD3, 46B311466EB9492B45CA8AD9D76FFCE8E697B9B7D4B9D62E8E0F92325734F5D5 ] Ca1528av C:\WINDOWS\System32\Drivers\Ca1528av.sys
22:15:32.0053 0x0de0 Ca1528av - ok
22:15:32.0057 0x0de0 [ 2FA6510E33F7DEFEC03658B74101A9B9, 61C8C8E3F09B427711464C974EE22E1E01C48E10DB54A4EC9901F482FC36C978 ] cdfs C:\WINDOWS\system32\DRIVERS\cdfs.sys
22:15:32.0067 0x0de0 cdfs - ok
22:15:32.0074 0x0de0 [ C6796EA22B513E3457514D92DCDB1A3D, 2B893F3950C6B913B934C2089B69F3B0B77F229AE1820907E598455CBB78139C ] cdrom C:\WINDOWS\System32\drivers\cdrom.sys
22:15:32.0082 0x0de0 cdrom - ok
22:15:32.0088 0x0de0 [ 41C0D7B1A6D4AD119BA6AC0487EA5C8E, 516C2B34BA7507D0DA4148B4ABC0A8C36286570D4EA5C60B28647B1249C15018 ] CertPropSvc C:\WINDOWS\System32\certprop.dll
22:15:32.0099 0x0de0 CertPropSvc - ok
22:15:32.0103 0x0de0 [ BE9936EDD3267FAAFF94A7835867F00B, 3CEEF2377D45ED38C7CD3CE4C746EC5EA7277EFEC728A5438F0EF5F62FC7C859 ] circlass C:\WINDOWS\System32\drivers\circlass.sys
22:15:32.0110 0x0de0 circlass - ok
22:15:32.0119 0x0de0 [ 8EB7E70C2D348FE2476A2E3F2D585E3D, 2B5D407FACF1D049261026CC552A7C93B028A661B0F4E959815EAE7670054127 ] CLFS C:\WINDOWS\system32\drivers\CLFS.sys
22:15:32.0132 0x0de0 CLFS - ok
22:15:32.0182 0x0de0 [ 880A6DAC6E03871B37A782155D189A53, 93659BB67236F5EBC317FD73879EB79EFB195728A2C0BC997881D3622C6CF981 ] ClickToRunSvc C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe
22:15:32.0232 0x0de0 ClickToRunSvc - ok
22:15:32.0244 0x0de0 [ EF6EF85DADC3184A10D8F2F7159973CB, 42FCB286CED95A5DEBC5C0C894FCBC4818A2C818BB71087142FB51A08A0BE96B ] CmBatt C:\WINDOWS\System32\drivers\CmBatt.sys
22:15:32.0250 0x0de0 CmBatt - ok
22:15:32.0264 0x0de0 [ 3930E508DDA46C1FF68FD963F350AA0A, BF63F9C7AB30E2A8199D65EDD6DCBB797C93A4A0B972373643FBE1C38BCFA697 ] CNG C:\WINDOWS\system32\Drivers\cng.sys
22:15:32.0282 0x0de0 CNG - ok
22:15:32.0286 0x0de0 [ 03AAED827C36F35D70900558B8274905, 8E44A23C6013FFAE7769F99CAA3B1D6288DE00A38937F9056903AC265B503AFA ] CompositeBus C:\WINDOWS\System32\drivers\CompositeBus.sys
22:15:32.0293 0x0de0 CompositeBus - ok
22:15:32.0296 0x0de0 COMSysApp - ok
22:15:32.0299 0x0de0 [ A1FF7DFBFBE164CF92603C651D304DD2, 470ACE5A75E64FC62C950037201199857E974803625DC73BEDBCF6FA4DDD496C ] condrv C:\WINDOWS\system32\drivers\condrv.sys
22:15:32.0307 0x0de0 condrv - ok
22:15:32.0313 0x0de0 [ 6324F0D18FB52833BA64BC828E29054C, 04118FA1BDFC512F76E4A81FEF34C78B6BD98429DB1D65123B6802B4A1E30584 ] CryptSvc C:\WINDOWS\system32\cryptsvc.dll
22:15:32.0324 0x0de0 CryptSvc - ok
22:15:32.0336 0x0de0 [ 9DBC32A45CFA67074432D2AF6C2832B6, B3B26302961A95EDFD4F994D56B1E5A8452266E0C2161D15C1213BBE376227A2 ] CSC C:\WINDOWS\system32\drivers\csc.sys
22:15:32.0352 0x0de0 CSC - ok
22:15:32.0370 0x0de0 [ 86079FF8A3B625ABAEB68841D2BF6FE6, 49FF4D458DF8FAB4ECA8CAD9BBF88C929C8B9AB7F063938A6A332B31F2C0F8EB ] CscService C:\WINDOWS\System32\cscsvc.dll
22:15:32.0390 0x0de0 CscService - ok
22:15:32.0394 0x0de0 [ 389C998C64319CD97625B0550E52ECFA, DD0EDDD9C8412F78D2D2B648D67DA887C3040E05DF29F48F71299CB68FDDD0F8 ] dam C:\WINDOWS\system32\drivers\dam.sys
22:15:32.0401 0x0de0 dam - ok
22:15:32.0419 0x0de0 [ A6F17C299A03BAFEFB9257C462A19E00, EB68967D28355271897166D7B6FD963D1E546D3C24AE1AEAAC561F94357A9345 ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
22:15:32.0440 0x0de0 DcomLaunch - ok
22:15:32.0453 0x0de0 [ 95E1ABFB27F8A62ED764805775F0D2F3, 692865DA60C93481E01592883678B2C51FD9AC9A835DFB00A8E3F2DFEE7AB0ED ] defragsvc C:\WINDOWS\System32\defragsvc.dll
22:15:32.0468 0x0de0 defragsvc - ok
22:15:32.0478 0x0de0 [ FF086DEF5995558CCB1B5AAC2110195D, CED52FF01F9247BFDAFC5C7EFC538F8638146ED715574A422496EE0F846CB079 ] DeviceAssociationService C:\WINDOWS\system32\das.dll
22:15:32.0492 0x0de0 DeviceAssociationService - ok
22:15:32.0497 0x0de0 [ 2C02AFF8383D893F8DBEB07A84F6E77C, 7CC34BAC67E2988E3D16DD6EB6F6785CD2460E3EF7FBD0BD5F86E49793BD473E ] DeviceInstall C:\WINDOWS\system32\umpnpmgr.dll
22:15:32.0506 0x0de0 DeviceInstall - ok
22:15:32.0512 0x0de0 [ A03F362C5557E238CBFA914689C77248, BAD0A1124E6A384C15028FBE121ADF650F7716442555AD3737B9EA1F58A69246 ] Dfsc C:\WINDOWS\system32\Drivers\dfsc.sys
22:15:32.0521 0x0de0 Dfsc - ok
22:15:32.0525 0x0de0 [ 30710AEFCE721CEEE0F35EB6A01C263C, FB062EC86474D38BBC38E11E2618A9505001C287430B495C482977BBE58017C8 ] dg_ssudbus C:\WINDOWS\system32\DRIVERS\ssudbus.sys
22:15:32.0531 0x0de0 dg_ssudbus - ok
22:15:32.0540 0x0de0 [ 3EEAADA3125431980E5804ED7143458A, 381E12C83E3211C255B321D35536F4049D67E31061F8D82155E4D4509E97F43D ] Dhcp C:\WINDOWS\system32\dhcpcore.dll
22:15:32.0554 0x0de0 Dhcp - ok
22:15:32.0559 0x0de0 [ 4D40C9B33F738797CF50E77CB7C53E85, 7BA341342A47DEB15B51971C97A5237ACD8BDAD9033F63DF0000892BE43F8E13 ] disk C:\WINDOWS\system32\drivers\disk.sys
22:15:32.0567 0x0de0 disk - ok
22:15:32.0570 0x0de0 [ EB70A894708D1BC176AFD690FF06085F, 0DD2A97F5E1B38D1F7C0D44E50F09EA222B18B3B074CC9C8CD25A7526CB1A112 ] dmvsc C:\WINDOWS\System32\drivers\dmvsc.sys
22:15:32.0577 0x0de0 dmvsc - ok
22:15:32.0584 0x0de0 [ E9AE4FAE83FB38A2962F9032B24CEB3C, CC7D2D8C97CB779791613D76D6E4AF5D628C948C28BAC584C3C7F6A5A6036FBA ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
22:15:32.0595 0x0de0 Dnscache - ok
22:15:32.0602 0x0de0 [ 811EACBCC7C51A03AE11F13CC27B2AB6, FAB94F84950FFB7D3649BAFB8D96D43B880D7FDE8D5B879472AE26C4BC4203B0 ] dot3svc C:\WINDOWS\System32\dot3svc.dll
22:15:32.0615 0x0de0 dot3svc - ok
22:15:32.0620 0x0de0 [ B99CB575986789A93A683DCF292A43A1, 6ACEA31C723B74003E106FC8303542FCC6DBC4952B6B523F6590D006BE57238D ] DPS C:\WINDOWS\system32\dps.dll
22:15:32.0630 0x0de0 DPS - ok
22:15:32.0633 0x0de0 [ 00C594D5A1DBD22AD8B2902B9F6EFF94, 2920D62B5F7C49A8AFA80FCAD1E834BBAA670AEBDD7E6F21F0496D1D3CCB4E90 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
22:15:32.0639 0x0de0 drmkaud - ok
22:15:32.0645 0x0de0 [ 263625A4F616538EB867B6306A6590DB, 2A064720C247EAA3446EFDCC9E01D84CBA875905D78DFED0FBD62D1EE422D416 ] DsmSvc C:\WINDOWS\System32\DeviceSetupManager.dll
22:15:32.0656 0x0de0 DsmSvc - ok
22:15:32.0686 0x0de0 [ E1BB0B6F00F470B451AB45EA13EBA0B3, 3A2FC2175B69A5EB98D6C2D563DBFDCB320647AB87A14E47FAE800423DCACDAB ] DXGKrnl C:\WINDOWS\System32\drivers\dxgkrnl.sys
22:15:32.0723 0x0de0 DXGKrnl - ok
22:15:32.0727 0x0de0 EagleX64 - ok
22:15:32.0733 0x0de0 [ E253530BD5EDE28F1FF6AF93C4D8034D, 787A70C3E946348F066FB8EB81FCE60157217D93FD78ADC631B5835E8D76A253 ] Eaphost C:\WINDOWS\System32\eapsvc.dll
22:15:32.0743 0x0de0 Eaphost - ok
22:15:32.0803 0x0de0 [ 114BCFDF367FF37C3F1B0A96AF542E4D, D385BC1D91BC1406091C8C3691C07A90BD60EDE05B1384E5AA3506FCB909C857 ] ebdrv C:\WINDOWS\system32\drivers\evbda.sys
22:15:32.0877 0x0de0 ebdrv - ok
22:15:32.0884 0x0de0 [ 382100E75B6F4668AEAEF228C6CEFFAD, 9C7229F10F11D18E1FED6395391A46225A84B421034B9AB6F81AF7430FDC556F ] EFS C:\WINDOWS\System32\lsass.exe
22:15:32.0892 0x0de0 EFS - ok
22:15:32.0896 0x0de0 [ 43531A5993380CC5113242C29D265FD9, EE0076D96F7F3CF29884AC7A67C08A429115A7201354A1FB5DE45FD63ABB4960 ] EhStorClass C:\WINDOWS\system32\drivers\EhStorClass.sys
22:15:32.0903 0x0de0 EhStorClass - ok
22:15:32.0908 0x0de0 [ 6F8E738A9505A388B1157FDDE7B3101B, 3696CA634102B41EEA11EB9DCA0B24439D8636AED4A7190C138C5E64A2EFB514 ] EhStorTcgDrv C:\WINDOWS\system32\drivers\EhStorTcgDrv.sys
22:15:32.0916 0x0de0 EhStorTcgDrv - ok
22:15:32.0918 0x0de0 [ DFFFAE1442BA4076E18EED5E406FA0D3, 329FC6FB8D14BEACDBE2A5D4C496EDEA485E838B1DF27566E278F8F8E0D8E82E ] ErrDev C:\WINDOWS\System32\drivers\errdev.sys
22:15:32.0926 0x0de0 ErrDev - ok
22:15:32.0941 0x0de0 [ F00C593994D57C75273F820653440536, 2DC986D9890EC907405FB2045E6F55ACC384169B45F0B56CCB1A953CF71D9A5D ] EventSystem C:\WINDOWS\system32\es.dll
22:15:32.0957 0x0de0 EventSystem - ok
22:15:32.0963 0x0de0 [ 7729D294A555C7AEB281ED8E4D0E01E4, 7269E79D72CCE477AC108294D0DDFB59CF533B03C587599C5AB0507C43A0B6D4 ] exfat C:\WINDOWS\system32\drivers\exfat.sys
22:15:32.0981 0x0de0 exfat - ok
22:15:32.0987 0x0de0 [ 7C4E0D5900B2A1D11EDD626D6DDB937B, 732F310F8F6016C56F432A81636B13CE0124A802FE8DD91287B618EED22C9A1D ] fastfat C:\WINDOWS\system32\drivers\fastfat.sys
22:15:32.0998 0x0de0 fastfat - ok
22:15:33.0013 0x0de0 [ 304B6AEC4639A7CCCCF544C6BA6177B2, B75CDD52FD3890B3008E06C503945D1E36478F0EC5E067C8DBC2822D7935D24B ] Fax C:\WINDOWS\system32\fxssvc.exe
22:15:33.0031 0x0de0 Fax - ok
22:15:33.0034 0x0de0 [ 5D8402613E778B3BD45E687A8372710B, EE9EA10805168D309A609B9019AEC5961EE46D18207B5E0EA2DE4064A5770AF8 ] fdc C:\WINDOWS\System32\drivers\fdc.sys
22:15:33.0042 0x0de0 fdc - ok
22:15:33.0045 0x0de0 [ 020D2F29009F893ADEFF4405B4B44565, 9F8501064C72933D1442DA00E70392B30D0207EB7D60F50E6648FF363799E6F1 ] fdPHost C:\WINDOWS\system32\fdPHost.dll
22:15:33.0052 0x0de0 fdPHost - ok
22:15:33.0056 0x0de0 [ E80D2EDD2F88B6E20076A0A4F5A5A245, E3CD6E0BE152B22E8A7340EFFD10CCDB1B632CD3EDF487E83F697D2E22A7D594 ] FDResPub C:\WINDOWS\system32\fdrespub.dll
22:15:33.0064 0x0de0 FDResPub - ok
22:15:33.0068 0x0de0 [ 47AB7D16EDE434B934AA4D661456C2D5, D375A92FB3E4BB0A8DA5270DACC888E53FB9F514516039FE6DAE4D4EF6B9A970 ] fhsvc C:\WINDOWS\system32\fhsvc.dll
22:15:33.0078 0x0de0 fhsvc - ok
22:15:33.0082 0x0de0 [ BCFD8B149B3ADF92D0DB1E909CAF0265, 002B085C131473642450176B4B8359F3E5B04350AFB659B9C0F9EB587D1181E7 ] FileInfo C:\WINDOWS\system32\drivers\fileinfo.sys
22:15:33.0089 0x0de0 FileInfo - ok
22:15:33.0092 0x0de0 [ A1A66C4FDAFD6B0289523232AFB7D8AF, 0F5832F626BB62190D5F3A088CE6E048D8A400CCF9EA527F06973CAD96D3A81C ] Filetrace C:\WINDOWS\system32\drivers\filetrace.sys
22:15:33.0104 0x0de0 Filetrace - ok
22:15:33.0107 0x0de0 [ BE743083CF7063C486A4398E3AEFE59A, 85796D89943DD6FE3932C1ED6CF01470C1B4DFD243C390B07055FFDA3C231551 ] flpydisk C:\WINDOWS\System32\drivers\flpydisk.sys
22:15:33.0115 0x0de0 flpydisk - ok
22:15:33.0123 0x0de0 [ C1FB505A73FA2E9019D32444AB33B75A, 765F0635C18295855CA4C0394192E8B94BA2EA1C4D74F86B720358ABA019FFAA ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
22:15:33.0136 0x0de0 FltMgr - ok
22:15:33.0163 0x0de0 [ 7269C9013FCFA3C6E70F03E2630DBFC3, AAB282B4444CC17D197974D05063C7C97E5202E604681DD2DC3BCF0AE77D6057 ] FontCache C:\WINDOWS\system32\FntCache.dll
22:15:33.0194 0x0de0 FontCache - ok
22:15:33.0202 0x0de0 [ 1C52387BF5A127F5F3BFB31288F30D93, 90D13F60170CD74304F3036A90D596AA3E1E134455A780310BDF67AC7815F2E7 ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
22:15:33.0208 0x0de0 FontCache3.0.0.0 - ok
22:15:33.0212 0x0de0 [ A7C31B168F371E8E6796219F23E354DB, C51C9BF568F1E96CBBE57D2432B38F93F40520086DDB6AAAAC48CBCD1691B441 ] FsDepends C:\WINDOWS\system32\drivers\FsDepends.sys
22:15:33.0219 0x0de0 FsDepends - ok
22:15:33.0222 0x0de0 [ 09F460AFEDCA03F3BF6E07D1CCC9AC42, B832091BC9B2C2FE38A4BCA132ABB58251E851F21EC6F39636E73777AB9A5791 ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
22:15:33.0228 0x0de0 Fs_Rec - ok
22:15:33.0241 0x0de0 [ F152D55E497E12256290C43B31C7D0CE, FFC54B14CCFBC1548948C07FB3866E40A11D0C05AC352BD000E71CEF053F6A6E ] fvevol C:\WINDOWS\system32\DRIVERS\fvevol.sys
22:15:33.0259 0x0de0 fvevol - ok
22:15:33.0263 0x0de0 [ 9591D0B9351ED489EAFD9D1CE52A8015, AC64C236C3AE545FCE8ED44A4A87FB86265A453BA60026EC9A4DE2B631E99996 ] FxPPM C:\WINDOWS\System32\drivers\fxppm.sys
22:15:33.0270 0x0de0 FxPPM - ok
22:15:33.0274 0x0de0 [ FC3EF65EE20D39F8749C2218DBA681CA, 12980F1DE99B25E6920A33556F3ABDA5EC9BFE4757BE602130B5E939D8D25CE3 ] gagp30kx C:\WINDOWS\system32\drivers\gagp30kx.sys
22:15:33.0281 0x0de0 gagp30kx - ok
22:15:33.0283 0x0de0 [ 0BF5CAD281E25F1418E5B8875DC5ADD1, 0929AD8437DD78234553D8B2CDF0D6838FD54ACDE1918AFEBE48684EB32A07A3 ] gencounter C:\WINDOWS\System32\drivers\vmgencounter.sys
22:15:33.0291 0x0de0 gencounter - ok
22:15:33.0296 0x0de0 [ 8DF1254093B5C354CE725EB6B9B0DE19, DE6C5661CC076DA44B8A5D044FDB7280EDCF38D322A98C14FDC82E25586B3014 ] GPIOClx0101 C:\WINDOWS\system32\Drivers\msgpioclx.sys
22:15:33.0305 0x0de0 GPIOClx0101 - ok
22:15:33.0331 0x0de0 [ 0D03F87D4FF4ADBAF8336DD80548155A, BC10CFA88EA2F41A8D96CB810B7953A4C168B79273A3E804A9F020F49AB58CD3 ] gpsvc C:\WINDOWS\System32\gpsvc.dll
22:15:33.0361 0x0de0 gpsvc - ok
22:15:33.0367 0x0de0 [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
22:15:33.0373 0x0de0 gupdate - ok
22:15:33.0376 0x0de0 [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
22:15:33.0381 0x0de0 gupdatem - ok
22:15:33.0386 0x0de0 [ C1B577B2169900F4CF7190C39F085794, 73E104B96A48F4C80D8C37254ECB0891D15C0D2F0C251B57C168F90D60316447 ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
22:15:33.0393 0x0de0 gusvc - ok
22:15:33.0404 0x0de0 [ 56F69F7C25FB67C970997D7066DBC593, 83E03A82237DCC5BCB3E722ACECACEF3510CAA619F33E0D7C4D902A482E90418 ] HdAudAddService C:\WINDOWS\system32\drivers\HdAudio.sys
22:15:33.0417 0x0de0 HdAudAddService - ok
22:15:33.0422 0x0de0 [ D4B7ED39C7900384D9E5C1283F1E7926, F93F98858067B40F1C071EAD0F8E85442A78B95342BC692AF4D726540634923F ] HDAudBus C:\WINDOWS\System32\drivers\HDAudBus.sys
22:15:33.0430 0x0de0 HDAudBus - ok
22:15:33.0434 0x0de0 [ 10A70BC1871CD955D85CD88372724906, 2480A74854D0A89FF028EE9BA41224D4B2F9B0863066BFC43097920794FEE08D ] HidBatt C:\WINDOWS\System32\drivers\HidBatt.sys
22:15:33.0440 0x0de0 HidBatt - ok
22:15:33.0445 0x0de0 [ 42F88B57CAE42FC10059C887B3FCFCEA, 9363AA2B8E839A6935A7C6A36C491938DF78024886DCCE6D29CB18E1D6A6D806 ] HidBth C:\WINDOWS\System32\drivers\hidbth.sys
22:15:33.0453 0x0de0 HidBth - ok
22:15:33.0457 0x0de0 [ C241A8BAFBBFC90176EA0F5240EACC17, 571E20B87818618BE9179986177D55739A240F04D1F740B3C1B7809B9427B767 ] hidi2c C:\WINDOWS\System32\drivers\hidi2c.sys
22:15:33.0464 0x0de0 hidi2c - ok
22:15:33.0468 0x0de0 [ 9BDDEE26255421017E161CCB9D5EDA95, B766FD5E31708F29384F69418FC33C4BCC6E3064AA553D5B1D30EE0B8B1BFB40 ] HidIr C:\WINDOWS\System32\drivers\hidir.sys
22:15:33.0475 0x0de0 HidIr - ok
22:15:33.0478 0x0de0 [ EA85B5093DF7B5C3E80362B053740AE2, 1D4251385402A2ADEE8FA1642F54180304F88337DA74989BDE44025ABB145FE5 ] hidserv C:\WINDOWS\system32\hidserv.dll
22:15:33.0486 0x0de0 hidserv - ok
22:15:33.0490 0x0de0 [ 8DB8EAB9D0C6A5DF0BDCADEA239220B4, EDA23E6909EB83E5E148816DFB16CC29EA01BD6BD2F73AA46B3D820B85FB9C83 ] HidUsb C:\WINDOWS\System32\drivers\hidusb.sys
22:15:33.0496 0x0de0 HidUsb - ok
22:15:33.0500 0x0de0 [ 93C4315F47F8D635C6DB0DF49FCE10EE, 70C52B8927D54ACD23F27948780B522974250FD5CD81AA9801C3F158C402889F ] hkmsvc C:\WINDOWS\system32\kmsvc.dll
22:15:33.0511 0x0de0 hkmsvc - ok
22:15:33.0517 0x0de0 [ AC49522ED106BD4B545D6614D71C2445, 40BD738A301170378ECFC031635EB04E2F812B676376CADDD6607ECABEC9255F ] HomeGroupListener C:\WINDOWS\system32\ListSvc.dll
22:15:33.0529 0x0de0 HomeGroupListener - ok
22:15:33.0540 0x0de0 [ 99932E30CE0283B73BB6E5019E150394, 1F88C2F56A7B8E1F75E6359281F418F9661DA4FB7B7D7B14FA7F718B15D4DCE0 ] HomeGroupProvider C:\WINDOWS\system32\provsvc.dll
22:15:33.0554 0x0de0 HomeGroupProvider - ok
22:15:33.0558 0x0de0 [ A6AACEA4C785789BDA5912AD1FEDA80D, D197012A5DA6AB3F76FF298336DF0CF027C07ECC71267BAEF5912DE12893E096 ] HpSAMD C:\WINDOWS\system32\drivers\HpSAMD.sys
22:15:33.0565 0x0de0 HpSAMD - ok
22:15:33.0585 0x0de0 [ E87A6D3B8FECD5B93BC0CFBB48C27970, 55C49B6F3822450447C082B40A263F3370694DB53AD0018ADEB911E4A9F65A88 ] HTTP C:\WINDOWS\system32\drivers\HTTP.sys
22:15:33.0611 0x0de0 HTTP - ok
22:15:33.0615 0x0de0 [ 90656C0B3864804B090434EFC582404F, BDB60050B729AACB9E009AC7129BEBD6298BBD8A9DB14B817D02E8E13669BD6E ] hwpolicy C:\WINDOWS\system32\drivers\hwpolicy.sys
22:15:33.0622 0x0de0 hwpolicy - ok
22:15:33.0624 0x0de0 [ 6D6F9E3BF0484967E52F7E846BFF1CA1, C982966BDE6A3E6773D9441ADA7A3B08D13511DFC68D04DF303248B942423F38 ] hyperkbd C:\WINDOWS\System32\drivers\hyperkbd.sys
22:15:33.0632 0x0de0 hyperkbd - ok
22:15:33.0634 0x0de0 [ 907C870F8C31F8DDD6F090857B46AB25, 308664A31717383D06185875E76C6612407A9F04E7DB28404F574A5706C6715D ] HyperVideo C:\WINDOWS\system32\DRIVERS\HyperVideo.sys
22:15:33.0641 0x0de0 HyperVideo - ok
22:15:33.0646 0x0de0 [ 49EE0AE9E5B64FFBBD06D55C4984B598, 8866627F9241B24A59C81D8BCC67A4DCA87576F589599BA291D0E323F679EB4D ] i8042prt C:\WINDOWS\System32\drivers\i8042prt.sys
22:15:33.0654 0x0de0 i8042prt - ok
22:15:33.0658 0x0de0 [ 5D90E32E36CE5D4C535D17CE08AEAF05, 976A463343E8C8308AFBE9E64DF56C430D2241DE002430D00318AB065EB72E4A ] iaLPSSi_GPIO C:\WINDOWS\System32\drivers\iaLPSSi_GPIO.sys
22:15:33.0662 0x0de0 iaLPSSi_GPIO - ok
22:15:33.0667 0x0de0 [ DD05E7E80F52ADE9AEB292819920F32C, E71AB6A50B0F90C8F94569CE89F66F915A0A4A00D4AC091B2E5E750D88CFC334 ] iaLPSSi_I2C C:\WINDOWS\System32\drivers\iaLPSSi_I2C.sys
22:15:33.0673 0x0de0 iaLPSSi_I2C - ok
22:15:33.0687 0x0de0 [ 08BFE413B0B4AA8DFA4B5684CE06D3DC, 95DEEBB203E12EE6E191F5247A74C04AEC0E16DE981FADDC4D6C42EE41D8D079 ] iaStorAV C:\WINDOWS\system32\drivers\iaStorAV.sys
22:15:33.0703 0x0de0 iaStorAV - ok
22:15:33.0713 0x0de0 [ A2200C3033FA4EF249FC096A7A7D02A2, 5819F5C2020DE2EEE339B0C08CD4B1E3490EAFBBEA1277CE649DB5A5150986B0 ] iaStorV C:\WINDOWS\system32\drivers\iaStorV.sys
22:15:33.0728 0x0de0 iaStorV - ok
22:15:33.0733 0x0de0 [ DAF66902F08796F9C694901660E5A64A, F4A4764DED05980426BAB54AAF040BC27A39C80315F5161E8D0B4C7F694BD8E6 ] IDriverT C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
22:15:33.0736 0x0de0 IDriverT - detected UnsignedFile.Multi.Generic ( 1 )
22:15:36.0268 0x0de0 Detect skipped due to KSN trusted
22:15:36.0268 0x0de0 IDriverT - ok
22:15:36.0273 0x0de0 IEEtwCollectorService - ok
22:15:36.0311 0x0de0 [ 57322EBB67A59FB64E228F31A84CA43D, 258DA26BDFAB635F145E55CF65CDFCFE4EB91454E3F930489E92810250EF9FD7 ] IKEEXT C:\WINDOWS\System32\ikeext.dll
22:15:36.0338 0x0de0 IKEEXT - ok
22:15:36.0416 0x0de0 [ CED0A902FF810DAB258D732EA6DDD23C, 30A1378F4B8F4B9D04BA9B6767C607BCC68357CC409C4EE555AD35C1DA6881EE ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RTKVHD64.sys
22:15:36.0491 0x0de0 IntcAzAudAddService - ok
22:15:36.0500 0x0de0 [ 4E448FCFFD00E8D657CD9E48D3E47157, 4A958CF0BF8DAEAE5E008500BA67CE89B21388592811274331EE39CAC1043A00 ] intelide C:\WINDOWS\system32\drivers\intelide.sys
22:15:36.0506 0x0de0 intelide - ok
22:15:36.0509 0x0de0 [ 7AA01AB1C110916825E6E1389F1B9AF2, E2885955AFA0908E194B1BC364C9582249B2B2AFFF93F17F3414F55B1E5F2C42 ] intelpep C:\WINDOWS\system32\drivers\intelpep.sys
22:15:36.0516 0x0de0 intelpep - ok
22:15:36.0520 0x0de0 [ 47E74A8E53C7C24DCE38311E1451C1D9, 79B06E37A552C8A847404D4C572CDB8CF525354D8AE3BEBC06892B7C3B330761 ] intelppm C:\WINDOWS\System32\drivers\intelppm.sys
22:15:36.0529 0x0de0 intelppm - ok
22:15:36.0533 0x0de0 [ 9DB76D7F9E4E53EFE5DD8C53DE837514, 07BA4EDA9BE9139A689A2C3EFC1D1A4F3D1216625ED145F313398292A2CD5703 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
22:15:36.0545 0x0de0 IpFilterDriver - ok
22:15:36.0564 0x0de0 [ A5800036E4EA06697A34742A24ACFBE1, BA67060526E9213000B4206F86A74F904999AD7018EFCBE4FE9708650DA9D973 ] iphlpsvc C:\WINDOWS\System32\iphlpsvc.dll
22:15:36.0587 0x0de0 iphlpsvc - ok
22:15:36.0592 0x0de0 [ 9C096BF5E10CA8BFA56F32522A89FAF1, 6C1151160799338DA351C7237AB049926C6C15F24F5E154BBF5929B4A96C0B8D ] IPMIDRV C:\WINDOWS\System32\drivers\IPMIDrv.sys
22:15:36.0600 0x0de0 IPMIDRV - ok
22:15:36.0605 0x0de0 [ B7342B3C58E91107F6E946A93D9D4EFD, D5DA3C02C5C5A343785745EF6983CC9B5FBD3FB8D49FE9B450523E50212D1A32 ] IPNAT C:\WINDOWS\system32\drivers\ipnat.sys
22:15:36.0614 0x0de0 IPNAT - ok
22:15:36.0616 0x0de0 [ AE44C526AB5F8A487D941CEB57B10C97, A783A2EAF7A6FF450FB3F189A5930036FA60D125C42171AC44B6FE2E3DBD6F7A ] IRENUM C:\WINDOWS\system32\drivers\irenum.sys
22:15:36.0625 0x0de0 IRENUM - ok
22:15:36.0629 0x0de0 [ 8AFEEA3955AA43616A60F133B1D25F21, E99359A4F1D653790133F145CF7C9F97399FD75C5E135AA7E5F989BB660789AF ] isapnp C:\WINDOWS\system32\drivers\isapnp.sys
22:15:36.0635 0x0de0 isapnp - ok
22:15:36.0645 0x0de0 [ D90AB68D0FAC9F357F663670FDBB511E, A82AAA5DF1B38EFBDCF834535A0C520D1BB2D7A4A906C18CFDD22BCF16BDB97D ] iScsiPrt C:\WINDOWS\System32\drivers\msiscsi.sys
22:15:36.0657 0x0de0 iScsiPrt - ok
22:15:36.0661 0x0de0 [ 5917AFE4A3F695A54B99C1849C8207FE, DD57638966F2F0387DCF9DA4BBAEE3CDD8CC6F1A2D49581A0374D46A565BED4F ] kbdclass C:\WINDOWS\System32\drivers\kbdclass.sys
22:15:36.0668 0x0de0 kbdclass - ok
22:15:36.0671 0x0de0 [ 8CD840A062F6BDF41DDE3ACB96164B72, AEAE867F3557C1CE6B931E19D7144A3BD3CBABD81B1542667680D54FC24DEBE1 ] kbdhid C:\WINDOWS\System32\drivers\kbdhid.sys
22:15:36.0679 0x0de0 kbdhid - ok
22:15:36.0681 0x0de0 [ DB7A09BC90DF20F44F16F8B0F9ED3491, 2DF5E042284D61368A5801B2557351B2C4B1044AA6F966DF4DDCE7B453D1B9AE ] kbldfltr C:\WINDOWS\system32\drivers\kbldfltr.sys
22:15:36.0687 0x0de0 kbldfltr - ok
22:15:36.0690 0x0de0 [ 813871C7D402A05F2E3A7075F9584A05, FF0C2F87EB083F8CE74C679D80C845CDFBFBBC70BE818F899F3336BBB54A3FFB ] kdnic C:\WINDOWS\system32\DRIVERS\kdnic.sys
22:15:36.0698 0x0de0 kdnic - ok
22:15:36.0701 0x0de0 [ 382100E75B6F4668AEAEF228C6CEFFAD, 9C7229F10F11D18E1FED6395391A46225A84B421034B9AB6F81AF7430FDC556F ] KeyIso C:\WINDOWS\system32\lsass.exe
22:15:36.0708 0x0de0 KeyIso - ok
22:15:36.0712 0x0de0 [ 4E829B18D5BAEC29893792A3C671A847, 64C3B99F53A9D1ACA802B46B09E820AD210B667D5A1CD0ADAF1F12944B15B52E ] KSecDD C:\WINDOWS\system32\Drivers\ksecdd.sys
22:15:36.0720 0x0de0 KSecDD - ok
22:15:36.0726 0x0de0 [ 15C8C65CEA018C02EA0F648448C491C5, DF909704D22D891BE439B2E3D8386EA659444F91DC92AABFF9766446AEE5EBC0 ] KSecPkg C:\WINDOWS\system32\Drivers\ksecpkg.sys
22:15:36.0735 0x0de0 KSecPkg - ok
22:15:36.0738 0x0de0 [ 11AFB527AA370B1DAFD5C36F35F6D45F, 757AD234284467ADB826F7CA0251F58D48866B91995BC867DEA4BAF676947163 ] ksthunk C:\WINDOWS\system32\drivers\ksthunk.sys
22:15:36.0746 0x0de0 ksthunk - ok
22:15:36.0754 0x0de0 [ C1591A66028C71147A3E2EAB0B1CCB7E, 82F3D5DCC1614398A144D9791E4BAA814DBA9112677341FD57D5E9834CEDEB41 ] KtmRm C:\WINDOWS\system32\msdtckrm.dll
22:15:36.0768 0x0de0 KtmRm - ok
22:15:36.0776 0x0de0 [ CA2828DDE4B09FEFFDB7CE68B3D8D00A, B514792FF1EF36C678BB51644A1C420105D5E2CD6DD5A89A3FB252D08277A40C ] LanmanServer C:\WINDOWS\system32\srvsvc.dll
22:15:36.0789 0x0de0 LanmanServer - ok
22:15:36.0799 0x0de0 [ 3DBD9100745F9B8506B8FEC6FE6CCDE3, C3EF2856A1680AFDE133887E48946CF9CAB6755C3BDC07F0326965DCD4096F62 ] LanmanWorkstation C:\WINDOWS\System32\wkssvc.dll
22:15:36.0812 0x0de0 LanmanWorkstation - ok
22:15:36.0824 0x0de0 [ 2B7479EB47731A8ACBA28AF4C4BDA32D, 67AEB98E7B41337FEFD92CC81BFAD25FBB679998B318C110A4873B1AD8927A97 ] lfsvc C:\WINDOWS\System32\GeofenceMonitorService.dll
22:15:36.0841 0x0de0 lfsvc - ok
22:15:36.0845 0x0de0 [ C09010B3680860131631F53E8FE7BAD8, 35F2A06D5F29478D22ABDCC20DA893EF9D96504C65594A0CEA674D1C21B04FF8 ] lltdio C:\WINDOWS\system32\DRIVERS\lltdio.sys
22:15:36.0854 0x0de0 lltdio - ok
22:15:36.0862 0x0de0 [ DAE98CC96C5EE308BF4EA7B18F226CB8, 7A6CC56BF075010707715AB6608764291E358EDF27C806A025532869004C686B ] lltdsvc C:\WINDOWS\System32\lltdsvc.dll
22:15:36.0873 0x0de0 lltdsvc - ok
22:15:36.0877 0x0de0 [ 1E2662D847B7D9995C65D90D254A7E0F, AFD4063D2071FFCB6B0EAC0715276D986F42326919C86E525DCE12E1109A93E2 ] lmhosts C:\WINDOWS\System32\lmhsvc.dll
22:15:36.0884 0x0de0 lmhosts - ok
22:15:36.0889 0x0de0 [ C755AE4635457AA2A11F79C0DF857ABC, E03D1ACAC155287291FE1BD0B653953ADC94279A74D0152088D698FAA796460F ] LSI_SAS C:\WINDOWS\system32\drivers\lsi_sas.sys
22:15:36.0897 0x0de0 LSI_SAS - ok
22:15:36.0901 0x0de0 [ ADAC09CBE7A2040B7F68B5E5C9A75141, 7865DA7E91404F3642BC444B97F6B7AA42B9523D5EDD7F6365DA236B8EC3410F ] LSI_SAS2 C:\WINDOWS\system32\drivers\lsi_sas2.sys
22:15:36.0909 0x0de0 LSI_SAS2 - ok
22:15:36.0913 0x0de0 [ 04D1274BB9BBCCF12BD12374002AA191, 4B9618F8D25F2278DE1610A70ACAADB074D171D162C3AF27D464F5DC800A8E60 ] LSI_SAS3 C:\WINDOWS\system32\drivers\lsi_sas3.sys
22:15:36.0920 0x0de0 LSI_SAS3 - ok
22:15:36.0923 0x0de0 [ 327469EEF3833D0C584B7E88A76AEC0C, 3D88B5A2D68F93F01B39C6E3D8D5C7A2A20686EFC756086E66AFFF1BC3019B85 ] LSI_SSS C:\WINDOWS\system32\drivers\lsi_sss.sys
22:15:36.0930 0x0de0 LSI_SSS - ok
22:15:36.0948 0x0de0 [ 9A7A7E45DAED2E8C2816716D8D28236A, C94787988826E546A8DC752BD6BE4EA7423DC3762B2D371DB297A63F865A95FF ] LSM C:\WINDOWS\System32\lsm.dll
22:15:36.0968 0x0de0 LSM - ok
22:15:36.0973 0x0de0 [ DDEE191AB32DFC22C6465002ECDF5EE4, 190C3930A8449118F9FEDF43C482837EF1C255E6D67F9651156E66A1E2BC6553 ] luafv C:\WINDOWS\system32\drivers\luafv.sys
22:15:36.0982 0x0de0 luafv - ok
22:15:36.0985 0x0de0 [ CF12E148C6FC151335B7D7FE03F1C7A2, 7087DF6D884AF0A57AC22D7AE9C2903913AAB4CE52D19666B6513C3D5706E43C ] MBAMProtector C:\WINDOWS\system32\drivers\mbam.sys
22:15:36.0990 0x0de0 MBAMProtector - ok
22:15:37.0101 0x0de0 [ 86701B8E4C53280AA8642AC85F8500F4, 6839F2B840410857AE7DA215A17922A7499A9B99D96032756525878E98175103 ] MBAMScheduler d:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe
22:15:37.0136 0x0de0 MBAMScheduler - ok
22:15:37.0199 0x0de0 [ E27891A49DF92004041FEC5C3A2D4230, A4679A1F10F84935875E35A83FC7075499B8F4CBB543209A38C0D946347CD264 ] MBAMService d:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe
22:15:37.0226 0x0de0 MBAMService - ok
22:15:37.0234 0x0de0 [ E9CD058C79EA15B4AA93E259FA713B07, 2B09F65188D8782F9C797545F2F791EC7EAB85D8914B2C0B30BD869C412E3980 ] MBAMSwissArmy C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys
22:15:37.0241 0x0de0 MBAMSwissArmy - ok
22:15:37.0244 0x0de0 [ 7FD0FDFB97D80B21195273C4C3810FE1, E1072821AB338F45740DE6CF7BDB7C676CC67AB4BFC2ACF78773ABB424152D2C ] MBAMWebAccessControl C:\WINDOWS\system32\drivers\mwac.sys
22:15:37.0249 0x0de0 MBAMWebAccessControl - ok
22:15:37.0253 0x0de0 [ EB5C03A070F30D64A6DF80E53B22F53F, 12051B6AEBDEE1E28F24364F25A52BA3A6E282ECF86D6290E34BD38E6D4E066D ] megasas C:\WINDOWS\system32\drivers\megasas.sys
22:15:37.0260 0x0de0 megasas - ok
22:15:37.0272 0x0de0 [ F6F13533196DE7A582D422B0241E4363, B3CD9B08937AFFF12141B38634AF3A56F5AC5FF3EF03941802B9841DEC559469 ] megasr C:\WINDOWS\system32\drivers\megasr.sys
22:15:37.0290 0x0de0 megasr - ok
22:15:37.0294 0x0de0 [ A6518DCC42F7A6E999BB3BEA8FD87567, 8A9AE992F93F37E0723761EA271A7E1AA8172702C471041A17324474FC96B9BC ] MEIx64 C:\WINDOWS\System32\drivers\HECIx64.sys
22:15:37.0299 0x0de0 MEIx64 - ok
22:15:37.0301 0x0de0 [ 1595FECFFBE9EA2417E06D5FD0BFA4C4, 96006C7F19FDC1700EEBA870F96433D3260DEA06AD7215EAD8F1D74C953E1B50 ] MEMSWEEP2 C:\WINDOWS\system32\15E3.tmp
22:15:37.0304 0x0de0 MEMSWEEP2 - detected UnsignedFile.Multi.Generic ( 1 )
22:15:39.0835 0x0de0 Detect skipped due to KSN trusted
22:15:39.0835 0x0de0 MEMSWEEP2 - ok
22:15:39.0845 0x0de0 Microsoft SharePoint Workspace Audit Service - ok
22:15:39.0852 0x0de0 [ 4C5179DB61B9E14BEC15CDC4B152B2E9, 9048BEC7AD6A3F4B640E99B1F0365AC9A46740B188758FBB2C160EF30AD6E64B ] MMCSS C:\WINDOWS\system32\mmcss.dll
22:15:39.0869 0x0de0 MMCSS - ok
22:15:39.0876 0x0de0 [ 8B38C44F69259987C95135C9627E2378, E698B82D4EFFF56D66C7FC9866369BA5736FDBDBE2028CC421C51E70DEA74727 ] Modem C:\WINDOWS\system32\drivers\modem.sys
22:15:39.0886 0x0de0 Modem - ok
22:15:39.0890 0x0de0 [ 601589000CC90F0DF8DA2CC254A3CCC9, D1238A386C41B6C368D9A44B7C112C943995B5403E2A5B4B7346B266DDB0C5A0 ] monitor C:\WINDOWS\System32\drivers\monitor.sys
22:15:39.0898 0x0de0 monitor - ok
22:15:39.0901 0x0de0 [ 08374E4E5B8914DE6067CBA99F61E930, CBB1390D6523FC968BEDF78FD13699488621ACB2CD1DF55D1606316090548661 ] mouclass C:\WINDOWS\System32\drivers\mouclass.sys
22:15:39.0908 0x0de0 mouclass - ok
22:15:39.0912 0x0de0 [ 5FCBAB60598AE119E02B4C27DE6B99EA, 36F30094F700DE41C293047ACB49ED1961DD927BEDAD8DFDAB7023D4D24CB0DE ] mouhid C:\WINDOWS\System32\drivers\mouhid.sys
22:15:39.0919 0x0de0 mouhid - ok
22:15:39.0923 0x0de0 [ D1D82F007A079A4D623DBD1F36EF30A1, 7901F81B62C5A4196D75A10C05386B16831CB290EFB9A1611CECF281068C520F ] mountmgr C:\WINDOWS\system32\drivers\mountmgr.sys
22:15:39.0931 0x0de0 mountmgr - ok
22:15:39.0937 0x0de0 [ 03D14BF1DC59130002F6B8BA3AD89DB9, 1729CCD8AAF51CDB86ED67569974D0B6B1CFFA5F90EF6E6004B0D8A305D88C27 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
22:15:39.0944 0x0de0 MozillaMaintenance - ok
22:15:39.0947 0x0de0 [ 6FC047578785B0435F4E2660946D1ADC, 8AEA5659F01FC2F75160922C69622502DABA39F33CB90D5178DD679A1CDE617D ] mpsdrv C:\WINDOWS\system32\drivers\mpsdrv.sys
22:15:39.0956 0x0de0 mpsdrv - ok
22:15:39.0973 0x0de0 [ C18AA14126ADC66478E8E962B2DFAA98, A6F8CE9D88D590DC083253004392572C3BD02C33433CD6C0D9117D2AA7171EEC ] MpsSvc C:\WINDOWS\system32\mpssvc.dll
22:15:39.0994 0x0de0 MpsSvc - ok
22:15:39.0999 0x0de0 [ DB32958F0E704EFBF7F15161A569E39F, 8A26448B954F8A16EE9BA72EF47F6C549A75B30BD13FEB5A29EB099A74D8F678 ] MRxDAV C:\WINDOWS\system32\drivers\mrxdav.sys
22:15:40.0008 0x0de0 MRxDAV - ok
22:15:40.0018 0x0de0 [ 31233271EDE50D1BBB220F78AFA60486, 2122FAB5BD353DF63CF0FE9CEDBD5DFD1F26F2DE04303E1B3FFB03AA02AECED9 ] mrxsmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
22:15:40.0031 0x0de0 mrxsmb - ok
22:15:40.0039 0x0de0 [ 3E28B99198B514DFEB152EACF913025E, 6C1D8353DCD5F811F39C0C3CB5DF3D2457F0D17EE80FB06196AA169E3D19E9B2 ] mrxsmb10 C:\WINDOWS\system32\DRIVERS\mrxsmb10.sys
22:15:40.0050 0x0de0 mrxsmb10 - ok
22:15:40.0056 0x0de0 [ 6276AC2AA203CF47811F6EFBBD214FBF, AE55D87D863A626347B0074F4E962080F1989A94153DAF8475593249F616DA2F ] mrxsmb20 C:\WINDOWS\system32\DRIVERS\mrxsmb20.sys
22:15:40.0065 0x0de0 mrxsmb20 - ok
22:15:40.0069 0x0de0 [ F3C060444777A59FC63D920719E43CCD, 8766A2746E3DFB0749E902F458141269335CA6F0CEDCA3D5F8C204637C19E783 ] MsBridge C:\WINDOWS\system32\DRIVERS\bridge.sys
22:15:40.0078 0x0de0 MsBridge - ok
22:15:40.0083 0x0de0 [ 915747E010A9414B069173284A9B93F4, 8A335C28FE1EF96DD71485877F2E86155D24B5614ACE05468F4B07E2ACD56331 ] MSDTC C:\WINDOWS\System32\msdtc.exe
22:15:40.0092 0x0de0 MSDTC - ok
22:15:40.0097 0x0de0 [ D13329FBF8345B28AB30F44CC247DC08, 9C7EC2D4D65E6510EB5B9E61BB0D14F725D7E8FE98D65161C3971E43EF1AB6EB ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
22:15:40.0105 0x0de0 Msfs - ok
22:15:40.0108 0x0de0 [ C6B474E46F9E543B875981ED3FFE6ADD, E16687E52FB649C23D92159A1F036CB662202C1E58D961EECDAA528AA4FA669A ] msgpiowin32 C:\WINDOWS\System32\drivers\msgpiowin32.sys
22:15:40.0114 0x0de0 msgpiowin32 - ok
22:15:40.0117 0x0de0 [ 65C92EB9D08DB5C69F28C7FFD4E84E31, D709BA4723225321F665B1157A33A4AE230420752308EF535DA9A41CAC164628 ] mshidkmdf C:\WINDOWS\System32\drivers\mshidkmdf.sys
22:15:40.0124 0x0de0 mshidkmdf - ok
22:15:40.0127 0x0de0 [ 52299F086AC2DAFD100DD5DC4A8614BA, B36BE0FC96798E5EB8C193C318970E3906961E3ABC3BFAAD73138C76D9A95B0B ] mshidumdf C:\WINDOWS\System32\drivers\mshidumdf.sys
22:15:40.0134 0x0de0 mshidumdf - ok
22:15:40.0137 0x0de0 [ 36D92AF3343C3A3E57FEF11C449AEA4C, ECC85AA1E530DF55B4A4545798219F87F0FCA66DDD2E37BCEF0850D3C9129DD2 ] msisadrv C:\WINDOWS\system32\drivers\msisadrv.sys
22:15:40.0143 0x0de0 msisadrv - ok
22:15:40.0148 0x0de0 [ 4EAEEBAC8CFF4E0D717DFA920BC58A90, A65CB1BB3392B6A04B978348CAC18A414560A6B04A727F22DFC0ADB20DD3AF6B ] MSiSCSI C:\WINDOWS\system32\iscsiexe.dll
22:15:40.0157 0x0de0 MSiSCSI - ok
22:15:40.0159 0x0de0 msiserver - ok
22:15:40.0163 0x0de0 [ 4C1A0E9B4C6CC09E8C68FD33998013AA, 190ADFCCAE844DB9F807BD9668EB90BE0C9887719DF2820E66D121655AF27614 ] MsKeyboardFilter C:\WINDOWS\System32\KeyboardFilterSvc.dll
22:15:40.0171 0x0de0 MsKeyboardFilter - ok
22:15:40.0174 0x0de0 [ A9BBBD2BAE6142253B9195E949AC2E8D, 599D2952D4E0B0B3E02D91E38A30F4900B1ADA330716B887B156A1CB9A3E6EE9 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
22:15:40.0180 0x0de0 MSKSSRV - ok
22:15:40.0184 0x0de0 [ 51B3AC0560848CD6D65AC2033E293113, 73A27E88774C6929328E6C9FC9C389F4DF76D4D4D5CBFC4F51651CC308829628 ] MsLldp C:\WINDOWS\system32\DRIVERS\mslldp.sys
22:15:40.0192 0x0de0 MsLldp - ok
22:15:40.0194 0x0de0 [ 7B2128EB875DCBC006E6A913211006D6, 97BBD7FF770741FBFC0F181A609AD0954EA926DA203B742E8F08C89AD8FE476E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
22:15:40.0201 0x0de0 MSPCLOCK - ok
22:15:40.0204 0x0de0 [ 1E88171579B218115C7A772F8DE04BD8, B9EAA835D0BF8F9C4DF8403D95EF1400E8AE38F28F9DBA87657DE2129FEF02D2 ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
22:15:40.0211 0x0de0 MSPQM - ok
22:15:40.0219 0x0de0 [ BBE2A455053E63BECBF42C2F9B21FAE0, 7C5DF563499DF59DF9895A1581E47ADF5FD54C94ECEF6C886CDB60E5E95A6DAE ] MsRPC C:\WINDOWS\system32\drivers\MsRPC.sys
22:15:40.0232 0x0de0 MsRPC - ok
22:15:40.0237 0x0de0 [ 8D6B7D515C5CBCDB75B928A0B73C3C5E, 1EB4DC3DD21D2627C78EC3F9931D9E5D033169087E43B5D7C17BF1FF2A0028CD ] mssmbios C:\WINDOWS\System32\drivers\mssmbios.sys
22:15:40.0243 0x0de0 mssmbios - ok
22:15:40.0245 0x0de0 [ 115019AE01E0EB9C048530D2928AB4A2, 6E2275E85EACF2D0FC784792E0D72A165589D33CBAB3BCFA8E271CA09566C925 ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys
22:15:40.0252 0x0de0 MSTEE - ok
22:15:40.0255 0x0de0 [ 96D604A35070360F0DD4A7A8AF410B5E, F94DD1A3566C7C8D0A76D6E1E2530552A9B7F99C5DA0DE11829325EAB9F8B7ED ] MTConfig C:\WINDOWS\System32\drivers\MTConfig.sys
22:15:40.0262 0x0de0 MTConfig - ok
22:15:40.0265 0x0de0 [ 619CA29326B82372621DB2C0964D8365, 4091F08E266DB45A6E33A4A8B1CE9FA78BB294B3111526AA9E3868620F30AFDF ] Mup C:\WINDOWS\system32\Drivers\mup.sys
22:15:40.0272 0x0de0 Mup - ok
22:15:40.0276 0x0de0 [ B8C35C94DCB2DFEAF03BB42131F2F77F, F0FCF367CA8F722D6ABCF7F363CD406D890D71452E91C3FC6677B47AD74D6324 ] mvumis C:\WINDOWS\system32\drivers\mvumis.sys
22:15:40.0282 0x0de0 mvumis - ok
22:15:40.0292 0x0de0 [ 8DF30698BDD9492A9D45A4B94FB4A82A, 26B1B2D7E785E29B8BCB74C467C66AE4EBDD481ACFF36334F3BDF4506B778244 ] napagent C:\WINDOWS\system32\qagentRT.dll
22:15:40.0307 0x0de0 napagent - ok
22:15:40.0317 0x0de0 [ 008F7CED69FD5B30CBDE1E03C6F36A27, D4ADA7834C470B17A3CD976012DC5A511B32545B9F91D23D09A85722E0B75320 ] NativeWifiP C:\WINDOWS\system32\DRIVERS\nwifi.sys
22:15:40.0331 0x0de0 NativeWifiP - ok
22:15:40.0337 0x0de0 [ BFCE1225D10619029E68946929CEB64C, 499F560331FFBA82E3D673B47F027FDAB7BEE4F2CB5B811D69E0218839F6E6A5 ] NcaSvc C:\WINDOWS\System32\ncasvc.dll
22:15:40.0347 0x0de0 NcaSvc - ok
22:15:40.0352 0x0de0 [ 267C97373110B7AFD3B46DF60B6CBB85, CEBB99F71D47634BB9C04DF2836DF6B47F15B3073FEFC237F85526DF01E4E38B ] NcbService C:\WINDOWS\System32\ncbservice.dll
22:15:40.0362 0x0de0 NcbService - ok
22:15:40.0366 0x0de0 [ 9ACED0F5B458C9011F39143326494E93, 9DFFC7EE7DE6FD92545EC6A203213C498A01EEFB0BC55460D339BCE498E56A7F ] NcdAutoSetup C:\WINDOWS\System32\NcdAutoSetup.dll
22:15:40.0375 0x0de0 NcdAutoSetup - ok
22:15:40.0396 0x0de0 [ 6D3A2565E01B3E4B0F1BEDB0D4B00B3F, 95F2608E17CA3E25BD7958D1A49F7030EC8088BC1DF12422F1DAC5BA99113E34 ] NDIS C:\WINDOWS\system32\drivers\ndis.sys
22:15:40.0423 0x0de0 NDIS - ok
22:15:40.0428 0x0de0 [ 8CECC8DA55F3274181FD1EA28AD76664, 188112424CEF97FB926A0FB915260B803555A775DD2E1846725A9C8616300F42 ] NdisCap C:\WINDOWS\system32\DRIVERS\ndiscap.sys
22:15:40.0435 0x0de0 NdisCap - ok
22:15:40.0439 0x0de0 [ 269882812E9A68FFF1AFE1283D428322, 50B99EBC42DA9B46A8C2C28C9BADCF58AE3079535CDD1227D0F5C86291C715FF ] NdisImPlatform C:\WINDOWS\system32\DRIVERS\NdisImPlatform.sys
22:15:40.0448 0x0de0 NdisImPlatform - ok
22:15:40.0451 0x0de0 [ DC1D9F692C2AD84C214584C28501C1F7, 96FC0D1EC48FED963E02648541A2AAC8E72ED00D797EA8E3D0ED02F5EB4816C5 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
22:15:40.0457 0x0de0 NdisTapi - ok
22:15:40.0461 0x0de0 [ B832B35055BA2B7B4181861FF94D8E59, 2E60E5D503E88D27E35ECFEE265D51328E93A9C7B9B931F86D9CBC947636BB00 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
22:15:40.0468 0x0de0 Ndisuio - ok
22:15:40.0471 0x0de0 [ 1F58E48EF75F34C35D8E93A0DC535CFE, D65619A6C4B1747F8B05DA08A44EF0E46B5CC384880E04E4755A2BA6CDB3C4EA ] NdisVirtualBus C:\WINDOWS\System32\drivers\NdisVirtualBus.sys
22:15:40.0480 0x0de0 NdisVirtualBus - ok
22:15:40.0486 0x0de0 [ DEC29080202D4F9F17F55E18BCFCC41A, F7E543741B1F4F637A99C40543D6AEC6EBF893F74359BBA769D1F882E0AFB571 ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
22:15:40.0498 0x0de0 NdisWan - ok
22:15:40.0503 0x0de0 [ DEC29080202D4F9F17F55E18BCFCC41A, F7E543741B1F4F637A99C40543D6AEC6EBF893F74359BBA769D1F882E0AFB571 ] NdisWanLegacy C:\WINDOWS\system32\DRIVERS\ndiswan.sys
22:15:40.0514 0x0de0 NdisWanLegacy - ok
22:15:40.0518 0x0de0 [ B8F36CBC72FC5C8B8A30AD850165EA8E, 478454B1399700B745265A64EC9C797C66BD0141471200BCF222F5EB15B0F40C ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
22:15:40.0527 0x0de0 NDProxy - ok
22:15:40.0531 0x0de0 [ 3083926D1CC5B56EA0786527B557DD1B, 3C3F0CA0D43398576DBE8F677B353ADDA7E8F56829874958CE668E31261C1590 ] Ndu C:\WINDOWS\system32\drivers\Ndu.sys
22:15:40.0539 0x0de0 Ndu - ok
22:15:40.0542 0x0de0 [ 42FF4975D032CAE558AE4BB8448F6E5A, 0B8FACF3382443DED79A8004A6AA14C32471A6A1C6BAA543AA9F3FEC52620A6D ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
22:15:40.0550 0x0de0 NetBIOS - ok
22:15:40.0557 0x0de0 [ 0217532E19A748F0E5D569307363D5FD, C40C2E7AFA276057E7327A7BB173122689D6CEC9AE443C3850C3F94AF03DFBF5 ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
22:15:40.0569 0x0de0 NetBT - ok
22:15:40.0573 0x0de0 [ 382100E75B6F4668AEAEF228C6CEFFAD, 9C7229F10F11D18E1FED6395391A46225A84B421034B9AB6F81AF7430FDC556F ] Netlogon C:\WINDOWS\system32\lsass.exe
22:15:40.0580 0x0de0 Netlogon - ok
22:15:40.0587 0x0de0 [ 8F074B62E66B6117D9598C62A12069C5, 5FDB19045D3E2F6D0F0C5158AC2ECB0D5404CD2AF7A319755D7E3753CA3B7CF3 ] Netman C:\WINDOWS\System32\netman.dll
22:15:40.0599 0x0de0 Netman - ok
22:15:40.0611 0x0de0 [ 4A04B1CD5BFB4A978C5F60E86D6C3E45, A946922C1C38ADD3CF9D3B09DDCC301AE4DAC960A081B2F42B32BE1E7095B3FD ] netprofm C:\WINDOWS\System32\netprofmsvc.dll
22:15:40.0629 0x0de0 netprofm - ok
22:15:40.0675 0x0de0 [ C916D489B2EA932A90200B9DBEEED301, 237292CA7F32D2998671C7F1573710FEEAC41DF3E498B60CB1A374529F6CEF48 ] netr28ux C:\WINDOWS\system32\DRIVERS\netr28ux.sys
22:15:40.0722 0x0de0 netr28ux - ok
22:15:40.0729 0x0de0 [ 4D873AF629E4216500D075AB969A697C, 00F7E031EE8161E84E16229A7336476830B3AE79B6DDBA0E93802E3E5C3D122B ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
22:15:40.0736 0x0de0 NetTcpPortSharing - ok
22:15:40.0740 0x0de0 [ D4DCE03870314D3354F3501F9DDD4123, 5BFE8299B3F72B8C39A4965365CBF5BA151024451F02DD872FAD1CC35CF94CEA ] netvsc C:\WINDOWS\System32\drivers\netvsc63.sys
22:15:40.0748 0x0de0 netvsc - ok
22:15:40.0758 0x0de0 [ E94EB2A95D7D016E119C4D6868788831, 3E4A925D23262FBA0A6432DD635FBE94B0CEF76BD9BB323254B66977497FEE2A ] NlaSvc C:\WINDOWS\System32\nlasvc.dll
22:15:40.0770 0x0de0 NlaSvc - ok
22:15:40.0775 0x0de0 [ 8F44A2F57C9F1A19AC9C6288C10FB351, 310274DDBAC0FE4BE54ECD3B90C97D82A0F9F5CFCA7A35711A36164DE4B94074 ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
22:15:40.0783 0x0de0 Npfs - ok
22:15:40.0786 0x0de0 [ CBDB4F0871C88DF930FC0E8588CA67FC, 7E4AA3EA81A9D532F236FD7896744F07ED07CA9B37A9F18A9778BCCCC67490F2 ] npsvctrig C:\WINDOWS\System32\drivers\npsvctrig.sys
22:15:40.0793 0x0de0 npsvctrig - ok
22:15:40.0796 0x0de0 [ 0F12A72A753CFD7FB0631EE8D08FE983, 860A96471F6CD90DDA9AB3A48E95CEAD826C87D2FA98A00EF91B61C44A4C8B82 ] nsi C:\WINDOWS\system32\nsisvc.dll
22:15:40.0805 0x0de0 nsi - ok
22:15:40.0808 0x0de0 [ 0E046FF5823B95326D10CF1B4AF23541, 39D22715003746527AB4BFEDED8C34B695DAF589091AE7F3A2A2C4B8A35675A9 ] nsiproxy C:\WINDOWS\system32\drivers\nsiproxy.sys
22:15:40.0815 0x0de0 nsiproxy - ok
22:15:40.0854 0x0de0 [ 7F68063A5A0461E02BC860CE0E6BFDDC, 47E9F75D27B97278B74034B7D3951A26B1644911ED321455E08D935731C858DE ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
22:15:40.0901 0x0de0 Ntfs - ok
22:15:40.0907 0x0de0 [ EF1B290FC9F0E47CC0B537292BEE5904, DBC07BBC54EBC2D2E576B23A4CE116B3DA988577AD0D96CB7289A6748A60F9EA ] Null C:\WINDOWS\system32\drivers\Null.sys
22:15:40.0914 0x0de0 Null - ok
22:15:40.0919 0x0de0 [ BC6B5942AFF25EBAF62DE43C3807EDF8, CB0FA194084B8C309039D571B5760FDA800E9531B8660C499B4F9977BA5C36D5 ] nvraid C:\WINDOWS\system32\drivers\nvraid.sys
22:15:40.0927 0x0de0 nvraid - ok
22:15:40.0932 0x0de0 [ 1F43ABFFAC3D6CA356851D517392966E, 6FD7621F67BA94B0E1D8F43BEC2951DBCDEEA1E848BB265AC169E27C01DA68F2 ] nvstor C:\WINDOWS\system32\drivers\nvstor.sys
22:15:40.0941 0x0de0 nvstor - ok
22:15:40.0946 0x0de0 [ 6934A936A7369DFE37B7DBA93F5E5E49, 0900FEEB0CE8D09F0FC60630B5B986034A8BCD3882ED66E47170810C32492892 ] nv_agp C:\WINDOWS\system32\drivers\nv_agp.sys
22:15:40.0954 0x0de0 nv_agp - ok
22:15:40.0959 0x0de0 [ 30B5F9FB0C35AE6B4A0851D24CE2EE8B, 0340E77E8EC2ADC21B8DDD9C9CC95B3F4BCAFD54618A333C72D7D9587D593B83 ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
22:15:40.0967 0x0de0 ose - ok
22:15:41.0053 0x0de0 [ 61BFFB5F57AD12F83AB64B7181829B34, 1DD0DD35E4158F95765EE6639F217DF03A0A19E624E020DBA609268C08A13846 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
22:15:41.0138 0x0de0 osppsvc - ok
22:15:41.0153 0x0de0 [ 26657F3B4F39A0E64AF859278B599C4E, 3DD65E0BCEF3045DBA29FB8171CA3FCC9781AED3A1C7A160CF26388CE80A3683 ] p2pimsvc C:\WINDOWS\system32\pnrpsvc.dll
22:15:41.0167 0x0de0 p2pimsvc - ok
22:15:41.0176 0x0de0 [ FD8F61F0D1F64BBB3D835F39A3F979C9, E5C5F86576488EA7F605E26C06EE5AFB36506A446F60C894D55E0A148BF7F02D ] p2psvc C:\WINDOWS\system32\p2psvc.dll
22:15:41.0191 0x0de0 p2psvc - ok
22:15:41.0196 0x0de0 [ 764B1121867B2D9B31C491668AC72B2B, 32C04B6FCE1DDD09697B81473A23BDCED8BEEFBCD0D2D58DDC9A11A33C756967 ] Parport C:\WINDOWS\System32\drivers\parport.sys
22:15:41.0204 0x0de0 Parport - ok
22:15:41.0208 0x0de0 [ BAFF6122CFC9F95CA175AD8C348179A4, 079A912D951DF6A57BC1BDB0D182977EE9592751EC9DDCDA2932BDEDB333850C ] partmgr C:\WINDOWS\system32\drivers\partmgr.sys
22:15:41.0215 0x0de0 partmgr - ok
22:15:41.0226 0x0de0 [ ABE95ABE27A8BD9701782BBCD82C9925, AE3BA1E9ECDE692374D8DAC95A8DAA289DD2470E3D8D58EFAD9F83A37F3AC8E5 ] PcaSvc C:\WINDOWS\System32\pcasvc.dll
22:15:41.0240 0x0de0 PcaSvc - ok
22:15:41.0249 0x0de0 [ 91ED124E261EA8FAA1C0FFDF2A71B0C4, 20E41A38067395D03184938983A9BE459717A1941352972DBC28D83D542319EC ] pci C:\WINDOWS\system32\drivers\pci.sys
22:15:41.0261 0x0de0 pci - ok
22:15:41.0264 0x0de0 [ 346E38FCC6859A727DD28AFAD1F0AFF4, FF3DA26F79B3BC3A5B8A8AA0B9139B9EF70297F4EA1203B1E68FB5A212C3AA58 ] pciide C:\WINDOWS\system32\drivers\pciide.sys
22:15:41.0270 0x0de0 pciide - ok
22:15:41.0275 0x0de0 [ 4D3BDCC1C7B40C9D7B6AD990E6DEC397, 27A7AF2127B699F4579CB77936F38DC102211E26E5E2947DB808756FE06FC98E ] pcmcia C:\WINDOWS\system32\drivers\pcmcia.sys
22:15:41.0284 0x0de0 pcmcia - ok
22:15:41.0287 0x0de0 [ BF28771D1436C88BE1D297D3098B0F7D, 5F7630916A76A8CF31289E9C577F522B999C74C39E541CD40E62BD53004BEF74 ] pcw C:\WINDOWS\system32\drivers\pcw.sys
22:15:41.0293 0x0de0 pcw - ok
22:15:41.0297 0x0de0 [ ED54A75050211DC77F9B98C41E026858, F92FB59ADE88469EAA50E91D43165C68CC32FDE11595A0069FD43103A674FE44 ] pdc C:\WINDOWS\system32\drivers\pdc.sys
22:15:41.0305 0x0de0 pdc - ok
22:15:41.0318 0x0de0 [ 0ECEE590F2E2EF969FB74A6FC583A1E6, 1C611D9225C863CF32125F684B324C58BDE1942F4F283F5674133200AC505D44 ] PEAUTH C:\WINDOWS\system32\drivers\peauth.sys
22:15:41.0337 0x0de0 PEAUTH - ok
22:15:41.0378 0x0de0 [ A35EC8F902475350DA31BDF0E1402A91, 5AB43B4BD70B44A62FFD21A9D3CB8D1BC035B6E001DBB1BAC30D6D7A07475D83 ] PeerDistSvc C:\WINDOWS\system32\peerdistsvc.dll
22:15:41.0422 0x0de0 PeerDistSvc - ok
22:15:41.0454 0x0de0 [ 8E3C640FFF5A963F570233AE99C0FFF3, 3DE978B005BF2E88BA858CE37D9E27BD3584642B8412E22C300A1E739743838A ] PerfHost C:\WINDOWS\SysWow64\perfhost.exe
22:15:41.0462 0x0de0 PerfHost - ok
22:15:41.0494 0x0de0 [ 70B39E7241F750A248798CE82C44596D, 54A72199EB277EE586611DCBC21654786FD2196F91D5884C4F531297893CC3EC ] pla C:\WINDOWS\system32\pla.dll
22:15:41.0527 0x0de0 pla - ok
22:15:41.0533 0x0de0 [ 2C02AFF8383D893F8DBEB07A84F6E77C, 7CC34BAC67E2988E3D16DD6EB6F6785CD2460E3EF7FBD0BD5F86E49793BD473E ] PlugPlay C:\WINDOWS\system32\umpnpmgr.dll
22:15:41.0542 0x0de0 PlugPlay - ok
22:15:41.0545 0x0de0 [ 4570F8A37D221660F3A09D6F4DD4BA94, 0EA190CFFA53DF9CCA2D53A4EF1BCB837BA3F2489A3AC5BD11F6D6ED811D118E ] PNRPAutoReg C:\WINDOWS\system32\pnrpauto.dll
22:15:41.0553 0x0de0 PNRPAutoReg - ok
22:15:41.0561 0x0de0 [ 26657F3B4F39A0E64AF859278B599C4E, 3DD65E0BCEF3045DBA29FB8171CA3FCC9781AED3A1C7A160CF26388CE80A3683 ] PNRPsvc C:\WINDOWS\system32\pnrpsvc.dll
22:15:41.0574 0x0de0 PNRPsvc - ok
22:15:41.0578 0x0de0 [ 4F0878FD62D5F7444C5F1C4C66D9D293, B381217D6202C06EE992EBDE061FA20376FF71F698022D0A80168CCD1059453C ] Point64 C:\WINDOWS\System32\drivers\point64.sys
22:15:41.0583 0x0de0 Point64 - ok
22:15:41.0592 0x0de0 [ BDD52AB4AEBB8B1904568DBD0CCB70CB, C3D1DBA349C79B43DCDD9EF5255C5EE973EFB844235B808B5EF9B63A51FF00AA ] PolicyAgent C:\WINDOWS\System32\ipsecsvc.dll
22:15:41.0605 0x0de0 PolicyAgent - ok
22:15:41.0610 0x0de0 [ C8DD82C3035E60D671B8CC5DF128D3A9, 6AABF632CBEDA9A7B553BC9134FF100CB6FDC88000D499D2883408FCEDD97576 ] Power C:\WINDOWS\system32\umpo.dll
22:15:41.0619 0x0de0 Power - ok
22:15:41.0676 0x0de0 [ E3514CE7CB4AF80ECCA383F065BC77C0, 1EA06D358A07EB9DFB703CEFC4EB834B947B899E0ACFE1C494E2DAED63F1D4B5 ] PrintNotify C:\WINDOWS\system32\spool\drivers\x64\3\PrintConfig.dll
22:15:41.0732 0x0de0 PrintNotify - ok
22:15:41.0740 0x0de0 [ ECD373F9571C745894367CC2635EA44F, E08B2A1017DAE1BF10B986DAFAD14BDE20D79703E0EF3A8C700A3753908C1392 ] Processor C:\WINDOWS\System32\drivers\processr.sys
22:15:41.0748 0x0de0 Processor - ok
22:15:41.0754 0x0de0 [ 19424364D8C03B990C4281BE53963FD0, 958FC8436E6B754858E20BC48B0D4B269991E8CA94C15C2761BF04ED52591907 ] ProfSvc C:\WINDOWS\system32\profsvc.dll
22:15:41.0765 0x0de0 ProfSvc - ok
22:15:41.0771 0x0de0 [ FC0141B4A5AD6D637D883C1A89FC45C5, DCE8942C02EEDAE7A57707CA60CAC3A8CD6BA68E6571E405CA882D4DD6D69E43 ] Psched C:\WINDOWS\system32\DRIVERS\pacer.sys
22:15:41.0780 0x0de0 Psched - ok
22:15:41.0783 0x0de0 [ DD3FD48D69F5FBBB21D46D1514C1C2DB, 2B188E3AC4BD9B608D375DD550507717852C2AF7C0F99FFED90098999B9D4F01 ] PSI C:\WINDOWS\system32\DRIVERS\psi_mf_amd64.sys
22:15:41.0788 0x0de0 PSI - ok
22:15:41.0795 0x0de0 [ DAA9DEE0A5D5F238C4EE54C2C7FB67C5, 7EC8C603BD92699AC35BDCD294F13BEE90D5C2C195FD93A3F16928BFCF53CA93 ] QWAVE C:\WINDOWS\system32\qwave.dll
22:15:41.0808 0x0de0 QWAVE - ok
22:15:41.0811 0x0de0 [ 83868EB2924E6BC21A54337C65D614D1, 8D1BE01EBD190231153B867C32120DC8FBFBD32050448A778134D435D76A0B07 ] QWAVEdrv C:\WINDOWS\system32\drivers\qwavedrv.sys
22:15:41.0818 0x0de0 QWAVEdrv - ok
22:15:41.0829 0x0de0 [ 8C505C4CF714DCB7158FCFCACF7416AC, C6FCF9192EE1402FC19882433F8E98075FD1D589F7D9D5FAB47EA39CD4C3E289 ] RalinkRegistryWriter C:\Program Files (x86)\Ralink\Common\RaRegistry.exe
22:15:41.0839 0x0de0 RalinkRegistryWriter - ok
22:15:41.0848 0x0de0 [ 16C12C49A599873C191DCD50D02DB7CB, 3CA61E39301787FCE6EB3F7B1F8A784A59FC551DD75AD9F0C5779174AFCDD768 ] RalinkRegistryWriter64 C:\Program Files (x86)\Ralink\Common\RaRegistry64.exe
22:15:41.0860 0x0de0 RalinkRegistryWriter64 - ok
22:15:41.0894 0x0de0 [ 2977F7750EA2BECB3E623814D2C18800, A2FAE078FC18481C59D7D3B465D4E53756D85C1C49F6471D3840EEF49814EA19 ] RaMediaServer C:\Program Files (x86)\Ralink\Common\RaMediaServer.exe
22:15:41.0928 0x0de0 RaMediaServer - detected UnsignedFile.Multi.Generic ( 1 )
22:15:44.0459 0x0de0 Detect skipped due to KSN trusted
22:15:44.0459 0x0de0 RaMediaServer - ok
22:15:44.0468 0x0de0 [ B337B1F1E82A83E20A1743E008E25C0F, A2E8AF041B4CAB78AEE28A2147A189FF0F9D2FCEFB167D60FBBA0A787A5A5BE7 ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
22:15:44.0482 0x0de0 RasAcd - ok
22:15:44.0490 0x0de0 [ 044638489B4A5FE5334F46C5314A0826, E06CC2A9EF369794DAD69FBB5AFD1676D4283DDAB2AD5E3EFE454C473F62F955 ] RasAuto C:\WINDOWS\System32\rasauto.dll
22:15:44.0503 0x0de0 RasAuto - ok
22:15:44.0517 0x0de0 [ F83B38FCD4F69157B3D158433FA149CC, AB103BD3E2B3B134CB355C556DF70BCF0CF4DB11EFF7DB4A9876D5AA43D81293 ] RasMan C:\WINDOWS\System32\rasmans.dll
22:15:44.0535 0x0de0 RasMan - ok
22:15:44.0540 0x0de0 [ 5247F308C4103CDC4FE12AE1D235800A, E567CD33CA1897D53795E071B7AFBAF98B2C8F725F8BED0BA90F5EF611520E48 ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
22:15:44.0549 0x0de0 RasPppoe - ok
22:15:44.0559 0x0de0 [ A1A5E79C0D1352AFDC08328A623DA051, 01546DDE6F1FF159A7EB7F2BF104910445D3D863F1F37DEA695579BA60D84280 ] rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
22:15:44.0572 0x0de0 rdbss - ok
22:15:44.0578 0x0de0 [ 6B21EBF892CD8CACB71669B35AB5DE32, 0AD8E14FEF16FB2559F5FC8AFBC9D49E4E24F43CF65F480DBF9FAB593269B419 ] rdpbus C:\WINDOWS\System32\drivers\rdpbus.sys
22:15:44.0584 0x0de0 rdpbus - ok
22:15:44.0590 0x0de0 [ 680C1DAE268B6FB67FA21B389A8B79EF, 856911F77BDD8830C3D683EBE8AF399FB3A54C7D8D0B34EA37D903377F0A39BD ] RDPDR C:\WINDOWS\system32\drivers\rdpdr.sys
22:15:44.0600 0x0de0 RDPDR - ok
22:15:44.0606 0x0de0 [ BC8A79C625568DDB7DCA49D0C2741A64, AB0A7ED9EC2282EC0356D27EA4F70515943E41C2112428B787636B8BEC278933 ] RdpVideoMiniport C:\WINDOWS\system32\drivers\rdpvideominiport.sys
22:15:44.0612 0x0de0 RdpVideoMiniport - ok
22:15:44.0618 0x0de0 [ A26AEC49F318FEE141DDDB2C5F99B3E6, 246AD79FF27E79DEDCB0AAA7C22A8EA6349DEDAC863413A1E378E68FD94C9C4F ] rdyboost C:\WINDOWS\system32\drivers\rdyboost.sys
22:15:44.0628 0x0de0 rdyboost - ok
22:15:44.0646 0x0de0 [ 615DFD97DEA56CE1C3A52185A3038FF8, 707BF5F9FAE478A12656D15013F507CC1335E7B72BD21CA99BB813CB95E37BC0 ] ReFS C:\WINDOWS\system32\drivers\ReFS.sys
22:15:44.0670 0x0de0 ReFS - ok
22:15:44.0679 0x0de0 [ 0CF7CB56BF2D5E9DBCEE0185CB626FAD, 2BD2E2FB1D2EADD1F70EF55E8523C353F95D4FEB1BAD5017FA4D94F790F27825 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
22:15:44.0690 0x0de0 RemoteAccess - ok
22:15:44.0695 0x0de0 [ AC8785B53F8436058C90450DA1840AE7, CC1FFC2713910211F8A6AD532DBB9253ACD188CBD784F1BE6613DF382825A3C1 ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
22:15:44.0706 0x0de0 RemoteRegistry - ok
22:15:44.0712 0x0de0 [ DC66AE45816614D2999DCD3834DCCC4E, 1C26225135E851DDD1307F52401DD7055B26B3F3B8FDD693B21042C2896E235A ] RFCOMM C:\WINDOWS\System32\drivers\rfcomm.sys
22:15:44.0721 0x0de0 RFCOMM - ok
22:15:44.0725 0x0de0 [ 65B9FDE300A6DECC03BA44C4616DCAD6, CAD992982733DD20282A3453DC4E554AE1FC077C35479C0CA4E8BC3A9DCD3BB0 ] RpcEptMapper C:\WINDOWS\System32\RpcEpMap.dll
22:15:44.0735 0x0de0 RpcEptMapper - ok
22:15:44.0738 0x0de0 [ A737B433ABAF3F2DCB2BD7B4CC582B26, 3B5706B0CF0969A9F82060FD4DCC745F2D83C066B663FE8A4F0F493B64032C9C ] RpcLocator C:\WINDOWS\system32\locator.exe
22:15:44.0745 0x0de0 RpcLocator - ok
22:15:44.0762 0x0de0 [ A6F17C299A03BAFEFB9257C462A19E00, EB68967D28355271897166D7B6FD963D1E546D3C24AE1AEAAC561F94357A9345 ] RpcSs C:\WINDOWS\system32\rpcss.dll
22:15:44.0782 0x0de0 RpcSs - ok
22:15:44.0787 0x0de0 [ 2D05A5508F4685412F2B89E8C2189ABC, 82F12B4E0E73411A121EFD35FBD3B44CBBC0AE96ACFBB45D8C3C3777E2EA320D ] rspndr C:\WINDOWS\system32\DRIVERS\rspndr.sys
22:15:44.0797 0x0de0 rspndr - ok
22:15:44.0814 0x0de0 [ 030D2961C555B706024FF5A8908DDB6F, CE37DA4250DDCC829260EA1402772A66CC0D1E42A4D93F734E2CD79EC38FA230 ] RTL8168 C:\WINDOWS\system32\DRIVERS\Rt630x64.sys
22:15:44.0832 0x0de0 RTL8168 - ok
22:15:44.0843 0x0de0 [ 333224D4D25F9BCCA488E08345083E1C, 368CA50C6791849A029F0E55036D0F2952922D5D17BE3C35D1195C6AFED0D94F ] RTL8187 C:\WINDOWS\system32\DRIVERS\rtl8187.sys
22:15:44.0856 0x0de0 RTL8187 - ok
22:15:44.0859 0x0de0 [ 1A063730F221B2746FF00457AE17E4F0, 39A3C258CBFE3BC566C63528C9020A3BC9409736AE5289C08A7BA471D8409263 ] s3cap C:\WINDOWS\System32\drivers\vms3cap.sys
22:15:44.0866 0x0de0 s3cap - ok
22:15:44.0869 0x0de0 [ 382100E75B6F4668AEAEF228C6CEFFAD, 9C7229F10F11D18E1FED6395391A46225A84B421034B9AB6F81AF7430FDC556F ] SamSs C:\WINDOWS\system32\lsass.exe
22:15:44.0876 0x0de0 SamSs - ok
22:15:44.0881 0x0de0 [ C624A1B32211C3166EDB3F4AB02A30B7, 6B2A4607DB52D74242787ED9DF9067058983D310431D8612D2B0236E6201E681 ] sbp2port C:\WINDOWS\system32\drivers\sbp2port.sys
22:15:44.0889 0x0de0 sbp2port - ok
22:15:44.0895 0x0de0 [ 74A3B67F03877D06B09B1B40C5ED582E, A8FF9BF416F0BF365BFB4E1796859825C811A74B5E54DDDCE8345193BEEBE206 ] SCardSvr C:\WINDOWS\System32\SCardSvr.dll
22:15:44.0905 0x0de0 SCardSvr - ok
22:15:44.0910 0x0de0 [ 8B9C4D55B4A536FB01C360DDB9533574, 9B939FE68F6F9C171ED0D91E2CE1E67515295D34EC23606BCDFD097DCC8CFD4A ] ScDeviceEnum C:\WINDOWS\System32\ScDeviceEnum.dll
22:15:44.0920 0x0de0 ScDeviceEnum - ok
22:15:44.0923 0x0de0 [ 13BEA6C882D4D877A5A85CA149C86BC1, 8E9BE5C2A36D5881D9985C3A31309FE03966EA13A3541D3C5B542AB67FA0D55F ] scfilter C:\WINDOWS\system32\DRIVERS\scfilter.sys
22:15:44.0931 0x0de0 scfilter - ok
22:15:44.0955 0x0de0 [ A626F5E446860F22835E783142D7AE33, 3A786639E1FABCA512F4F91A10811DD3C4D9C9C9BB893362E4D019219D0BD8E2 ] Schedule C:\WINDOWS\system32\schedsvc.dll
22:15:44.0984 0x0de0 Schedule - ok
22:15:44.0990 0x0de0 [ 41C0D7B1A6D4AD119BA6AC0487EA5C8E, 516C2B34BA7507D0DA4148B4ABC0A8C36286570D4EA5C60B28647B1249C15018 ] SCPolicySvc C:\WINDOWS\System32\certprop.dll
22:15:44.0999 0x0de0 SCPolicySvc - ok
22:15:45.0008 0x0de0 [ C54B6B2170BF628FD42F799A66956D75, BCF460A124CAA6F1F1A9A7BCBDCC2D5E39B0404D96B7C9FFAC806E041782B91E ] sdbus C:\WINDOWS\System32\drivers\sdbus.sys
22:15:45.0018 0x0de0 sdbus - ok
22:15:45.0023 0x0de0 [ 0B1E929D11A8E358106955603FAC65E8, A5EC91BFC0873EC6AB1D0DB4E91654BD35339BD680E7E82DA2DC64996B4AE515 ] sdstor C:\WINDOWS\System32\drivers\sdstor.sys
22:15:45.0030 0x0de0 sdstor - ok
22:15:45.0033 0x0de0 [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv C:\WINDOWS\system32\drivers\secdrv.sys
22:15:45.0040 0x0de0 secdrv - ok
22:15:45.0043 0x0de0 [ BA24CEA7152239F42ECD04AFB7C89D24, A2A11EABB0C283772B74667C7544B61BEB1B9745FBF065E831542129EB585AFA ] seclogon C:\WINDOWS\system32\seclogon.dll
22:15:45.0052 0x0de0 seclogon - ok
22:15:45.0075 0x0de0 [ 398A81D590424441B2F5C5C08073CADB, 1E064DFCC49EB0D8A4150276BF796B9DFA030C451570A170EC940F8CBAAD80F3 ] Secunia PSI Agent C:\Program Files (x86)\Secunia\PSI\PSIA.exe
22:15:45.0099 0x0de0 Secunia PSI Agent - ok
22:15:45.0113 0x0de0 [ 8C2D3A80FC90A860F0F24DEB67471481, CE4D17B63149C44B4CD5CB7776FD4705DC675F6D2D077D53BE15578294EBC9D4 ] Secunia Update Agent C:\Program Files (x86)\Secunia\PSI\sua.exe
22:15:45.0127 0x0de0 Secunia Update Agent - ok
22:15:45.0132 0x0de0 [ 81FE9A81EDF8016816C9E91FBFBF7D35, 87FB92A3D15F312F0B9C423EF851061A944B013E5668D8C9A441B4DC0EB690AF ] SENS C:\WINDOWS\System32\sens.dll
22:15:45.0141 0x0de0 SENS - ok
22:15:45.0148 0x0de0 [ 6E4012AE67F09F867EF620C8D5524C0B, 63933E51F8E413E63481369CE2F9FD224560550FBD3BD2B4573E9F4AD88708A2 ] SensrSvc C:\WINDOWS\system32\sensrsvc.dll
22:15:45.0159 0x0de0 SensrSvc - ok
22:15:45.0164 0x0de0 [ DB2FF24CE0BDD15FE75870AFE312BA89, 7DB0D978C92CD0A0A81F7AB46FE323B4929CEA01585B0F330921E6DFA7DE1B85 ] SerCx C:\WINDOWS\system32\drivers\SerCx.sys
22:15:45.0171 0x0de0 SerCx - ok
22:15:45.0175 0x0de0 [ 0044B31F93946D5D41982314381FE431, 95B8A94BA9EF770F29ACD5B23D447EC2B6CF1CB3D0030343BA1550AC31F6E2A5 ] SerCx2 C:\WINDOWS\system32\drivers\SerCx2.sys
22:15:45.0184 0x0de0 SerCx2 - ok
22:15:45.0187 0x0de0 [ 3CD600C089C1251BEEB4CD4CD5164F9E, D9F81951B4454B24E821E33ACA53A851A61F3135E8EC6FBE6761A1A3E1CDCBE2 ] Serenum C:\WINDOWS\System32\drivers\serenum.sys
22:15:45.0194 0x0de0 Serenum - ok
22:15:45.0198 0x0de0 [ D864381BC9C725FAB01D94C060660166, 132FED95222BBE3B0B25B3F1F0EFC5903D04564BD047BA4D2042AD51E3FDA724 ] Serial C:\WINDOWS\System32\drivers\serial.sys
22:15:45.0206 0x0de0 Serial - ok
22:15:45.0210 0x0de0 [ 148195AE95D9BC7375A08846439FDAC1, 3A2F78FD18AA7A6D659921E19335E943894530874AC5AB5E7219CEF28FA54F7A ] sermouse C:\WINDOWS\System32\drivers\sermouse.sys
22:15:45.0216 0x0de0 sermouse - ok
22:15:45.0228 0x0de0 [ 3A2F1A7472C3B7CC9B89C8516C726488, 9BCBBAC10C900EA7B30822B463A77EE5067F217C4B490857A09E5277983CB89B ] SessionEnv C:\WINDOWS\system32\sessenv.dll
22:15:45.0241 0x0de0 SessionEnv - ok
22:15:45.0244 0x0de0 [ 472B7A5AC181C050888DB454663DD764, C950A8615D57BFD455E18880398350642B2E1D6B951EC9754FD8D429F3418835 ] sfloppy C:\WINDOWS\System32\drivers\sfloppy.sys
22:15:45.0251 0x0de0 sfloppy - ok
22:15:45.0260 0x0de0 [ 8081FF3DAE8159FE8956B09BC29CE983, AC0F305AEE8B1AB2E1275F1D33EC1D2F3E23F234F831BD9D41F415A94A19D3AB ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
22:15:45.0275 0x0de0 SharedAccess - ok
22:15:45.0289 0x0de0 [ 7FD9A61A3523A61FC135D61D6E160314, 409E1CF7A62FD90CBC31AEAFBB7230B02DBEC6CFCA2D266D221A7643FAEBA13B ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
22:15:45.0308 0x0de0 ShellHWDetection - ok
22:15:45.0312 0x0de0 [ 2F518D13DD6F3053837FE606F1A2EA1F, 64109296CE95BD233525688A350D575CF97B9464659AA07CF78B307B6ADBC835 ] SiSRaid2 C:\WINDOWS\system32\drivers\SiSRaid2.sys
22:15:45.0318 0x0de0 SiSRaid2 - ok
22:15:45.0322 0x0de0 [ 1AC9A200A9C49C4508F04AAFFCA34A3F, 972BCB2A39169155F74111FAC74ACCD8F50E34EADCF087833B0980827627BBF4 ] SiSRaid4 C:\WINDOWS\system32\drivers\sisraid4.sys
22:15:45.0329 0x0de0 SiSRaid4 - ok
22:15:45.0338 0x0de0 [ F6EF225A23D336CA30001E5007644C24, B0A4B1256C1074F1B4F73E3BBA16FD4683D6EEA583DEEF8E11EFD29BA7541F2A ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
22:15:45.0348 0x0de0 SkypeUpdate - ok
22:15:45.0351 0x0de0 [ 3C84DCCE5B322F745A75CA8BA3A0F6B3, 1FB94A8A1C63D6FDB82E28ED5B696B3CB1F64183A89A3B5153B266C292CB7815 ] smphost C:\WINDOWS\System32\smphost.dll
22:15:45.0359 0x0de0 smphost - ok
22:15:45.0363 0x0de0 [ D0EB0DF8C603BBA084351A92732B1CBE, E24ED8F78EF41C1BC17386AE4BBCE0DC892C5B89B12C03FC9FB61D359B13F1B4 ] SNMPTRAP C:\WINDOWS\System32\snmptrap.exe
22:15:45.0371 0x0de0 SNMPTRAP - ok
22:15:45.0373 0x0de0 SophosVirusRemovalTool - ok
22:15:45.0385 0x0de0 [ D24B1945ED1F9C96DA786DBBF1E983CE, B46CB0B72B7A3DF94A46B8D65E38535C5F8E72A55CF2DC48EFA1F9A0108691C4 ] spaceport C:\WINDOWS\system32\drivers\spaceport.sys
22:15:45.0400 0x0de0 spaceport - ok
22:15:45.0404 0x0de0 [ F337BE11071818FC3F5DC2940B6BDE34, D5CFF00E5DF37045F71AEE101AC9B270EBB29F372F404757B58600E9966C7E4D ] SpbCx C:\WINDOWS\system32\drivers\SpbCx.sys
22:15:45.0411 0x0de0 SpbCx - ok
22:15:45.0427 0x0de0 [ 2E3976C857D7230EC8D2B2276E688255, C0A6A84369CB3E709A6FFEBED2B38AB62D731B79D052D6D6FA8EF855BC428778 ] Spooler C:\WINDOWS\System32\spoolsv.exe
22:15:45.0449 0x0de0 Spooler - ok
22:15:45.0562 0x0de0 [ C993A0B97BECD3AAF5158E3869878465, 8B86F37DEFCBE55DE507D830EC4980EBB39B3CCA30C2B3E76B588AAB282A50FC ] sppsvc C:\WINDOWS\system32\sppsvc.exe
22:15:45.0700 0x0de0 sppsvc - ok
22:15:45.0716 0x0de0 [ 6416E79A58A8FCC33A447A4DDDD3BF04, 839E3107ACCD520C309BD6C8324DF7A8EB724EAD442AB1F1CACB0D83F84BE488 ] srv C:\WINDOWS\system32\DRIVERS\srv.sys
22:15:45.0729 0x0de0 srv - ok
22:15:45.0744 0x0de0 [ 00D8AC8E3053290BDE6EA2FB6810D2FC, 957FEF84CBBAE71829529AE99A1B24F52D7831BD666442D0132FBB825409A75D ] srv2 C:\WINDOWS\system32\DRIVERS\srv2.sys
22:15:45.0762 0x0de0 srv2 - ok
22:15:45.0769 0x0de0 [ D047CD668E6277FD80F0C613946F034C, BD0209E7FD89F9295D4DE48C9652DF2A2990277C16AFA473B96704B1CBD2F338 ] srvnet C:\WINDOWS\system32\DRIVERS\srvnet.sys
22:15:45.0780 0x0de0 srvnet - ok
22:15:45.0787 0x0de0 [ CF6C3037839CF78421A94F9060C2886F, CA98C180AE03F5BE8FEFFBA75BD98DEE2AD4FA975E1EF83215C9CD2476946811 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
22:15:45.0799 0x0de0 SSDPSRV - ok
22:15:45.0803 0x0de0 [ 198A737DBA666F4808D62E9A8277A6B7, 90B6E5E2ACE95D850C913A3A1DA1F966C44955C530004C228FA93B2A536F5C27 ] SstpSvc C:\WINDOWS\system32\sstpsvc.dll
22:15:45.0814 0x0de0 SstpSvc - ok
22:15:45.0820 0x0de0 [ 91310683D7B6B292B746D60734B59322, 2C56C3E4AA7356FB544B52F80ABDA39A80473390CB2059C69BDCCAD40FE56325 ] ssudmdm C:\WINDOWS\system32\DRIVERS\ssudmdm.sys
22:15:45.0827 0x0de0 ssudmdm - ok
22:15:45.0931 0x0de0 [ 9DA3B55B17B54789AFB8C657D4ACE4D7, 5E4599E682327E3B8097A88A69ED73F96254A29054744D5DFB782054863F131E ] ss_conn_service D:\Program Files (x86)\USB Drivers\25_escape\conn\ss_conn_service.exe
22:15:45.0951 0x0de0 ss_conn_service - ok
22:15:45.0970 0x0de0 [ EBAA82F7C9B97C0E450449178E007340, D470927CC216C4E3EA23236E6C6464187CD3A49C3A4A456F488FEC8E713EA31B ] Steam Client Service C:\Program Files (x86)\Common Files\Steam\SteamService.exe
22:15:45.0988 0x0de0 Steam Client Service - ok
22:15:45.0992 0x0de0 [ 366DEA74BBA65B362BCCFC6FC2ADFD8B, 4D28122AB9D8DAB724021E6513B4474BD34FCEDF47769B1D27AC7551FCA002F8 ] stexstor C:\WINDOWS\system32\drivers\stexstor.sys
22:15:45.0998 0x0de0 stexstor - ok
22:15:46.0001 0x0de0 [ 8F3C0CCF27CFFE89424F30E9FB3381AB, 74E54541B4A16DC97098428E1715A27557BAB97E05AF346F88958580199C1541 ] StillCam C:\WINDOWS\system32\DRIVERS\serscan.sys
22:15:46.0009 0x0de0 StillCam - ok
22:15:46.0023 0x0de0 [ 63E9CE568CF1192771A5F0460DE7D2B9, C27B21FD2C14AD41A59EF62EB8AC95C08EB13CCB1CEECD8378B8CDD4DC352E69 ] stisvc C:\WINDOWS\System32\wiaservc.dll
22:15:46.0042 0x0de0 stisvc - ok
22:15:46.0047 0x0de0 [ 0ED2E318ABB68C1A35A8B8038BDB4C90, 5C3ABC245F4BCFE64E646D9C0E2F5E211244956C84D03084C71FF6A7E0CDED30 ] storahci C:\WINDOWS\system32\drivers\storahci.sys
22:15:46.0055 0x0de0 storahci - ok
22:15:46.0059 0x0de0 [ 8B9486B64E5FC17FB9CC04CA10B77A34, C1EAC9D27DC83E4C56B890D97988C3CCFAE3877309610601F2E3FFFE97686D43 ] storflt C:\WINDOWS\system32\drivers\vmstorfl.sys
22:15:46.0065 0x0de0 storflt - ok
22:15:46.0070 0x0de0 [ 6B06E2D11E604BE2B1A406C4CB3B90DE, 2DDEA1568A85AD64FCE5D10D348304FCD9BE6E96C2313353EF70A2933306D188 ] stornvme C:\WINDOWS\system32\drivers\stornvme.sys
22:15:46.0077 0x0de0 stornvme - ok
22:15:46.0080 0x0de0 [ A45F5AC9D8069D0EC66E3CA73103073B, 996788F1C58E016E8E5CF3FD1D220A3C40AFFD6C21361A34636415DB12E0D381 ] StorSvc C:\WINDOWS\system32\storsvc.dll
22:15:46.0088 0x0de0 StorSvc - ok
22:15:46.0091 0x0de0 [ 548759755BC73DAD663250239D7E0B9F, D31A05A8CE800B539420B6E545F1F4BF6E4B02EAF8366DE89CAF13A83C6CA48D ] storvsc C:\WINDOWS\system32\drivers\storvsc.sys
22:15:46.0098 0x0de0 storvsc - ok
22:15:46.0102 0x0de0 [ 03618F935379614837F915D04C45FC0E, 9CC0CBA7AFC58E7F921C13FA3F5269714F1F827535A311E11EA48689C4D539DE ] storvsp C:\WINDOWS\System32\drivers\storvsp.sys
22:15:46.0108 0x0de0 storvsp - ok
22:15:46.0111 0x0de0 [ E395BE02F80A79A6CF973BA38DBB8135, 4C6F85B0EB8E7725BA720F9742561D229726C0D7C17505D1E79F19A5626F6325 ] svsvc C:\WINDOWS\system32\svsvc.dll
22:15:46.0118 0x0de0 svsvc - ok
22:15:46.0123 0x0de0 [ 65454187E0F8B6C0DCECB0287D06EC43, 87550000CF5B3C1DF3E69633934AFE8554AE40B6638F190D3185AD63F1D7A2EE ] swenum C:\WINDOWS\System32\drivers\swenum.sys
22:15:46.0129 0x0de0 swenum - ok
22:15:46.0144 0x0de0 [ 1C71D72D4997A284128FBEE770726330, 21682BDE74A1108FED1124FB1EA35A03CBFA94ABE1B89CC0FADB4DD82596C43E ] swprv C:\WINDOWS\System32\swprv.dll
22:15:46.0164 0x0de0 swprv - ok
22:15:46.0188 0x0de0 [ 3114CB46C2853CA71525428CB0C7CB58, A9CC51506AABBC23BAB2B90E30AB13197A72268A3DE6D2F281C1C367ED7118AE ] SysMain C:\WINDOWS\system32\sysmain.dll
22:15:46.0216 0x0de0 SysMain - ok
22:15:46.0224 0x0de0 [ 23BECB70654B192A7E378DEE3DBD8D42, 7596174AE7508B62C40A429645198F6A420D0CD5B62A10AB78516113584E7EDB ] SystemEventsBroker C:\WINDOWS\System32\SystemEventsBrokerServer.dll
22:15:46.0236 0x0de0 SystemEventsBroker - ok
22:15:46.0242 0x0de0 [ D6A71B95ACF71ACA63B67232059F1BCD, C5CEC032E7AB507500D1CC7A4E65DA6322412C798201A9D770CBDE892E50DFC8 ] TabletInputService C:\WINDOWS\System32\TabSvc.dll
22:15:46.0251 0x0de0 TabletInputService - ok
22:15:46.0260 0x0de0 [ 5A5BAB1CA9621E73E25EE4744B67CDA6, 479EBD7BAE1E2AD431153FDC016742F7A8D824716EAB1A4CA87EBBD21D61DECD ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
22:15:46.0271 0x0de0 TapiSrv - ok
22:15:46.0318 0x0de0 [ 3C2DF97A21A9BBE6355B0A51F288EFFF, 47BBE47CFE2379B072AEEC360C4F207059BED9AD18C55FDF2AC0DA9CAD837BFB ] Tcpip C:\WINDOWS\system32\drivers\tcpip.sys
22:15:46.0374 0x0de0 Tcpip - ok
22:15:46.0421 0x0de0 [ 3C2DF97A21A9BBE6355B0A51F288EFFF, 47BBE47CFE2379B072AEEC360C4F207059BED9AD18C55FDF2AC0DA9CAD837BFB ] TCPIP6 C:\WINDOWS\system32\DRIVERS\tcpip.sys
22:15:46.0476 0x0de0 TCPIP6 - ok
22:15:46.0483 0x0de0 [ 41CF802064F72E55F50CA0A221FD36D4, 70ABCDF9E96611E8C83042C581575E26649FE479475E8E118CD3FF6CB1C84C3F ] tcpipreg C:\WINDOWS\system32\drivers\tcpipreg.sys
22:15:46.0490 0x0de0 tcpipreg - ok
22:15:46.0496 0x0de0 [ FFF28F9F6823EB1756C60F1649560BBF, 208DFF8BF0329D0D4761C7E31527AEED7FF5F3C36C5005953D01477F35408D5C ] tdx C:\WINDOWS\system32\DRIVERS\tdx.sys
22:15:46.0504 0x0de0 tdx - ok
22:15:46.0507 0x0de0 [ 232D185D2337F141311D0CF1983E1431, 02EB56D3F26174AF1741C1A444CE30DE84D5BAF583C1A52C7A953BCC52445547 ] terminpt C:\WINDOWS\System32\drivers\terminpt.sys
22:15:46.0514 0x0de0 terminpt - ok
22:15:46.0536 0x0de0 [ C50997E282576DA492EBA66B059D4196, EBD793CB396F9503376207FA60353F5672DEDB620C8E01C8D6AE0030B3B03339 ] TermService C:\WINDOWS\System32\termsrv.dll
22:15:46.0563 0x0de0 TermService - ok
22:15:46.0567 0x0de0 [ 2180DBCE75B914E5E5BBFFFAAE97AA21, 8000AECC8855903DB50ABA7E304396D1FCEAE8DC9ADD4FC50275CF24B4D914DE ] Themes C:\WINDOWS\system32\themeservice.dll
22:15:46.0575 0x0de0 Themes - ok
22:15:46.0579 0x0de0 [ 4C5179DB61B9E14BEC15CDC4B152B2E9, 9048BEC7AD6A3F4B640E99B1F0365AC9A46740B188758FBB2C160EF30AD6E64B ] THREADORDER C:\WINDOWS\system32\mmcss.dll
22:15:46.0587 0x0de0 THREADORDER - ok
22:15:46.0594 0x0de0 [ B5ED9CC61798C7D44BD535D40B89EFB5, 1BDCEAA9AF2096381870D92129C748F4EE06A1167ABA9367B9DD43BAF27E3F5B ] TimeBroker C:\WINDOWS\System32\TimeBrokerServer.dll
22:15:46.0606 0x0de0 TimeBroker - ok
22:15:46.0612 0x0de0 [ 82F909359600D3603FE852DB7F135626, 2EB2BB9D81AC9A2E432B2628E296B7B21F1C82EAE8009300EEF1B8596A9F418D ] TPM C:\WINDOWS\system32\drivers\tpm.sys
22:15:46.0621 0x0de0 TPM - ok
22:15:46.0626 0x0de0 [ 884113C2BB703FE806C8608B75F34831, 24DE5750CA4363455412BABB0B1FAB08497153E8F158ED44958F100410F93506 ] TrkWks C:\WINDOWS\System32\trkwks.dll
22:15:46.0635 0x0de0 TrkWks - ok
22:15:46.0639 0x0de0 [ 44A94FB4C76528D2382FFE04B05827C3, B0BCDF7CD1D65E61A9061D539D83527A89B69583958F8A26C6BF9766C1B61E0C ] TrustedInstaller C:\WINDOWS\servicing\TrustedInstaller.exe
22:15:46.0648 0x0de0 TrustedInstaller - ok
22:15:46.0652 0x0de0 [ BF8F54CA37E9C9D6582C31C5761F8C93, 337C566792F6FB9B7FD5D1D4384B767CFE4CF5DBB2E4688CCC36CBB018A0DD0F ] TsUsbFlt C:\WINDOWS\system32\drivers\tsusbflt.sys
22:15:46.0660 0x0de0 TsUsbFlt - ok
22:15:46.0663 0x0de0 [ 20185BEB7512EDE4EFECDFA148AC9F99, 6F539478493C0F87F3DDF67A4A6D4D41E9474EEF21434E856350CE149A34EA9F ] TsUsbGD C:\WINDOWS\System32\drivers\TsUsbGD.sys
22:15:46.0670 0x0de0 TsUsbGD - ok
22:15:46.0675 0x0de0 [ C8E0E78B5D284C2FF59BDFFDAF997242, BA1576C491A1246EF9866762426D110F4570F9DB42A68C174943C7D5020FE3E2 ] tunnel C:\WINDOWS\system32\DRIVERS\tunnel.sys
22:15:46.0687 0x0de0 tunnel - ok
22:15:46.0690 0x0de0 [ F6EEAD052943B5A3104C1405BB856C54, FE422813E6C1012E9F392EFF2AE4C6D3A4DBD9CB2BD5E6A5CAB57D4E89A29468 ] uagp35 C:\WINDOWS\system32\drivers\uagp35.sys
22:15:46.0697 0x0de0 uagp35 - ok
22:15:46.0702 0x0de0 [ FE6067B1FD4E63650C667B33D080565B, 2C330ED00E49BA55E25564230E0DFB8A35F2B5320EB18D4AF7CAACFA9A449044 ] UASPStor C:\WINDOWS\System32\drivers\uaspstor.sys
22:15:46.0709 0x0de0 UASPStor - ok
22:15:46.0715 0x0de0 [ 807F8CF3E973305FC435C61CBBEE2A49, 43CDEAC2BFC5091C11DFC0E7F7171AF9A598AE56CB056C3CF382AE7807F79EF0 ] UCX01000 C:\WINDOWS\System32\drivers\ucx01000.sys
22:15:46.0724 0x0de0 UCX01000 - ok
22:15:46.0732 0x0de0 [ C61EAF8E1E4B2F62BA4FDF457440B2C6, 961F76A789925234AC27F56AAE34556FA06088D71580B42C24B0BC209EAFD67E ] udfs C:\WINDOWS\system32\DRIVERS\udfs.sys
22:15:46.0744 0x0de0 udfs - ok
22:15:46.0748 0x0de0 [ 9578691F297E1B1F519970FE6D47CB21, 080C352AAF22A16A4F3C4AB4DCEA5BFA656457C73F735CEBA30516FDACCF6301 ] UEFI C:\WINDOWS\System32\drivers\UEFI.sys
22:15:46.0754 0x0de0 UEFI - ok
22:15:46.0760 0x0de0 [ A867F0F978EE64C87FADC3B100869EE4, 2686BE85F963D0D0BB275E92E5B543280D8742CF10772303E3189D0719B6A277 ] UI0Detect C:\WINDOWS\system32\UI0Detect.exe
22:15:46.0768 0x0de0 UI0Detect - ok
22:15:46.0772 0x0de0 [ 6E566C1708DDC93ADF9286E9C714B652, AF179BCA9395D51ACDFB5BACE29388E2B4D5587FCAB53898AAA4F4011851B115 ] UimBus C:\WINDOWS\System32\drivers\UimBus.sys
22:15:46.0778 0x0de0 UimBus - ok
22:15:46.0781 0x0de0 [ 7DF6A08B0B74C4F9357EFBAE309B87F1, 9A5BB8EA70709519A3599D0818923321AE691CC9EBC1ABC3F5BB008AF18B797B ] Uim_DEVIM C:\WINDOWS\System32\drivers\uim_devim.sys
22:15:46.0786 0x0de0 Uim_DEVIM - ok
22:15:46.0800 0x0de0 [ 2DDD63E0948474B91046CF1AB7661189, A91A1F1E646B928C95C30DA4D70220262D3A67C1B66E365C981AA23A401624E9 ] Uim_IM C:\WINDOWS\System32\drivers\uim_im.sys
22:15:46.0816 0x0de0 Uim_IM - ok
22:15:46.0820 0x0de0 [ 5EAB5117DDB24FC4D39E6FFFCF1837B9, 2BC709240867F161E94BE6625A04F478EAAA3EEE7BC7C37ED0DFA9EEA5928E98 ] uliagpkx C:\WINDOWS\system32\drivers\uliagpkx.sys
22:15:46.0827 0x0de0 uliagpkx - ok
22:15:46.0830 0x0de0 [ DA34C39A18E60E7C3FA0630566408034, 2F162504214053894C72760D9933D01DBF3578609FE5E2376C3272818599FE32 ] umbus C:\WINDOWS\System32\drivers\umbus.sys
22:15:46.0837 0x0de0 umbus - ok
22:15:46.0840 0x0de0 [ AE8294875E5446E359B1E8035D40C05E, AE0357BAB47C07C3576BC76951CD258C009BC5A1B93259D2122A841BD9CDA8FA ] UmPass C:\WINDOWS\System32\drivers\umpass.sys
22:15:46.0847 0x0de0 UmPass - ok
22:15:46.0856 0x0de0 [ A023F267A262D5DA6CE1436D9C5E8FD9, 92AD7AF91184C244A7E392F49663143193A80D5D81114546A00F18227DE31D23 ] UmRdpService C:\WINDOWS\System32\umrdp.dll
22:15:46.0867 0x0de0 UmRdpService - ok
22:15:46.0879 0x0de0 [ C98493DD8E6A50154FAC75C15E1C36BB, CECD1C826C8F7AF05468871BF6A0ACDBB6B0202F4F87F48C6D367E5BD699E800 ] upnphost C:\WINDOWS\System32\upnphost.dll
22:15:46.0894 0x0de0 upnphost - ok
22:15:46.0899 0x0de0 [ DF355EB0199198728027962DCFCDE5FB, 9E158BD07389B4CFF99674716647FA3AABEECBD1A98EDF20E544E099A99A8768 ] usbaudio C:\WINDOWS\system32\drivers\usbaudio.sys
22:15:46.0908 0x0de0 usbaudio - ok
22:15:46.0914 0x0de0 [ FF78D053A05E5A394F4E3C1816CC65A8, 5DAE02414271231F5FDBB751AFEB99874779B467947020815D4AE54432D4269D ] usbccgp C:\WINDOWS\System32\drivers\usbccgp.sys
22:15:46.0923 0x0de0 usbccgp - ok
22:15:46.0928 0x0de0 [ 0139248F6B95CF0D837B5B46A2722D40, 38E3E704E0364F07732DB418AEBD126B040FB3CDB7D78EA36E8605D50D528A80 ] usbcir C:\WINDOWS\System32\drivers\usbcir.sys
22:15:46.0936 0x0de0 usbcir - ok
22:15:46.0940 0x0de0 [ 48BA326A3DBA5B5BEB5F2777F4618696, B9EC8155F11A3A7644BD9DC8910681B46AE44AE3BF53F052DF50E9C5555E3229 ] usbehci C:\WINDOWS\System32\drivers\usbehci.sys
22:15:46.0948 0x0de0 usbehci - ok
22:15:46.0960 0x0de0 [ FEF0BC107812B36849741C3211BA6B60, B3EF738BE1E6B6027F29C9713CD3F367EA067D2BE46580AFBC0FB58046EF6BBD ] usbhub C:\WINDOWS\System32\drivers\usbhub.sys
22:15:46.0974 0x0de0 usbhub - ok
22:15:46.0987 0x0de0 [ 95B0179BDA907252025DEEA183699FB3, A6BDFB93EE9418A83407024204A41640A08638C60E2BE75C249D102601DC1D80 ] USBHUB3 C:\WINDOWS\System32\drivers\UsbHub3.sys
22:15:47.0002 0x0de0 USBHUB3 - ok
22:15:47.0006 0x0de0 [ 3019097FB6C985EF24C058090FF3BDBD, 24AC518D34E338D94BF3D5B3F72E53F8A1369BAA7F32FEA3EDBCF928C4FF1D17 ] usbohci C:\WINDOWS\System32\drivers\usbohci.sys
22:15:47.0013 0x0de0 usbohci - ok
22:15:47.0016 0x0de0 [ 4D655E3B684BE9B0F7FFD8A2935C348C, 3A7FC1748C5AEA8CFE0E7C22ADC77E3DCA475455FC16D9C6A5C16EB5E949A516 ] usbprint C:\WINDOWS\System32\drivers\usbprint.sys
22:15:47.0025 0x0de0 usbprint - ok
22:15:47.0028 0x0de0 [ 0F030491BA4A27BD46F8B8ACEEE83F1A, 7063855611BEF94D4D229BA1BE507ECBDD89F5861641A407EB3E2919A352F9D4 ] usbscan C:\WINDOWS\System32\drivers\usbscan.sys
22:15:47.0035 0x0de0 usbscan - ok
22:15:47.0041 0x0de0 [ 66732C13628BDB1AB0D6FD46027327C2, B582C0F348D8F79419CA5A58F10CA151E06D7CA3BE162344CADA46D9D7FED97C ] USBSTOR C:\WINDOWS\System32\drivers\USBSTOR.SYS
22:15:47.0050 0x0de0 USBSTOR - ok
22:15:47.0053 0x0de0 [ 064260B3A5868AC894A4943543BC7AB7, D3534E98B34C4AC9A430D7E0AB301A0E5E1511E3117C2FEA392636B0DE2C38E2 ] usbuhci C:\WINDOWS\System32\drivers\usbuhci.sys
22:15:47.0060 0x0de0 usbuhci - ok
22:15:47.0070 0x0de0 [ 1A20F03700D2B2ED775E38D751EF2F63, 76F8BE9F412D4397437E60A7E6231C80EA9B4F5436C9A8FAB967C78604994AE9 ] USBXHCI C:\WINDOWS\System32\drivers\USBXHCI.SYS
22:15:47.0082 0x0de0 USBXHCI - ok
22:15:47.0086 0x0de0 [ 382100E75B6F4668AEAEF228C6CEFFAD, 9C7229F10F11D18E1FED6395391A46225A84B421034B9AB6F81AF7430FDC556F ] VaultSvc C:\WINDOWS\system32\lsass.exe
22:15:47.0093 0x0de0 VaultSvc - ok
22:15:47.0096 0x0de0 [ FEB26E3B8345A7E8D62F945C4AE86562, 3AAFE87C402FC8E92542DFE60EC9540559863065F88D429A16D7B1BF829223FF ] vdrvroot C:\WINDOWS\system32\drivers\vdrvroot.sys
22:15:47.0102 0x0de0 vdrvroot - ok
22:15:47.0127 0x0de0 [ 8A4D808D1EC7C1C47B2C8BF488A9A07A, 63C07312ADB6F8A8BDE93361C30AC63DAB4DE1141AF54630EEF11E54B0BF983D ] vds C:\WINDOWS\System32\vds.exe
22:15:47.0157 0x0de0 vds - ok
22:15:47.0163 0x0de0 [ A026EDEAA5EECAE0B08E2748B616D4BD, 2525A54DC7F49DDFBB999C22BF3FAB6D9E9F70C0806E58D81E90AC59F9F46089 ] VerifierExt C:\WINDOWS\system32\drivers\VerifierExt.sys
22:15:47.0172 0x0de0 VerifierExt - ok
22:15:47.0187 0x0de0 [ F6ECFD6128A16A4851CFE98D4E01B011, C349893E8D7FB9B510A3FAD040F70C3C72B0ACDD5F6EB336951849F9E953717D ] vhdmp C:\WINDOWS\System32\drivers\vhdmp.sys
22:15:47.0204 0x0de0 vhdmp - ok
22:15:47.0207 0x0de0 [ 06D38968028E9AB19DE9B618C7B6D199, 62022297A47F440D1C82CA0B0E57C0C8E9D5033D83DD3B40492B218DF65EBF68 ] viaide C:\WINDOWS\system32\drivers\viaide.sys
22:15:47.0213 0x0de0 viaide - ok
22:15:47.0219 0x0de0 [ 3CE922E34DB12D9F3C0EA856BC09687C, E50A1885FBC775E49614989ECFEA4ACBBDDA16AF459CC5361EED9E23CC7CD42C ] Vid C:\WINDOWS\System32\drivers\Vid.sys
22:15:47.0230 0x0de0 Vid - ok
22:15:47.0234 0x0de0 [ 511AD3FF957A0127E6BD336FF6F89C38, 55325BFD0857A1204F7F6F8ED8C91C07B0E20A50402105708E7365ECD9E25A21 ] vmbus C:\WINDOWS\system32\drivers\vmbus.sys
22:15:47.0241 0x0de0 vmbus - ok
22:15:47.0244 0x0de0 [ DA40BEA0A863CE768C940CA9723BF81F, 567C0C3F422325635808B0CF76E05D3B6187F96845C33F85F92F98C9FE53A5B8 ] VMBusHID C:\WINDOWS\System32\drivers\VMBusHID.sys
22:15:47.0250 0x0de0 VMBusHID - ok
22:15:47.0255 0x0de0 [ 68F8C26DEA2D42E8DEC0778943433C80, 81E8F9D62815F94952CEEABD0689473CC330F7890F66872DCD35A43C06ED33CD ] vmbusr C:\WINDOWS\System32\drivers\vmbusr.sys
22:15:47.0264 0x0de0 vmbusr - ok
22:15:47.0275 0x0de0 [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmicguestinterface C:\WINDOWS\System32\ICSvc.dll
22:15:47.0290 0x0de0 vmicguestinterface - ok
22:15:47.0301 0x0de0 [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmicheartbeat C:\WINDOWS\System32\ICSvc.dll
22:15:47.0316 0x0de0 vmicheartbeat - ok
22:15:47.0326 0x0de0 [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmickvpexchange C:\WINDOWS\System32\ICSvc.dll
22:15:47.0341 0x0de0 vmickvpexchange - ok
22:15:47.0352 0x0de0 [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmicrdv C:\WINDOWS\System32\ICSvc.dll
22:15:47.0367 0x0de0 vmicrdv - ok
22:15:47.0378 0x0de0 [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmicshutdown C:\WINDOWS\System32\ICSvc.dll
22:15:47.0393 0x0de0 vmicshutdown - ok
22:15:47.0404 0x0de0 [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmictimesync C:\WINDOWS\System32\ICSvc.dll
22:15:47.0419 0x0de0 vmictimesync - ok
22:15:47.0431 0x0de0 [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmicvss C:\WINDOWS\System32\ICSvc.dll
22:15:47.0446 0x0de0 vmicvss - ok
22:15:47.0451 0x0de0 [ 55D7D963DE85162F1C49721E502F9744, 5AD34D6DB707EF3E5242BD8CA67B21D6258EE7E7FC477D5227BD15500AE7F45F ] volmgr C:\WINDOWS\system32\drivers\volmgr.sys
22:15:47.0458 0x0de0 volmgr - ok
22:15:47.0466 0x0de0 [ CCB9E901F7254BF96D28EB1B0E5329B7, F0E3CA4EFA544CDAEF4092284CF3EC7DF07F806A770285E281816457AD8813F5 ] volmgrx C:\WINDOWS\system32\drivers\volmgrx.sys
22:15:47.0479 0x0de0 volmgrx - ok
22:15:47.0489 0x0de0 [ 64CA2B4A49A8EAF495E435623ECCE7DB, 81151F295A54DE2B8B88C7F48C86BF58CDFF96F98493509C06D6F41484594386 ] volsnap C:\WINDOWS\system32\drivers\volsnap.sys
22:15:47.0501 0x0de0 volsnap - ok
22:15:47.0505 0x0de0 [ EF31713EE4C7CCFE4049F7E7F15645A2, 35D198D3F1061E19A7EF89FA1E75377049CD6BCA9702F8076B9F95BB8737E0D4 ] vpci C:\WINDOWS\System32\drivers\vpci.sys
22:15:47.0512 0x0de0 vpci - ok
22:15:47.0516 0x0de0 [ ADBE96C33D1A5BB1BBAF90B4BC84F523, 6E9C9ED3D51E4B6E494D42ECA6F824AD86D676C12C39BBE6B8BD96366BCB02DA ] vpcivsp C:\WINDOWS\System32\drivers\vpcivsp.sys
22:15:47.0524 0x0de0 vpcivsp - ok
22:15:47.0529 0x0de0 [ 4539F45F9F4C9757A86A56C949421E07, DEC362314B2C66414F39354AFE79C02B18BF4EEF90787FB58307F6EB62237E2C ] vsmraid C:\WINDOWS\system32\drivers\vsmraid.sys
22:15:47.0538 0x0de0 vsmraid - ok
22:15:47.0565 0x0de0 [ 3B7F9612439EA47151EC5EAB232C1C3F, CA08CCB14CB46512F72E2C20454242B18BC57E34C55B42A37B7EC27B79242CDC ] VSS C:\WINDOWS\system32\vssvc.exe
22:15:47.0596 0x0de0 VSS - ok
22:15:47.0605 0x0de0 [ 0849B7260F26FE05EA56DED0672E2F4B, 7EAC0E7988F45CB4133A15932955B7B03CE715C967A3BAC9999D81543EBCAEC5 ] VSTXRAID C:\WINDOWS\system32\drivers\vstxraid.sys
22:15:47.0617 0x0de0 VSTXRAID - ok
22:15:47.0622 0x0de0 [ BE970C369E43B509C1EDA2B8FA7CECB0, 18951F2AA842A0795AA79A4E164EE925A35E6270EBE4C4CDB19D0A891830E383 ] vwifibus C:\WINDOWS\System32\drivers\vwifibus.sys
22:15:47.0628 0x0de0 vwifibus - ok
22:15:47.0632 0x0de0 [ 35BF5C5F5E3C9902C98978C7640574DA, C61E50B04000DCEC72365723F0C0725C2E005529DAF2777A59E624C14DA29E55 ] vwififlt C:\WINDOWS\system32\DRIVERS\vwififlt.sys
22:15:47.0640 0x0de0 vwififlt - ok
22:15:47.0643 0x0de0 [ 65ED7B9CFEA893DF7748D5FF692690DE, 73AB9D8BB928B3247BDFC7BB47AD7FCA763B375DC250C251DB4E0573531040E8 ] vwifimp C:\WINDOWS\system32\DRIVERS\vwifimp.sys
22:15:47.0650 0x0de0 vwifimp - ok
22:15:47.0660 0x0de0 [ DC821E811EFBB65CDD77FBB8B6ECA385, B7C8AACDF81DBA298F2F384983D36B269876C31F0398D89BF9070217A069B96F ] W32Time C:\WINDOWS\system32\w32time.dll
22:15:47.0674 0x0de0 W32Time - ok
22:15:47.0678 0x0de0 [ 0910AB9ED404C1434E2D0376C2AD5D8B, 62585CA5F1375BDA440D28D5DF1ADDC9DE3DDFA196D49BBFF3456A5A09EE1C6B ] WacomPen C:\WINDOWS\System32\drivers\wacompen.sys
22:15:47.0685 0x0de0 WacomPen - ok
22:15:47.0714 0x0de0 [ A81988DCC4FA440AA88B84CA452F5E22, 3573AAA09971E8ADB6FEFA778E02B2D8EE5E4249267CF37A524D9F019CC836FB ] wbengine C:\WINDOWS\system32\wbengine.exe
22:15:47.0747 0x0de0 wbengine - ok
22:15:47.0760 0x0de0 [ 0F1DFA2FED73FA78B8C3CDE332A870F6, 1089F6F585F5350D349A640EBD3117832DF6B3657EB6667CB00AE217E04ACA17 ] WbioSrvc C:\WINDOWS\System32\wbiosrvc.dll
22:15:47.0775 0x0de0 WbioSrvc - ok
22:15:47.0784 0x0de0 [ 0EAEC313B24837613621B4A2536ED382, 61C194ED7FA7D65BBE61A546D5FCA52F52AB08324E084D3EC23C9706E9BF0175 ] Wcmsvc C:\WINDOWS\System32\wcmsvc.dll
22:15:47.0798 0x0de0 Wcmsvc - ok
22:15:47.0808 0x0de0 [ F6B4C2280FF7C7156AC8A4687B9DA35E, 1899D584D7469BB49355D84080051E2575B033E6312009D9C6C1DD3F7F9AA4C5 ] wcncsvc C:\WINDOWS\System32\wcncsvc.dll
22:15:47.0822 0x0de0 wcncsvc - ok
22:15:47.0827 0x0de0 [ B7BF1D783F5B2484E8CE1C0C78257F16, 468601199FCCF63DBAE86EE6B8825EA85B2A1EE177413353FFA2CC9CA5249FCD ] WcsPlugInService C:\WINDOWS\System32\WcsPlugInService.dll
22:15:47.0834 0x0de0 WcsPlugInService - ok
22:15:47.0838 0x0de0 [ 1751F6B031ADAC34724511057D2E455D, BCBC77DE02718868302F7469E8FBB8F2E7E0F8A5D3E46A5B4D48713E829FBAF6 ] WdBoot C:\WINDOWS\system32\drivers\WdBoot.sys
22:15:47.0844 0x0de0 WdBoot - ok
22:15:47.0861 0x0de0 [ CB6C63FF8342B467E2EF76E98D5B934D, BE017CE91E3BAB293DE6ECF143797CCE3F33CC63024437472B4E38C6961AD884 ] Wdf01000 C:\WINDOWS\system32\drivers\Wdf01000.sys
22:15:47.0880 0x0de0 Wdf01000 - ok
22:15:47.0888 0x0de0 [ D296D0F0DB2CD1504F90405603664493, 9531034AE2E027B5C7366713AA9003085501800B35F971D1CE7FFB8E5DAE3825 ] WdFilter C:\WINDOWS\system32\drivers\WdFilter.sys
22:15:47.0898 0x0de0 WdFilter - ok
22:15:47.0903 0x0de0 [ F581F9C9D6953FABFA24E67105F0B614, 5A7BB72523D1C53BBE68700537D7AE0D150BC7E4B8227A916B2E29EE4CA267A9 ] WdiServiceHost C:\WINDOWS\system32\wdi.dll
22:15:47.0913 0x0de0 WdiServiceHost - ok
22:15:47.0916 0x0de0 [ F581F9C9D6953FABFA24E67105F0B614, 5A7BB72523D1C53BBE68700537D7AE0D150BC7E4B8227A916B2E29EE4CA267A9 ] WdiSystemHost C:\WINDOWS\system32\wdi.dll
22:15:47.0926 0x0de0 WdiSystemHost - ok
22:15:47.0930 0x0de0 [ 9F4DF0043965808973023A9B51A11136, 3A799125CBC5C214D9FBB91C348B39563B1FDB7403B520270752E9A177464723 ] WdNisDrv C:\WINDOWS\system32\Drivers\WdNisDrv.sys
22:15:47.0938 0x0de0 WdNisDrv - ok
22:15:47.0940 0x0de0 WdNisSvc - ok
22:15:47.0947 0x0de0 [ 185E4111627F7AA6799E1366B5E91D65, 7A02C816DFBCCF47EDB49E5E2005A3D0B80719FAC94F9298D2DBAC63950EDA05 ] WebClient C:\WINDOWS\System32\webclnt.dll
22:15:47.0976 0x0de0 WebClient - ok
22:15:47.0982 0x0de0 [ 384E1D04FE20845B2559D292F17A9FA1, AD3B0B2B2219691AC30FEEC8AFDB3BBB74B51BB7D02038AE2B4DEA514E245315 ] Wecsvc C:\WINDOWS\system32\wecsvc.dll
22:15:47.0993 0x0de0 Wecsvc - ok
22:15:47.0996 0x0de0 [ 455014F4E48B67EBE0F032E2B0E06BF2, A36435784A034B27056A0E606683A20C69F1B0AB2B6BAEDEAEAA190F6287CAEF ] WEPHOSTSVC C:\WINDOWS\system32\wephostsvc.dll
22:15:48.0004 0x0de0 WEPHOSTSVC - ok
22:15:48.0008 0x0de0 [ F13DBA57CEA9B7074B95EDCA6AD2635E, 1D9BA4841EF1343A5D9096B5FE27FC65DC1901D6683DD13516171638549666B5 ] wercplsupport C:\WINDOWS\System32\wercplsupport.dll
22:15:48.0020 0x0de0 wercplsupport - ok
22:15:48.0024 0x0de0 [ FD7E58B6AA3EABF2D12B9762A20E11E4, 4C5E2E246C5C70074866BB3DBC2AAF483ECE4345004CCB8D1FE285047268685D ] WerSvc C:\WINDOWS\System32\WerSvc.dll
22:15:48.0034 0x0de0 WerSvc - ok
22:15:48.0039 0x0de0 [ 715ABA3DD164D06457A2A3C92F6EA9D5, E6F8269D2FFC4A548B65724C0A3F53756ED15E47229861FBD40B656EE40FE166 ] WFPLWFS C:\WINDOWS\system32\DRIVERS\wfplwfs.sys
22:15:48.0048 0x0de0 WFPLWFS - ok
22:15:48.0052 0x0de0 [ 8C840E1FD7584E74BD0CC1EA581EC187, 148E534A94B4882E7396B13FABE17407802292E7890713540080D03D5629C81D ] WiaRpc C:\WINDOWS\System32\wiarpc.dll
22:15:48.0060 0x0de0 WiaRpc - ok
22:15:48.0063 0x0de0 [ 5F66B7BB330AA80067FC66149A692620, 92C5D7115A168A23108B65EEEB5FBA8FA43D781855355792596D2419160263C2 ] WIMMount C:\WINDOWS\system32\drivers\wimmount.sys
22:15:48.0069 0x0de0 WIMMount - ok
22:15:48.0071 0x0de0 WinDefend - ok
22:15:48.0089 0x0de0 [ 10DAD6A7FC617A221313BD584E3C3A00, F139B878668ECF38FE59831E8595A207D5CEEE76C6FFDA8C9F735435E601A763 ] WinHttpAutoProxySvc C:\WINDOWS\system32\winhttp.dll
22:15:48.0110 0x0de0 WinHttpAutoProxySvc - ok
22:15:48.0122 0x0de0 [ FC8BD690321216C32BB58B035B6D5674, D61698DB19D9DB2593B60B6BA13F7B7735667206F41D751D507135469D6D3CDD ] Winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
22:15:48.0133 0x0de0 Winmgmt - ok
22:15:48.0179 0x0de0 [ 75436315AA383CF527695C6D49D0CA59, E3D55F2ACBD45D4D031FA6CA799394459C89BE50FF6ADE4FE36F2CAB2D2E63D0 ] WinRM C:\WINDOWS\system32\WsmSvc.dll
22:15:48.0233 0x0de0 WinRM - ok
22:15:48.0242 0x0de0 [ AC263C2F66405589528995AA41040599, 81B46E551D6130A2C3D113EC3B563CEDB5A06BB340986C0E03136CE5BE729481 ] WinUsb C:\WINDOWS\System32\drivers\WinUsb.sys
22:15:48.0249 0x0de0 WinUsb - ok
22:15:48.0278 0x0de0 [ DC079BA8390089E4EBCA63D27EEA3ECB, 4D549217A68292E2B16C09FD9F84317011EE54A2DAF4E2AB85554267DF0D3249 ] WlanSvc C:\WINDOWS\System32\wlansvc.dll
22:15:48.0311 0x0de0 WlanSvc - ok
22:15:48.0343 0x0de0 [ 06BF5897949A8F24893F792E876B71F5, 9D3719492A86BF52A56E2EA798FD6FDB5862A03F6D360FCC4B0CEA9BE9792AE4 ] wlidsvc C:\WINDOWS\system32\wlidsvc.dll
22:15:48.0377 0x0de0 wlidsvc - ok
22:15:48.0385 0x0de0 [ 2834D9D3B4F554A39C72F00EA3F0E128, D10124343C67FE9A0B711AD569BB8080495FCEA0ECEF9AC3F3FBD6865F436A44 ] WmiAcpi C:\WINDOWS\System32\drivers\wmiacpi.sys
22:15:48.0392 0x0de0 WmiAcpi - ok
22:15:48.0400 0x0de0 [ B96F7A1236C3F21212DE2C40A3DDB005, 5A29EBB6DA036E303611EB1304192655021405BB05452FD37886DDE604FF0D9D ] wmiApSrv C:\WINDOWS\system32\wbem\WmiApSrv.exe
22:15:48.0410 0x0de0 wmiApSrv - ok
22:15:48.0412 0x0de0 WMPNetworkSvc - ok
22:15:48.0418 0x0de0 [ 7FC5667DF73D4B04AA457CC3A4180E09, CB7B014945DCA16B6D120DBE0E5876C4C867A4ACD3C3536AEADC14B908613D4E ] Wof C:\WINDOWS\system32\drivers\Wof.sys
22:15:48.0427 0x0de0 Wof - ok
22:15:48.0459 0x0de0 [ 588040D595BBF0856CA1ADD941A8ED17, CBC92BB5453FE1BEA6F33239B7CE884F312559591383408EA5F95A006156C5D3 ] workfolderssvc C:\WINDOWS\system32\workfolderssvc.dll
22:15:48.0493 0x0de0 workfolderssvc - ok
22:15:48.0498 0x0de0 [ A2468CC3509394A33C4C32F99563D845, 62690C7D41F382DF74B8F4B942647842858E37DE35FF2DE028192E4D09ABB2C5 ] wpcfltr C:\WINDOWS\system32\DRIVERS\wpcfltr.sys
22:15:48.0505 0x0de0 wpcfltr - ok
22:15:48.0508 0x0de0 [ 19F4DF69876DA7E9C4965351560FE6B7, 127247A7964F55EE3AF842D25120F5ACD387632BEE2BF3D28FAC05840CEA19BA ] WPCSvc C:\WINDOWS\System32\wpcsvc.dll
22:15:48.0516 0x0de0 WPCSvc - ok
22:15:48.0521 0x0de0 [ 2ADE11F3D84709C5F6781E4C59F11683, F003C43396CF8FCF44EAB87583650DB4D2A233322D28D6A78D1694945D9073BB ] WPDBusEnum C:\WINDOWS\system32\wpdbusenum.dll
22:15:48.0530 0x0de0 WPDBusEnum - ok
22:15:48.0533 0x0de0 [ 9F2904B55F6CECCD1A8D986B5CE2609A, E19ED4DD3CEF3A22C058FC324824604FB3FC98A029C94E6C2A3389F938D680B6 ] WpdUpFltr C:\WINDOWS\system32\drivers\WpdUpFltr.sys
22:15:48.0539 0x0de0 WpdUpFltr - ok
22:15:48.0542 0x0de0 [ AE072B0339D0A18E455DC21666CAD572, AB1DAEA25E2C7AD610818D4B4783F6D4190D85EBB3963BBAD410E8CEA7899EDB ] ws2ifsl C:\WINDOWS\system32\drivers\ws2ifsl.sys
22:15:48.0551 0x0de0 ws2ifsl - ok
22:15:48.0556 0x0de0 [ 5596C0960ED6ED7494BF2A55DE428684, C95CF09A657F37F421CC80E16F2F95B8EC59A8D5D48F104551155EAC8E53DCB2 ] wscsvc C:\WINDOWS\System32\wscsvc.dll
22:15:48.0566 0x0de0 wscsvc - ok
22:15:48.0569 0x0de0 [ F586F3F1BF962FE9AE4316E0D896B22F, 8D0AD48D79294567123D943D0F5B6D5A32D7A82B129A24DC821D3095AFAA100B ] WSDPrintDevice C:\WINDOWS\System32\drivers\WSDPrint.sys
22:15:48.0576 0x0de0 WSDPrintDevice - ok
22:15:48.0579 0x0de0 [ 58035FD3369879E02D65989C44D27450, B9245DB5C17F7CE94FAA20AB4B0D06A4DFB6133C6E82343758CDC713EB64DFEF ] WSDScan C:\WINDOWS\system32\DRIVERS\WSDScan.sys
22:15:48.0587 0x0de0 WSDScan - ok
22:15:48.0589 0x0de0 WSearch - ok
22:15:48.0653 0x0de0 [ 6B2D71124C1EA86B74412F414C42431D, 078CC6C9667EF6BDA3E6900BC26A5A5B030CAA66928A6BBB7B7DC43C5C199EDC ] WSService C:\WINDOWS\System32\WSService.dll
22:15:48.0731 0x0de0 WSService - ok
22:15:48.0802 0x0de0 [ 5F3D70B19BCAC985DA90F22CA2FF45E4, BBD82BAEF0DCA2C6361F8D1ADF5BED36D0F1AB1A2AEADB0E4526B917F40C2E52 ] wuauserv C:\WINDOWS\system32\wuaueng.dll
22:15:48.0871 0x0de0 wuauserv - ok
22:15:48.0878 0x0de0 [ 481286719402E4BAEFEA0604AB1B5113, F3CF65DF2AB39F79AE4C1335831408418E40726706E0242677E8B96B0FAD988F ] WudfPf C:\WINDOWS\system32\drivers\WudfPf.sys
22:15:48.0886 0x0de0 WudfPf - ok
22:15:48.0895 0x0de0 [ D7B4859227B02BCC1055B279A63C937F, 82C99844CC596C2723523B1B98573488FF23337947B78AA04BA21E58394BB751 ] WUDFRd C:\WINDOWS\System32\drivers\WUDFRd.sys
22:15:48.0906 0x0de0 WUDFRd - ok
22:15:48.0910 0x0de0 [ 51D28F7F1F888DDCF2C67DCF3B79A5D3, 74FF2936AFCEB9A36175D5B00EB91A5AD614B52BE3FB3FA9B994A025A484D2B7 ] wudfsvc C:\WINDOWS\System32\WUDFSvc.dll
22:15:48.0919 0x0de0 wudfsvc - ok
22:15:48.0925 0x0de0 [ D7B4859227B02BCC1055B279A63C937F, 82C99844CC596C2723523B1B98573488FF23337947B78AA04BA21E58394BB751 ] WUDFWpdFs C:\WINDOWS\System32\drivers\WUDFRd.sys
22:15:48.0934 0x0de0 WUDFWpdFs - ok
22:15:48.0940 0x0de0 [ D7B4859227B02BCC1055B279A63C937F, 82C99844CC596C2723523B1B98573488FF23337947B78AA04BA21E58394BB751 ] WUDFWpdMtp C:\WINDOWS\System32\drivers\WUDFRd.sys
22:15:48.0949 0x0de0 WUDFWpdMtp - ok
22:15:48.0961 0x0de0 [ A0900F8F628B5AF6841414EB3CF11E50, 8A531F2472FF4B4D895D469D28C215C834ECADBEF539894B8F3F606079A86184 ] WwanSvc C:\WINDOWS\System32\wwansvc.dll
22:15:48.0977 0x0de0 WwanSvc - ok
22:15:48.0985 0x0de0 ================ Scan global ===============================
22:15:48.0989 0x0de0 [ 243F54DBA6EB48A369CA465E263ABA4A, 9D9F9DE783D000F3EA130EB68FD71319F21E4F1CD4232FB8B2F8A9A67E08F5F4 ] C:\WINDOWS\system32\basesrv.dll
22:15:48.0995 0x0de0 [ EAB311B0A7A8EA0346F14F08D4BC8F46, 11168E4074679F8A69DA714C0ABD0C68BA49D171B379343F14783C9C563202CA ] C:\WINDOWS\system32\winsrv.dll
22:15:49.0001 0x0de0 [ 3600ED7EA8AED849E20700551C0BD63B, 4A8C346C1646E80B58EF93F87F915A41E05CA2E993BB1C96955AE62A0669AF66 ] C:\WINDOWS\system32\sxssrv.dll
22:15:49.0011 0x0de0 [ 5BF02EBEFEDC706318C96E2E60EDCB91, DC866C5BC3A887CAAA7169AB9BB2992F6F877B3EA04B62B4F95B6BD54943155F ] C:\WINDOWS\system32\services.exe
22:15:49.0017 0x0de0 [ Global ] - ok
22:15:49.0018 0x0de0 ================ Scan MBR ==================================
22:15:49.0019 0x0de0 [ 45F8AED0147F100B69E8CC4CFF9C7192 ] \Device\Harddisk0\DR0
22:15:49.0439 0x0de0 \Device\Harddisk0\DR0 - ok
22:15:49.0462 0x0de0 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk1\DR1
22:15:49.0545 0x0de0 \Device\Harddisk1\DR1 - ok
22:15:49.0548 0x0de0 [ 012E24D18995E9D5E9DFD102C7896BB5 ] \Device\Harddisk2\DR2
22:15:49.0995 0x0de0 \Device\Harddisk2\DR2 - ok
22:15:49.0996 0x0de0 ================ Scan VBR ==================================
22:15:50.0000 0x0de0 [ 7D3756A30D12CBA8DB4D4C00A7A68D04 ] \Device\Harddisk0\DR0\Partition1
22:15:50.0001 0x0de0 \Device\Harddisk0\DR0\Partition1 - ok
22:15:50.0004 0x0de0 [ A1A1CC4BA4AE1C51FC0245E9B1587FFB ] \Device\Harddisk0\DR0\Partition2
22:15:50.0004 0x0de0 \Device\Harddisk0\DR0\Partition2 - ok
22:15:50.0008 0x0de0 [ 1AFEB79992D09B35A1074715879C77C6 ] \Device\Harddisk0\DR0\Partition3
22:15:50.0009 0x0de0 \Device\Harddisk0\DR0\Partition3 - ok
22:15:50.0013 0x0de0 [ EE77BC8971B6DE0AED5F6AA5AA5FEC81 ] \Device\Harddisk0\DR0\Partition4
22:15:50.0015 0x0de0 \Device\Harddisk0\DR0\Partition4 - ok
22:15:50.0018 0x0de0 [ 2692A46ED4D92F896948BFB6F6D63EC4 ] \Device\Harddisk0\DR0\Partition5
22:15:50.0019 0x0de0 \Device\Harddisk0\DR0\Partition5 - ok
22:15:50.0021 0x0de0 [ 2CCC9D2F64086FF06A26D3E0103F8353 ] \Device\Harddisk0\DR0\Partition6
22:15:50.0022 0x0de0 \Device\Harddisk0\DR0\Partition6 - ok
22:15:50.0024 0x0de0 [ B5F17FBDCE0DD41D97D17CE3DF5976F7 ] \Device\Harddisk1\DR1\Partition1
22:15:50.0025 0x0de0 \Device\Harddisk1\DR1\Partition1 - ok
22:15:50.0027 0x0de0 [ F1AB2D1CD1AE3893CA47F0CCAE2BA72B ] \Device\Harddisk2\DR2\Partition1
22:15:50.0028 0x0de0 \Device\Harddisk2\DR2\Partition1 - ok
22:15:50.0029 0x0de0 ================ Scan generic autorun ======================
22:15:50.0035 0x0de0 [ 690EB331346D7ADFDA18E50042DEA4B4, 0C219D7A5FCD4E0252C815373E67F843DBD7356FAE7AB836C451068B51438FE7 ] C:\Program Files\Classic Shell\ClassicStartMenu.exe
22:15:50.0046 0x0de0 Classic Start Menu - ok
22:15:50.0090 0x0de0 [ 5B72629C8144D1A96490D4C090D28DA1, 114891B9E7E05D2B86C8E3CD7B4096088491E338C3B1902F9352D40B47DD418C ] C:\Program Files\Microsoft IntelliPoint\ipoint.exe
22:15:50.0132 0x0de0 IntelliPoint - ok
22:15:50.0144 0x0de0 [ 187F4C75A89E3F412322C94526320074, D78FA7EF93C8C7B4326A5B6DB04A92ADD091DF00658FA8731D07C5D3BE29ED04 ] C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe
22:15:50.0150 0x0de0 BCSSync - ok
22:15:50.0254 0x0de0 [ B8543627B4948BA9B19B8ED97777DF50, 0C66BA3DF09E73C6BC9CB2A07426BAFDC056FB99833C9312B8318B5FDBC1E941 ] D:\Program Files (x86)\Buhl\WISO Mein Geld 2015\mg.exe
22:15:50.0278 0x0de0 WISO Mein Geld 2015 Professional .NET - ok
22:15:50.0303 0x0de0 [ 5FC6AD6AE07F8827F954C4C6B73568E2, 6A2C1328BFBFB8D41CE268C2D1C26B1E2FCF2E426A98A740536689FB568ACFE9 ] C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe
22:15:50.0320 0x0de0 StartCCC - ok
22:15:50.0324 0x0de0 [ 34D296AFC913E302953C70463EF09A48, BC413307CBC56C039EE8A05B51A56E14EF59678FBB33815AEB320078056C8CE7 ] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
22:15:50.0330 0x0de0 HP Software Update - ok
22:15:50.0337 0x0de0 [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] C:\Users\Kay\AppData\Local\Google\Update\GoogleUpdate.exe
22:15:50.0342 0x0de0 Google Update - ok
22:15:50.0409 0x0de0 [ 6F142F0DE632B11D25E859550A228E9A, DEBA24995BE89FFFEC4230394C0A96E878C5946BA1B2B66CFCFCDEAB0F9E1151 ] C:\Users\Kay\AppData\Local\Programs\Google\Google+ Auto Backup\Google+ Auto Backup.exe
22:15:50.0474 0x0de0 Google+ Auto Backup - ok
22:15:50.0493 0x0de0 [ F32DC30C69DE1E1A7396E2F56AE3CCF5, 0C93F594719E1787CEDF34187B62940F28DC8C64E89B979053F987CF405C744E ] C:\Users\Kay\AppData\Local\WEB.DE Application {sync-000021}\webde_onlinespeicher.exe
22:15:50.0509 0x0de0 WEB.DE Application {sync-000021} - detected UnsignedFile.Multi.Generic ( 1 )
22:15:53.0058 0x0de0 Detect skipped due to KSN trusted
22:15:53.0058 0x0de0 WEB.DE Application {sync-000021} - ok
22:15:53.0207 0x0de0 [ F679E30A5F7CE39F7FA134E61BD2D6D3, 84BD25FFF9C47AC5A00E225DCF03D82A79FE036E3B553D2D81254F2F1FC120A1 ] C:\Program Files\CCleaner\CCleaner64.exe
22:15:53.0331 0x0de0 CCleaner Monitoring - ok
22:15:53.0420 0x0de0 [ D6E2ED7F1F7BE7CCB8676491BF950B57, CBF07EE746F2C27ACC532E83ADC43FBE954DC3C598C4333F13B1A7615AEA9AD5 ] C:\Users\Kay\AppData\Local\Akamai\netsession_win.exe
22:15:53.0500 0x0de0 Akamai NetSession Interface - ok
22:15:53.0555 0x0de0 [ 22F7B9670AD770C7ED7F4738204C8E5C, 7B793AC094CB1B073419B5DAE09DFBB8EBED03D29301F490AA76EA0667613438 ] C:\Program Files\HP\HP Photosmart Plus B210 series\Bin\ScanToPCActivationApp.exe
22:15:53.0601 0x0de0 HP Photosmart Plus B210 series (NET) - ok
22:15:53.0603 0x0de0 Waiting for KSN requests completion. In queue: 293
22:15:54.0604 0x0de0 Waiting for KSN requests completion. In queue: 293
22:15:55.0605 0x0de0 Waiting for KSN requests completion. In queue: 293
22:15:56.0624 0x0de0 AV detected via SS2: Windows Defender, C:\Program Files\Windows Defender\MSASCui.exe ( 4.7.205.0 ), 0x61100 ( enabled : updated )
22:15:56.0629 0x0de0 Win FW state via NFP2: enabled
22:15:59.0028 0x0de0 ============================================================
22:15:59.0028 0x0de0 Scan finished
22:15:59.0028 0x0de0 ============================================================
22:15:59.0039 0x1768 Detected object count: 0
22:15:59.0039 0x1768 Actual detected object count: 0
22:17:41.0770 0x140c Deinitialize success
verrant |
|
28.04.2015, 14:07
| #4 |
| /// the machine /// TB-Ausbilder | Re-Infekt mit Malaha.net und diverse Beobachtungen Bitte mal den Router auf Werkseinstellungen zurücksetzen und die Verbindungsdaten neu eingeben.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
28.04.2015, 18:40
| #5 |
| | Re-Infekt mit Malaha.net und diverse Beobachtungen gemacht. LG verrant positiver Effekt: Alle Internetseiten werden vollständig geladen. Vorher hatte ich eine Site, die ich immer öffne, bei der der Vortschrittskreis nicht wegging. Nun wird auch diese Site allem Anschein nach vollständig geladen. verrant Edith? Die Site von der ich oben sprach, dreht jetzt doch unablässig. Egal ob dort eingeloggt oder nicht. www.trojaner minus board.de dreht sich auch. Jedoch hört das Rad auf sich zu drehen, wenn ich mich für eine Antwort angemeldet habe. Keine Ahnung ob das etwas zu bedeuten hat! Edith aus. Gruß verrant |
|
29.04.2015, 08:38
| #6 |
| /// the machine /// TB-Ausbilder | Re-Infekt mit Malaha.net und diverse Beobachtungen Es muss ja auch der Router gewesen sein, das ist die einzige Erklärung wenn Du die Probleme auch unter Ubuntu hast. Browser zurückgesetzt? Downloade dir bitte Farbar's MiniToolBox auf deinen Desktop und starte das Tool Setze einen Haken bei folgenden Einträgen
__________________ --> Re-Infekt mit Malaha.net und diverse Beobachtungen |
|
29.04.2015, 11:32
| #7 |
| | Re-Infekt mit Malaha.net und diverse BeobachtungenCode:
ATTFilter MiniToolBox by Farbar Version: 14-04-2015
Ran by Kay (administrator) on 29-04-2015 at 12:27:42
Running from "C:\Users\***\Downloads"
Microsoft Windows 8.1 Pro (X64)
Model: System Product Name Manufacturer: System manufacturer
Boot Mode: Normal
***************************************************************************
========================= Flush DNS: ===================================
Windows-IP-Konfiguration
Der DNS-Aufl�sungscache wurde geleert.
========================= IE Proxy Settings: ==============================
Proxy is not enabled.
No Proxy Server is set.
"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= FF Proxy Settings: ==============================
"Reset FF Proxy Settings": Firefox Proxy settings were reset.
========================= Hosts content: =================================
========================= IP Configuration: ================================
D-Link DWA-125 Wireless N 150 USB Adapter(rev.A2) = WiFi (Connected)
Realtek PCIe GBE Family Controller = Ethernet (Media disconnected)
Bluetooth-Gerät (PAN) = Bluetooth-Netzwerkverbindung (Media disconnected)
# ----------------------------------
# IPv4-Konfiguration
# ----------------------------------
pushd interface ipv4
reset
set global icmpredirects=enabled
set interface interface="LAN-Verbindung* 1" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Ethernet" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="ethernet_12" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="ethernet_11" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="ethernet_3" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="WiFi" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="LAN-Verbindung* 4" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Bluetooth-Netzwerkverbindung" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Bluetooth-Netzwerkverbindung 2" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="LAN-Verbindung* 5" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
popd
# Ende der IPv4-Konfiguration
Windows-IP-Konfiguration
Hostname . . . . . . . . . . . . : opqiwuer
Prim�res DNS-Suffix . . . . . . . :
Knotentyp . . . . . . . . . . . . : Hybrid
IP-Routing aktiviert . . . . . . : Nein
WINS-Proxy aktiviert . . . . . . : Nein
DNS-Suffixsuchliste . . . . . . . : Speedport_W_921V_1_37_000
Drahtlos-LAN-Adapter LAN-Verbindung* 5:
Medienstatus. . . . . . . . . . . : Medium getrennt
Verbindungsspezifisches DNS-Suffix:
Beschreibung. . . . . . . . . . . : Von Microsoft gehosteter, virtueller Netzwerkadapter
Physische Adresse . . . . . . . . : 34-08-04-9A-AB-0A
DHCP aktiviert. . . . . . . . . . : Ja
Autokonfiguration aktiviert . . . : Ja
Ethernet-Adapter Bluetooth-Netzwerkverbindung:
Medienstatus. . . . . . . . . . . : Medium getrennt
Verbindungsspezifisches DNS-Suffix:
Beschreibung. . . . . . . . . . . : Bluetooth-Ger�t (PAN)
Physische Adresse . . . . . . . . : 00-26-83-16-C3-59
DHCP aktiviert. . . . . . . . . . : Ja
Autokonfiguration aktiviert . . . : Ja
Drahtlos-LAN-Adapter LAN-Verbindung* 4:
Medienstatus. . . . . . . . . . . : Medium getrennt
Verbindungsspezifisches DNS-Suffix:
Beschreibung. . . . . . . . . . . : Virtueller Microsoft-Adapter f�r direktes WiFi
Physische Adresse . . . . . . . . : 34-08-04-9A-AB-0B
DHCP aktiviert. . . . . . . . . . : Ja
Autokonfiguration aktiviert . . . : Ja
Drahtlos-LAN-Adapter WiFi:
Verbindungsspezifisches DNS-Suffix: Speedport_W_921V_1_37_000
Beschreibung. . . . . . . . . . . : D-Link DWA-125 Wireless N 150 USB Adapter(rev.A2)
Physische Adresse . . . . . . . . : 34-08-04-9A-AB-09
DHCP aktiviert. . . . . . . . . . : Ja
Autokonfiguration aktiviert . . . : Ja
IPv6-Adresse. . . . . . . . . . . : 2003:58:a417:5420:a44b:f685:da62:e44d(Bevorzugt)
Tempor�re IPv6-Adresse. . . . . . : 2003:58:a417:5420:28dc:440b:b5e:bda0(Bevorzugt)
Verbindungslokale IPv6-Adresse . : fe80::a44b:f685:da62:e44d%7(Bevorzugt)
IPv4-Adresse . . . . . . . . . . : 192.168.2.106(Bevorzugt)
Subnetzmaske . . . . . . . . . . : 255.255.255.0
Lease erhalten. . . . . . . . . . : Mittwoch, 29. April 2015 12:21:26
Lease l�uft ab. . . . . . . . . . : Mittwoch, 20. Mai 2015 12:21:28
Standardgateway . . . . . . . . . : fe80::1%7
192.168.2.1
DHCP-Server . . . . . . . . . . . : 192.168.2.1
DHCPv6-IAID . . . . . . . . . . . : 238290948
DHCPv6-Client-DUID. . . . . . . . : 00-01-00-01-1A-6F-34-18-F4-6D-04-9C-99-D9
DNS-Server . . . . . . . . . . . : fe80::1%7
192.168.2.1
NetBIOS �ber TCP/IP . . . . . . . : Aktiviert
Ethernet-Adapter Ethernet:
Medienstatus. . . . . . . . . . . : Medium getrennt
Verbindungsspezifisches DNS-Suffix: Speedport_W_921V_1_37_000
Beschreibung. . . . . . . . . . . : Realtek PCIe GBE Family Controller
Physische Adresse . . . . . . . . : F4-6D-04-9C-99-D9
DHCP aktiviert. . . . . . . . . . : Ja
Autokonfiguration aktiviert . . . : Ja
Tunneladapter LAN-Verbindung* 11:
Verbindungsspezifisches DNS-Suffix:
Beschreibung. . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physische Adresse . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP aktiviert. . . . . . . . . . : Nein
Autokonfiguration aktiviert . . . : Ja
IPv6-Adresse. . . . . . . . . . . : 2001:0:9d38:6abd:1434:182f:3f57:fd95(Bevorzugt)
Verbindungslokale IPv6-Adresse . : fe80::1434:182f:3f57:fd95%4(Bevorzugt)
Standardgateway . . . . . . . . . :
DHCPv6-IAID . . . . . . . . . . . : 117440512
DHCPv6-Client-DUID. . . . . . . . : 00-01-00-01-1A-6F-34-18-F4-6D-04-9C-99-D9
NetBIOS �ber TCP/IP . . . . . . . : Deaktiviert
Tunneladapter isatap.Speedport_W_921V_1_37_000:
Medienstatus. . . . . . . . . . . : Medium getrennt
Verbindungsspezifisches DNS-Suffix: Speedport_W_921V_1_37_000
Beschreibung. . . . . . . . . . . : Microsoft-ISATAP-Adapter #2
Physische Adresse . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP aktiviert. . . . . . . . . . : Nein
Autokonfiguration aktiviert . . . : Ja
Server: UnKnown
Address: fe80::1
Name: google.com
Addresses: 2a00:1450:4001:80e::1001
173.194.116.166
173.194.116.174
173.194.116.169
173.194.116.165
173.194.116.163
173.194.116.161
173.194.116.164
173.194.116.162
173.194.116.160
173.194.116.167
173.194.116.168
Ping wird ausgef�hrt f�r google.com [2a00:1450:4001:80e::1001] mit 32 Bytes Daten:
Zeit�berschreitung der Anforderung.
Antwort von 2a00:1450:4001:80e::1001: Zeit=39ms
Ping-Statistik f�r 2a00:1450:4001:80e::1001:
Pakete: Gesendet = 2, Empfangen = 1, Verloren = 1
(50% Verlust),
Ca. Zeitangaben in Millisek.:
Minimum = 39ms, Maximum = 39ms, Mittelwert = 39ms
Server: UnKnown
Address: fe80::1
Name: yahoo.com
Addresses: 98.138.253.109
206.190.36.45
98.139.183.24
Ping wird ausgef�hrt f�r yahoo.com [98.138.253.109] mit 32 Bytes Daten:
Antwort von 98.138.253.109: Bytes=32 Zeit=151ms TTL=52
Antwort von 98.138.253.109: Bytes=32 Zeit=150ms TTL=52
Ping-Statistik f�r 98.138.253.109:
Pakete: Gesendet = 2, Empfangen = 2, Verloren = 0
(0% Verlust),
Ca. Zeitangaben in Millisek.:
Minimum = 150ms, Maximum = 151ms, Mittelwert = 150ms
Ping wird ausgef�hrt f�r 127.0.0.1 mit 32 Bytes Daten:
Antwort von 127.0.0.1: Bytes=32 Zeit<1ms TTL=128
Antwort von 127.0.0.1: Bytes=32 Zeit<1ms TTL=128
Ping-Statistik f�r 127.0.0.1:
Pakete: Gesendet = 2, Empfangen = 2, Verloren = 0
(0% Verlust),
Ca. Zeitangaben in Millisek.:
Minimum = 0ms, Maximum = 0ms, Mittelwert = 0ms
===========================================================================
Schnittstellenliste
13...34 08 04 9a ab 0a ......Von Microsoft gehosteter, virtueller Netzwerkadapter
10...00 26 83 16 c3 59 ......Bluetooth-Ger�t (PAN)
8...34 08 04 9a ab 0b ......Virtueller Microsoft-Adapter f�r direktes WiFi
7...34 08 04 9a ab 09 ......D-Link DWA-125 Wireless N 150 USB Adapter(rev.A2)
3...f4 6d 04 9c 99 d9 ......Realtek PCIe GBE Family Controller
1...........................Software Loopback Interface 1
4...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
14...00 00 00 00 00 00 00 e0 Microsoft-ISATAP-Adapter #2
===========================================================================
IPv4-Routentabelle
===========================================================================
Aktive Routen:
Netzwerkziel Netzwerkmaske Gateway Schnittstelle Metrik
0.0.0.0 0.0.0.0 192.168.2.1 192.168.2.106 30
127.0.0.0 255.0.0.0 Auf Verbindung 127.0.0.1 306
127.0.0.1 255.255.255.255 Auf Verbindung 127.0.0.1 306
127.255.255.255 255.255.255.255 Auf Verbindung 127.0.0.1 306
192.168.2.0 255.255.255.0 Auf Verbindung 192.168.2.106 286
192.168.2.106 255.255.255.255 Auf Verbindung 192.168.2.106 286
192.168.2.255 255.255.255.255 Auf Verbindung 192.168.2.106 286
224.0.0.0 240.0.0.0 Auf Verbindung 127.0.0.1 306
224.0.0.0 240.0.0.0 Auf Verbindung 192.168.2.106 286
255.255.255.255 255.255.255.255 Auf Verbindung 127.0.0.1 306
255.255.255.255 255.255.255.255 Auf Verbindung 192.168.2.106 286
===========================================================================
St�ndige Routen:
Keine
IPv6-Routentabelle
===========================================================================
Aktive Routen:
If Metrik Netzwerkziel Gateway
7 286 ::/0 fe80::1
1 306 ::1/128 Auf Verbindung
4 306 2001::/32 Auf Verbindung
4 306 2001:0:9d38:6abd:1434:182f:3f57:fd95/128
Auf Verbindung
7 286 2003:58:a417:5420::/64 Auf Verbindung
7 286 2003:58:a417:5420:28dc:440b:b5e:bda0/128
Auf Verbindung
7 286 2003:58:a417:5420:a44b:f685:da62:e44d/128
Auf Verbindung
7 286 fe80::/64 Auf Verbindung
4 306 fe80::/64 Auf Verbindung
4 306 fe80::1434:182f:3f57:fd95/128
Auf Verbindung
7 286 fe80::a44b:f685:da62:e44d/128
Auf Verbindung
1 306 ff00::/8 Auf Verbindung
7 286 ff00::/8 Auf Verbindung
4 306 ff00::/8 Auf Verbindung
===========================================================================
St�ndige Routen:
Keine
========================= Winsock entries =====================================
Catalog5 01 C:\WINDOWS\SysWOW64\napinsp.dll [55296] (Microsoft Corporation)
Catalog5 02 C:\WINDOWS\SysWOW64\pnrpnsp.dll [70144] (Microsoft Corporation)
Catalog5 03 C:\WINDOWS\SysWOW64\pnrpnsp.dll [70144] (Microsoft Corporation)
Catalog5 04 C:\WINDOWS\SysWOW64\NLAapi.dll [65536] (Microsoft Corporation)
Catalog5 05 C:\WINDOWS\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog5 06 C:\WINDOWS\SysWOW64\winrnr.dll [23040] (Microsoft Corporation)
Catalog5 07 C:\WINDOWS\SysWOW64\wshbth.dll [50688] (Microsoft Corporation)
Catalog9 01 C:\WINDOWS\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 02 C:\WINDOWS\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 03 C:\WINDOWS\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 04 C:\WINDOWS\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 05 C:\WINDOWS\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 06 C:\WINDOWS\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 07 C:\WINDOWS\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 08 C:\WINDOWS\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 09 C:\WINDOWS\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 10 C:\WINDOWS\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 11 C:\WINDOWS\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\napinsp.dll [69120] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\pnrpnsp.dll [88576] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [88576] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\NLAapi.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [30720] (Microsoft Corporation)
x64-Catalog5 07 C:\Windows\System32\wshbth.dll [63488] (Microsoft Corporation)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 11 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
========================= Event log errors: ===============================
Application errors:
==================
Error: (04/28/2015 07:00:47 PM) (Source: Microsoft-Windows-Defrag) (User: )
Description: Das Volume "\\?\Volume{40074772-7e2b-407c-8063-16df5dc9932e}\" wurde aufgrund eines Fehlers nicht optimiert: Falscher Parameter. (0x80070057)
Error: (04/28/2015 06:45:32 PM) (Source: Microsoft-Windows-Defrag) (User: )
Description: Das Volume "(H:)" wurde aufgrund eines Fehlers nicht optimiert: Falscher Parameter. (0x80070057)
Error: (04/28/2015 06:02:55 PM) (Source: Microsoft-Windows-Defrag) (User: )
Description: Das Volume "\\?\Volume{40074772-7e2b-407c-8063-16df5dc9932e}\" wurde aufgrund eines Fehlers nicht optimiert: Falscher Parameter. (0x80070057)
Error: (04/28/2015 06:01:33 PM) (Source: Microsoft-Windows-Defrag) (User: )
Description: Das Volume "(H:)" wurde aufgrund eines Fehlers nicht optimiert: Falscher Parameter. (0x80070057)
Error: (04/28/2015 05:17:24 PM) (Source: Microsoft-Windows-Defrag) (User: )
Description: Das Volume "(H:)" wurde aufgrund eines Fehlers nicht optimiert: Falscher Parameter. (0x80070057)
Error: (04/28/2015 04:56:19 PM) (Source: Microsoft-Windows-Defrag) (User: )
Description: Das Volume "(H:)" wurde aufgrund eines Fehlers nicht optimiert: Falscher Parameter. (0x80070057)
Error: (04/28/2015 02:09:34 PM) (Source: Microsoft-Windows-Defrag) (User: )
Description: Das Volume "\\?\Volume{40074772-7e2b-407c-8063-16df5dc9932e}\" wurde aufgrund eines Fehlers nicht optimiert: Falscher Parameter. (0x80070057)
Error: (04/28/2015 00:07:22 PM) (Source: Microsoft-Windows-Defrag) (User: )
Description: Das Volume "(H:)" wurde aufgrund eines Fehlers nicht optimiert: Falscher Parameter. (0x80070057)
Error: (04/28/2015 00:07:20 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"1". Fehler in Manifest- oder Richtliniendatei "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"2" in Zeile UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"3.
Die im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente überein.
Verweis: UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0".
Definition: UccApi,processorArchitecture="x86",type="win32",version="15.0.0.0".
Verwenden Sie das Programm "sxstrace.exe" für eine detaillierte Diagnose.
Error: (04/27/2015 09:35:41 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: vlc.exe, Version: 2.1.5.0, Zeitstempel: 0x00000000
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.3.9600.17736, Zeitstempel: 0x550f4336
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000000000005473b
ID des fehlerhaften Prozesses: 0x1a7c
Startzeit der fehlerhaften Anwendung: 0xvlc.exe0
Pfad der fehlerhaften Anwendung: vlc.exe1
Pfad des fehlerhaften Moduls: vlc.exe2
Berichtskennung: vlc.exe3
Vollständiger Name des fehlerhaften Pakets: vlc.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: vlc.exe5
System errors:
=============
Error: (04/29/2015 00:21:20 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "SPCA1528 Video Camera Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1058
Error: (04/28/2015 08:45:18 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "SPCA1528 Video Camera Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1058
Error: (04/28/2015 08:45:17 PM) (Source: EventLog) (User: )
Description: Das System wurde zuvor am 28.04.2015 um 20:35:21 unerwartet heruntergefahren.
Error: (04/28/2015 07:30:34 PM) (Source: Schannel) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert und an den Remoteendpunkt gesendet. Dies kann dazu führen, dass die Verbindung beendet wird. Die schwerwiegende Warnung hat folgenden für das TLS-Protokoll definierten Code: 20. Der Windows-SChannel-Fehlerstatus lautet: 960.
Error: (04/28/2015 06:35:21 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "SPCA1528 Video Camera Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1058
Error: (04/28/2015 06:15:52 PM) (Source: Schannel) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert und an den Remoteendpunkt gesendet. Dies kann dazu führen, dass die Verbindung beendet wird. Die schwerwiegende Warnung hat folgenden für das TLS-Protokoll definierten Code: 20. Der Windows-SChannel-Fehlerstatus lautet: 960.
Error: (04/28/2015 05:55:16 PM) (Source: Tcpip) (User: )
Description: Das System hat einen Adressenkonflikt der IP-Adresse 192.168.2.104 mit dem Computer mit der
Netzwerkhardwareadresse 00-1A-2B-9F-53-05 ermittelt. Netzwerkvorgänge könnten daher auf diesem
System unterbrochen werden.
Error: (04/28/2015 04:45:17 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "SPCA1528 Video Camera Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1058
Error: (04/28/2015 02:56:28 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Superfetch" wurde mit folgendem Fehler beendet:
%%1062
Error: (04/28/2015 11:52:31 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "SPCA1528 Video Camera Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1058
Microsoft Office Sessions:
=========================
Error: (04/28/2015 07:00:47 PM) (Source: Microsoft-Windows-Defrag)(User: )
Description: \\?\Volume{40074772-7e2b-407c-8063-16df5dc9932e}\Falscher Parameter. (0x80070057)
Error: (04/28/2015 06:45:32 PM) (Source: Microsoft-Windows-Defrag)(User: )
Description: (H:)Falscher Parameter. (0x80070057)
Error: (04/28/2015 06:02:55 PM) (Source: Microsoft-Windows-Defrag)(User: )
Description: \\?\Volume{40074772-7e2b-407c-8063-16df5dc9932e}\Falscher Parameter. (0x80070057)
Error: (04/28/2015 06:01:33 PM) (Source: Microsoft-Windows-Defrag)(User: )
Description: (H:)Falscher Parameter. (0x80070057)
Error: (04/28/2015 05:17:24 PM) (Source: Microsoft-Windows-Defrag)(User: )
Description: (H:)Falscher Parameter. (0x80070057)
Error: (04/28/2015 04:56:19 PM) (Source: Microsoft-Windows-Defrag)(User: )
Description: (H:)Falscher Parameter. (0x80070057)
Error: (04/28/2015 02:09:34 PM) (Source: Microsoft-Windows-Defrag)(User: )
Description: \\?\Volume{40074772-7e2b-407c-8063-16df5dc9932e}\Falscher Parameter. (0x80070057)
Error: (04/28/2015 00:07:22 PM) (Source: Microsoft-Windows-Defrag)(User: )
Description: (H:)Falscher Parameter. (0x80070057)
Error: (04/28/2015 00:07:20 PM) (Source: SideBySide)(User: )
Description: UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"UccApi,processorArchitecture="x86",type="win32",version="15.0.0.0"C:\Program Files\Microsoft Office 15\root\office15\lync.exe.ManifestC:\Program Files\Microsoft Office 15\root\office15\UccApi.DLL1
Error: (04/27/2015 09:35:41 PM) (Source: Application Error)(User: )
Description: vlc.exe2.1.5.000000000ntdll.dll6.3.9600.17736550f4336c0000005000000000005473b1a7c01d0811a065c3160d:\Program Files\VideoLAN\VLC\vlc.exeC:\WINDOWS\SYSTEM32\ntdll.dll9684402d-ed14-11e4-804e-c41c11f08afe
CodeIntegrity Errors:
===================================
Date: 2015-04-28 12:07:13.485
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2015-04-27 20:57:46.487
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2015-04-26 11:56:35.795
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\Emsisoft Anti-Malware\a2hooks32.dll that did not meet the Store signing level requirements.
Date: 2015-04-26 11:56:35.472
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\Emsisoft Anti-Malware\a2hooks32.dll that did not meet the Store signing level requirements.
Date: 2015-04-26 11:56:35.147
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\Emsisoft Anti-Malware\a2hooks32.dll that did not meet the Store signing level requirements.
Date: 2015-04-26 11:56:34.875
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\Emsisoft Anti-Malware\a2hooks32.dll that did not meet the Store signing level requirements.
Date: 2015-04-26 11:56:34.579
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\Emsisoft Anti-Malware\a2hooks32.dll that did not meet the Store signing level requirements.
Date: 2015-04-26 11:56:34.018
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\Emsisoft Anti-Malware\a2hooks32.dll that did not meet the Store signing level requirements.
Date: 2015-04-25 12:34:01.659
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\Emsisoft Anti-Malware\a2hooks32.dll that did not meet the Store signing level requirements.
Date: 2015-04-25 12:34:00.976
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\Emsisoft Anti-Malware\a2hooks32.dll that did not meet the Store signing level requirements.
„Der Herr der Ringe Online™“ v1301.0055.0535.4025 (HKLM-x32\...\12bbe590-c890-11d9-9669-0800200c9a66_is1) (Version: 1301.0055.0535.4025 - Turbine, Inc.)
=========================== Installed Programs ============================
7-Zip 9.20 (HKLM-x32\...\{23170F69-40C1-2701-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Photoshop Lightroom 5.7.1 64-bit (HKLM\...\{BC86B82C-8C0E-4408-9AC1-6B0F2D636963}) (Version: 5.7.1 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.8.158 - Adobe Systems, Inc.)
Akamai NetSession Interface (HKCU\...\Akamai) (Version: - Akamai Technologies, Inc)
Alcor Micro Generic Hub Filter Driver (HKLM-x32\...\AmUHubftr) (Version: 2.0.11.0 - Alcor Micro Corp.)
Alcor Micro Generic Hub Filter Driver (x32 Version: 2.0.11.0 - Alcor Micro Corp.) Hidden
Alcor Micro USB Card Reader Driver (HKLM-x32\...\AmUStor) (Version: 20.26.3317.04170 - Alcor Micro Corp.)
Alcor Micro USB Card Reader Driver (x32 Version: 20.26.3317.04170 - Alcor Micro Corp.) Hidden
AMD Accelerated Video Transcoding (Version: 13.30.100.41120 - Advanced Micro Devices, Inc.) Hidden
AMD Catalyst Control Center (x32 Version: 2014.1120.2123.38423 - Ihr Firmenname) Hidden
AMD Catalyst Install Manager (HKLM\...\{F2A7CE36-57BF-5C86-952D-90DBF3746D82}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center (HKLM-x32\...\WUCCCApp) (Version: 1.00.0000 - AMD)
Catalyst Control Center Graphics Previews Common (x32 Version: 2014.1120.2123.38423 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2014.0423.449.6734 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2014.0704.2133.36938 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2014.1120.2123.38423 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2014.1120.2122.38423 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2014.1120.2122.38423 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2014.1120.2122.38423 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2014.1120.2122.38423 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2014.1120.2122.38423 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2014.1120.2122.38423 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2014.1120.2122.38423 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2014.1120.2122.38423 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2014.1120.2122.38423 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2014.1120.2122.38423 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2014.1120.2122.38423 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2014.1120.2122.38423 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2014.1120.2122.38423 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2014.1120.2122.38423 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2014.1120.2122.38423 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2014.1120.2122.38423 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2014.1120.2122.38423 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2014.1120.2122.38423 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2014.1120.2122.38423 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2014.1120.2122.38423 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2014.1120.2122.38423 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2014.1120.2122.38423 - Advanced Micro Devices, Inc.) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.04 - Piriform)
Classic Shell (HKLM\...\{840C85B7-D3D6-4143-9AF9-DAE80FD54CFC}) (Version: 4.1.0 - IvoSoft)
Definition Update for Microsoft Office 2010 (KB2965299) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{D1102BF0-0FBC-4344-BF90-95DA329C6D4A}) (Version: - Microsoft)
Diablo III (HKLM-x32\...\Diablo III) (Version: - Blizzard Entertainment)
Dota 2 (HKLM-x32\...\Steam App 570) (Version: - Valve)
Double Action: Boogaloo (HKLM-x32\...\Steam App 317360) (Version: - Double Action Factory)
Dungeon Defenders (HKLM-x32\...\Steam App 65800) (Version: - Trendy Entertainment)
DxO Optics Pro 7 (HKLM\...\{64579E10-6249-4BB1-B1D1-8EF55042DB45}) (Version: 7.5.5 - DxO Labs)
Elite Dangerous Launcher version 0.4.2220.0 (HKLM-x32\...\{696F8871-C91D-4CB1-825D-36BE18065575}_is1) (Version: 0.4.2220.0 - Frontier Developments)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 42.0.2311.90 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
Google+ Auto Backup (HKCU\...\Google+ Auto Backup) (Version: 1.0.27.161 - Google, Inc.)
HP Photosmart Plus B210 series - Grundlegende Software für das Gerät (HKLM\...\{1686185A-3D85-428D-8786-ACB403B9D420}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Photosmart Plus B210 series Hilfe (HKLM-x32\...\{7F5FDEA1-D0AC-4D80-9D95-59775FCCFA40}) (Version: 140.0.54.54 - Hewlett Packard)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0001 - Microsoft) Hidden
Inkscape 0.48.5 (HKLM-x32\...\Inkscape) (Version: 0.48.5 - )
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.38 - Irfan Skiljan)
Java 8 Update 31 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418031F0}) (Version: 8.0.310 - Oracle Corporation)
LastPass (Nur deinstallieren) (HKLM-x32\...\LastPass) (Version: - LastPass)
LibreOffice 4.4.2.2 (HKLM-x32\...\{99A395EF-A310-40BB-B7A3-E3FF07CC38FC}) (Version: 4.4.2.2 - The Document Foundation)
LOTRO Plugin Compendium (HKLM-x32\...\{3BF7818D-2482-4676-A237-915A11A97847}) (Version: 1.0.3 - Lunarwater)
Malwarebytes Anti-Malware Version 2.1.4.1018 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.4.1018 - Malwarebytes Corporation)
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft IntelliPoint 8.2 (HKLM\...\Microsoft IntelliPoint 8.2) (Version: 8.20.468.0 - Microsoft Corporation)
Microsoft IntelliPoint 8.2 (Version: 8.20.468.0 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2013 - de-de (HKLM\...\ProPlusRetail - de-de) (Version: 15.0.4701.1002 - Microsoft Corporation)
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727 (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 (x32 Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727 (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 (x32 Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (Version: 10.0.50908 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU (Version: 10.0.50903 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Mozilla Firefox 37.0.2 (x86 de) (HKLM-x32\...\Mozilla Firefox 37.0.2 (x86 de)) (Version: 37.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 33.0 - Mozilla)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser und SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB973685) (HKLM-x32\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation)
MyFreeCodec (HKCU\...\MyFreeCodec) (Version: - )
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4701.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4701.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4701.1002 - Microsoft Corporation) Hidden
PDF-Viewer (HKLM\...\{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1) (Version: 2.5.214.2 - Tracker Software Products Ltd)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.336 - Qualcomm Atheros Communications)
Ralink RT2870 Wireless LAN Card (HKLM-x32\...\{28DA7D8B-F9A4-4F18-8AA0-551B1E084D0D}) (Version: 1.5.35.0 - Ralink)
RawTherapee Version 4.1 (HKLM\...\{128459AB-59A7-430A-8BD0-3D8803D50400}_is1) (Version: 4.1 - rawtherapee.com)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.37.1119.2014 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7383 - Realtek Semiconductor Corp.)
Samsung Kies3 (HKLM-x32\...\InstallShield_{88547073-C566-4895-9005-EBE98EA3F7C7}) (Version: 3.2.15022.8 - Samsung Electronics Co., Ltd.)
Samsung Kies3 (x32 Version: 3.2.15022.8 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.49.0 - SAMSUNG Electronics Co., Ltd.)
Secunia PSI (3.0.0.9016) (HKLM-x32\...\Secunia PSI) (Version: 3.0.0.9016 - Secunia)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version: - Microsoft) Hidden
Sigils of Elohim (HKLM-x32\...\Steam App 321480) (Version: - Croteam)
Ski Challenge 15 (HKCU\...\sc15-GAMETWIST_MAIN) (Version: - )
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
SPCA1528 PC Driver (HKLM-x32\...\{570C2A84-A145-4DF0-AE9D-012584DF09DC}) (Version: 2.2.4.0 - )
Spore (HKLM-x32\...\Steam App 17390) (Version: - Maxis™)
Spore: Creepy & Cute Parts Pack (HKLM-x32\...\Steam App 17440) (Version: - Maxis™)
Spore: Galactic Adventures (HKLM-x32\...\Steam App 24720) (Version: - EA - Maxis)
StarCraft II (HKLM-x32\...\StarCraft II) (Version: - Blizzard Entertainment)
Steam (HKLM-x32\...\Steam) (Version: - Valve Corporation)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Terraria (HKLM-x32\...\Steam App 105600) (Version: - Re-Logic)
The Elder Scrolls V: Skyrim (HKLM-x32\...\Steam App 72850) (Version: - Bethesda Game Studios)
Thrustmaster Force Feedback Driver (HKLM-x32\...\{8F5A0981-5CDC-41D0-BCA2-AD3B777FC358}) (Version: 2.FFD.2009 - Thrustmaster)
Total Commander (Remove or Repair) (HKLM-x32\...\Totalcmd) (Version: 8.51a - Ghisler Software GmbH)
Unity Web Player (HKCU\...\UnityWebPlayer) (Version: 4.6.1f1 - Unity Technologies ApS)
Update for Microsoft Access 2010 (KB2837601) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{53FAC141-5C6B-4F97-ABC4-E635ABBC59E5}) (Version: - Microsoft)
Update for Microsoft Excel 2010 (KB2956084) 32-Bit Edition (HKLM-x32\...\{90140000-0016-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{B929A12E-CC68-4C4F-854F-EFE15C61A780}) (Version: - Microsoft)
Update for Microsoft Excel 2010 (KB2956084) 32-Bit Edition (HKLM-x32\...\{90140000-0018-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{B929A12E-CC68-4C4F-854F-EFE15C61A780}) (Version: - Microsoft)
Update for Microsoft Excel 2010 (KB2956084) 32-Bit Edition (HKLM-x32\...\{90140000-001B-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{B929A12E-CC68-4C4F-854F-EFE15C61A780}) (Version: - Microsoft)
Update for Microsoft Excel 2010 (KB2956084) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{530585A7-6AC9-4C29-81B7-D24A6CB031C8}) (Version: - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2881026) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{E9B182C4-9B69-4A42-A799-C145FED67701}) (Version: - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2881026) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{E9B182C4-9B69-4A42-A799-C145FED67701}) (Version: - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version: - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817396) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{39767ECA-1731-45DB-AB5B-6BF40E151D66}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2553140) 32-Bit Edition (HKLM-x32\...\{90140000-006E-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{8BEEA2FC-D416-428A-B52A-A3ED45921151}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2553140) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{8BEEA2FC-D416-428A-B52A-A3ED45921151}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589386) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{A4F91D60-654C-4892-BFD3-0D41ADA649B6}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2687275) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{0B7744D2-1FDD-4843-9987-7CE11B79F370}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{F1A20C69-9FE5-40FD-9CD5-84EABC2EF64A}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{BA610006-2C39-4419-9834-CF61AB24810A}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2837602) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{8158D96B-083A-4FE4-8587-B5D0F49FE4B8}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2837602) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{8158D96B-083A-4FE4-8587-B5D0F49FE4B8}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2883019) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{D1C4AD0B-CC79-41D2-8D6A-571E7B30658C}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2889828) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{60C9499F-B532-4206-AB19-F88C3A7684D5}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2889828) 32-Bit Edition (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{C1954E2B-1672-4E5C-B564-F8CB2D08345B}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2920813) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{74BC74BD-9032-4646-B248-F9F45E6D1326}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2956141) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{53FDC948-3ABA-4BDE-BCEB-F1465C93D91C}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2956191) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{500A5B54-0498-45EA-9AB9-5BB61F984FDF}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2965235) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{5C5DA4AE-EE03-47F0-A77A-E747112EAAC6}) (Version: - Microsoft)
Update for Microsoft OneNote 2010 (KB2956075) 32-Bit Edition (HKLM-x32\...\{90140000-00A1-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{4B217615-025C-4FDB-B511-CA1174FF0F77}) (Version: - Microsoft)
Update for Microsoft OneNote 2010 (KB2956205) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{673FF853-6C60-4666-8E2F-CE9E2EB991AA}) (Version: - Microsoft)
Update for Microsoft OneNote 2010 (KB2956205) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{673FF853-6C60-4666-8E2F-CE9E2EB991AA}) (Version: - Microsoft)
Update for Microsoft Outlook 2010 (KB2965295) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{4FC01585-0780-4BFF-B049-789081F52EAB}) (Version: - Microsoft)
Update for Microsoft Outlook 2010 (KB2965295) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{C4C319F9-25AE-4EF5-B3EB-1C1EE9AA520D}) (Version: - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2956190) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{6634BCE3-2F6D-4E7F-A02C-6F045FC1F075}) (Version: - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version: - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version: - Microsoft)
Update for Microsoft Visio 2010 (KB2881025) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{8764EC2A-9F51-483B-9E00-82806B6A6909}) (Version: - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2881021) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{30B9D112-E68C-461D-B370-6D0B6AD61AC6}) (Version: - Microsoft)
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
WEB.DE Club SmartFax (HKLM-x32\...\WEB.DE Club SmartFax) (Version: 2.00.235 - 1&1 Mail & Media GmbH)
WEB.DE Online-Speicher 1.11.4174.0 (HKCU\...\WEB.DE Application {sync-000021}) (Version: 1.11.4174.0 - 1&1 Mail & Media GmbH)
WinRAR 5.21 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)
WISO Mein Geld 2015 Professional .NET (HKLM-x32\...\WISO Mein Geld 2015 Professional .NET) (Version: - Buhl Data Service GmbH)
WISO Mein Geld 2015 Professional .NET (x32 Version: 20.0.0.0 - Buhl Data Service GmbH) Hidden
WISO Steuer-Sparbuch 2014 (HKCU\...\{E1438C8A-2806-4C22-89EE-5A4B24A91358}) (Version: 21.04.8571 - Buhl Data Service GmbH)
XP Codec Pack (HKLM-x32\...\XP Codec Pack) (Version: - )
========================= Memory info: ===================================
Percentage of memory in use: 39%
Total physical RAM: 8159.15 MB
Available physical RAM: 4941.32 MB
Total Pagefile: 16351.15 MB
Available Pagefile: 12254.2 MB
Total Virtual: 4095.88 MB
Available Virtual: 3969.69 MB
========================= Partitions: =====================================
1 Drive c: () (Fixed) (Total:75.22 GB) (Free:16.72 GB) NTFS
2 Drive d: (Win) (Fixed) (Total:270.45 GB) (Free:46.25 GB) NTFS
3 Drive e: (Elements) (Fixed) (Total:465.64 GB) (Free:281.99 GB) FAT32
6 Drive h: () (Fixed) (Total:0.49 GB) (Free:0.48 GB) NTFS
========================= Users: ========================================
Benutzerkonten fr \\OPQIWUER
Administrator Gast ***
Der Befehl wurde erfolgreich ausgefhrt.
========================= Minidump Files ==================================
No minidump file found
**** End of log ****
|
|
30.04.2015, 07:10
| #8 |
| /// the machine /// TB-Ausbilder | Re-Infekt mit Malaha.net und diverse Beobachtungen Sieht gut aus, ich würde aber ipV6 abschalten.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
01.05.2015, 12:01
| #9 |
| | Re-Infekt mit Malaha.net und diverse Beobachtungen schon mal schön zu hören. ipv6 hab ich abgeschaltet. Weiß aber nicht worauf ich da verzichte? Und kenne gar nicht die mögliche schädliche Wirkung. Aber...abgeschaltet. LG verrant Und nun der Klopfer überhaupt: Malaha.net ist immer noch da. LG verrrant Und eine meiner Sites die beim Start von Chrome gestartet wird, lädt nicht fertig, obwohl ich angemeldet bin. 1.5.15 13:00 h verrant |
|
02.05.2015, 07:56
| #10 |
| /// the machine /// TB-Ausbilder | Re-Infekt mit Malaha.net und diverse Beobachtungen Revo Uninstaller - Download - Filepony damit Chrome deinstallieren, keine Daten behalten, Reste entfernen lassen, neu installieren. Dann: https://support.google.com/chrome/answer/3296214?hl=de Dann bitte ein frisches FRST log.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
03.05.2015, 13:45
| #11 |
| | Re-Infekt mit Malaha.net und diverse Beobachtungen Hallo Schrauber. Deinstallation und "reset" von Chrome erledigt. 2 Fragen bitte: Was mache ich mit der Installation unter Ubuntu? Klar, ist nicht Dein Betriebssystem. Aber soll ich eher in einschlägigen Foren nach restloser Deinstallation fragen? Oder Chrome dort "nur" reseten? Irgendwie habe ich schwierigkeiten mit Java. Zum Teil, weil NoScript Einstellungen das ausführen verhindern, zum Teil kann ich mir nicht erklären, warum bestimmte Funktionen auf den Sites nicht aktivierbar sind. Bin dich verständlich? So kann ich in Firefox und Opera JavaScript nicht aktivieren, aber bei ausschalten von NoScript für die Site Filepony, die Funktion scheinbar doch freigeben, unter FireFox. Wie gesagt, irgendwie verwirrt mich das. FRST Logfile: FRST Logfile: FRST Logfile: FRST Logfile: FRST Logfile: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-05-2015 Ran by *** (administrator) on *** on 02-05-2015 11:40:08 Running from C:\Users\***\Downloads Loaded Profiles: *** (Available profiles: ***) Platform: Windows 8.1 Pro (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 (Default browser: IE) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AMD) C:\Windows\System32\atiesrxx.exe (AMD) C:\Windows\System32\atieclxx.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe (Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe (Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe (Microsoft Corporation) C:\Windows\System32\dasHost.exe (Malwarebytes Corporation) D:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe (Malwarebytes Corporation) D:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe (Ralink Technology, Corp.) C:\Program Files (x86)\Ralink\Common\RaRegistry.exe (Ralink Technology, Corp.) C:\Program Files (x86)\Ralink\Common\RaRegistry64.exe (Secunia) C:\Program Files (x86)\Secunia\PSI\psia.exe (DEVGURU Co., LTD.) D:\Program Files (x86)\USB Drivers\25_escape\conn\ss_conn_service.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe (Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe (Malwarebytes Corporation) D:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe (IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Windows\System32\SkyDrive.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Atheros Communications) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe (Akamai Technologies, Inc.) C:\Users\***\AppData\Local\Akamai\netsession_win.exe (Hewlett-Packard Co.) C:\Program Files\HP\HP Photosmart Plus B210 series\Bin\ScanToPCActivationApp.exe () C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe (Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Akamai Technologies, Inc.) C:\Users\***\AppData\Local\Akamai\netsession_win.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler64.exe (Hewlett-Packard Co.) C:\Program Files\HP\HP Photosmart Plus B210 series\Bin\HPNetworkCommunicator.exe (Farbar) C:\Users\***\Downloads\FRST64(1).exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [161984 2014-04-20] (IvoSoft) HKLM\...\Run: [IntelliPoint] => C:\Program Files\Microsoft IntelliPoint\ipoint.exe [2417032 2011-08-01] (Microsoft Corporation) HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation) HKLM-x32\...\Run: [WISO Mein Geld 2015 Professional .NET] => D:\Program Files (x86)\Buhl\WISO Mein Geld 2015\mg.exe [1120568 2015-04-01] (Buhl Data Service) HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2014-11-20] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard) HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [334896 2015-04-30] (Oracle Corporation) HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [134784 2014-11-30] (Atheros Communications) HKU\S-1-5-21-1888364831-2858631773-2981139133-1001\...\Run: [Google Update] => C:\Users\***\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2014-03-16] (Google Inc.) HKU\S-1-5-21-1888364831-2858631773-2981139133-1001\...\Run: [Google+ Auto Backup] => C:\Users\***\AppData\Local\Programs\Google\Google+ Auto Backup\Google+ Auto Backup.exe [3754312 2015-02-13] (Google Inc.) HKU\S-1-5-21-1888364831-2858631773-2981139133-1001\...\Run: [WEB.DE Application {sync-000021}] => C:\Users\***\AppData\Local\WEB.DE Application {sync-000021}\webde_onlinespeicher.exe [781312 2015-02-18] (1&1 Mail & Media GmbH) HKU\S-1-5-21-1888364831-2858631773-2981139133-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7451928 2015-03-13] (Piriform Ltd) HKU\S-1-5-21-1888364831-2858631773-2981139133-1001\...\Run: [Akamai NetSession Interface] => C:\Users\***\AppData\Local\Akamai\netsession_win.exe [4673432 2014-10-29] (Akamai Technologies, Inc.) HKU\S-1-5-21-1888364831-2858631773-2981139133-1001\...\Run: [HP Photosmart Plus B210 series (NET)] => C:\Program Files\HP\HP Photosmart Plus B210 series\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass FF RunOnce.lnk [2014-10-06] ShortcutTarget: Install LastPass FF RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe (LastPass) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass IE RunOnce.lnk [2014-01-20] ShortcutTarget: Install LastPass IE RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe (LastPass) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Ralink Wireless Utility.lnk [2015-02-19] Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk [2014-10-02] ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia) Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\WISO Mein Steuer-Sparbuch heute.lnk [2014-03-19] ShortcutTarget: WISO Mein Steuer-Sparbuch heute.lnk -> D:\Program Files (x86)\WISO\Steuersoftware 2014\mshaktuell.exe () ShellIconOverlayIdentifiers: [ 1&1 Sync Overlay 1] -> {02B2B772-B8A8-4DA4-9B18-42551A54A1A8} => C:\Program Files\Common Files\1&1 Sync\1&1SyncShellExtension64_1_0_0_1_20150212142954828.dll [2014-11-27] (1&1 Mail & Media GmbH) ShellIconOverlayIdentifiers: [ 1&1 Sync Overlay 2] -> {0575AB16-E932-4160-8936-4DBE195BDBD7} => C:\Program Files\Common Files\1&1 Sync\1&1SyncShellExtension64_1_0_0_1_20150212142954828.dll [2014-11-27] (1&1 Mail & Media GmbH) ShellIconOverlayIdentifiers: [ 1&1 Sync Overlay 3] -> {0E9EF89A-96D3-4DE6-B2F8-E9548AA5321E} => C:\Program Files\Common Files\1&1 Sync\1&1SyncShellExtension64_1_0_0_1_20150212142954828.dll [2014-11-27] (1&1 Mail & Media GmbH) ShellIconOverlayIdentifiers: [ 1&1 Sync Overlay 4] -> {1A4AFFE1-B2F9-483D-B627-D9A339DBFD34} => C:\Program Files\Common Files\1&1 Sync\1&1SyncShellExtension64_1_0_0_1_20150212142954828.dll [2014-11-27] (1&1 Mail & Media GmbH) ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll [2014-04-20] (IvoSoft) ShellIconOverlayIdentifiers-x32: [ 1&1 Sync Overlay 1] -> {02B2B772-B8A8-4DA4-9B18-42551A54A1A8} => C:\Program Files (x86)\Common Files\1&1 Sync\1&1SyncShellExtension_1_0_0_1_20150212142954828.dll [2014-11-27] (1&1 Mail & Media GmbH) ShellIconOverlayIdentifiers-x32: [ 1&1 Sync Overlay 2] -> {0575AB16-E932-4160-8936-4DBE195BDBD7} => C:\Program Files (x86)\Common Files\1&1 Sync\1&1SyncShellExtension_1_0_0_1_20150212142954828.dll [2014-11-27] (1&1 Mail & Media GmbH) ShellIconOverlayIdentifiers-x32: [ 1&1 Sync Overlay 3] -> {0E9EF89A-96D3-4DE6-B2F8-E9548AA5321E} => C:\Program Files (x86)\Common Files\1&1 Sync\1&1SyncShellExtension_1_0_0_1_20150212142954828.dll [2014-11-27] (1&1 Mail & Media GmbH) ShellIconOverlayIdentifiers-x32: [ 1&1 Sync Overlay 4] -> {1A4AFFE1-B2F9-483D-B627-D9A339DBFD34} => C:\Program Files (x86)\Common Files\1&1 Sync\1&1SyncShellExtension_1_0_0_1_20150212142954828.dll [2014-11-27] (1&1 Mail & Media GmbH) ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-02-10] (Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-02-10] (Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-02-10] (Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll [2014-04-20] (IvoSoft) CHR HKU\S-1-5-21-1888364831-2858631773-2981139133-1001\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKU\S-1-5-21-1888364831-2858631773-2981139133-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie HKU\S-1-5-21-1888364831-2858631773-2981139133-1001\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie HKU\S-1-5-21-1888364831-2858631773-2981139133-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.giga.de/androidnews/ SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-1888364831-2858631773-2981139133-1001 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={sear BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-02-10] (Microsoft Corporation) BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll [2014-04-20] (IvoSoft) BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation) BHO: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> d:\Program Files (x86)\LastPass\LPToolbar_x64.dll [2014-10-06] (LastPass) BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation) BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-02-10] (Microsoft Corporation) BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_64.dll [2014-04-20] (IvoSoft) BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll [2015-02-10] (Microsoft Corporation) BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll [2014-04-20] (IvoSoft) BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-05-01] (Oracle Corporation) BHO-x32: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> d:\Program Files (x86)\LastPass\LPToolbar.dll [2014-10-06] (LastPass) BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation) BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-02-10] (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-05-01] (Oracle Corporation) BHO-x32: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_32.dll [2014-04-20] (IvoSoft) Toolbar: HKLM - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - d:\Program Files (x86)\LastPass\LPToolbar_x64.dll [2014-10-06] (LastPass) Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll [2014-04-20] (IvoSoft) Toolbar: HKLM-x32 - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - d:\Program Files (x86)\LastPass\LPToolbar.dll [2014-10-06] (LastPass) Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll [2014-04-20] (IvoSoft) Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation) Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation) Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation) Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 FireFox: ======== FF ProfilePath: C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\xj48727q.default-1427810809798 FF Homepage: hxxp://www.diesiedleronline.de/de/spielen FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-04-26] () FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> d:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll [2014-02-17] (Tracker Software Products (Canada) Ltd.) FF Plugin: @lastpass.com/NPLastPass -> d:\Program Files (x86)\LastPass\nplastpass64.dll [2014-10-06] (LastPass) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> D:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll [2014-02-17] (Tracker Software Products (Canada) Ltd.) FF Plugin: @videolan.org/vlc,version=2.1.2 -> d:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-30] (VideoLAN) FF Plugin: @videolan.org/vlc,version=2.1.4 -> d:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-30] (VideoLAN) FF Plugin: @videolan.org/vlc,version=2.1.5 -> d:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-30] (VideoLAN) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-26] () FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1218158.dll [2015-04-17] (Adobe Systems, Inc.) FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> d:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [2014-02-17] (Tracker Software Products (Canada) Ltd.) FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> d:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2014-08-13] (Google, Inc.) FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-05-01] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-05-01] (Oracle Corporation) FF Plugin-x32: @lastpass.com/NPLastPass -> d:\Program Files (x86)\LastPass\nplastpass.dll [2014-10-06] (LastPass) FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2014-05-11] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2014-05-11] (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-05-02] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-05-02] (Google Inc.) FF Plugin-x32: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> D:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [2014-02-17] (Tracker Software Products (Canada) Ltd.) FF Plugin HKU\S-1-5-21-1888364831-2858631773-2981139133-1001: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> d:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [2014-02-17] (Tracker Software Products (Canada) Ltd.) FF Plugin HKU\S-1-5-21-1888364831-2858631773-2981139133-1001: @tools.google.com/Google Update;version=3 -> C:\Users\***\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-07] (Google Inc.) FF Plugin HKU\S-1-5-21-1888364831-2858631773-2981139133-1001: @tools.google.com/Google Update;version=9 -> C:\Users\***\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-07] (Google Inc.) FF Plugin HKU\S-1-5-21-1888364831-2858631773-2981139133-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\***\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-12-05] (Unity Technologies ApS) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll [2014-02-17] (Tracker Software Products (Canada) Ltd.) FF Extension: LastPass - C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\xj48727q.default-1427810809798\Extensions\support@lastpass.com [2015-03-31] FF Extension: WOT - C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\xj48727q.default-1427810809798\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2015-03-31] FF Extension: ProxMate - C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\xj48727q.default-1427810809798\Extensions\jid1-QpHD8URtZWJC2A@jetpack.xpi [2015-04-18] FF Extension: NoScript - C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\xj48727q.default-1427810809798\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2015-03-31] FF Extension: Adblock Plus - C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\xj48727q.default-1427810809798\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-03-31] FF Extension: BetterPrivacy - C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\xj48727q.default-1427810809798\Extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi [2015-03-31] FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2015-04-21] Chrome: ======= CHR Profile: C:\Users\***\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Slides) - C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-05-02] CHR Extension: (Google Docs) - C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-05-02] CHR Extension: (Google Drive) - C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-05-02] CHR Extension: (YouTube) - C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-05-02] CHR Extension: (Google Search) - C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-05-02] CHR Extension: (Google Sheets) - C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-05-02] CHR Extension: (Bookmark Manager) - C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-05-02] CHR Extension: (Chrome Hotword Shared Module) - C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-05-02] CHR Extension: (Skype Click to Call) - C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2015-05-02] CHR Extension: (Google Wallet) - C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-05-02] CHR Extension: (Amazon) - C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\ocbnpbkmjpgbdcgiflkgkpnkinifpgpj [2015-05-02] CHR Extension: (Gmail) - C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-05-02] CHR HKLM-x32\...\Chrome\Extension: [fknfdieimobmimhdkfkheeejenmdjhoe] - C:\Program Files (x86)\pandasecuritytb\chrome-newtab-search.crx [Not Found] CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14] CHR HKLM-x32\...\Chrome\Extension: [ocbnpbkmjpgbdcgiflkgkpnkinifpgpj] - C:\Users\***\ChromeExtensions\ocbnpbkmjpgbdcgiflkgkpnkinifpgpj\amazon-icon-2.crx [2015-02-15] Opera: ======= OPR Extension: (Ghostery) - C:\Users\***\AppData\Roaming\Opera Software\Opera Stable\Extensions\bbkekonodcdmedgffkkbgmnnekbainbg [2015-04-30] OPR Extension: (NoFlash) - C:\Users\***\AppData\Roaming\Opera Software\Opera Stable\Extensions\cfkmglogfkpfekddlalobmhdbkjneejb [2015-04-30] OPR Extension: (AdBlock for YouTube™) - C:\Users\***\AppData\Roaming\Opera Software\Opera Stable\Extensions\cgdogbijachehheddakopmfjahhgmmma [2015-04-30] OPR Extension: (360 Internet Protection) - C:\Users\***\AppData\Roaming\Opera Software\Opera Stable\Extensions\cnpeghmjdfdmneiljeibjnemfdkojdhl [2015-04-30] OPR Extension: (Browsec) - C:\Users\***\AppData\Roaming\Opera Software\Opera Stable\Extensions\dknfpcdpbkjijldegonllfnnfhabjpde [2015-04-30] OPR Extension: (WOT) - C:\Users\***\AppData\Roaming\Opera Software\Opera Stable\Extensions\eeokceolphhfjdfcibaiiopmekmcbedp [2015-04-30] OPR Extension: (NoScript Lite) - C:\Users\***\AppData\Roaming\Opera Software\Opera Stable\Extensions\ipiopppcaojnchgoepoemlbdccogeije [2015-04-30] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [322176 2014-11-30] (Windows (R) Win 7 DDK provider) [File not signed] S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-29] (Microsoft Corporation) R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation) R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation) R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2714800 2015-02-10] (Microsoft Corporation) S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed] R2 MBAMScheduler; d:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2015-03-17] (Malwarebytes Corporation) R2 MBAMService; d:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1080120 2015-03-17] (Malwarebytes Corporation) S3 RaMediaServer; C:\Program Files (x86)\Ralink\Common\RaMediaServer.exe [1863680 2012-07-06] (Ralink) [File not signed] R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1229528 2013-12-06] (Secunia) R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [662232 2013-12-06] (Secunia) R2 ss_conn_service; D:\Program Files (x86)\USB Drivers\25_escape\conn\ss_conn_service.exe [743688 2014-10-13] (DEVGURU Co., LTD.) R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-04] (Microsoft Corporation) R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-04] (Microsoft Corporation) S3 SophosVirusRemovalTool; D:\Program Files (x86)\Sophos\Sophos Virus Removal Tool\SVRTservice.exe [X] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S0 amdkmafd; C:\Windows\System32\drivers\amdkmafd.sys [21160 2012-09-23] (Advanced Micro Devices, Inc.) R3 AmUHubftr; C:\Windows\System32\drivers\AmUHubftr.sys [25880 2013-12-20] (Alcor Micro, Corp.) R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [223232 2014-06-21] (Advanced Micro Devices) R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2014-11-30] (Qualcomm Atheros) S3 Bulk1528; C:\Windows\System32\Drivers\Bulk1528.sys [17792 2009-10-20] (SunPlus) S2 Ca1528av; C:\Windows\System32\Drivers\Ca1528av.sys [533760 2008-12-17] (Digital Camera) R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-03-17] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [136408 2015-05-02] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-03-17] (Malwarebytes Corporation) S3 MEMSWEEP2; C:\WINDOWS\system32\15E3.tmp [6144 2009-06-18] (Sophos Plc) [File not signed] R3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2013-12-06] (Secunia) S1 UimBus; C:\Windows\System32\drivers\UimBus.sys [102664 2014-05-19] () S1 Uim_DEVIM; C:\Windows\System32\drivers\uim_devim.sys [25992 2014-05-19] () S1 Uim_IM; C:\Windows\System32\drivers\uim_im.sys [700296 2014-05-19] () R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-04] (Microsoft Corporation) S3 EagleX64; \??\C:\WINDOWS\system32\drivers\EagleX64.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-05-02 11:39 - 2015-05-02 11:39 - 02101248 _____ (Farbar) C:\Users\***\Downloads\FRST64(1).exe 2015-05-02 11:27 - 2015-05-02 11:32 - 00001122 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job 2015-05-02 11:27 - 2015-05-02 11:32 - 00001118 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job 2015-05-02 11:27 - 2015-05-02 11:27 - 00880208 _____ (Google Inc.) C:\Users\***\Downloads\ChromeSetup.exe 2015-05-02 11:27 - 2015-05-02 11:27 - 00004094 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA 2015-05-02 11:27 - 2015-05-02 11:27 - 00003858 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore 2015-05-02 11:27 - 2015-05-02 11:27 - 00002271 _____ () C:\Users\Public\Desktop\Google Chrome.lnk 2015-05-02 11:27 - 2015-05-02 11:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome 2015-05-02 11:17 - 2015-05-02 11:17 - 00001284 _____ () C:\Users\***\Desktop\Revo Uninstaller.lnk 2015-05-02 11:17 - 2015-05-02 11:17 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group 2015-05-02 11:16 - 2015-05-02 11:16 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\***\Downloads\revosetup95.exe 2015-05-02 11:15 - 2015-05-02 11:15 - 00000012 _____ () C:\Users\***\Downloads\eyJpIjoiMTk2RDE0NDVFQS1GOEM3MzU2Mzc1IiwiZSI6MTQzMDUxMzQ1MiwidCI6ImRsIiwiaCI6Ijc4MzY3YWM4ZmJlNzMyYTAzNWQwYTQ4MjhlNzNhNmQ0YjlkMTk2NTkiLCJzIjoxfQ==.htm 2015-05-01 22:07 - 2015-05-01 22:07 - 00097888 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll 2015-05-01 22:06 - 2015-05-01 22:06 - 00562272 _____ (Oracle Corporation) C:\Users\***\Downloads\chromeinstall-8u45.exe 2015-05-01 21:58 - 2015-05-01 21:58 - 00007595 _____ () C:\Users\***\AppData\Local\Resmon.ResmonCfg 2015-04-30 19:35 - 2015-04-30 19:35 - 00000000 ____D () C:\Users\***\AppData\Roaming\Opera Software 2015-04-30 19:35 - 2015-04-30 19:35 - 00000000 ____D () C:\Users\***\AppData\Local\Opera Software 2015-04-30 19:34 - 2015-05-01 13:02 - 00000000 ____D () C:\Program Files (x86)\Opera 2015-04-30 19:34 - 2015-04-30 19:34 - 00003838 _____ () C:\WINDOWS\System32\Tasks\Opera scheduled Autoupdate 1430415296 2015-04-30 19:34 - 2015-04-30 19:34 - 00001151 _____ () C:\Users\Public\Desktop\Opera.lnk 2015-04-30 19:34 - 2015-04-30 19:34 - 00001151 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk 2015-04-30 19:30 - 2015-04-30 19:30 - 00683992 _____ (Opera Software) C:\Users\***\Downloads\Opera_NI_stable.exe 2015-04-29 15:32 - 2015-04-02 00:22 - 02985984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll 2015-04-29 15:32 - 2015-04-02 00:20 - 04417536 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll 2015-04-29 15:32 - 2015-04-01 05:45 - 01491456 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbghelp.dll 2015-04-29 15:32 - 2015-04-01 04:31 - 01207296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbghelp.dll 2015-04-29 15:32 - 2015-03-13 02:29 - 00410017 _____ () C:\WINDOWS\system32\ApnDatabase.xml 2015-04-29 12:30 - 2015-04-29 12:41 - 00051349 _____ () C:\Users\***\Desktop\Result.txt 2015-04-29 12:27 - 2015-04-29 12:27 - 00051388 _____ () C:\Users\***\Downloads\Result.txt 2015-04-29 12:26 - 2015-04-29 12:26 - 00402944 _____ (Farbar) C:\Users\***\Downloads\MiniToolBox.exe 2015-04-28 20:53 - 2015-04-28 20:53 - 00000000 ___RD () C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices 2015-04-27 22:23 - 2015-04-27 22:23 - 00070116 _____ () C:\Users\***\Desktop\tdss-rootkit.odt 2015-04-27 22:09 - 2015-04-27 22:09 - 04197016 _____ (Kaspersky Lab ZAO) C:\Users\***\Downloads\tdsskiller.exe 2015-04-27 21:51 - 2015-04-27 21:51 - 16502728 _____ (Malwarebytes Corp.) C:\Users\***\Downloads\mbar-1.09.1.1004 (1).exe 2015-04-27 20:37 - 2015-04-27 20:37 - 00380416 _____ () C:\Users\***\Downloads\helbumsc.exe 2015-04-27 20:36 - 2015-04-27 20:49 - 00057607 _____ () C:\Users\***\Desktop\FRST.txt 2015-04-27 20:36 - 2015-04-27 20:48 - 00054647 _____ () C:\Users\***\Desktop\Addition.txt 2015-04-27 20:35 - 2015-05-02 11:40 - 00028077 _____ () C:\Users\***\Downloads\FRST.txt 2015-04-27 20:35 - 2015-04-27 20:36 - 00054676 _____ () C:\Users\***\Downloads\Addition.txt 2015-04-27 20:34 - 2015-05-02 11:40 - 00000000 ____D () C:\FRST 2015-04-27 20:34 - 2015-04-27 20:34 - 02100736 _____ (Farbar) C:\Users\***\Downloads\FRST64.exe 2015-04-27 20:34 - 2015-04-27 20:34 - 02100736 _____ (Farbar) C:\Users\***\Downloads\FRST64 (1).exe 2015-04-27 20:33 - 2015-04-27 20:33 - 00050477 _____ () C:\Users\***\Downloads\Defogger.exe 2015-04-27 20:33 - 2015-04-27 20:33 - 00000468 _____ () C:\Users\***\Downloads\defogger_disable.log 2015-04-26 20:17 - 2015-04-26 20:17 - 05008664 _____ (Adobe Systems Inc.) C:\Users\***\Downloads\Shockwave_Installer_Slim.exe 2015-04-26 20:17 - 2015-04-26 20:17 - 00000000 ____D () C:\WINDOWS\SysWOW64\Adobe 2015-04-26 20:12 - 2015-04-26 20:12 - 01124544 _____ (Adobe Systems Incorporated) C:\Users\***\Downloads\flashplayer17_ha_install (1).exe 2015-04-26 18:46 - 2015-03-17 19:26 - 00467776 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS 2015-04-26 18:46 - 2015-03-09 04:02 - 00057856 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthhfenum.sys 2015-04-26 18:46 - 2015-03-04 03:32 - 00172544 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Input.Inking.dll 2015-04-26 18:46 - 2015-03-04 03:12 - 00141824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Input.Inking.dll 2015-04-26 18:45 - 2015-04-03 02:35 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhotoMetadataHandler.dll 2015-04-26 18:45 - 2015-04-03 02:14 - 00364544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PhotoMetadataHandler.dll 2015-04-26 18:45 - 2015-03-14 04:03 - 04179968 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys 2015-04-26 18:45 - 2015-03-13 06:03 - 00239424 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys 2015-04-26 18:45 - 2015-03-13 06:03 - 00154432 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys 2015-04-26 18:45 - 2015-03-13 04:59 - 00430080 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll 2015-04-26 18:45 - 2015-03-13 04:38 - 00358912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll 2015-04-26 18:45 - 2015-03-13 04:02 - 00316416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\udfs.sys 2015-04-26 18:45 - 2015-03-13 03:11 - 02162176 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll 2015-04-26 18:45 - 2015-03-13 02:39 - 01812992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRH.dll 2015-04-26 18:45 - 2015-03-06 05:08 - 02067968 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpdshext.dll 2015-04-26 18:45 - 2015-03-06 04:47 - 01696256 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll 2015-04-26 18:45 - 2015-03-06 04:43 - 01969664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wpdshext.dll 2015-04-26 18:45 - 2015-02-18 01:19 - 00186368 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpapisrv.dll 2015-04-26 18:45 - 2015-02-13 04:22 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll 2015-04-26 18:45 - 2015-02-13 03:46 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll 2015-04-26 18:45 - 2015-01-30 02:53 - 02819584 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers.dll 2015-04-23 18:13 - 2015-04-23 18:13 - 00001484 _____ () C:\Users\Public\Desktop\LibreOffice 4.4.lnk 2015-04-23 18:13 - 2015-04-23 18:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LibreOffice 4.4 2015-04-23 17:50 - 2015-04-23 17:59 - 224325632 _____ () C:\Users\***\Downloads\LibreOffice_4.4.2_Win_x86.msi 2015-04-23 17:45 - 2015-04-26 20:00 - 00000000 ____D () C:\Users\***\Documents\Meike 2015-04-21 19:26 - 2015-04-21 19:27 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2015-04-19 14:23 - 2015-01-06 05:01 - 00072192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndproxy.sys 2015-04-19 14:23 - 2015-01-06 04:59 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wanarp.sys 2015-04-19 14:23 - 2015-01-06 03:12 - 00185856 _____ (Microsoft Corporation) C:\WINDOWS\system32\rascfg.dll 2015-04-19 14:23 - 2015-01-06 03:02 - 00164864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rascfg.dll 2015-04-15 15:46 - 2015-03-23 23:59 - 07476032 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe 2015-04-15 15:46 - 2015-03-23 23:59 - 01733952 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll 2015-04-15 15:46 - 2015-03-23 23:59 - 00360480 _____ (Microsoft Corporation) C:\WINDOWS\system32\sechost.dll 2015-04-15 15:46 - 2015-03-23 23:58 - 01498872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll 2015-04-15 15:46 - 2015-03-23 23:45 - 00257216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sechost.dll 2015-04-15 15:46 - 2015-03-20 06:12 - 00246272 _____ (Microsoft Corporation) C:\WINDOWS\system32\microsoft-windows-system-events.dll 2015-04-15 15:46 - 2015-03-20 06:10 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64.dll 2015-04-15 15:46 - 2015-03-20 06:10 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64cpu.dll 2015-04-15 15:46 - 2015-03-20 05:17 - 00411648 _____ (Microsoft Corporation) C:\WINDOWS\system32\tracerpt.exe 2015-04-15 15:46 - 2015-03-20 04:41 - 00369152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tracerpt.exe 2015-04-15 15:46 - 2015-03-20 04:40 - 00950784 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdh.dll 2015-04-15 15:46 - 2015-03-20 04:16 - 00749568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdh.dll 2015-04-15 15:46 - 2015-03-14 10:54 - 00133256 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe 2015-04-15 15:46 - 2015-03-14 03:56 - 00066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll 2015-04-15 15:46 - 2015-03-14 03:56 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll 2015-04-15 15:46 - 2015-03-14 03:51 - 00015360 _____ (Microsoft Corporation) C:\WINDOWS\system32\wu.upgrade.ps.dll 2015-04-15 15:46 - 2015-03-14 03:37 - 00267264 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinSetupUI.dll 2015-04-15 15:46 - 2015-03-14 03:14 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wups.dll 2015-04-15 15:46 - 2015-03-14 02:22 - 03678720 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll 2015-04-15 15:46 - 2015-03-14 02:12 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll 2015-04-15 15:46 - 2015-03-14 02:12 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe 2015-04-15 15:46 - 2015-03-14 02:09 - 00200192 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll 2015-04-15 15:46 - 2015-03-14 02:08 - 00408064 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll 2015-04-15 15:46 - 2015-03-14 02:08 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll 2015-04-15 15:46 - 2015-03-14 02:06 - 02373632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll 2015-04-15 15:46 - 2015-03-14 02:06 - 00891392 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll 2015-04-15 15:46 - 2015-03-14 02:02 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll 2015-04-15 15:46 - 2015-03-14 02:02 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe 2015-04-15 15:46 - 2015-03-14 01:59 - 00721920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll 2015-04-15 15:46 - 2015-03-14 01:59 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll 2015-04-15 15:46 - 2015-03-13 06:32 - 24980480 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll 2015-04-15 15:46 - 2015-03-13 06:08 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll 2015-04-15 15:46 - 2015-03-13 06:07 - 02886144 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll 2015-04-15 15:46 - 2015-03-13 05:53 - 00816128 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll 2015-04-15 15:46 - 2015-03-13 05:50 - 06025216 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll 2015-04-15 15:46 - 2015-03-13 05:42 - 19695616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll 2015-04-15 15:46 - 2015-03-13 05:28 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll 2015-04-15 15:46 - 2015-03-13 05:26 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll 2015-04-15 15:46 - 2015-03-13 05:22 - 02278400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll 2015-04-15 15:46 - 2015-03-13 05:17 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll 2015-04-15 15:46 - 2015-03-13 05:16 - 00664064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll 2015-04-15 15:46 - 2015-03-13 05:08 - 00720384 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe 2015-04-15 15:46 - 2015-03-13 05:07 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll 2015-04-15 15:46 - 2015-03-13 05:00 - 14397440 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll 2015-04-15 15:46 - 2015-03-13 04:58 - 00259072 _____ (Microsoft Corporation) C:\WINDOWS\system32\pku2u.dll 2015-04-15 15:46 - 2015-03-13 04:50 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll 2015-04-15 15:46 - 2015-03-13 04:49 - 04305408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll 2015-04-15 15:46 - 2015-03-13 04:45 - 02358784 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll 2015-04-15 15:46 - 2015-03-13 04:44 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll 2015-04-15 15:46 - 2015-03-13 04:37 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\pku2u.dll 2015-04-15 15:46 - 2015-03-13 04:34 - 12825600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll 2015-04-15 15:46 - 2015-03-13 04:33 - 01548288 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll 2015-04-15 15:46 - 2015-03-13 04:22 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll 2015-04-15 15:46 - 2015-03-13 04:20 - 01888256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll 2015-04-15 15:46 - 2015-03-13 04:16 - 01311232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll 2015-04-15 15:46 - 2015-03-13 04:14 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll 2015-04-15 15:46 - 2015-03-04 12:25 - 00377152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys 2015-04-15 15:46 - 2015-03-04 05:04 - 00075264 _____ (Microsoft Corporation) C:\WINDOWS\system32\clfsw32.dll 2015-04-15 15:46 - 2015-03-04 04:19 - 00058880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\clfsw32.dll 2015-04-15 15:46 - 2015-02-24 10:32 - 00991552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys 2015-04-08 19:32 - 2015-03-23 00:45 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll 2015-04-08 19:32 - 2015-03-23 00:09 - 01111552 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll 2015-04-08 19:32 - 2015-03-23 00:09 - 00957440 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll 2015-04-08 19:32 - 2015-03-23 00:09 - 00769024 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll 2015-04-08 19:32 - 2015-03-23 00:09 - 00726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll 2015-04-08 19:32 - 2015-03-23 00:09 - 00419328 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll 2015-04-08 19:32 - 2015-03-23 00:09 - 00030720 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll 2015-04-08 19:32 - 2015-02-21 01:49 - 00780800 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsm.dll 2015-04-07 19:31 - 2015-04-07 19:31 - 00000000 ____D () C:\Users\***\AppData\Roaming\WinRAR 2015-04-07 19:31 - 2015-04-07 19:31 - 00000000 ____D () C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR 2015-04-07 19:31 - 2015-04-07 19:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR 2015-04-07 19:31 - 2010-10-17 17:46 - 00000000 ____D () C:\Users\***\Documents\Turbine 2015-04-07 19:31 - 2010-10-12 14:17 - 00000000 ____D () C:\Users\***\Documents\Betsiel 2015-04-07 19:30 - 2015-04-07 19:31 - 00000000 ____D () C:\Program Files\WinRAR 2015-04-07 19:30 - 2015-04-07 19:30 - 02058768 _____ () C:\Users\***\Downloads\winrar-x64-521d.exe 2015-04-07 19:29 - 2015-04-07 19:29 - 00029357 _____ () C:\Users\***\Downloads\FilterBag.rar 2015-04-07 17:52 - 2015-04-07 17:52 - 00000000 ____D () C:\Users\***\AppData\Local\PluginCompendium 2015-04-07 17:49 - 2015-04-11 18:18 - 00003059 _____ () C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Plugin Compendium.lnk 2015-04-07 17:47 - 2015-04-07 17:47 - 01116025 _____ () C:\Users\***\Downloads\PluginCompendiumSetup-1.0.3.0.zip 2015-04-04 19:47 - 2015-04-04 19:47 - 00000000 ____D () C:\Users\***\AppData\Local\Chromium 2015-04-04 19:44 - 2015-04-08 19:53 - 00000000 ____D () C:\Users\***\AppData\Local\The Lord of the Rings Online 2015-04-04 17:05 - 2015-04-04 17:05 - 00281728 _____ () C:\WINDOWS\Minidump\040415-21484-01.dmp 2015-04-04 15:05 - 2015-04-04 15:05 - 00000000 ____D () C:\Users\***\AppData\Local\Akamai 2015-04-04 15:04 - 2015-04-04 18:27 - 00000000 ____D () C:\Users\***\AppData\Local\Turbine 2015-04-04 15:03 - 2015-04-12 14:44 - 00000000 ____D () C:\Users\***\Documents\The Lord of the Rings Online 2015-04-04 15:03 - 2015-04-04 15:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Turbine 2015-04-04 15:02 - 2015-04-04 15:03 - 64386312 _____ (Turbine, Inc. ) C:\Users\***\Downloads\lotrolive.exe 2015-04-02 20:31 - 2015-04-02 20:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games 2015-04-02 19:14 - 2015-04-02 19:14 - 02210270 _____ () C:\Users\***\Downloads\wsusoffline954.zip ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-05-02 11:35 - 2015-03-18 16:12 - 01972486 _____ () C:\WINDOWS\WindowsUpdate.log 2015-05-02 11:32 - 2014-01-20 21:52 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1888364831-2858631773-2981139133-1001 2015-05-02 11:31 - 2015-03-24 19:05 - 00000000 ____D () C:\Users\***\Desktop\Sicherheit 2015-05-02 11:31 - 2015-03-01 11:40 - 00000000 ____D () C:\Users\***\AppData\Roaming\ClassicShell 2015-05-02 11:27 - 2014-01-20 22:19 - 00000000 ____D () C:\Users\***\AppData\Local\Google 2015-05-02 11:27 - 2014-01-20 22:19 - 00000000 ____D () C:\Program Files (x86)\Google 2015-05-02 11:24 - 2014-10-26 16:05 - 00003922 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{687F2EEC-A316-484A-B958-97FEC835D3B2} 2015-05-02 11:20 - 2014-03-16 13:40 - 00001130 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1888364831-2858631773-2981139133-1001UA.job 2015-05-02 11:19 - 2013-11-14 09:26 - 01767420 _____ () C:\WINDOWS\system32\PerfStringBackup.INI 2015-05-02 11:19 - 2013-11-14 09:11 - 00757720 _____ () C:\WINDOWS\system32\perfh007.dat 2015-05-02 11:19 - 2013-11-14 09:11 - 00155508 _____ () C:\WINDOWS\system32\perfc007.dat 2015-05-02 11:15 - 2014-02-20 14:54 - 00000000 ___DO () C:\Users\***\SkyDrive 2015-05-02 11:14 - 2015-03-27 15:36 - 00005467 _____ () C:\WINDOWS\setupact.log 2015-05-02 11:14 - 2015-03-24 18:45 - 00136408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2015-05-02 11:14 - 2013-08-22 16:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT 2015-05-01 22:24 - 2013-08-22 15:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI 2015-05-01 22:07 - 2014-10-16 20:18 - 00000000 ____D () C:\Program Files (x86)\Java 2015-05-01 22:00 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\sru 2015-05-01 21:56 - 2015-01-22 20:52 - 00000884 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job 2015-05-01 20:42 - 2015-02-14 17:51 - 00000000 ____D () C:\Users\***\AppData\Local\CrashDumps 2015-05-01 20:42 - 2014-05-07 19:37 - 00000000 ____D () C:\Users\***\AppData\Roaming\vlc 2015-05-01 20:20 - 2014-03-16 13:40 - 00001078 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1888364831-2858631773-2981139133-1001Core.job 2015-05-01 19:43 - 2014-03-22 16:30 - 00000000 ____D () C:\Users\***\Documents\WISO Mein Geld 2015-05-01 13:08 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\AppReadiness 2015-04-30 17:37 - 2014-12-11 18:06 - 00239104 ___SH () C:\Users\***\Documents\Thumbs.db 2015-04-30 16:45 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\NDF 2015-04-29 15:32 - 2012-07-26 09:59 - 00000000 ____D () C:\WINDOWS\CbsTemp 2015-04-28 21:05 - 2014-02-20 14:49 - 00000000 ____D () C:\Users\*** 2015-04-27 22:23 - 2014-02-24 22:22 - 00368640 ___SH () C:\Users\***\Desktop\Thumbs.db 2015-04-27 22:12 - 2015-03-30 16:32 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable) 2015-04-27 22:06 - 2015-03-24 18:45 - 00107736 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys 2015-04-27 21:07 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\rescache 2015-04-26 20:14 - 2014-10-17 21:33 - 00000000 ____D () C:\Users\***\AppData\Local\Adobe 2015-04-26 20:13 - 2015-01-22 20:52 - 00003772 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater 2015-04-26 18:56 - 2013-08-22 16:44 - 00549272 _____ () C:\WINDOWS\system32\FNTCACHE.DAT 2015-04-26 18:46 - 2013-08-22 17:36 - 00000000 ___RD () C:\WINDOWS\ImmersiveControlPanel 2015-04-26 18:46 - 2013-08-22 15:36 - 00000000 ____D () C:\WINDOWS\system32\AdvancedInstallers 2015-04-25 10:48 - 2015-03-12 15:20 - 00000000 ____D () C:\Users\***\AppData\Roaming\dvdcss 2015-04-23 19:51 - 2014-07-02 17:11 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2015-04-23 18:13 - 2014-03-27 13:46 - 00000000 ____D () C:\Program Files (x86)\LibreOffice 4 2015-04-16 20:43 - 2014-01-20 22:56 - 00000000 ____D () C:\Users\***\AppData\Roaming\Skype 2015-04-15 16:12 - 2014-05-10 14:38 - 00000000 ____D () C:\ProgramData\Microsoft Help 2015-04-15 16:12 - 2014-01-20 22:10 - 00000000 ____D () C:\WINDOWS\system32\MRT 2015-04-15 16:08 - 2014-01-20 22:10 - 128913832 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2015-04-15 16:07 - 2013-08-22 15:25 - 00000167 _____ () C:\WINDOWS\win.ini 2015-04-14 01:24 - 2013-08-22 17:38 - 00792056 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe 2015-04-14 01:24 - 2013-08-22 17:38 - 00178168 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl 2015-04-11 18:18 - 2014-12-03 18:33 - 00000000 ____D () C:\Users\***\Desktop\Spiele 2015-04-09 18:05 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\AppCompat 2015-04-09 17:34 - 2015-03-31 15:40 - 00004532 _____ () C:\WINDOWS\PFRO.log 2015-04-08 20:47 - 2014-04-04 17:44 - 00000000 ____D () C:\Users\***\AppData\Local\Battle.net 2015-04-08 19:32 - 2014-12-10 17:37 - 00000000 ____D () C:\WINDOWS\system32\appraiser 2015-04-08 19:32 - 2014-07-15 16:13 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel 2015-04-08 19:29 - 2014-04-04 16:10 - 00000000 ____D () C:\Program Files (x86)\Battle.net 2015-04-07 16:50 - 2015-02-14 11:57 - 00000000 ____D () C:\Users\***\AppData\Local\HP 2015-04-04 17:05 - 2015-03-27 20:50 - 00000000 ____D () C:\WINDOWS\Minidump 2015-04-04 16:08 - 2015-03-29 19:04 - 00016338 _____ () C:\Users\***\Desktop\Tai Chi Chuan – Yang Stile nach Ip Tai Tak.ods 2015-04-04 15:03 - 2013-08-22 17:36 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories 2015-04-02 21:01 - 2015-02-23 23:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung 2015-04-02 21:01 - 2015-02-15 19:21 - 00000000 ____D () C:\Users\***\AppData\Roaming\Samsung 2015-04-02 21:01 - 2015-02-15 19:21 - 00000000 ____D () C:\Users\***\AppData\Local\Samsung 2015-04-02 21:01 - 2015-02-15 19:09 - 00000000 ____D () C:\ProgramData\Samsung 2015-04-02 20:48 - 2014-09-30 15:56 - 00000000 ____D () C:\Users\***\AppData\Local\Deployment 2015-04-02 20:48 - 2014-09-18 14:43 - 00000000 ____D () C:\Users\***\AppData\Local\Glyph 2015-04-02 20:48 - 2014-09-18 14:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glyph ==================== Files in the root of some directories ======= 2014-01-20 23:03 - 2014-10-06 18:29 - 13024768 _____ (LastPass) C:\Program Files (x86)\Common Files\lpuninstall.exe 2014-10-04 14:43 - 2014-10-04 14:43 - 0001285 _____ () C:\Users\***\AppData\Local\recently-used.xbel 2015-05-01 21:58 - 2015-05-01 21:58 - 0007595 _____ () C:\Users\***\AppData\Local\Resmon.ResmonCfg 2014-02-22 20:41 - 2014-02-22 20:41 - 0210145 _____ () C:\ProgramData\1393094319.bdinstall.bin 2015-03-21 14:06 - 2015-03-21 14:06 - 0037755 _____ () C:\ProgramData\1426939573.bdinstall.bin 2015-03-21 14:06 - 2015-03-21 14:06 - 0098733 _____ () C:\ProgramData\1426939582.bdinstall.bin 2015-02-14 11:57 - 2015-02-14 11:57 - 0000057 _____ () C:\ProgramData\Ament.ini 2015-02-12 19:15 - 2015-02-12 19:15 - 0000000 ____H () C:\ProgramData\DP45977C.lfl 2014-11-06 16:41 - 2014-11-28 14:36 - 0000215 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc Files to move or delete: ==================== C:\Users\***\fbchathistory.dat Some content of TEMP: ==================== C:\Users\***\AppData\Local\Temp\AFWOESQAP.exe C:\Users\***\AppData\Local\Temp\FZYVGIVTUMMXC.exe C:\Users\***\AppData\Local\Temp\HKUXA.exe C:\Users\***\AppData\Local\Temp\KURBHFG.exe C:\Users\***\AppData\Local\Temp\Quarantine.exe C:\Users\***\AppData\Local\Temp\sqlite3.dll C:\Users\***\AppData\Local\Temp\tmp5FCD.exe C:\Users\***\AppData\Local\Temp\unrar.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-05-01 19:48 ==================== End Of Log ============================ --- --- --- --- --- --- --- --- --- --- --- --- Gruß verrant Edith/ Versuche gerade bei LastPass das Passwort zurückzusetzen. Irgendetwas blockiert aber den Link der mir von LastPass geschickt wurde: LoginFailedTryAgain Aber ich kann mich nicht mehr anmelden, da ich das Passwort vergessen habe. Ausserdem benötigt der Rechner nach dem Runterfahren immer noch sehr lange, um sich tatsächlich ab zu schalten. Ich messe das gleich mal und geb die Zeit hier mit an. Gruß verrant Es sind so ca. 60 - 70 sec. von der Monitormeldung: No Signal bis zum tatsächlichen Abschalten des Rechners. Gruß verrant 3.5.15 Und heute springt die WLan-Verbindung raus. Hatte Verbindung und Radio gehört. Kam wieder und die Verbindung war weg. Musste die Verbindung "nicht speichern". Und dann neu aufbauen. Selbst habe ich an den Verbindungseinstellungen nichts geändert. Gruß verrant 3.5.15 - 2: nach schließen von Firefox beim löschen von LSO´s: Bluescreen - Bad_pool_header |
|
03.05.2015, 17:30
| #12 |
| /// the machine /// TB-Ausbilder | Re-Infekt mit Malaha.net und diverse Beobachtungen Unter Ubuntu einfach nur resetten. Is dann das Browserproblem erledigt? Den Rest machen wir eins nach dem Anderen.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
04.05.2015, 13:55
| #13 |
| | Re-Infekt mit Malaha.net und diverse Beobachtungen Hi. Unter Ubuntu Chrome resetet. Gestern hatte ich noch einen unerwünschten Mouse-Over Effekt auf der Site Pinterest.com. Ob Malaha.net jetzt weg ist, bleibt ab zu warten. Kam ja unregelmäßig. Gruß verrant |
|
05.05.2015, 07:40
| #14 |
| /// the machine /// TB-Ausbilder | Re-Infekt mit Malaha.net und diverse Beobachtungen Dann teste mal weiter und berichte 
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
05.05.2015, 18:17
| #15 |
| | Re-Infekt mit Malaha.net und diverse Beobachtungen Sieht so aus, als seien die Chrome-Probleme erledigt. Gruß verrant |
|
| Themen zu Re-Infekt mit Malaha.net und diverse Beobachtungen |
| adobe, adware, akamai, browser, ccsetup, defender, explorer, feedback, firefox, flash player, format, geld, google, helper, homepage, install.exe, mozilla, photoshop, rundll, scan, services.exe, software, svchost.exe, system, tracker, usb, warnung, windows, wiso |
Linear-Darstellung
