| |
| |||||||
Log-Analyse und Auswertung: DHL PDF im Spam Email geöffnetWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
14.05.2015, 09:32
| #1 |
| |  DHL PDF im Spam Email geöffnet Hallo, meine Frau hat leider das DHL SPam Mail geöffnet, meint aber nur die pdf geöffnet zu haben. Wahrscheinlich hat Sie keinen link geöffnet. Zumindest hat Sie keine zip Datei geöffnet oder Weiterleitung gesehen. jetzt bin ich mir nicht sicher, ob mein PC etas abbekommen hat. Jetzt brauche ich Eure Hilfe. Wenn ich weitere Schritte machen soll, sagt mir Bescheid. Gruß Oliver Anbei mein Logfile: Additional scan result of Farbar Recovery Scan Tool (x86) Version: 14-05-2015 Ran by Oliver at 2015-05-14 10:26:07 Running from C:\Users\Oliver\Downloads Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-718057176-2926429940-2907879898-500 - Administrator - Disabled) Gast (S-1-5-21-718057176-2926429940-2907879898-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-718057176-2926429940-2907879898-1004 - Limited - Enabled) Oliver (S-1-5-21-718057176-2926429940-2907879898-1001 - Administrator - Enabled) => C:\Users\Oliver ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: G Data InternetSecurity CBE (Enabled - Up to date) {545C8713-0744-B079-87F8-349A6D5C8CF0} AS: G Data InternetSecurity CBE (Enabled - Up to date) {EF3D66F7-217E-BFF7-BD48-0FE816DBC64D} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} FW: G Data Personal Firewall (Enabled) {6C670636-4D2B-B121-ACA7-9DAF938FCB8B} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Adobe Acrobat Reader DC - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AC0F074E4100}) (Version: 15.007.20033 - Adobe Systems Incorporated) Adobe Flash Player 16 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated) AntiBrowserSpy (HKLM\...\{F78B5B4F-075A-4C81-AA27-E707861EB5B7}_is1) (Version: 157 - Abelssoft) Ashampoo WinOptimizer 2014 v.1.0.0 (HKLM\...\{4209F371-99CD-68CB-1C29-9910F8F9BD96}_is1) (Version: 1.0.0 - Ashampoo GmbH & Co. KG) COMPUTER BILD Account-Alarm (HKLM\...\{7B0F11E4-5EB1-4B31-96F8-BE8BF2A8ED10}) (Version: 1.0.5 - J3S) Free YouTube to MP3 Converter version 3.12.32.327 (HKLM\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.32.327 - DVDVideoSoft Ltd.) G Data InternetSecurity CBE (HKLM\...\{85203592-3610-4FB9-AA11-15B2255B5A12}) (Version: 25.0.1.2 - G Data Software AG) Java 7 Update 71 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F03217071FF}) (Version: 7.0.710 - Oracle) Malwarebytes Anti-Malware Version 2.1.6.1022 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation) Maxtor Manager (HKLM\...\{B8281D46-D846-4BB9-BC84-F1115A7BF820}) (Version: - ) Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30320 - Microsoft Corporation) Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30320 - Microsoft Corporation) Microsoft Office Proof (German) 2007 (HKLM\...\{90120000-001F-0407-0000-0000000FF1CE}) (Version: - ) Microsoft Office Word MUI (German) 2007 (HKLM\...\{90120000-001B-0407-0000-0000000FF1CE}) (Version: - ) Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (HKLM\...\{4DC59BF3-0D72-3CE8-BFEF-1E8FAF689EB0}) (Version: - ) Mozilla Firefox 37.0.2 (x86 de) (HKLM\...\Mozilla Firefox 37.0.2 (x86 de)) (Version: 37.0.2 - Mozilla) Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 37.0.2 - Mozilla) Nur Entfernen der CopyTrans Suite möglich (HKU\S-1-5-21-718057176-2926429940-2907879898-1001\...\CopyTrans Suite) (Version: 2.37 - WindSolutions) Should I Remove It (HKU\S-1-5-21-718057176-2926429940-2907879898-1001\...\Should I Remove It 1.0.4) (Version: 1.0.4 - Reason Software Company Inc.) WinSysClean X5 (HKLM\...\WinSysClean X5) (Version: 15.01 - Ultimate Systems, Inc.) WinSysClean X5 (Version: 15.01 - Ultimate Systems, Inc.) Hidden ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) CustomCLSID: HKU\S-1-5-21-718057176-2926429940-2907879898-1001_Classes\CLSID\{53B5243F-8302-4DAD-BE8F-1D0665E8225E}\InprocServer32 -> C:\Program Files\HP\Common\FWUpdateEDO3.dll (Hewlett-Packard Company) CustomCLSID: HKU\S-1-5-21-718057176-2926429940-2907879898-1001_Classes\CLSID\{AB246BE9-1623-4A84-ABDA-CFF4D4A273CB}\InprocServer32 -> C:\Windows\system32\kernel32.dll (Microsoft Corporation) ==================== Restore Points ========================= 03-05-2015 14:21:18 Windows Update 12-05-2015 06:40:51 Windows Update 13-05-2015 08:42:26 Windows Update 13-05-2015 12:38:50 Windows Update 13-05-2015 22:39:14 Wiederherstellungsvorgang 13-05-2015 23:58:58 Windows Update 14-05-2015 00:22:23 Removed Microsoft Silverlight 14-05-2015 10:11:04 Installed Adobe Acrobat Reader DC - Deutsch. ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-14 04:04 - 2014-12-24 16:49 - 00000901 ____A C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 google-analytics.com 127.0.0.1 www.google-analytics.com ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {0CEDF61B-AA14-4298-9F6A-DA4E57F448DA} - System32\Tasks\One-Click Optimizer => C:\Program Files\Ashampoo\Ashampoo WinOptimizer 2014\WO2014.exe [2013-12-18] (Ashampoo Development GmbH & Co. KG) Task: {1B8E4A6A-6775-4BC9-AEAF-D3DF12D60AB8} - System32\Tasks\Uninstaller_SkipUac_Oliver => C:\Program Files\IObit\IObit Uninstaller\IObitUninstaler.exe Task: {1D67CF39-F5EF-47F8-BA42-C48FAC745C61} - System32\Tasks\{9224D4DE-06A8-4F07-9D99-6E92F960DFAB} => pcalua.exe -a C:\Users\Oliver\Downloads\32bit_Win7_Win8_Win81_R275.exe -d C:\Users\Oliver\Downloads Task: {263C71CE-A879-4A42-A4CA-3B039F393762} - System32\Tasks\{08DA2242-ECA2-4BF7-A60E-C6CEAA6B5B5B} => pcalua.exe -a C:\Users\Oliver\Downloads\AVM_FRITZ!WLAN_Repeater_300E_Assistent.exe -d C:\Users\Oliver\Downloads Task: {270BC545-E5FC-4838-95FE-08C837837FC8} - System32\Tasks\{16FB0CC5-3609-48E8-BDF6-A2ABD7F9547D} => pcalua.exe -a E:\Download\Install_CopyTrans_Suite_4.840.exe -d E:\Download Task: {28328104-037F-41AE-A0EA-19097FEF9C58} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files\Spybot - Search & Destroy 2\SDImmunize.exe Task: {28EF8E8E-8D10-4138-B290-CAC7A81D57E2} - System32\Tasks\Driver Booster Update => C:\Program Files\IObit\Driver Booster\AutoUpdate.exe Task: {386CF091-DFCD-4AF4-AD01-8F29861E93F9} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-15] (Adobe Systems Incorporated) Task: {46435706-E1E0-49A9-A577-EDDA0B290543} - System32\Tasks\Uninstaller_SkipUac_Administrator => C:\Program Files\IObit\IObit Uninstaller\IObitUninstaler.exe Task: {66AE77B3-EE51-46BD-A9BD-C3BB1542C960} - System32\Tasks\{A8E07978-0681-4D81-A920-4D3426312CBC} => pcalua.exe -a C:\Users\Oliver\Downloads\BOM2148h_setup.exe -d C:\Users\Oliver\Downloads Task: {6E2369D5-4824-477F-A849-D42D4B6B9FE0} - System32\Tasks\4806 => Wscript.exe C:\Users\Oliver\AppData\Local\Temp\launchie.vbs //B <==== ATTENTION Task: {6EBC5EAD-78E8-4BCB-9CC2-48F6A69DC424} - System32\Tasks\Norton Internet Security CBE\Norton Error Processor => C:\Program Files\Norton Internet Security CBE\Engine\20.4.0.40\SymErr.exe Task: {706C3242-EDAE-4D39-B851-9EC6E8138AB0} - System32\Tasks\Driver Booster Beta SkipUAC (Oliver) => C:\Program Files\IObit\Driver Booster Beta\DriverBooster.exe Task: {70A49347-E50A-4171-B3B7-096990A91C36} - System32\Tasks\Driver Booster SkipUAC (Oliver) => C:\Program Files\IObit\Driver Booster\DriverBooster.exe Task: {7A3521E2-8AF4-46D2-BC72-A3150FE7E40D} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-03-07] (Adobe Systems Incorporated) Task: {83130278-4E39-483B-9A9E-8DEF5E0AE0DB} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files\Spybot - Search & Destroy 2\SDScan.exe Task: {9E0579C0-6057-463D-9B09-6FE75163A2A5} - System32\Tasks\Escolade => C:\Users\Oliver\AppData\Roaming\iPumper\Updater.exe <==== ATTENTION Task: {9F6D8B7B-2149-406A-8C57-B1FFFD1367C1} - System32\Tasks\Norton Internet Security CBE\Norton Error Analyzer => C:\Program Files\Norton Internet Security CBE\Engine\20.4.0.40\SymErr.exe Task: {B7688F4F-2139-473A-B37E-F0DF13456010} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe Task: {C063BD16-F7C5-4E79-819D-1532A9DC770F} - System32\Tasks\ASC7_PerformanceMonitor => C:\Program Files\IObit\Advanced SystemCare 7\Monitor.exe Task: {CF613440-9B9A-49D1-A5E3-8EF5E11999D3} - System32\Tasks\0 => Iexplore.exe <==== ATTENTION Task: {D9E55B95-9275-4150-9B43-0DC56DE59CDA} - System32\Tasks\SmartDefrag3_Update => C:\Program Files\IObit\Smart Defrag 3\AutoUpdate.exe Task: {DB4AF985-A6D7-4A43-823B-084572815ABA} - System32\Tasks\ASC7_SkipUac_Oliver => C:\Program Files\IObit\Advanced SystemCare 7\ASC.exe Task: {DD9AF356-EF47-4699-980F-613AAB155D66} - System32\Tasks\HPLJCustParticipation => C:\Program Files\HP\HPLJUT\HPLJUTSCH.exe [2010-09-22] (Hewlett Packard) Task: {ED9B752D-4BD5-4626-BE1E-4A573B727E01} - System32\Tasks\Adobe-Online-Aktualisierungsprogramm => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-03-07] (Adobe Systems Incorporated) Task: {FCA1D6AB-D348-495E-B143-F42D2D5D22F4} - System32\Tasks\{D30B4751-2BD0-416C-AED8-E87B74FBB794} => pcalua.exe -a C:\Users\Oliver\Desktop\Install_CopyTrans_Suite.exe -d C:\Users\Oliver\Desktop (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\One-Click Optimizer.job => C:\Program Files\Ashampoo\Ashampoo WinOptimizer 2014\WO2014.exe ==================== Loaded Modules (whitelisted) ============== 2014-01-20 14:17 - 2014-01-20 14:17 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll 2014-01-20 14:16 - 2014-01-20 14:16 - 01044808 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll 2014-07-16 11:05 - 2014-07-16 11:05 - 00710304 _____ () C:\Program Files\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x86.dll 2012-06-18 17:27 - 2012-06-18 17:27 - 00018432 _____ () C:\Users\Oliver\AppData\LocalLow\ColorZillaStats\IE\ColorZillaStatsUpdater.exe 2014-09-09 14:28 - 2014-09-09 14:28 - 00014336 _____ () C:\Program Files\COMPUTER BILD Account-Alarm\BCrypt.Net.dll 2013-12-19 04:42 - 2013-12-19 04:42 - 00287864 ____N () C:\Program Files\Common Files\G Data\AVKProxy\PktIcpt2.dll 2015-02-15 16:10 - 2015-02-15 16:10 - 16852144 _____ () C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll 2013-07-10 18:07 - 2013-07-10 18:07 - 00756888 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSPTLS.DLL ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice => ""="Service" ==================== EXE Association (whitelisted) =============== (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, the associated entry will be removed from the registry.) IE restricted site: HKU\S-1-5-21-718057176-2926429940-2907879898-1001\...\008i.com -> 008i.com IE restricted site: HKU\S-1-5-21-718057176-2926429940-2907879898-1001\...\008k.com -> 008k.com IE restricted site: HKU\S-1-5-21-718057176-2926429940-2907879898-1001\...\00hq.com -> 00hq.com IE restricted site: HKU\S-1-5-21-718057176-2926429940-2907879898-1001\...\0190-dialers.com -> 0190-dialers.com IE restricted site: HKU\S-1-5-21-718057176-2926429940-2907879898-1001\...\01i.info -> 01i.info IE restricted site: HKU\S-1-5-21-718057176-2926429940-2907879898-1001\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com IE restricted site: HKU\S-1-5-21-718057176-2926429940-2907879898-1001\...\05p.com -> 05p.com IE restricted site: HKU\S-1-5-21-718057176-2926429940-2907879898-1001\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com IE restricted site: HKU\S-1-5-21-718057176-2926429940-2907879898-1001\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com IE restricted site: HKU\S-1-5-21-718057176-2926429940-2907879898-1001\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com IE restricted site: HKU\S-1-5-21-718057176-2926429940-2907879898-1001\...\0calories.net -> 0calories.net IE restricted site: HKU\S-1-5-21-718057176-2926429940-2907879898-1001\...\0cj.net -> 0cj.net IE restricted site: HKU\S-1-5-21-718057176-2926429940-2907879898-1001\...\0scan.com -> 0scan.com IE restricted site: HKU\S-1-5-21-718057176-2926429940-2907879898-1001\...\1-domains-registrations.com -> 1-domains-registrations.com IE restricted site: HKU\S-1-5-21-718057176-2926429940-2907879898-1001\...\1-se.com -> 1-se.com There are 4788 more restricted sites. ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-718057176-2926429940-2907879898-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Oliver\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg DNS Servers: 192.168.2.1 ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Biet-O-Matic.lnk => C:\Windows\pss\Biet-O-Matic.lnk.CommonStartup MSCONFIG\startupfolder: C:^Users^Oliver^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma.lnk => C:\Windows\pss\Adobe Gamma.lnk.Startup MSCONFIG\startupfolder: C:^Users^Oliver^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Luffi.lnk => C:\Windows\pss\Luffi.lnk.Startup MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" MSCONFIG\startupreg: Adobe Creative Cloud => "C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" --showwindow=false --onOSstartup=true MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" MSCONFIG\startupreg: ApnUpdater => MSCONFIG\startupreg: APSDaemon => "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" MSCONFIG\startupreg: Browser Infrastructure Helper => MSCONFIG\startupreg: cltmng.exe => MSCONFIG\startupreg: DataMgr => C:\Users\Oliver\AppData\Roaming\DataMgr\datamgr.exe MSCONFIG\startupreg: DriverScanner => MSCONFIG\startupreg: FlashPlayerUpdate => C:\Windows\system32\Macromed\Flash\FlashUtil32_11_4_402_287_Plugin.exe -update plugin MSCONFIG\startupreg: GarminExpressTrayApp => "C:\Program Files\Garmin\Express Tray\ExpressTray.exe" MSCONFIG\startupreg: HP Software Update => C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe MSCONFIG\startupreg: IObit Malware Fighter => "C:\Program Files\IObit\IObit Malware Fighter\IMF.exe" /autostart MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe" MSCONFIG\startupreg: KiesPreload => C:\Program Files\Samsung\Kies\Kies.exe /preload MSCONFIG\startupreg: KiesTrayAgent => C:\Program Files\Samsung\Kies\KiesTrayAgent.exe MSCONFIG\startupreg: mxomssmenu => "C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe" MSCONFIG\startupreg: Optimizer Pro => MSCONFIG\startupreg: Protector => wscript.exe "C:\Users\Oliver\AppData\Roaming\SDIV 2.0\Prot\prot.vbs" check MSCONFIG\startupreg: QTTask.exe => "C:\Program Files\QuickTime\QTTask.exe" -atboottime MSCONFIG\startupreg: ROC_ROC_NT => MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe" MSCONFIG\startupreg: TU => "C:\Users\Oliver\AppData\Roaming\SDIV 2.0\Prot\tu\tu.exe" MSCONFIG\startupreg: vProt => MSCONFIG\startupreg: Yontoo Desktop => "C:\Users\Oliver\AppData\Roaming\Yontoo\YontooDesktop.exe" ==================== FirewallRules (whitelisted) =============== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) FirewallRules: [{C1EC82B1-F378-453F-ABEA-A43C3DCA0BBE}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe FirewallRules: [{1CD4FE37-7738-47E7-AD33-AA4301C7824D}] => (Allow) F:\fsetup.exe FirewallRules: [{F5309D7E-8805-49AD-8D67-8E7A9D6D12F4}] => (Allow) F:\fsetup.exe FirewallRules: [TCP Query User{CC84F6D1-2D58-43B3-BCC9-D52D2F5B37D0}C:\program files\antibrowserspy\antibrowserspy-ie-socialblock.exe] => (Allow) C:\program files\antibrowserspy\antibrowserspy-ie-socialblock.exe FirewallRules: [UDP Query User{3B3CABDA-2DBB-46DA-9946-C29D8DA452E3}C:\program files\antibrowserspy\antibrowserspy-ie-socialblock.exe] => (Allow) C:\program files\antibrowserspy\antibrowserspy-ie-socialblock.exe FirewallRules: [TCP Query User{C321F776-E9F4-4A01-B735-0DA8FD5E4DDE}C:\windows\explorer.exe] => (Allow) C:\windows\explorer.exe FirewallRules: [UDP Query User{28F56D56-1D5F-4147-839E-DC7ECEF5B313}C:\windows\explorer.exe] => (Allow) C:\windows\explorer.exe FirewallRules: [{D61A4A12-3507-480A-BB7B-AB13E85EF1A0}] => (Allow) C:\Program Files\Windows Live\Contacts\wlcomm.exe FirewallRules: [{9E8EC2B0-E8B7-4404-BDD6-43AF09BF51E4}] => (Allow) LPort=2869 FirewallRules: [{F549F5CA-13F4-46ED-A8A7-8E1130CEF264}] => (Allow) LPort=1900 FirewallRules: [{58128F19-7B44-4006-B470-C6EADF353067}] => (Allow) C:\Program Files\Windows Live\Messenger\msnmsgr.exe FirewallRules: [{DF68EB53-FE68-4DF6-BD2A-9AFBC1949A38}] => (Allow) C:\Program Files\iTunes\iTunes.exe FirewallRules: [TCP Query User{CB7BAFD8-FDF6-4E5F-9841-BA95A4F9805A}C:\program files\java\jre7\bin\javaw.exe] => (Allow) C:\program files\java\jre7\bin\javaw.exe FirewallRules: [UDP Query User{8803B4E2-CC03-4100-9323-4445244DFA46}C:\program files\java\jre7\bin\javaw.exe] => (Allow) C:\program files\java\jre7\bin\javaw.exe FirewallRules: [{60847AD6-7016-4104-8745-2EDAE78FD144}] => (Allow) C:\Program Files\DVDVideoSoft\Free Torrent Download\FreeTorrentDownload.exe FirewallRules: [{89C6C598-165F-4B71-B86B-207802CD93F9}] => (Allow) C:\Program Files\DVDVideoSoft\Free Torrent Download\FreeTorrentDownload.exe FirewallRules: [{2542C334-B178-40BE-9A09-52611DC5AB5F}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe FirewallRules: [{72968E69-F61F-40F4-959A-558242577820}] => (Allow) LPort=80 ==================== Faulty Device Manager Devices ============= Name: kl2 Description: kl2 Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: kl2 Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24) Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed. Devices stay in this state if they have been prepared for removal. After you remove the device, this error disappears.Remove the device, and this error should be resolved. ==================== Event log errors: ========================= Application errors: ================== Error: (05/14/2015 10:14:48 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: WinSysClean.exe, Version: 15.0.1.560, Zeitstempel: 0x52cad7bb Name des fehlerhaften Moduls: WinSysClean.exe, Version: 15.0.1.560, Zeitstempel: 0x52cad7bb Ausnahmecode: 0x40000015 Fehleroffset: 0x0021c5a8 ID des fehlerhaften Prozesses: 0x17a8 Startzeit der fehlerhaften Anwendung: 0xWinSysClean.exe0 Pfad der fehlerhaften Anwendung: WinSysClean.exe1 Pfad des fehlerhaften Moduls: WinSysClean.exe2 Berichtskennung: WinSysClean.exe3 Error: (05/14/2015 10:14:31 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: WinSysClean.exe, Version: 15.0.1.560, Zeitstempel: 0x52cad7bb Name des fehlerhaften Moduls: WinSysClean.exe, Version: 15.0.1.560, Zeitstempel: 0x52cad7bb Ausnahmecode: 0xc0000005 Fehleroffset: 0x000a1c7d ID des fehlerhaften Prozesses: 0x1288 Startzeit der fehlerhaften Anwendung: 0xWinSysClean.exe0 Pfad der fehlerhaften Anwendung: WinSysClean.exe1 Pfad des fehlerhaften Moduls: WinSysClean.exe2 Berichtskennung: WinSysClean.exe3 Error: (05/14/2015 10:10:37 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: WinSysClean.exe, Version: 15.0.1.560, Zeitstempel: 0x52cad7bb Name des fehlerhaften Moduls: WinSysClean.exe, Version: 15.0.1.560, Zeitstempel: 0x52cad7bb Ausnahmecode: 0xc0000005 Fehleroffset: 0x000a1c7d ID des fehlerhaften Prozesses: 0x1780 Startzeit der fehlerhaften Anwendung: 0xWinSysClean.exe0 Pfad der fehlerhaften Anwendung: WinSysClean.exe1 Pfad des fehlerhaften Moduls: WinSysClean.exe2 Berichtskennung: WinSysClean.exe3 Error: (05/14/2015 00:09:00 AM) (Source: MsiInstaller) (EventID: 11500) (User: Oliver-PC) Description: Produkt: Adobe Acrobat Reader DC - Deutsch -- Fehler 1500. Im Augenblick wird eine andere Installation ausgeführt. Sie müssen die Installation, die bereits ausgeführt wird, erst abschließen, bevor Sie mit dieser Installation fortfahren können. Error: (05/14/2015 00:08:56 AM) (Source: MsiInstaller) (EventID: 11500) (User: Oliver-PC) Description: Produkt: Adobe Acrobat Reader DC - Deutsch -- Fehler 1500. Im Augenblick wird eine andere Installation ausgeführt. Sie müssen die Installation, die bereits ausgeführt wird, erst abschließen, bevor Sie mit dieser Installation fortfahren können. Error: (05/14/2015 00:08:53 AM) (Source: MsiInstaller) (EventID: 11500) (User: Oliver-PC) Description: Produkt: Adobe Acrobat Reader DC - Deutsch -- Fehler 1500. Im Augenblick wird eine andere Installation ausgeführt. Sie müssen die Installation, die bereits ausgeführt wird, erst abschließen, bevor Sie mit dieser Installation fortfahren können. Error: (05/13/2015 10:37:33 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: EXCEL.EXE, Version: 12.0.6718.5000, Zeitstempel: 0x54e45be7 Name des fehlerhaften Moduls: EXCEL.EXE, Version: 12.0.6718.5000, Zeitstempel: 0x54e45be7 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00013216 ID des fehlerhaften Prozesses: 0x16e8 Startzeit der fehlerhaften Anwendung: 0xEXCEL.EXE0 Pfad der fehlerhaften Anwendung: EXCEL.EXE1 Pfad des fehlerhaften Moduls: EXCEL.EXE2 Berichtskennung: EXCEL.EXE3 Error: (05/13/2015 10:37:12 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: EXCEL.EXE, Version: 12.0.6718.5000, Zeitstempel: 0x54e45be7 Name des fehlerhaften Moduls: EXCEL.EXE, Version: 12.0.6718.5000, Zeitstempel: 0x54e45be7 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00013216 ID des fehlerhaften Prozesses: 0x16e8 Startzeit der fehlerhaften Anwendung: 0xEXCEL.EXE0 Pfad der fehlerhaften Anwendung: EXCEL.EXE1 Pfad des fehlerhaften Moduls: EXCEL.EXE2 Berichtskennung: EXCEL.EXE3 Error: (05/13/2015 09:42:43 PM) (Source: Microsoft Office 12) (EventID: 2000) (User: ) Description: Accepted Safe Mode action : Microsoft Office Excel. Error: (05/13/2015 08:12:08 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: SETUP.EXE_Microsoft Setup Bootstrapper, Version: 12.0.6606.1000, Zeitstempel: 0x4e26b0a2 Name des fehlerhaften Moduls: ole32.dll, Version: 6.1.7601.17514, Zeitstempel: 0x4ce7b96f Ausnahmecode: 0xc0000005 Fehleroffset: 0x0003bc21 ID des fehlerhaften Prozesses: 0x16b0 Startzeit der fehlerhaften Anwendung: 0xSETUP.EXE_Microsoft Setup Bootstrapper0 Pfad der fehlerhaften Anwendung: SETUP.EXE_Microsoft Setup Bootstrapper1 Pfad des fehlerhaften Moduls: SETUP.EXE_Microsoft Setup Bootstrapper2 Berichtskennung: SETUP.EXE_Microsoft Setup Bootstrapper3 System errors: ============= Error: (05/14/2015 10:08:43 AM) (Source: Service Control Manager) (EventID: 7026) (User: ) Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: KL1 kl2 KLIF KLIM6 Error: (05/14/2015 10:08:30 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "Garmin Core Update Service" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 Error: (05/14/2015 10:08:30 AM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Garmin Core Update Service erreicht. Error: (05/14/2015 00:32:19 AM) (Source: Service Control Manager) (EventID: 7026) (User: ) Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: KL1 kl2 KLIF KLIM6 Error: (05/14/2015 00:31:58 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "Garmin Core Update Service" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 Error: (05/14/2015 00:31:58 AM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Garmin Core Update Service erreicht. Error: (05/14/2015 00:14:37 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT) Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80070643 fehlgeschlagen: Windows-Tool zum Entfernen bösartiger Software - Mai 2015 (KB890830) Error: (05/14/2015 00:14:37 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT) Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80246007 fehlgeschlagen: Microsoft Office File Validation Add-in Error: (05/14/2015 00:06:53 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT) Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80080005 fehlgeschlagen: Sicherheitsupdate für Windows 7 (KB3046002) Error: (05/14/2015 00:06:48 AM) (Source: DCOM) (EventID: 10010) (User: ) Description: {752073A1-23F2-4396-85F0-8FDB879ED0ED} Microsoft Office Sessions: ========================= Error: (05/13/2015 10:37:31 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: ) Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6718.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 8922 seconds with 60 seconds of active time. This session ended with a crash. Error: (11/09/2013 06:13:39 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: ) Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 669 seconds with 0 seconds of active time. This session ended with a crash. Error: (11/02/2012 05:59:25 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: ) Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6662.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 1978 seconds with 720 seconds of active time. This session ended with a crash. ==================== Memory info =========================== Processor: AMD Athlon(tm) II X4 620 Processor Percentage of memory in use: 48% Total physical RAM: 3326.3 MB Available physical RAM: 1705.2 MB Total Pagefile: 6650.91 MB Available Pagefile: 4391.79 MB Total Virtual: 2047.88 MB Available Virtual: 1905.43 MB ==================== Drives ================================ Drive c: (Boot) (Fixed) (Total:712.27 GB) (Free:452.44 GB) NTFS Drive d: (Recover) (Fixed) (Total:13.7 GB) (Free:4.85 GB) NTFS Drive e: (Förster - Persönliches Laufwerk) (Fixed) (Total:205.44 GB) (Free:73.08 GB) NTFS Drive f: (COMPANY_MEN) (CDROM) (Total:6.79 GB) (Free:0 GB) UDF Drive h: (Externes Laufwerk) (Fixed) (Total:698.64 GB) (Free:70.75 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 2BD2C32A) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=712.3 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=13.7 GB) - (Type=07 NTFS) Partition 4: (Not Active) - (Size=205.4 GB) - (Type=07 NTFS) ======================================================== Disk: 4 (Size: 698.6 GB) (Disk ID: AC9CA11D) Partition 1: (Active) - (Size=698.6 GB) - (Type=07 NTFS) ==================== End Of Log ============================ |
|
14.05.2015, 09:49
| #2 |
| /// the machine /// TB-Ausbilder    | DHL PDF im Spam Email geöffnet hi,
__________________ So funktioniert es:Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
FRST.txt fehlt noch. Downloade dir bitte  Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ |
|
14.05.2015, 09:58
| #3 |
| | DHL PDF im Spam Email geöffnetCode:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version: 14-05-2015
Ran by Oliver at 2015-05-14 10:53:45
Running from C:\Users\Oliver\Downloads
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-718057176-2926429940-2907879898-500 - Administrator - Disabled)
Gast (S-1-5-21-718057176-2926429940-2907879898-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-718057176-2926429940-2907879898-1004 - Limited - Enabled)
Oliver (S-1-5-21-718057176-2926429940-2907879898-1001 - Administrator - Enabled) => C:\Users\Oliver
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: G Data InternetSecurity CBE (Enabled - Up to date) {545C8713-0744-B079-87F8-349A6D5C8CF0}
AS: G Data InternetSecurity CBE (Enabled - Up to date) {EF3D66F7-217E-BFF7-BD48-0FE816DBC64D}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: G Data Personal Firewall (Enabled) {6C670636-4D2B-B121-ACA7-9DAF938FCB8B}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Acrobat Reader DC - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AC0F074E4100}) (Version: 15.007.20033 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
AntiBrowserSpy (HKLM\...\{F78B5B4F-075A-4C81-AA27-E707861EB5B7}_is1) (Version: 157 - Abelssoft)
Ashampoo WinOptimizer 2014 v.1.0.0 (HKLM\...\{4209F371-99CD-68CB-1C29-9910F8F9BD96}_is1) (Version: 1.0.0 - Ashampoo GmbH & Co. KG)
COMPUTER BILD Account-Alarm (HKLM\...\{7B0F11E4-5EB1-4B31-96F8-BE8BF2A8ED10}) (Version: 1.0.5 - J3S)
Free YouTube to MP3 Converter version 3.12.32.327 (HKLM\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.32.327 - DVDVideoSoft Ltd.)
G Data InternetSecurity CBE (HKLM\...\{85203592-3610-4FB9-AA11-15B2255B5A12}) (Version: 25.0.1.2 - G Data Software AG)
Java 7 Update 71 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F03217071FF}) (Version: 7.0.710 - Oracle)
Malwarebytes Anti-Malware Version 2.1.6.1022 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
Maxtor Manager (HKLM\...\{B8281D46-D846-4BB9-BC84-F1115A7BF820}) (Version: - )
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30320 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30320 - Microsoft Corporation)
Microsoft Office Proof (German) 2007 (HKLM\...\{90120000-001F-0407-0000-0000000FF1CE}) (Version: - )
Microsoft Office Word MUI (German) 2007 (HKLM\...\{90120000-001B-0407-0000-0000000FF1CE}) (Version: - )
Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (HKLM\...\{4DC59BF3-0D72-3CE8-BFEF-1E8FAF689EB0}) (Version: - )
Mozilla Firefox 37.0.2 (x86 de) (HKLM\...\Mozilla Firefox 37.0.2 (x86 de)) (Version: 37.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 37.0.2 - Mozilla)
Nur Entfernen der CopyTrans Suite möglich (HKU\S-1-5-21-718057176-2926429940-2907879898-1001\...\CopyTrans Suite) (Version: 2.37 - WindSolutions)
Revo Uninstaller 1.95 (HKLM\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Should I Remove It (HKU\S-1-5-21-718057176-2926429940-2907879898-1001\...\Should I Remove It 1.0.4) (Version: 1.0.4 - Reason Software Company Inc.)
WinSysClean X5 (HKLM\...\WinSysClean X5) (Version: 15.01 - Ultimate Systems, Inc.)
WinSysClean X5 (Version: 15.01 - Ultimate Systems, Inc.) Hidden
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-718057176-2926429940-2907879898-1001_Classes\CLSID\{53B5243F-8302-4DAD-BE8F-1D0665E8225E}\InprocServer32 -> C:\Program Files\HP\Common\FWUpdateEDO3.dll (Hewlett-Packard Company)
CustomCLSID: HKU\S-1-5-21-718057176-2926429940-2907879898-1001_Classes\CLSID\{AB246BE9-1623-4A84-ABDA-CFF4D4A273CB}\InprocServer32 -> C:\Windows\system32\kernel32.dll (Microsoft Corporation)
==================== Restore Points =========================
03-05-2015 14:21:18 Windows Update
12-05-2015 06:40:51 Windows Update
13-05-2015 08:42:26 Windows Update
13-05-2015 12:38:50 Windows Update
13-05-2015 22:39:14 Wiederherstellungsvorgang
13-05-2015 23:58:58 Windows Update
14-05-2015 00:22:23 Removed Microsoft Silverlight
14-05-2015 10:11:04 Installed Adobe Acrobat Reader DC - Deutsch.
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 04:04 - 2014-12-24 16:49 - 00000901 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 google-analytics.com
127.0.0.1 www.google-analytics.com
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {0CEDF61B-AA14-4298-9F6A-DA4E57F448DA} - System32\Tasks\One-Click Optimizer => C:\Program Files\Ashampoo\Ashampoo WinOptimizer 2014\WO2014.exe [2013-12-18] (Ashampoo Development GmbH & Co. KG)
Task: {1B8E4A6A-6775-4BC9-AEAF-D3DF12D60AB8} - System32\Tasks\Uninstaller_SkipUac_Oliver => C:\Program Files\IObit\IObit Uninstaller\IObitUninstaler.exe
Task: {1D67CF39-F5EF-47F8-BA42-C48FAC745C61} - System32\Tasks\{9224D4DE-06A8-4F07-9D99-6E92F960DFAB} => pcalua.exe -a C:\Users\Oliver\Downloads\32bit_Win7_Win8_Win81_R275.exe -d C:\Users\Oliver\Downloads
Task: {263C71CE-A879-4A42-A4CA-3B039F393762} - System32\Tasks\{08DA2242-ECA2-4BF7-A60E-C6CEAA6B5B5B} => pcalua.exe -a C:\Users\Oliver\Downloads\AVM_FRITZ!WLAN_Repeater_300E_Assistent.exe -d C:\Users\Oliver\Downloads
Task: {270BC545-E5FC-4838-95FE-08C837837FC8} - System32\Tasks\{16FB0CC5-3609-48E8-BDF6-A2ABD7F9547D} => pcalua.exe -a E:\Download\Install_CopyTrans_Suite_4.840.exe -d E:\Download
Task: {28328104-037F-41AE-A0EA-19097FEF9C58} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files\Spybot - Search & Destroy 2\SDImmunize.exe
Task: {28EF8E8E-8D10-4138-B290-CAC7A81D57E2} - System32\Tasks\Driver Booster Update => C:\Program Files\IObit\Driver Booster\AutoUpdate.exe
Task: {386CF091-DFCD-4AF4-AD01-8F29861E93F9} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-15] (Adobe Systems Incorporated)
Task: {46435706-E1E0-49A9-A577-EDDA0B290543} - System32\Tasks\Uninstaller_SkipUac_Administrator => C:\Program Files\IObit\IObit Uninstaller\IObitUninstaler.exe
Task: {66AE77B3-EE51-46BD-A9BD-C3BB1542C960} - System32\Tasks\{A8E07978-0681-4D81-A920-4D3426312CBC} => pcalua.exe -a C:\Users\Oliver\Downloads\BOM2148h_setup.exe -d C:\Users\Oliver\Downloads
Task: {6E2369D5-4824-477F-A849-D42D4B6B9FE0} - System32\Tasks\4806 => Wscript.exe C:\Users\Oliver\AppData\Local\Temp\launchie.vbs //B <==== ATTENTION
Task: {6EBC5EAD-78E8-4BCB-9CC2-48F6A69DC424} - System32\Tasks\Norton Internet Security CBE\Norton Error Processor => C:\Program Files\Norton Internet Security CBE\Engine\20.4.0.40\SymErr.exe
Task: {706C3242-EDAE-4D39-B851-9EC6E8138AB0} - System32\Tasks\Driver Booster Beta SkipUAC (Oliver) => C:\Program Files\IObit\Driver Booster Beta\DriverBooster.exe
Task: {70A49347-E50A-4171-B3B7-096990A91C36} - System32\Tasks\Driver Booster SkipUAC (Oliver) => C:\Program Files\IObit\Driver Booster\DriverBooster.exe
Task: {7A3521E2-8AF4-46D2-BC72-A3150FE7E40D} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-03-07] (Adobe Systems Incorporated)
Task: {83130278-4E39-483B-9A9E-8DEF5E0AE0DB} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files\Spybot - Search & Destroy 2\SDScan.exe
Task: {9E0579C0-6057-463D-9B09-6FE75163A2A5} - System32\Tasks\Escolade => C:\Users\Oliver\AppData\Roaming\iPumper\Updater.exe <==== ATTENTION
Task: {9F6D8B7B-2149-406A-8C57-B1FFFD1367C1} - System32\Tasks\Norton Internet Security CBE\Norton Error Analyzer => C:\Program Files\Norton Internet Security CBE\Engine\20.4.0.40\SymErr.exe
Task: {B7688F4F-2139-473A-B37E-F0DF13456010} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe
Task: {C063BD16-F7C5-4E79-819D-1532A9DC770F} - System32\Tasks\ASC7_PerformanceMonitor => C:\Program Files\IObit\Advanced SystemCare 7\Monitor.exe
Task: {CF613440-9B9A-49D1-A5E3-8EF5E11999D3} - System32\Tasks\0 => Iexplore.exe <==== ATTENTION
Task: {D9E55B95-9275-4150-9B43-0DC56DE59CDA} - System32\Tasks\SmartDefrag3_Update => C:\Program Files\IObit\Smart Defrag 3\AutoUpdate.exe
Task: {DB4AF985-A6D7-4A43-823B-084572815ABA} - System32\Tasks\ASC7_SkipUac_Oliver => C:\Program Files\IObit\Advanced SystemCare 7\ASC.exe
Task: {DD9AF356-EF47-4699-980F-613AAB155D66} - System32\Tasks\HPLJCustParticipation => C:\Program Files\HP\HPLJUT\HPLJUTSCH.exe [2010-09-22] (Hewlett Packard)
Task: {ED9B752D-4BD5-4626-BE1E-4A573B727E01} - System32\Tasks\Adobe-Online-Aktualisierungsprogramm => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-03-07] (Adobe Systems Incorporated)
Task: {FCA1D6AB-D348-495E-B143-F42D2D5D22F4} - System32\Tasks\{D30B4751-2BD0-416C-AED8-E87B74FBB794} => pcalua.exe -a C:\Users\Oliver\Desktop\Install_CopyTrans_Suite.exe -d C:\Users\Oliver\Desktop
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\One-Click Optimizer.job => C:\Program Files\Ashampoo\Ashampoo WinOptimizer 2014\WO2014.exe
==================== Loaded Modules (whitelisted) ==============
2014-01-20 14:17 - 2014-01-20 14:17 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2014-01-20 14:16 - 2014-01-20 14:16 - 01044808 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2014-07-16 11:05 - 2014-07-16 11:05 - 00710304 _____ () C:\Program Files\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x86.dll
2012-06-18 17:27 - 2012-06-18 17:27 - 00018432 _____ () C:\Users\Oliver\AppData\LocalLow\ColorZillaStats\IE\ColorZillaStatsUpdater.exe
2014-09-09 14:28 - 2014-09-09 14:28 - 00014336 _____ () C:\Program Files\COMPUTER BILD Account-Alarm\BCrypt.Net.dll
2013-12-19 04:42 - 2013-12-19 04:42 - 00287864 ____N () C:\Program Files\Common Files\G Data\AVKProxy\PktIcpt2.dll
2015-02-15 16:10 - 2015-02-15 16:10 - 16852144 _____ () C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice => ""="Service"
==================== EXE Association (whitelisted) ===============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, the associated entry will be removed from the registry.)
IE restricted site: HKU\S-1-5-21-718057176-2926429940-2907879898-1001\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-718057176-2926429940-2907879898-1001\...\008k.com -> 008k.com
IE restricted site: HKU\S-1-5-21-718057176-2926429940-2907879898-1001\...\00hq.com -> 00hq.com
IE restricted site: HKU\S-1-5-21-718057176-2926429940-2907879898-1001\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-718057176-2926429940-2907879898-1001\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-718057176-2926429940-2907879898-1001\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-718057176-2926429940-2907879898-1001\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-718057176-2926429940-2907879898-1001\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-718057176-2926429940-2907879898-1001\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-718057176-2926429940-2907879898-1001\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-718057176-2926429940-2907879898-1001\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-718057176-2926429940-2907879898-1001\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-718057176-2926429940-2907879898-1001\...\0scan.com -> 0scan.com
IE restricted site: HKU\S-1-5-21-718057176-2926429940-2907879898-1001\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-718057176-2926429940-2907879898-1001\...\1-domains-registrations.com -> 1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-718057176-2926429940-2907879898-1001\...\1-se.com -> 1-se.com
IE restricted site: HKU\S-1-5-21-718057176-2926429940-2907879898-1001\...\1001movie.com -> 1001movie.com
IE restricted site: HKU\S-1-5-21-718057176-2926429940-2907879898-1001\...\1001night.biz -> 1001night.biz
IE restricted site: HKU\S-1-5-21-718057176-2926429940-2907879898-1001\...\100gal.net -> 100gal.net
IE restricted site: HKU\S-1-5-21-718057176-2926429940-2907879898-1001\...\100sexlinks.com -> 100sexlinks.com
There are 4788 more restricted sites.
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-718057176-2926429940-2907879898-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Oliver\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.2.1
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Biet-O-Matic.lnk => C:\Windows\pss\Biet-O-Matic.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Oliver^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma.lnk => C:\Windows\pss\Adobe Gamma.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Oliver^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Luffi.lnk => C:\Windows\pss\Luffi.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Creative Cloud => "C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" --showwindow=false --onOSstartup=true
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: ApnUpdater =>
MSCONFIG\startupreg: APSDaemon => "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: Browser Infrastructure Helper =>
MSCONFIG\startupreg: cltmng.exe =>
MSCONFIG\startupreg: DataMgr => C:\Users\Oliver\AppData\Roaming\DataMgr\datamgr.exe
MSCONFIG\startupreg: DriverScanner =>
MSCONFIG\startupreg: FlashPlayerUpdate => C:\Windows\system32\Macromed\Flash\FlashUtil32_11_4_402_287_Plugin.exe -update plugin
MSCONFIG\startupreg: GarminExpressTrayApp => "C:\Program Files\Garmin\Express Tray\ExpressTray.exe"
MSCONFIG\startupreg: HP Software Update => C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: IObit Malware Fighter => "C:\Program Files\IObit\IObit Malware Fighter\IMF.exe" /autostart
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: KiesPreload => C:\Program Files\Samsung\Kies\Kies.exe /preload
MSCONFIG\startupreg: KiesTrayAgent => C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
MSCONFIG\startupreg: mxomssmenu => "C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe"
MSCONFIG\startupreg: Optimizer Pro =>
MSCONFIG\startupreg: Protector => wscript.exe "C:\Users\Oliver\AppData\Roaming\SDIV 2.0\Prot\prot.vbs" check
MSCONFIG\startupreg: QTTask.exe => "C:\Program Files\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: ROC_ROC_NT =>
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: TU => "C:\Users\Oliver\AppData\Roaming\SDIV 2.0\Prot\tu\tu.exe"
MSCONFIG\startupreg: vProt =>
MSCONFIG\startupreg: Yontoo Desktop => "C:\Users\Oliver\AppData\Roaming\Yontoo\YontooDesktop.exe"
==================== FirewallRules (whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
FirewallRules: [{C1EC82B1-F378-453F-ABEA-A43C3DCA0BBE}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [{1CD4FE37-7738-47E7-AD33-AA4301C7824D}] => (Allow) F:\fsetup.exe
FirewallRules: [{F5309D7E-8805-49AD-8D67-8E7A9D6D12F4}] => (Allow) F:\fsetup.exe
FirewallRules: [TCP Query User{CC84F6D1-2D58-43B3-BCC9-D52D2F5B37D0}C:\program files\antibrowserspy\antibrowserspy-ie-socialblock.exe] => (Allow) C:\program files\antibrowserspy\antibrowserspy-ie-socialblock.exe
FirewallRules: [UDP Query User{3B3CABDA-2DBB-46DA-9946-C29D8DA452E3}C:\program files\antibrowserspy\antibrowserspy-ie-socialblock.exe] => (Allow) C:\program files\antibrowserspy\antibrowserspy-ie-socialblock.exe
FirewallRules: [TCP Query User{C321F776-E9F4-4A01-B735-0DA8FD5E4DDE}C:\windows\explorer.exe] => (Allow) C:\windows\explorer.exe
FirewallRules: [UDP Query User{28F56D56-1D5F-4147-839E-DC7ECEF5B313}C:\windows\explorer.exe] => (Allow) C:\windows\explorer.exe
FirewallRules: [{D61A4A12-3507-480A-BB7B-AB13E85EF1A0}] => (Allow) C:\Program Files\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{9E8EC2B0-E8B7-4404-BDD6-43AF09BF51E4}] => (Allow) LPort=2869
FirewallRules: [{F549F5CA-13F4-46ED-A8A7-8E1130CEF264}] => (Allow) LPort=1900
FirewallRules: [{58128F19-7B44-4006-B470-C6EADF353067}] => (Allow) C:\Program Files\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{DF68EB53-FE68-4DF6-BD2A-9AFBC1949A38}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [TCP Query User{CB7BAFD8-FDF6-4E5F-9841-BA95A4F9805A}C:\program files\java\jre7\bin\javaw.exe] => (Allow) C:\program files\java\jre7\bin\javaw.exe
FirewallRules: [UDP Query User{8803B4E2-CC03-4100-9323-4445244DFA46}C:\program files\java\jre7\bin\javaw.exe] => (Allow) C:\program files\java\jre7\bin\javaw.exe
FirewallRules: [{60847AD6-7016-4104-8745-2EDAE78FD144}] => (Allow) C:\Program Files\DVDVideoSoft\Free Torrent Download\FreeTorrentDownload.exe
FirewallRules: [{89C6C598-165F-4B71-B86B-207802CD93F9}] => (Allow) C:\Program Files\DVDVideoSoft\Free Torrent Download\FreeTorrentDownload.exe
FirewallRules: [{2542C334-B178-40BE-9A09-52611DC5AB5F}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{72968E69-F61F-40F4-959A-558242577820}] => (Allow) LPort=80
==================== Faulty Device Manager Devices =============
Name: kl2
Description: kl2
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: kl2
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
==================== Event log errors: =========================
Application errors:
==================
Error: (05/14/2015 10:45:52 AM) (Source: Adobe Reader) (EventID: 16) (User: )
Description:
Error: (05/14/2015 10:14:48 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: WinSysClean.exe, Version: 15.0.1.560, Zeitstempel: 0x52cad7bb
Name des fehlerhaften Moduls: WinSysClean.exe, Version: 15.0.1.560, Zeitstempel: 0x52cad7bb
Ausnahmecode: 0x40000015
Fehleroffset: 0x0021c5a8
ID des fehlerhaften Prozesses: 0x17a8
Startzeit der fehlerhaften Anwendung: 0xWinSysClean.exe0
Pfad der fehlerhaften Anwendung: WinSysClean.exe1
Pfad des fehlerhaften Moduls: WinSysClean.exe2
Berichtskennung: WinSysClean.exe3
Error: (05/14/2015 10:14:31 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: WinSysClean.exe, Version: 15.0.1.560, Zeitstempel: 0x52cad7bb
Name des fehlerhaften Moduls: WinSysClean.exe, Version: 15.0.1.560, Zeitstempel: 0x52cad7bb
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000a1c7d
ID des fehlerhaften Prozesses: 0x1288
Startzeit der fehlerhaften Anwendung: 0xWinSysClean.exe0
Pfad der fehlerhaften Anwendung: WinSysClean.exe1
Pfad des fehlerhaften Moduls: WinSysClean.exe2
Berichtskennung: WinSysClean.exe3
Error: (05/14/2015 10:10:37 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: WinSysClean.exe, Version: 15.0.1.560, Zeitstempel: 0x52cad7bb
Name des fehlerhaften Moduls: WinSysClean.exe, Version: 15.0.1.560, Zeitstempel: 0x52cad7bb
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000a1c7d
ID des fehlerhaften Prozesses: 0x1780
Startzeit der fehlerhaften Anwendung: 0xWinSysClean.exe0
Pfad der fehlerhaften Anwendung: WinSysClean.exe1
Pfad des fehlerhaften Moduls: WinSysClean.exe2
Berichtskennung: WinSysClean.exe3
Error: (05/14/2015 00:09:00 AM) (Source: MsiInstaller) (EventID: 11500) (User: Oliver-PC)
Description: Produkt: Adobe Acrobat Reader DC - Deutsch -- Fehler 1500. Im Augenblick wird eine andere Installation ausgeführt. Sie müssen die Installation, die bereits ausgeführt wird, erst abschließen, bevor Sie mit dieser Installation fortfahren können.
Error: (05/14/2015 00:08:56 AM) (Source: MsiInstaller) (EventID: 11500) (User: Oliver-PC)
Description: Produkt: Adobe Acrobat Reader DC - Deutsch -- Fehler 1500. Im Augenblick wird eine andere Installation ausgeführt. Sie müssen die Installation, die bereits ausgeführt wird, erst abschließen, bevor Sie mit dieser Installation fortfahren können.
Error: (05/14/2015 00:08:53 AM) (Source: MsiInstaller) (EventID: 11500) (User: Oliver-PC)
Description: Produkt: Adobe Acrobat Reader DC - Deutsch -- Fehler 1500. Im Augenblick wird eine andere Installation ausgeführt. Sie müssen die Installation, die bereits ausgeführt wird, erst abschließen, bevor Sie mit dieser Installation fortfahren können.
Error: (05/13/2015 10:37:33 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: EXCEL.EXE, Version: 12.0.6718.5000, Zeitstempel: 0x54e45be7
Name des fehlerhaften Moduls: EXCEL.EXE, Version: 12.0.6718.5000, Zeitstempel: 0x54e45be7
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00013216
ID des fehlerhaften Prozesses: 0x16e8
Startzeit der fehlerhaften Anwendung: 0xEXCEL.EXE0
Pfad der fehlerhaften Anwendung: EXCEL.EXE1
Pfad des fehlerhaften Moduls: EXCEL.EXE2
Berichtskennung: EXCEL.EXE3
Error: (05/13/2015 10:37:12 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: EXCEL.EXE, Version: 12.0.6718.5000, Zeitstempel: 0x54e45be7
Name des fehlerhaften Moduls: EXCEL.EXE, Version: 12.0.6718.5000, Zeitstempel: 0x54e45be7
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00013216
ID des fehlerhaften Prozesses: 0x16e8
Startzeit der fehlerhaften Anwendung: 0xEXCEL.EXE0
Pfad der fehlerhaften Anwendung: EXCEL.EXE1
Pfad des fehlerhaften Moduls: EXCEL.EXE2
Berichtskennung: EXCEL.EXE3
Error: (05/13/2015 09:42:43 PM) (Source: Microsoft Office 12) (EventID: 2000) (User: )
Description: Accepted Safe Mode action : Microsoft Office Excel.
System errors:
=============
Error: (05/14/2015 10:08:43 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
KL1
kl2
KLIF
KLIM6
Error: (05/14/2015 10:08:30 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Garmin Core Update Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error: (05/14/2015 10:08:30 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Garmin Core Update Service erreicht.
Error: (05/14/2015 00:32:19 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
KL1
kl2
KLIF
KLIM6
Error: (05/14/2015 00:31:58 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Garmin Core Update Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error: (05/14/2015 00:31:58 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Garmin Core Update Service erreicht.
Error: (05/14/2015 00:14:37 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80070643 fehlgeschlagen: Windows-Tool zum Entfernen bösartiger Software - Mai 2015 (KB890830)
Error: (05/14/2015 00:14:37 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80246007 fehlgeschlagen: Microsoft Office File Validation Add-in
Error: (05/14/2015 00:06:53 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80080005 fehlgeschlagen: Sicherheitsupdate für Windows 7 (KB3046002)
Error: (05/14/2015 00:06:48 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {752073A1-23F2-4396-85F0-8FDB879ED0ED}
Microsoft Office Sessions:
=========================
Error: (05/13/2015 10:37:31 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6718.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 8922 seconds with 60 seconds of active time. This session ended with a crash.
Error: (11/09/2013 06:13:39 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 669 seconds with 0 seconds of active time. This session ended with a crash.
Error: (11/02/2012 05:59:25 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6662.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 1978 seconds with 720 seconds of active time. This session ended with a crash.
==================== Memory info ===========================
Processor: AMD Athlon(tm) II X4 620 Processor
Percentage of memory in use: 48%
Total physical RAM: 3326.3 MB
Available physical RAM: 1718.57 MB
Total Pagefile: 6650.91 MB
Available Pagefile: 4439.39 MB
Total Virtual: 2047.88 MB
Available Virtual: 1916.77 MB
==================== Drives ================================
Drive c: (Boot) (Fixed) (Total:712.27 GB) (Free:452.64 GB) NTFS
Drive d: (Recover) (Fixed) (Total:13.7 GB) (Free:4.85 GB) NTFS
Drive e: (Förster - Persönliches Laufwerk) (Fixed) (Total:205.44 GB) (Free:73.08 GB) NTFS
Drive f: (COMPANY_MEN) (CDROM) (Total:6.79 GB) (Free:0 GB) UDF
Drive h: (Externes Laufwerk) (Fixed) (Total:698.64 GB) (Free:70.75 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 2BD2C32A)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=712.3 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=13.7 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=205.4 GB) - (Type=07 NTFS)
========================================================
Disk: 4 (Size: 698.6 GB) (Disk ID: AC9CA11D)
Partition 1: (Active) - (Size=698.6 GB) - (Type=07 NTFS)
==================== End Of Log ============================
Der FRST.txt editor öffnet sich ist aber leer.
Was soll ich tun?
Gruß
Oliver
|
|
14.05.2015, 20:49
| #4 |
| /// the machine /// TB-Ausbilder | DHL PDF im Spam Email geöffnet FRST nochmal laufen lassen. Und dann noch wie oben beschrieben TDSSKiller laufen lassen 
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
15.05.2015, 09:25
| #5 |
| | FRST log FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 14-05-2015
Ran by Oliver (administrator) on OLIVER-PC on 15-05-2015 10:14:23
Running from C:\Users\Oliver\Downloads
Loaded Profiles: Oliver (Available profiles: Oliver)
Platform: Microsoft Windows 7 Home Premium Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(G Data Software AG) C:\Program Files\Common Files\G Data\GDScan\GDScan.exe
(G Data Software AG) C:\Program Files\G Data\InternetSecurity\AVK\AVKWCtl.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(G Data Software AG) C:\Program Files\G Data\InternetSecurity\AVKTray\AVKTray.exe
(G Data Software AG) C:\Program Files\Common Files\G Data\AVKProxy\AVKProxy.exe
(G Data Software AG) C:\Program Files\G Data\InternetSecurity\AVK\AVKService.exe
() C:\Users\Oliver\AppData\LocalLow\ColorZillaStats\IE\ColorZillaStatsUpdater.exe
(J3S GmbH) C:\Program Files\COMPUTER BILD Account-Alarm\COMPUTER BILD Account-Alarm.exe
(OptionNV) C:\Program Files\Option\Option WWAN Driver 5.0.32.0 Installer\GtDetectSc.exe
(Hewlett-Packard Company) C:\Program Files\HP\HPBDSService\HPBDSService.exe
(Seagate Technology LLC) C:\Program Files\Maxtor\Sync\SyncServices.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(G Data Software AG) C:\Program Files\G Data\InternetSecurity\Firewall\GDFwSvc.exe
(MAGIX AG) C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Kaspersky Lab ZAO) C:\Users\Oliver\Downloads\tdsskiller.exe
(Microsoft Corporation) C:\Windows\System32\prevhost.exe
(Hewlett Packard) C:\Program Files\HP\HPLJUT\HPLJUTSCH.exe
(Farbar) C:\Users\Oliver\Downloads\FRST(1).exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe,C:\Program Files\G Data\InternetSecurity\AVKTray\AVKTray.exe,c:\program files\g data\internetsecurity\avkkid\avkcks.exe,
HKU\S-1-5-19\...\Winlogon: [Shell] C:\Windows\explorer.exe [2616320 2012-12-16] (Microsoft Corporation) <==== ATTENTION
HKU\S-1-5-20\...\Winlogon: [Shell] C:\Windows\explorer.exe [2616320 2012-12-16] (Microsoft Corporation) <==== ATTENTION
HKU\S-1-5-21-718057176-2926429940-2907879898-1001\...\Run: [COMPUTER BILD Account-Alarm] => C:\Program Files\COMPUTER BILD Account-Alarm\COMPUTER BILD Account-Alarm.exe [2059264 2014-09-09] (J3S GmbH)
HKU\S-1-5-21-718057176-2926429940-2907879898-1001\...\Winlogon: [Shell] C:\Windows\explorer.exe [2616320 2012-12-16] (Microsoft Corporation) <==== ATTENTION
HKU\S-1-5-18\...\Run: [Advanced SystemCare 7] => "C:\Program Files\IObit\Advanced SystemCare 7\ASCTray.exe" /Auto
HKU\S-1-5-18\...\Winlogon: [Shell] C:\Windows\explorer.exe [2616320 2012-12-16] (Microsoft Corporation) <==== ATTENTION
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x86.dll [2014-07-16] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x86.dll [2014-07-16] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x86.dll [2014-07-16] ()
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-718057176-2926429940-2907879898-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKU\S-1-5-21-718057176-2926429940-2907879898-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
URLSearchHook: HKU\S-1-5-21-718057176-2926429940-2907879898-1001 - (No Name) - {5bcf818d-78c8-41b8-ba89-65c5fdac4fc4} - No File
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\.DEFAULT -> {A8116A5D-97E8-4D4E-9A8A-1726CB1D138B} URL = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=198484&p={searchTerms}
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-718057176-2926429940-2907879898-1001 -> {762EBE14-9072-4023-AA94-CEFD06BF3C89} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=vc_trans_8140&type=foxysecurity
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files\IObit\IObit Uninstaller\UninstallExplorer32.dll [2014-10-18] (IObit)
BHO: CBAbzockschutz.InitToolbarBHO -> {2e250b90-0e7a-42a3-9d65-e39f9f227fa4} -> C:\Windows\system32\mscoree.dll [2010-11-05] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2014-11-30] (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Ads Removal -> {9D974C8C-6D92-44FB-BEAF-B45A1C0CF17F} -> C:\Program Files\IObit\IObit Malware Fighter\adsremoval\IE\Adblock.dll [2014-06-11] (Adblock)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2014-11-30] (Oracle Corporation)
Toolbar: HKLM - COMPUTERBILD-Abzockschutz - {353e2a48-6254-4bd3-88f4-3b51a0ca7870} - C:\Windows\system32\mscoree.dll [2010-11-05] (Microsoft Corporation)
Toolbar: HKU\.DEFAULT -> No Name - {5786D022-540E-4699-B350-B4BE0AE94B79} - No File
Toolbar: HKU\S-1-5-21-718057176-2926429940-2907879898-1001 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455}
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
FireFox:
========
FF ProfilePath: C:\Users\Oliver\AppData\Roaming\Mozilla\Firefox\Profiles\qq5xyiez.default
FF SelectedSearchEngine: Yahoo!
FF Homepage: hxxp://www.google.de/
FF Keyword.URL: https://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=800236&p=
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-15] ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2014-02-20] ()
FF Plugin: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-11-30] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2014-11-30] (Oracle Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)
FF Plugin: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2013-02-05] (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2012-12-13] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-03-17] (Adobe Systems Inc.)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2014-07-22] (Adobe Systems)
FF SearchPlugin: C:\Users\Oliver\AppData\Roaming\Mozilla\Firefox\Profiles\qq5xyiez.default\searchplugins\google-images.xml [2014-12-07]
FF SearchPlugin: C:\Users\Oliver\AppData\Roaming\Mozilla\Firefox\Profiles\qq5xyiez.default\searchplugins\google-maps.xml [2014-12-07]
FF Extension: No Name - C:\Users\Oliver\AppData\Roaming\Mozilla\Firefox\profiles\extensions\searchplugins [2013-07-01]
FF Extension: Movie2kDownloader - C:\Users\Oliver\AppData\Roaming\Mozilla\Firefox\profiles\extensions\movie2kdownloader@movie2kdownloader.com.xpi [2012-12-13]
FF Extension: Bitdefender QuickScan - C:\Users\Oliver\AppData\Roaming\Mozilla\Firefox\Profiles\qq5xyiez.default\Extensions\{e001c731-5e37-4538-a5cb-8168736a2360} [2015-05-14]
FF Extension: No Name - C:\Users\Oliver\AppData\Roaming\Mozilla\Firefox\Profiles\qq5xyiez.default\Extensions\cliqz@cliqz.com.xpi [2014-12-07]
FF HKU\S-1-5-21-718057176-2926429940-2907879898-1001\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files\Common Files\DVDVideoSoft\plugins\ff
FF Extension: Download videos and MP3s from YouTube - C:\Program Files\Common Files\DVDVideoSoft\plugins\ff [2014-08-03]
Chrome:
=======
CHR Profile: C:\Users\Oliver\AppData\Local\Google\Chrome\User Data\Default
CHR HKLM\...\Chrome\Extension: [cgfambohdeocadlemmdceabhlgccijal] - C:\Users\Oliver\AppData\LocalLow\ColorZillaStats\CHROME\ColorZillaStats.crx [2012-06-18]
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AVKProxy; C:\Program Files\Common Files\G Data\AVKProxy\AVKProxy.exe [2244728 2014-02-12] (G Data Software AG)
R2 AVKService; C:\Program Files\G Data\InternetSecurity\AVK\AVKService.exe [914552 2013-12-19] (G Data Software AG)
R2 AVKWCtl; C:\Program Files\G Data\InternetSecurity\AVK\AVKWCtl.exe [2159472 2014-03-25] (G Data Software AG)
R2 ColorZillaStatsUpdater; C:\Users\Oliver\AppData\LocalLow\ColorZillaStats\IE\ColorZillaStatsUpdater.exe [18432 2012-06-18] () [File not signed]
R2 Fabs; C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe [1858048 2012-01-23] (MAGIX AG) [File not signed]
S3 FirebirdServerMAGIXInstance; C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe [2702848 2011-04-26] (MAGIX®) [File not signed]
S2 Garmin Core Update Service; C:\Program Files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [250712 2013-12-13] (Garmin Ltd or its subsidiaries)
R3 GDFwSvc; C:\Program Files\G Data\InternetSecurity\Firewall\GDFwSvc.exe [2409280 2014-01-30] (G Data Software AG)
R3 GDScan; C:\Program Files\Common Files\G Data\GDScan\GDScan.exe [700024 2014-02-03] (G Data Software AG)
R2 GtDetectSc; C:\Program Files\Option\Option WWAN Driver 5.0.32.0 Installer\GtDetectSc.exe [545792 2009-05-04] (OptionNV) [File not signed]
R2 HP DS Service; C:\Program Files\HP\HPBDSService\HPBDSService.exe [13824 2010-10-27] (Hewlett-Packard Company) [File not signed]
S2 HP LaserJet Service; C:\Program Files\HP\HPLaserJetService\HPLaserJetService.exe [145920 2010-10-27] (HP) [File not signed]
R2 Maxtor Sync Service; C:\Program Files\Maxtor\Sync\SyncServices.exe [156976 2007-09-28] (Seagate Technology LLC)
S2 MBAMService; C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [45568 2012-07-31] (Hewlett-Packard) [File not signed]
S2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [55808 2012-07-31] (Hewlett-Packard) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S3 epmntdrv; C:\Windows\system32\epmntdrv.sys [14216 2010-07-15] () [File not signed]
S3 EuGdiDrv; C:\Windows\system32\EuGdiDrv.sys [8456 2010-07-15] () [File not signed]
R0 GDBehave; C:\Windows\System32\drivers\GDBehave.sys [44544 2014-11-30] (G Data Software AG)
R1 GDMnIcpt; C:\Windows\system32\drivers\MiniIcpt.sys [101504 2014-11-30] (G Data Software AG)
R3 GDPkIcpt; C:\Windows\system32\drivers\PktIcpt.sys [56832 2014-11-30] (G Data Software AG)
R1 gdwfpcd; C:\Windows\System32\drivers\gdwfpcd32.sys [53248 2014-11-30] (G Data Software AG)
R1 GRD; C:\Windows\system32\drivers\GRD.sys [29528 2015-05-13] (G Data Software)
R1 HookCentre; C:\Windows\system32\drivers\HookCentre.sys [50176 2014-11-30] (G Data Software AG)
S3 HPFXBULKLEDM; C:\Windows\System32\drivers\hppcbulkio.sys [20504 2010-10-03] (Hewlett Packard)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-04-14] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-04-14] (Malwarebytes Corporation)
R3 MirayVirtualDisk; C:\Windows\System32\DRIVERS\mvdo.sys [189392 2014-05-12] (Miray)
R3 MXOPSWD; C:\Windows\System32\DRIVERS\mxopswd.sys [22152 2007-05-03] (Maxtor Corp.)
S3 RTHDMIAzAudService; C:\Windows\System32\drivers\RtHDMIV.sys [204432 2014-03-29] (Realtek Semiconductor Corp.)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [428088 2012-11-04] () [File not signed]
S3 swivsp; C:\Windows\System32\DRIVERS\swivspnt.sys [20352 2007-03-26] (Sierra Wireless Inc.) [File not signed]
U3 DfSdkS; No ImagePath
S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X]
S0 KL1; system32\DRIVERS\kl1.sys [X]
S1 kl2; system32\DRIVERS\kl2.sys [X]
S1 KLIF; system32\DRIVERS\klif.sys [X]
S1 KLIM6; system32\DRIVERS\klim6.sys [X]
S3 klmouflt; system32\DRIVERS\klmouflt.sys [X]
S3 massfilter; system32\drivers\massfilter.sys [X]
S3 massfilter_hs; system32\drivers\massfilter_hs.sys [X]
S3 RegFilter; \??\C:\Program Files\IObit\IObit Malware Fighter\drivers\win7_x86\regfilter.sys [X]
S3 UrlFilter; \??\C:\Program Files\IObit\IObit Malware Fighter\drivers\win7_x86\UrlFilter.sys [X]
S3 ZTEusbmdm6k; system32\DRIVERS\ZTEusbmdm6k.sys [X]
S3 ZTEusbnmea; system32\DRIVERS\ZTEusbnmea.sys [X]
S3 ZTEusbser6k; system32\DRIVERS\ZTEusbser6k.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-05-15 08:58 - 2015-05-15 08:58 - 04197016 _____ (Kaspersky Lab ZAO) C:\Users\Oliver\Downloads\tdsskiller.exe
2015-05-14 17:53 - 2015-05-14 17:53 - 02721175 _____ (Thisisu) C:\Users\Oliver\Downloads\JRT.exe
2015-05-14 17:44 - 2015-05-14 17:49 - 00000000 ____D () C:\AdwCleaner
2015-05-14 17:43 - 2015-05-14 17:43 - 02209792 _____ () C:\Users\Oliver\Downloads\AdwCleaner_4.204.exe
2015-05-14 10:48 - 2015-05-14 10:52 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-05-14 10:47 - 2015-05-14 10:52 - 00000000 ____D () C:\Users\Oliver\Desktop\mbar
2015-05-14 10:47 - 2015-05-14 10:47 - 16502728 _____ (Malwarebytes Corp.) C:\Users\Oliver\Downloads\mbar-1.09.1.1004.exe
2015-05-14 10:41 - 2015-05-14 10:41 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Oliver\Downloads\revosetup95.exe
2015-05-14 10:20 - 2015-05-14 10:20 - 00000000 _____ () C:\Users\Oliver\Downloads\FRST.txt
2015-05-14 10:17 - 2015-05-15 09:00 - 00028705 _____ () C:\Users\Oliver\Downloads\Addition.txt
2015-05-14 10:15 - 2015-05-15 10:14 - 00015295 _____ () C:\Users\Oliver\Downloads\FRST.txt.txt
2015-05-14 10:13 - 2015-05-15 10:14 - 00000000 ____D () C:\FRST
2015-05-14 10:13 - 2015-05-14 10:13 - 01144320 _____ (Farbar) C:\Users\Oliver\Downloads\FRST(1).exe
2015-05-14 10:13 - 2015-05-14 10:13 - 00002471 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2015-05-14 10:13 - 2015-05-14 10:13 - 00002029 _____ () C:\Users\Public\Desktop\Acrobat Reader DC.lnk
2015-05-14 10:10 - 2015-05-14 17:39 - 00000000 ____D () C:\Program Files\WinSysClean X5
2015-05-14 10:10 - 2015-05-14 10:10 - 00000946 _____ () C:\Users\Public\Desktop\WinSysClean X5.lnk
2015-05-14 10:10 - 2015-05-14 10:10 - 00000000 __HDC () C:\ProgramData\{7AD360CC-1D61-4011-83BE-B257782BA5CB}
2015-05-14 10:10 - 2015-05-14 10:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ultimate Systems
2015-05-14 00:29 - 2015-05-14 17:37 - 00200134 _____ () C:\Windows\PFRO.log
2015-05-14 00:18 - 2015-05-01 15:16 - 00102608 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-14 00:15 - 2015-05-14 00:16 - 00000000 ____D () C:\Users\Oliver\AppData\Roaming\QuickScan
2015-05-14 00:12 - 2015-05-14 00:12 - 50811104 _____ (Microsoft Corporation) C:\Users\Oliver\Downloads\Windows-KB890830-V5.24.exe
2015-05-14 00:09 - 2015-05-14 00:09 - 01203488 _____ () C:\Users\Oliver\Downloads\SpyBot Search Destroy - CHIP-Installer.exe
2015-05-14 00:03 - 2015-05-14 00:03 - 00079470 _____ () C:\Maleware.txt
2015-05-13 23:43 - 2015-05-13 23:43 - 50629792 _____ (Adobe Systems Incorporated) C:\Users\Oliver\Downloads\AcroRdrDC1500720033_de_DE.exe
2015-05-13 23:39 - 2015-05-05 03:12 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-05-13 23:39 - 2015-04-20 04:56 - 01250816 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-05-13 23:39 - 2015-04-20 04:56 - 00909312 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-05-13 23:39 - 2015-04-20 04:03 - 02382336 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-05-13 23:39 - 2015-04-18 04:56 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2015-05-13 23:39 - 2015-04-04 05:10 - 00137656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-05-13 23:39 - 2015-04-04 05:10 - 00067512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-05-13 23:39 - 2015-04-04 05:05 - 01061376 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-05-13 23:39 - 2015-04-04 05:05 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-05-13 23:39 - 2015-04-04 05:05 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-05-13 23:39 - 2015-04-04 05:05 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-05-13 23:39 - 2015-04-04 05:05 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-05-13 23:39 - 2015-04-04 05:05 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-05-13 23:39 - 2015-04-04 05:05 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-05-13 23:39 - 2015-04-04 05:05 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-05-13 23:39 - 2015-04-04 05:05 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-05-13 23:39 - 2015-04-04 05:05 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-05-13 23:39 - 2015-04-04 05:04 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-05-13 23:39 - 2015-04-04 05:04 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-05-13 23:39 - 2015-04-04 05:01 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-05-13 23:39 - 2015-04-04 05:01 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-05-13 23:39 - 2015-04-04 04:59 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-05-13 23:38 - 2015-04-22 03:48 - 00342736 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-05-13 23:38 - 2015-04-21 18:25 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-05-13 23:38 - 2015-04-21 18:25 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-05-13 23:38 - 2015-04-21 18:24 - 19691008 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-05-13 23:38 - 2015-04-21 18:11 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-05-13 23:38 - 2015-04-21 18:11 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-05-13 23:38 - 2015-04-21 18:10 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-05-13 23:38 - 2015-04-21 18:09 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-05-13 23:38 - 2015-04-21 18:08 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-05-13 23:38 - 2015-04-21 18:04 - 02278400 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-05-13 23:38 - 2015-04-21 18:03 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-05-13 23:38 - 2015-04-21 18:02 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-05-13 23:38 - 2015-04-21 18:00 - 00478208 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-05-13 23:38 - 2015-04-21 17:58 - 00664576 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-05-13 23:38 - 2015-04-21 17:58 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-05-13 23:38 - 2015-04-21 17:58 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-05-13 23:38 - 2015-04-21 17:57 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-05-13 23:38 - 2015-04-21 17:51 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-05-13 23:38 - 2015-04-21 17:48 - 00418304 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-05-13 23:38 - 2015-04-21 17:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-05-13 23:38 - 2015-04-21 17:39 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-05-13 23:38 - 2015-04-21 17:38 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-05-13 23:38 - 2015-04-21 17:36 - 00285696 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-05-13 23:38 - 2015-04-21 17:31 - 04305920 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-05-13 23:38 - 2015-04-21 17:26 - 00688640 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-05-13 23:38 - 2015-04-21 17:26 - 00685568 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-05-13 23:38 - 2015-04-21 17:25 - 02052608 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-05-13 23:38 - 2015-04-21 17:24 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-05-13 23:38 - 2015-04-21 17:17 - 12828672 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-05-13 23:38 - 2015-04-21 17:02 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-05-13 23:38 - 2015-04-21 16:58 - 01310208 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-05-13 23:38 - 2015-04-21 16:56 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-05-13 23:38 - 2015-04-13 05:19 - 00259072 _____ (Microsoft Corporation) C:\Windows\system32\services.exe
2015-05-13 23:33 - 2015-04-08 05:14 - 00216064 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2015-05-13 23:33 - 2015-04-08 05:14 - 00019968 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll
2015-05-13 23:33 - 2015-02-18 09:06 - 00123904 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2015-05-13 23:28 - 2015-05-13 23:28 - 00015192 _____ (G Data Software) C:\Windows\system32\Drivers\GdPhyMem.sys
2015-05-13 23:27 - 2015-05-13 23:27 - 00029528 _____ (G Data Software) C:\Windows\system32\Drivers\GRD.sys
2015-05-13 23:25 - 2015-05-14 10:48 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-05-13 23:24 - 2015-05-14 10:47 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-05-13 23:24 - 2015-05-13 23:24 - 00387960 _____ () C:\Users\Oliver\Downloads\spybot-2.4_CB-DL-Manager.exe
2015-05-13 23:24 - 2015-05-13 23:24 - 00001080 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-05-13 23:24 - 2015-05-13 23:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2015-05-13 23:24 - 2015-04-14 09:37 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-05-13 23:24 - 2015-04-14 09:37 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-05-13 23:22 - 2015-05-13 23:23 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\Oliver\Downloads\mbam-setup-2.1.6.1022.exe
2015-05-08 06:55 - 2015-05-08 06:55 - 00144216 _____ () C:\Windows\Minidump\050815-34757-01.dmp
2015-05-07 17:23 - 2015-05-07 17:23 - 00000000 _____ () C:\Windows\Minidump\050715-37284-01.dmp
2015-05-03 12:14 - 2015-05-03 12:14 - 64660408 _____ (DVDVideoSoft Ltd. ) C:\Users\Oliver\Downloads\FreeStudio(1).exe
2015-05-03 12:08 - 2015-05-03 12:08 - 00001283 _____ () C:\Users\Oliver\Desktop\Free YouTube to MP3 Converter Installation fortsetzen.lnk
2015-05-03 11:53 - 2015-05-03 11:53 - 00001127 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-05-03 11:53 - 2015-05-03 11:53 - 00001115 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-04-17 18:47 - 2015-03-25 05:00 - 03088384 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-04-17 18:47 - 2015-03-25 05:00 - 02020864 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-04-17 18:47 - 2015-03-25 05:00 - 00566784 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-04-17 18:47 - 2015-03-25 05:00 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-04-17 18:47 - 2015-03-25 05:00 - 00131584 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-04-17 18:47 - 2015-03-25 05:00 - 00092672 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-04-17 18:47 - 2015-03-25 05:00 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-04-17 18:47 - 2015-03-25 05:00 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-04-17 18:47 - 2015-03-25 05:00 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-04-17 18:47 - 2015-03-25 05:00 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-04-17 18:47 - 2015-03-25 05:00 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-04-17 18:47 - 2015-03-17 07:01 - 03976632 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2015-04-17 18:47 - 2015-03-17 07:01 - 03920824 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-04-17 18:47 - 2015-03-17 06:59 - 01306112 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-04-17 18:47 - 2015-03-17 06:57 - 00400896 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-04-17 18:47 - 2015-03-17 06:57 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-04-17 18:47 - 2015-03-17 06:56 - 00262656 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-04-17 18:47 - 2015-03-17 06:56 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-04-17 18:47 - 2015-03-17 06:56 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-04-17 18:47 - 2015-03-17 06:50 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-04-17 18:47 - 2015-03-05 06:06 - 00305152 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-04-17 18:47 - 2015-03-04 06:16 - 00249784 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
2015-04-17 18:47 - 2015-03-04 06:10 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\clfsw32.dll
2015-04-17 18:45 - 2015-03-10 05:08 - 01237504 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-04-17 18:45 - 2015-03-10 05:05 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2015-04-17 18:45 - 2015-02-25 05:03 - 00514560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-05-15 09:18 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2015-05-15 09:00 - 2009-07-14 06:34 - 00009696 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-05-15 09:00 - 2009-07-14 06:34 - 00009696 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-05-15 08:58 - 2012-06-24 00:24 - 01612484 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-05-15 08:55 - 2015-03-01 11:36 - 01491502 _____ () C:\Windows\WindowsUpdate.log
2015-05-15 08:51 - 2015-03-01 12:33 - 00002688 _____ () C:\Windows\setupact.log
2015-05-15 08:51 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-05-14 17:39 - 2013-05-25 18:42 - 00000000 ____D () C:\Users\Oliver\AppData\Local\CrashDumps
2015-05-14 11:16 - 2009-07-14 10:56 - 00000000 ____D () C:\Program Files\Windows Journal
2015-05-14 10:45 - 2014-11-30 12:25 - 00000000 ____D () C:\Users\Oliver\AppData\Roaming\Adobe
2015-05-14 10:45 - 2012-06-24 16:16 - 00000000 ____D () C:\Users\Oliver\AppData\Local\Adobe
2015-05-14 10:41 - 2013-08-14 16:00 - 00001244 _____ () C:\Users\Oliver\Desktop\Revo Uninstaller.lnk
2015-05-14 10:20 - 2012-06-24 11:30 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-05-14 10:13 - 2012-11-25 22:15 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2015-05-14 10:13 - 2012-11-25 22:15 - 00000000 ____D () C:\Program Files\Adobe
2015-05-14 10:12 - 2012-06-24 08:01 - 00000000 ____D () C:\ProgramData\Adobe
2015-05-14 00:32 - 2014-12-21 14:39 - 03917872 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-05-14 00:30 - 2012-07-28 17:23 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2015-05-14 00:28 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\de-DE
2015-05-13 23:24 - 2014-11-30 11:35 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware
2015-05-13 22:46 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\wfp
2015-05-13 22:45 - 2012-06-24 00:20 - 00000000 ____D () C:\Users\Oliver
2015-05-13 22:44 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\registration
2015-05-13 22:44 - 2009-07-14 04:37 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2015-05-13 09:02 - 2014-12-10 21:59 - 00000000 ____D () C:\Windows\system32\MRT
2015-05-12 06:40 - 2014-12-06 12:16 - 00000400 _____ () C:\Windows\Tasks\One-Click Optimizer.job
2015-05-08 06:55 - 2015-03-27 10:51 - 270438553 _____ () C:\Windows\MEMORY.DMP
2015-05-08 06:55 - 2014-03-25 10:08 - 00000000 ____D () C:\Windows\Minidump
2015-05-04 15:59 - 2014-08-17 18:40 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2015-05-03 12:39 - 2012-10-28 19:49 - 00742912 ___SH () C:\Users\Oliver\Downloads\Thumbs.db
2015-05-03 12:16 - 2014-11-30 12:34 - 00000000 ____D () C:\Users\Oliver\AppData\Roaming\DVDVideoSoft
2015-05-03 12:16 - 2014-08-03 16:07 - 00001213 _____ () C:\Users\Public\Desktop\DVDVideoSoft Free Studio.lnk
2015-05-03 12:16 - 2014-08-03 16:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
2015-05-03 12:16 - 2014-08-03 16:06 - 00000000 ____D () C:\Program Files\DVDVideoSoft
2015-05-03 12:16 - 2013-06-30 12:35 - 00002316 _____ () C:\Users\Public\Desktop\Free YouTube to MP3 Converter.lnk
2015-05-03 12:15 - 2014-08-03 16:06 - 00000000 ____D () C:\Program Files\Common Files\DVDVideoSoft
2015-05-03 11:53 - 2015-02-15 14:11 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-05-03 11:37 - 2013-08-04 10:59 - 00000000 ____D () C:\Program Files\AntiBrowserSpy
2015-05-03 11:36 - 2015-02-15 14:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AntiBrowserSpy
2015-05-03 11:36 - 2012-06-24 08:21 - 00000000 ____D () C:\Users\Oliver\AppData\Local\Abelssoft
2015-05-03 11:36 - 2012-06-24 00:29 - 00000000 ____D () C:\Users\Oliver\AppData\Local\Mozilla
2015-04-30 10:07 - 2012-06-24 08:23 - 137310008 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-04-23 10:27 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\rescache
2015-04-17 19:24 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\AppCompat
==================== Files in the root of some directories =======
2013-05-29 15:04 - 2013-06-16 14:30 - 8334304 _____ (WindSolutions) C:\Program Files\CopyTransManager.exe
2012-01-05 18:39 - 2013-06-16 14:30 - 0012943 _____ () C:\Program Files\License Agreement.rtf
2014-11-30 13:12 - 2014-11-30 13:12 - 0000000 _____ () C:\Users\Oliver\AppData\Roaming\gdfw.log
2014-11-30 13:12 - 2014-11-30 13:12 - 0000779 _____ () C:\Users\Oliver\AppData\Roaming\gdscan.log
2012-09-30 21:24 - 2012-10-28 15:08 - 0010752 _____ () C:\Users\Oliver\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-03-08 09:40 - 2013-03-08 09:40 - 0000017 _____ () C:\Users\Oliver\AppData\Local\resmon.resmoncfg
2012-06-24 07:54 - 2012-06-24 07:54 - 0017408 _____ () C:\Users\Oliver\AppData\Local\WebpageIcons.db
2012-09-23 10:48 - 2012-09-23 10:48 - 0000045 _____ () C:\ProgramData\.SimImages
2014-03-29 11:01 - 2014-03-29 11:01 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
Files to move or delete:
====================
C:\Users\Oliver\ashampoo_burning_studio_2013_11.0.6_12630.exe
C:\Users\Oliver\x-mp4-to-dvd-converter.exe
Some content of TEMP:
====================
C:\Users\Oliver\AppData\Local\Temp\ICReinstall_FreeYouTubeToMP3Converter_3.12.31.325.exe
C:\Users\Oliver\AppData\Local\Temp\Quarantine.exe
C:\Users\Oliver\AppData\Local\Temp\sqlite3.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-05-04 18:42
==================== End Of Log ============================
--- --- --- Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version: 14-05-2015
Ran by Oliver at 2015-05-15 10:14:48
Running from C:\Users\Oliver\Downloads
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-718057176-2926429940-2907879898-500 - Administrator - Disabled)
Gast (S-1-5-21-718057176-2926429940-2907879898-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-718057176-2926429940-2907879898-1004 - Limited - Enabled)
Oliver (S-1-5-21-718057176-2926429940-2907879898-1001 - Administrator - Enabled) => C:\Users\Oliver
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: G Data InternetSecurity CBE (Enabled - Up to date) {545C8713-0744-B079-87F8-349A6D5C8CF0}
AS: G Data InternetSecurity CBE (Enabled - Up to date) {EF3D66F7-217E-BFF7-BD48-0FE816DBC64D}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: G Data Personal Firewall (Enabled) {6C670636-4D2B-B121-ACA7-9DAF938FCB8B}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Acrobat Reader DC - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AC0F074E4100}) (Version: 15.007.20033 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
AntiBrowserSpy (HKLM\...\{F78B5B4F-075A-4C81-AA27-E707861EB5B7}_is1) (Version: 157 - Abelssoft)
Ashampoo WinOptimizer 2014 v.1.0.0 (HKLM\...\{4209F371-99CD-68CB-1C29-9910F8F9BD96}_is1) (Version: 1.0.0 - Ashampoo GmbH & Co. KG)
COMPUTER BILD Account-Alarm (HKLM\...\{7B0F11E4-5EB1-4B31-96F8-BE8BF2A8ED10}) (Version: 1.0.5 - J3S)
Free YouTube to MP3 Converter version 3.12.32.327 (HKLM\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.32.327 - DVDVideoSoft Ltd.)
G Data InternetSecurity CBE (HKLM\...\{85203592-3610-4FB9-AA11-15B2255B5A12}) (Version: 25.0.1.2 - G Data Software AG)
Java 7 Update 71 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F03217071FF}) (Version: 7.0.710 - Oracle)
Malwarebytes Anti-Malware Version 2.1.6.1022 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
Maxtor Manager (HKLM\...\{B8281D46-D846-4BB9-BC84-F1115A7BF820}) (Version: - )
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30320 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30320 - Microsoft Corporation)
Microsoft Office Proof (German) 2007 (HKLM\...\{90120000-001F-0407-0000-0000000FF1CE}) (Version: - )
Microsoft Office Word MUI (German) 2007 (HKLM\...\{90120000-001B-0407-0000-0000000FF1CE}) (Version: - )
Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (HKLM\...\{4DC59BF3-0D72-3CE8-BFEF-1E8FAF689EB0}) (Version: - )
Mozilla Firefox 37.0.2 (x86 de) (HKLM\...\Mozilla Firefox 37.0.2 (x86 de)) (Version: 37.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 37.0.2 - Mozilla)
Nur Entfernen der CopyTrans Suite möglich (HKU\S-1-5-21-718057176-2926429940-2907879898-1001\...\CopyTrans Suite) (Version: 2.37 - WindSolutions)
Revo Uninstaller 1.95 (HKLM\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Should I Remove It (HKU\S-1-5-21-718057176-2926429940-2907879898-1001\...\Should I Remove It 1.0.4) (Version: 1.0.4 - Reason Software Company Inc.)
WinSysClean X5 (HKLM\...\WinSysClean X5) (Version: 15.01 - Ultimate Systems, Inc.)
WinSysClean X5 (Version: 15.01 - Ultimate Systems, Inc.) Hidden
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-718057176-2926429940-2907879898-1001_Classes\CLSID\{53B5243F-8302-4DAD-BE8F-1D0665E8225E}\InprocServer32 -> C:\Program Files\HP\Common\FWUpdateEDO3.dll (Hewlett-Packard Company)
CustomCLSID: HKU\S-1-5-21-718057176-2926429940-2907879898-1001_Classes\CLSID\{AB246BE9-1623-4A84-ABDA-CFF4D4A273CB}\InprocServer32 -> C:\Windows\system32\kernel32.dll (Microsoft Corporation)
==================== Restore Points =========================
03-05-2015 14:21:18 Windows Update
12-05-2015 06:40:51 Windows Update
13-05-2015 08:42:26 Windows Update
13-05-2015 12:38:50 Windows Update
13-05-2015 22:39:14 Wiederherstellungsvorgang
13-05-2015 23:58:58 Windows Update
14-05-2015 00:22:23 Removed Microsoft Silverlight
14-05-2015 10:11:04 Installed Adobe Acrobat Reader DC - Deutsch.
14-05-2015 11:15:34 Windows Update
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 04:04 - 2014-12-24 16:49 - 00000901 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 google-analytics.com
127.0.0.1 www.google-analytics.com
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {0CEDF61B-AA14-4298-9F6A-DA4E57F448DA} - System32\Tasks\One-Click Optimizer => C:\Program Files\Ashampoo\Ashampoo WinOptimizer 2014\WO2014.exe [2013-12-18] (Ashampoo Development GmbH & Co. KG)
Task: {1B8E4A6A-6775-4BC9-AEAF-D3DF12D60AB8} - System32\Tasks\Uninstaller_SkipUac_Oliver => C:\Program Files\IObit\IObit Uninstaller\IObitUninstaler.exe
Task: {1D67CF39-F5EF-47F8-BA42-C48FAC745C61} - System32\Tasks\{9224D4DE-06A8-4F07-9D99-6E92F960DFAB} => pcalua.exe -a C:\Users\Oliver\Downloads\32bit_Win7_Win8_Win81_R275.exe -d C:\Users\Oliver\Downloads
Task: {263C71CE-A879-4A42-A4CA-3B039F393762} - System32\Tasks\{08DA2242-ECA2-4BF7-A60E-C6CEAA6B5B5B} => pcalua.exe -a C:\Users\Oliver\Downloads\AVM_FRITZ!WLAN_Repeater_300E_Assistent.exe -d C:\Users\Oliver\Downloads
Task: {270BC545-E5FC-4838-95FE-08C837837FC8} - System32\Tasks\{16FB0CC5-3609-48E8-BDF6-A2ABD7F9547D} => pcalua.exe -a E:\Download\Install_CopyTrans_Suite_4.840.exe -d E:\Download
Task: {28328104-037F-41AE-A0EA-19097FEF9C58} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files\Spybot - Search & Destroy 2\SDImmunize.exe
Task: {28EF8E8E-8D10-4138-B290-CAC7A81D57E2} - System32\Tasks\Driver Booster Update => C:\Program Files\IObit\Driver Booster\AutoUpdate.exe
Task: {386CF091-DFCD-4AF4-AD01-8F29861E93F9} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-15] (Adobe Systems Incorporated)
Task: {46435706-E1E0-49A9-A577-EDDA0B290543} - System32\Tasks\Uninstaller_SkipUac_Administrator => C:\Program Files\IObit\IObit Uninstaller\IObitUninstaler.exe
Task: {66AE77B3-EE51-46BD-A9BD-C3BB1542C960} - System32\Tasks\{A8E07978-0681-4D81-A920-4D3426312CBC} => pcalua.exe -a C:\Users\Oliver\Downloads\BOM2148h_setup.exe -d C:\Users\Oliver\Downloads
Task: {6E2369D5-4824-477F-A849-D42D4B6B9FE0} - System32\Tasks\4806 => Wscript.exe C:\Users\Oliver\AppData\Local\Temp\launchie.vbs //B <==== ATTENTION
Task: {6EBC5EAD-78E8-4BCB-9CC2-48F6A69DC424} - System32\Tasks\Norton Internet Security CBE\Norton Error Processor => C:\Program Files\Norton Internet Security CBE\Engine\20.4.0.40\SymErr.exe
Task: {706C3242-EDAE-4D39-B851-9EC6E8138AB0} - System32\Tasks\Driver Booster Beta SkipUAC (Oliver) => C:\Program Files\IObit\Driver Booster Beta\DriverBooster.exe
Task: {70A49347-E50A-4171-B3B7-096990A91C36} - System32\Tasks\Driver Booster SkipUAC (Oliver) => C:\Program Files\IObit\Driver Booster\DriverBooster.exe
Task: {7A3521E2-8AF4-46D2-BC72-A3150FE7E40D} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-03-07] (Adobe Systems Incorporated)
Task: {83130278-4E39-483B-9A9E-8DEF5E0AE0DB} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files\Spybot - Search & Destroy 2\SDScan.exe
Task: {9F6D8B7B-2149-406A-8C57-B1FFFD1367C1} - System32\Tasks\Norton Internet Security CBE\Norton Error Analyzer => C:\Program Files\Norton Internet Security CBE\Engine\20.4.0.40\SymErr.exe
Task: {B7688F4F-2139-473A-B37E-F0DF13456010} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe
Task: {C063BD16-F7C5-4E79-819D-1532A9DC770F} - System32\Tasks\ASC7_PerformanceMonitor => C:\Program Files\IObit\Advanced SystemCare 7\Monitor.exe
Task: {CF613440-9B9A-49D1-A5E3-8EF5E11999D3} - System32\Tasks\0 => Iexplore.exe <==== ATTENTION
Task: {D9E55B95-9275-4150-9B43-0DC56DE59CDA} - System32\Tasks\SmartDefrag3_Update => C:\Program Files\IObit\Smart Defrag 3\AutoUpdate.exe
Task: {DB4AF985-A6D7-4A43-823B-084572815ABA} - System32\Tasks\ASC7_SkipUac_Oliver => C:\Program Files\IObit\Advanced SystemCare 7\ASC.exe
Task: {DD9AF356-EF47-4699-980F-613AAB155D66} - System32\Tasks\HPLJCustParticipation => C:\Program Files\HP\HPLJUT\HPLJUTSCH.exe [2010-09-22] (Hewlett Packard)
Task: {ED9B752D-4BD5-4626-BE1E-4A573B727E01} - System32\Tasks\Adobe-Online-Aktualisierungsprogramm => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-03-07] (Adobe Systems Incorporated)
Task: {FCA1D6AB-D348-495E-B143-F42D2D5D22F4} - System32\Tasks\{D30B4751-2BD0-416C-AED8-E87B74FBB794} => pcalua.exe -a C:\Users\Oliver\Desktop\Install_CopyTrans_Suite.exe -d C:\Users\Oliver\Desktop
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\One-Click Optimizer.job => C:\Program Files\Ashampoo\Ashampoo WinOptimizer 2014\WO2014.exe
==================== Loaded Modules (whitelisted) ==============
2014-01-20 14:17 - 2014-01-20 14:17 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2014-01-20 14:16 - 2014-01-20 14:16 - 01044808 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2014-07-16 11:05 - 2014-07-16 11:05 - 00710304 _____ () C:\Program Files\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x86.dll
2012-06-18 17:27 - 2012-06-18 17:27 - 00018432 _____ () C:\Users\Oliver\AppData\LocalLow\ColorZillaStats\IE\ColorZillaStatsUpdater.exe
2014-09-09 14:28 - 2014-09-09 14:28 - 00014336 _____ () C:\Program Files\COMPUTER BILD Account-Alarm\BCrypt.Net.dll
2013-12-19 04:42 - 2013-12-19 04:42 - 00287864 ____N () C:\Program Files\Common Files\G Data\AVKProxy\PktIcpt2.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice => ""="Service"
==================== EXE Association (whitelisted) ===============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, the associated entry will be removed from the registry.)
IE restricted site: HKU\S-1-5-21-718057176-2926429940-2907879898-1001\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-718057176-2926429940-2907879898-1001\...\008k.com -> 008k.com
IE restricted site: HKU\S-1-5-21-718057176-2926429940-2907879898-1001\...\00hq.com -> 00hq.com
IE restricted site: HKU\S-1-5-21-718057176-2926429940-2907879898-1001\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-718057176-2926429940-2907879898-1001\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-718057176-2926429940-2907879898-1001\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-718057176-2926429940-2907879898-1001\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-718057176-2926429940-2907879898-1001\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-718057176-2926429940-2907879898-1001\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-718057176-2926429940-2907879898-1001\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-718057176-2926429940-2907879898-1001\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-718057176-2926429940-2907879898-1001\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-718057176-2926429940-2907879898-1001\...\0scan.com -> 0scan.com
IE restricted site: HKU\S-1-5-21-718057176-2926429940-2907879898-1001\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-718057176-2926429940-2907879898-1001\...\1-domains-registrations.com -> 1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-718057176-2926429940-2907879898-1001\...\1-se.com -> 1-se.com
IE restricted site: HKU\S-1-5-21-718057176-2926429940-2907879898-1001\...\1001movie.com -> 1001movie.com
IE restricted site: HKU\S-1-5-21-718057176-2926429940-2907879898-1001\...\1001night.biz -> 1001night.biz
IE restricted site: HKU\S-1-5-21-718057176-2926429940-2907879898-1001\...\100gal.net -> 100gal.net
IE restricted site: HKU\S-1-5-21-718057176-2926429940-2907879898-1001\...\100sexlinks.com -> 100sexlinks.com
There are 4788 more restricted sites.
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-718057176-2926429940-2907879898-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Oliver\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.2.1
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Biet-O-Matic.lnk => C:\Windows\pss\Biet-O-Matic.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Oliver^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma.lnk => C:\Windows\pss\Adobe Gamma.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Oliver^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Luffi.lnk => C:\Windows\pss\Luffi.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Creative Cloud => "C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" --showwindow=false --onOSstartup=true
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: APSDaemon => "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: Browser Infrastructure Helper =>
MSCONFIG\startupreg: cltmng.exe =>
MSCONFIG\startupreg: DataMgr => C:\Users\Oliver\AppData\Roaming\DataMgr\datamgr.exe
MSCONFIG\startupreg: DriverScanner =>
MSCONFIG\startupreg: FlashPlayerUpdate => C:\Windows\system32\Macromed\Flash\FlashUtil32_11_4_402_287_Plugin.exe -update plugin
MSCONFIG\startupreg: GarminExpressTrayApp => "C:\Program Files\Garmin\Express Tray\ExpressTray.exe"
MSCONFIG\startupreg: HP Software Update => C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: IObit Malware Fighter => "C:\Program Files\IObit\IObit Malware Fighter\IMF.exe" /autostart
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: KiesPreload => C:\Program Files\Samsung\Kies\Kies.exe /preload
MSCONFIG\startupreg: KiesTrayAgent => C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
MSCONFIG\startupreg: mxomssmenu => "C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe"
MSCONFIG\startupreg: Protector => wscript.exe "C:\Users\Oliver\AppData\Roaming\SDIV 2.0\Prot\prot.vbs" check
MSCONFIG\startupreg: QTTask.exe => "C:\Program Files\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: ROC_ROC_NT =>
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: TU => "C:\Users\Oliver\AppData\Roaming\SDIV 2.0\Prot\tu\tu.exe"
MSCONFIG\startupreg: vProt =>
MSCONFIG\startupreg: Yontoo Desktop => "C:\Users\Oliver\AppData\Roaming\Yontoo\YontooDesktop.exe"
==================== FirewallRules (whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
FirewallRules: [{C1EC82B1-F378-453F-ABEA-A43C3DCA0BBE}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [{1CD4FE37-7738-47E7-AD33-AA4301C7824D}] => (Allow) F:\fsetup.exe
FirewallRules: [{F5309D7E-8805-49AD-8D67-8E7A9D6D12F4}] => (Allow) F:\fsetup.exe
FirewallRules: [TCP Query User{CC84F6D1-2D58-43B3-BCC9-D52D2F5B37D0}C:\program files\antibrowserspy\antibrowserspy-ie-socialblock.exe] => (Allow) C:\program files\antibrowserspy\antibrowserspy-ie-socialblock.exe
FirewallRules: [UDP Query User{3B3CABDA-2DBB-46DA-9946-C29D8DA452E3}C:\program files\antibrowserspy\antibrowserspy-ie-socialblock.exe] => (Allow) C:\program files\antibrowserspy\antibrowserspy-ie-socialblock.exe
FirewallRules: [TCP Query User{C321F776-E9F4-4A01-B735-0DA8FD5E4DDE}C:\windows\explorer.exe] => (Allow) C:\windows\explorer.exe
FirewallRules: [UDP Query User{28F56D56-1D5F-4147-839E-DC7ECEF5B313}C:\windows\explorer.exe] => (Allow) C:\windows\explorer.exe
FirewallRules: [{D61A4A12-3507-480A-BB7B-AB13E85EF1A0}] => (Allow) C:\Program Files\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{9E8EC2B0-E8B7-4404-BDD6-43AF09BF51E4}] => (Allow) LPort=2869
FirewallRules: [{F549F5CA-13F4-46ED-A8A7-8E1130CEF264}] => (Allow) LPort=1900
FirewallRules: [{58128F19-7B44-4006-B470-C6EADF353067}] => (Allow) C:\Program Files\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{DF68EB53-FE68-4DF6-BD2A-9AFBC1949A38}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [TCP Query User{CB7BAFD8-FDF6-4E5F-9841-BA95A4F9805A}C:\program files\java\jre7\bin\javaw.exe] => (Allow) C:\program files\java\jre7\bin\javaw.exe
FirewallRules: [UDP Query User{8803B4E2-CC03-4100-9323-4445244DFA46}C:\program files\java\jre7\bin\javaw.exe] => (Allow) C:\program files\java\jre7\bin\javaw.exe
FirewallRules: [{60847AD6-7016-4104-8745-2EDAE78FD144}] => (Allow) C:\Program Files\DVDVideoSoft\Free Torrent Download\FreeTorrentDownload.exe
FirewallRules: [{89C6C598-165F-4B71-B86B-207802CD93F9}] => (Allow) C:\Program Files\DVDVideoSoft\Free Torrent Download\FreeTorrentDownload.exe
FirewallRules: [{2542C334-B178-40BE-9A09-52611DC5AB5F}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{72968E69-F61F-40F4-959A-558242577820}] => (Allow) LPort=80
==================== Faulty Device Manager Devices =============
Name: kl2
Description: kl2
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: kl2
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
==================== Event log errors: =========================
Application errors:
==================
Error: (05/14/2015 06:02:37 PM) (Source: Microsoft Office 12) (EventID: 2000) (User: )
Description: Accepted Safe Mode action : Microsoft Office Excel.
Error: (05/14/2015 05:39:38 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: WinSysClean.exe, Version: 15.0.1.560, Zeitstempel: 0x52cad7bb
Name des fehlerhaften Moduls: WinSysClean.exe, Version: 15.0.1.560, Zeitstempel: 0x52cad7bb
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000a1c7d
ID des fehlerhaften Prozesses: 0x1188
Startzeit der fehlerhaften Anwendung: 0xWinSysClean.exe0
Pfad der fehlerhaften Anwendung: WinSysClean.exe1
Pfad des fehlerhaften Moduls: WinSysClean.exe2
Berichtskennung: WinSysClean.exe3
Error: (05/14/2015 10:45:52 AM) (Source: Adobe Reader) (EventID: 16) (User: )
Description:
Error: (05/14/2015 10:14:48 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: WinSysClean.exe, Version: 15.0.1.560, Zeitstempel: 0x52cad7bb
Name des fehlerhaften Moduls: WinSysClean.exe, Version: 15.0.1.560, Zeitstempel: 0x52cad7bb
Ausnahmecode: 0x40000015
Fehleroffset: 0x0021c5a8
ID des fehlerhaften Prozesses: 0x17a8
Startzeit der fehlerhaften Anwendung: 0xWinSysClean.exe0
Pfad der fehlerhaften Anwendung: WinSysClean.exe1
Pfad des fehlerhaften Moduls: WinSysClean.exe2
Berichtskennung: WinSysClean.exe3
Error: (05/14/2015 10:14:31 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: WinSysClean.exe, Version: 15.0.1.560, Zeitstempel: 0x52cad7bb
Name des fehlerhaften Moduls: WinSysClean.exe, Version: 15.0.1.560, Zeitstempel: 0x52cad7bb
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000a1c7d
ID des fehlerhaften Prozesses: 0x1288
Startzeit der fehlerhaften Anwendung: 0xWinSysClean.exe0
Pfad der fehlerhaften Anwendung: WinSysClean.exe1
Pfad des fehlerhaften Moduls: WinSysClean.exe2
Berichtskennung: WinSysClean.exe3
Error: (05/14/2015 10:10:37 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: WinSysClean.exe, Version: 15.0.1.560, Zeitstempel: 0x52cad7bb
Name des fehlerhaften Moduls: WinSysClean.exe, Version: 15.0.1.560, Zeitstempel: 0x52cad7bb
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000a1c7d
ID des fehlerhaften Prozesses: 0x1780
Startzeit der fehlerhaften Anwendung: 0xWinSysClean.exe0
Pfad der fehlerhaften Anwendung: WinSysClean.exe1
Pfad des fehlerhaften Moduls: WinSysClean.exe2
Berichtskennung: WinSysClean.exe3
Error: (05/14/2015 00:09:00 AM) (Source: MsiInstaller) (EventID: 11500) (User: Oliver-PC)
Description: Produkt: Adobe Acrobat Reader DC - Deutsch -- Fehler 1500. Im Augenblick wird eine andere Installation ausgeführt. Sie müssen die Installation, die bereits ausgeführt wird, erst abschließen, bevor Sie mit dieser Installation fortfahren können.
Error: (05/14/2015 00:08:56 AM) (Source: MsiInstaller) (EventID: 11500) (User: Oliver-PC)
Description: Produkt: Adobe Acrobat Reader DC - Deutsch -- Fehler 1500. Im Augenblick wird eine andere Installation ausgeführt. Sie müssen die Installation, die bereits ausgeführt wird, erst abschließen, bevor Sie mit dieser Installation fortfahren können.
Error: (05/14/2015 00:08:53 AM) (Source: MsiInstaller) (EventID: 11500) (User: Oliver-PC)
Description: Produkt: Adobe Acrobat Reader DC - Deutsch -- Fehler 1500. Im Augenblick wird eine andere Installation ausgeführt. Sie müssen die Installation, die bereits ausgeführt wird, erst abschließen, bevor Sie mit dieser Installation fortfahren können.
Error: (05/13/2015 10:37:33 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: EXCEL.EXE, Version: 12.0.6718.5000, Zeitstempel: 0x54e45be7
Name des fehlerhaften Moduls: EXCEL.EXE, Version: 12.0.6718.5000, Zeitstempel: 0x54e45be7
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00013216
ID des fehlerhaften Prozesses: 0x16e8
Startzeit der fehlerhaften Anwendung: 0xEXCEL.EXE0
Pfad der fehlerhaften Anwendung: EXCEL.EXE1
Pfad des fehlerhaften Moduls: EXCEL.EXE2
Berichtskennung: EXCEL.EXE3
System errors:
=============
Error: (05/15/2015 08:52:34 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
KL1
kl2
KLIF
KLIM6
Error: (05/15/2015 08:52:28 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Garmin Core Update Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error: (05/15/2015 08:52:28 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Garmin Core Update Service erreicht.
Error: (05/14/2015 06:02:35 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
KL1
kl2
KLIF
KLIM6
Error: (05/14/2015 06:02:24 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Garmin Core Update Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error: (05/14/2015 06:02:24 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Garmin Core Update Service erreicht.
Error: (05/14/2015 06:01:36 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am 14.05.2015 um 17:55:17 unerwartet heruntergefahren.
Error: (05/14/2015 05:52:41 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
KL1
kl2
KLIF
KLIM6
Error: (05/14/2015 05:52:29 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Garmin Core Update Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error: (05/14/2015 05:52:29 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Garmin Core Update Service erreicht.
Microsoft Office Sessions:
=========================
Error: (05/13/2015 10:37:31 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6718.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 8922 seconds with 60 seconds of active time. This session ended with a crash.
Error: (11/09/2013 06:13:39 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 669 seconds with 0 seconds of active time. This session ended with a crash.
Error: (11/02/2012 05:59:25 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6662.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 1978 seconds with 720 seconds of active time. This session ended with a crash.
==================== Memory info ===========================
Processor: AMD Athlon(tm) II X4 620 Processor
Percentage of memory in use: 42%
Total physical RAM: 3326.3 MB
Available physical RAM: 1906.03 MB
Total Pagefile: 6650.91 MB
Available Pagefile: 4537.83 MB
Total Virtual: 2047.88 MB
Available Virtual: 1908.77 MB
==================== Drives ================================
Drive c: (Boot) (Fixed) (Total:712.27 GB) (Free:451.54 GB) NTFS
Drive d: (Recover) (Fixed) (Total:13.7 GB) (Free:4.85 GB) NTFS
Drive e: (Förster - Persönliches Laufwerk) (Fixed) (Total:205.44 GB) (Free:73.08 GB) NTFS
Drive h: (Externes Laufwerk) (Fixed) (Total:698.64 GB) (Free:70.75 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 2BD2C32A)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=712.3 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=13.7 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=205.4 GB) - (Type=07 NTFS)
==================== End Of Log ============================
|
|
15.05.2015, 09:32
| #6 |
| | TDSS logfile Teil 1:Code:
ATTFilter 08:58:57.0890 0x133c TDSS rootkit removing tool 3.0.0.44 Jan 22 2015 08:27:04
08:59:02.0390 0x133c ============================================================
08:59:02.0390 0x133c Current date / time: 2015/05/15 08:59:02.0390
08:59:02.0390 0x133c SystemInfo:
08:59:02.0390 0x133c
08:59:02.0390 0x133c OS Version: 6.1.7601 ServicePack: 1.0
08:59:02.0390 0x133c Product type: Workstation
08:59:02.0390 0x133c ComputerName: OLIVER-PC
08:59:02.0390 0x133c UserName: Oliver
08:59:02.0390 0x133c Windows directory: C:\Windows
08:59:02.0390 0x133c System windows directory: C:\Windows
08:59:02.0390 0x133c Processor architecture: Intel x86
08:59:02.0390 0x133c Number of processors: 4
08:59:02.0390 0x133c Page size: 0x1000
08:59:02.0390 0x133c Boot type: Normal boot
08:59:02.0390 0x133c ============================================================
08:59:06.0730 0x133c KLMD registered as C:\Windows\system32\drivers\65710961.sys
08:59:07.0028 0x133c System UUID: {5ADE8385-E51C-5499-EE17-F390E102FB21}
08:59:07.0710 0x133c Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 ( 931.51 Gb ), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
08:59:07.0741 0x133c Drive \Device\Harddisk4\DR4 - Size: 0xAEA8CDE000 ( 698.64 Gb ), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
08:59:07.0757 0x133c ============================================================
08:59:07.0757 0x133c \Device\Harddisk0\DR0:
08:59:07.0758 0x133c MBR partitions:
08:59:07.0758 0x133c \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
08:59:07.0758 0x133c \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x5908B0C2
08:59:07.0758 0x133c \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x590BD8C2, BlocksNum 0x1B64BFC
08:59:07.0758 0x133c \Device\Harddisk0\DR0\Partition4: MBR, Type 0x7, StartLBA 0x5AC224BE, BlocksNum 0x19AE3503
08:59:07.0758 0x133c \Device\Harddisk4\DR4:
08:59:07.0759 0x133c MBR partitions:
08:59:07.0759 0x133c \Device\Harddisk4\DR4\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x575452C2
08:59:07.0759 0x133c ============================================================
08:59:07.0771 0x133c H: <-> \Device\Harddisk4\DR4\Partition1
08:59:07.0803 0x133c C: <-> \Device\Harddisk0\DR0\Partition2
08:59:07.0845 0x133c D: <-> \Device\Harddisk0\DR0\Partition3
08:59:07.0860 0x133c E: <-> \Device\Harddisk0\DR0\Partition4
08:59:07.0861 0x133c ============================================================
08:59:07.0861 0x133c Initialize success
08:59:07.0861 0x133c ============================================================
08:59:11.0101 0x13c8 ============================================================
08:59:11.0101 0x13c8 Scan started
08:59:11.0101 0x13c8 Mode: Manual;
08:59:11.0101 0x13c8 ============================================================
08:59:11.0101 0x13c8 KSN ping started
08:59:39.0147 0x13c8 KSN ping finished: false
08:59:40.0848 0x13c8 ================ Scan system memory ========================
08:59:40.0848 0x13c8 Scan was interrupted by user!
08:59:40.0948 0x13c8 AV detected via SS2: G Data InternetSecurity CBE, C:\Program Files\G Data\InternetSecurity\AVK\avkwscpe.exe ( 25.0.0.0 ), 0x41000 ( enabled : updated )
08:59:40.0948 0x13c8 FW detected via SS2: G Data Personal Firewall, C:\Program Files\G Data\InternetSecurity\Firewall\GDFwSvc.exe ( 22.0.0.1 ), 0x41010 ( enabled )
09:00:00.0949 0x13c8 ============================================================
09:00:00.0949 0x13c8 Scan finished
09:00:00.0949 0x13c8 ============================================================
09:00:00.0969 0x1368 Detected object count: 0
09:00:00.0969 0x1368 Actual detected object count: 0
09:01:26.0968 0x1780 ============================================================
09:01:26.0968 0x1780 Scan started
09:01:26.0968 0x1780 Mode: Manual;
09:01:26.0968 0x1780 ============================================================
09:01:26.0968 0x1780 KSN ping started
09:01:55.0031 0x1780 KSN ping finished: false
09:01:55.0641 0x1780 ================ Scan system memory ========================
09:01:55.0641 0x1780 System memory - ok
09:01:55.0641 0x1780 ================ Scan services =============================
09:01:55.0761 0x1780 [ 1B133875B8AA8AC48969BD3458AFE9F5, 01753BDD47F3F9BC0E0D23A069B9C56D4AE6A6B6295BC19B95AE245D25B12744 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
09:01:55.0771 0x1780 1394ohci - ok
09:01:55.0812 0x1780 [ CEA80C80BED809AA0DA6FEBC04733349, AE69C142DC2210A4AE657C23CEA4A6E7CB32C4F4EBA039414123CAC52157509B ] ACPI C:\Windows\system32\drivers\ACPI.sys
09:01:55.0822 0x1780 ACPI - ok
09:01:55.0852 0x1780 [ 1EFBC664ABFF416D1D07DB115DCB264F, BF94D069D692140B792DBF4FD3CB0127D27C26CC5BFB6B0C28A8B6346767EE58 ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
09:01:55.0852 0x1780 AcpiPmi - ok
09:01:55.0952 0x1780 [ 929593D76589294BA3F74540298D1B3E, 3D1C1772579141BD1040363BD65F2A2D78BF42EC85AE96317AE397E3D5267145 ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
09:01:55.0962 0x1780 AdobeARMservice - ok
09:01:56.0072 0x1780 [ 080255CDCB878813B481B8C348D47D8E, 75808821FBC732D0504795B8F85852E4C01D3B412989A1E597E1295CFF7B7A45 ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
09:01:56.0082 0x1780 AdobeFlashPlayerUpdateSvc - ok
09:01:56.0132 0x1780 [ 21E785EBD7DC90A06391141AAC7892FB, A2D3D764C5E6DC0AD5AAF48485FFB8B121D2A40DC08ECF2D2CB92278A1002B25 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
09:01:56.0142 0x1780 adp94xx - ok
09:01:56.0172 0x1780 [ 0C676BC278D5B59FF5ABD57BBE9123F2, 339E8A433D186BAAB6FCB44C82CC9FB6FCD63C87981449494CBEB2072CB6B7BB ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
09:01:56.0172 0x1780 adpahci - ok
09:01:56.0182 0x1780 [ 7C7B5EE4B7B822EC85321FE23A27DB33, A934AFB71D439555E6376DA9B34F82E8D39A300A4547BE9AC9311F6A3C36270C ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
09:01:56.0192 0x1780 adpu320 - ok
09:01:56.0222 0x1780 [ 8B5EEFEEC1E6D1A72A06C526628AD161, 026CDF4C96F4D493E7BABF79A14C4B0B5ADCCEF0B081FFFA2E3B243B2414167F ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
09:01:56.0222 0x1780 AeLookupSvc - ok
09:01:56.0282 0x1780 [ D0B388DA1D111A34366E04EB4A5DD156, 60D226F027F4025CC032CAFF73A80FAFB5FA75445654FDCF80CA8C0419C6E938 ] AFD C:\Windows\system32\drivers\afd.sys
09:01:56.0292 0x1780 AFD - ok
09:01:56.0312 0x1780 [ 507812C3054C21CEF746B6EE3D04DD6E, D7E59350AC338AD229E3D10C76E32AE16D120311B263714A9CD94AB538633B0E ] agp440 C:\Windows\system32\drivers\agp440.sys
09:01:56.0312 0x1780 agp440 - ok
09:01:56.0322 0x1780 [ 8B30250D573A8F6B4BD23195160D8707, 64EC289AFCD63D84EAFD9D81C50D0A77BCC79A1EFF32C50B2776BB0C0151757D ] aic78xx C:\Windows\system32\DRIVERS\djsvs.sys
09:01:56.0332 0x1780 aic78xx - ok
09:01:56.0362 0x1780 [ 18A54E132947CD98FEA9ACCC57F98F13, 9D39AF972785E49F0DD12C4BAEF39A79CD69F098886BF152AF1B7CCE2E902115 ] ALG C:\Windows\System32\alg.exe
09:01:56.0362 0x1780 ALG - ok
09:01:56.0402 0x1780 [ 0D40BCF52EA90FC7DF2AEAB6503DEA44, 1D1AA8F50935D976C29DE7A84708CADBBBDD936F0DD2C059E820F0D21367B3B6 ] aliide C:\Windows\system32\drivers\aliide.sys
09:01:56.0402 0x1780 aliide - ok
09:01:56.0462 0x1780 [ 90EC928E9542B166583D865F99F85BE8, F484697A6D0FE6E1DC7CAE3D21BEC8041D45111109E887FE6754817ADFCF6DDA ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
09:01:56.0482 0x1780 AMD External Events Utility - ok
09:01:56.0502 0x1780 [ 3C6600A0696E90A463771C7422E23AB5, 370B33DC1C25B981628A318BAE434A78A5F0A0DA93C2896DC7A3D7B87AE1A5E7 ] amdagp C:\Windows\system32\drivers\amdagp.sys
09:01:56.0512 0x1780 amdagp - ok
09:01:56.0532 0x1780 [ CD5914170297126B6266860198D1D4F0, 2239FCBD1A7EC27CE4F10DA36AE6BD6CCB87E5128C82CA71B84BFE5AF5602A60 ] amdide C:\Windows\system32\drivers\amdide.sys
09:01:56.0532 0x1780 amdide - ok
09:01:56.0552 0x1780 [ 00DDA200D71BAC534BF56A9DB5DFD666, CA316B1FFD85BA1CF8664B3229DA1F238A5341E016059F7ED89702324CFD124B ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
09:01:56.0552 0x1780 AmdK8 - ok
09:01:56.0982 0x1780 [ D4EF00B622EBEBEF85AB53C51A509A14, AFDFF78D61D1495BD51197CF26EB34F77871DA0A13E9056DE3776C9364FBC9A9 ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
09:01:57.0272 0x1780 amdkmdag - ok
09:01:57.0332 0x1780 [ 0A536B713BF916E62A14D48B0C1739A3, 425184896AD276AD45822655ADEC9EC499A9574E5815426AD6231029B46DD194 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
09:01:57.0342 0x1780 amdkmdap - ok
09:01:57.0372 0x1780 [ 3CBF30F5370FDA40DD3E87DF38EA53B6, 7EACF1743367BE805357B6FD10F8F99E9B1C301FE3782D77719347B13DFA65EC ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
09:01:57.0372 0x1780 AmdPPM - ok
09:01:57.0432 0x1780 [ D320BF87125326F996D4904FE24300FC, F767D8C5C58D57202905D829F7AE1B1FF33937F407FDCE4C90E32A6638F27416 ] amdsata C:\Windows\system32\drivers\amdsata.sys
09:01:57.0432 0x1780 amdsata - ok
09:01:57.0472 0x1780 [ EA43AF0C423FF267355F74E7A53BDABA, 3F1335909AB0281A2FBDD7AD90E18309E091656CD32B48894B992789D8C61DB4 ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
09:01:57.0482 0x1780 amdsbs - ok
09:01:57.0502 0x1780 [ 46387FB17B086D16DEA267D5BE23A2F2, 8B8AC61B91F154B4EB5CC6DECB5FCCEBA8B42EFE94859947136AD06681EA8ED0 ] amdxata C:\Windows\system32\drivers\amdxata.sys
09:01:57.0502 0x1780 amdxata - ok
09:01:57.0562 0x1780 [ 81F97D8F8B3FB94A451CC6F7CF8B2965, 8DEBA4E47E1016D69740C0BB7CDD23852D86E0D42C1C1EA5A847ECB115C38CB1 ] AppID C:\Windows\system32\drivers\appid.sys
09:01:57.0562 0x1780 AppID - ok
09:01:57.0592 0x1780 [ F5090F8FA6757C58E17BAEAA86093636, 5E14CF3032DF5801240F45C59AA93962EA41AA5648A0C6458D16D9B9D95A131F ] AppIDSvc C:\Windows\System32\appidsvc.dll
09:01:57.0592 0x1780 AppIDSvc - ok
09:01:57.0632 0x1780 [ EACFDF31921F51C097629F1F3C9129B4, 24138755D823E69760579ECBD672421192457CDC9941B2BC499C2D34D83E86C3 ] Appinfo C:\Windows\System32\appinfo.dll
09:01:57.0642 0x1780 Appinfo - ok
09:01:57.0712 0x1780 [ 221564CC7BE37611FE15EACF443E1BF6, 381BDF17418C779D72332431BA174C2AD76CD9C7C1711FF5142EA9B05D5555E4 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
09:01:57.0712 0x1780 Apple Mobile Device - ok
09:01:57.0762 0x1780 [ 2932004F49677BD84DBC72EDB754FFB3, 73F84582244AC53994A2F4499A119B4A84A6BF7FD3046C29A8080C763DE540B8 ] arc C:\Windows\system32\DRIVERS\arc.sys
09:01:57.0762 0x1780 arc - ok
09:01:57.0782 0x1780 [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7, F7C9C3B4F2C816F57A43B2921672858C291054220BADE291044343778216F6BA ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
09:01:57.0792 0x1780 arcsas - ok
09:01:57.0902 0x1780 [ 776ACEFA0CA9DF0FAA51A5FB2F435705, 72DF7ED6B085BC468994F5B3189506FD726A9A17A9C42ACA1E420D787691361D ] aspnet_state C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
09:01:57.0902 0x1780 aspnet_state - ok
09:01:57.0932 0x1780 [ ADD2ADE1C2B285AB8378D2DAAF991481, 7965A705F37924C0EC7A934E64E89C5DF4069816E2EEA3509E0AC90F78910519 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
09:01:57.0932 0x1780 AsyncMac - ok
09:01:57.0962 0x1780 [ 338C86357871C167A96AB976519BF59E, F28CC534523D1701B0552F5D7E18E88369C4218BDB1F69110C3E31D395884AD6 ] atapi C:\Windows\system32\drivers\atapi.sys
09:01:57.0962 0x1780 atapi - ok
09:01:58.0022 0x1780 [ 636C40DAC5D13F4C354973017AA8ADC2, A32B0F39092765FCBC7D0135D8CD905C9FDB302B7A7474195108F8118833A842 ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW73.sys
09:01:58.0032 0x1780 AtiHDAudioService - ok
09:01:58.0082 0x1780 [ C1619A13B10CAC5038BF7129F57D8DE3, 9F71EA6C844650658938E68CCC1383F92D37C68E46E08461A8351491185BA791 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
09:01:58.0102 0x1780 AudioEndpointBuilder - ok
09:01:58.0122 0x1780 [ C1619A13B10CAC5038BF7129F57D8DE3, 9F71EA6C844650658938E68CCC1383F92D37C68E46E08461A8351491185BA791 ] Audiosrv C:\Windows\System32\Audiosrv.dll
09:01:58.0132 0x1780 Audiosrv - ok
09:01:58.0292 0x1780 [ B90962C56D37665500E3B2510844F57E, D3A97436CACA7FD2E6EF6B07536F26665C06F6251472FAB96E923039412E6E85 ] AVKProxy C:\Program Files\Common Files\G Data\AVKProxy\AVKProxy.exe
09:01:58.0332 0x1780 AVKProxy - ok
09:01:58.0482 0x1780 [ 56C6F2D7F1D515B4B534217443D3B67F, CB9E94EE515EE7C426B34EC40DFDEF27893C3379C011B2FF6EEF318A34BCF482 ] AVKService C:\Program Files\G Data\InternetSecurity\AVK\AVKService.exe
09:01:58.0502 0x1780 AVKService - ok
09:01:58.0622 0x1780 [ 460DF58F2B393689EA6B87288BA7DFC5, D0330FC768B98DB4E76132CB40044E600AFE83964E63845C2534254EA5B15DA2 ] AVKWCtl C:\Program Files\G Data\InternetSecurity\AVK\AVKWCtl.exe
09:01:58.0672 0x1780 AVKWCtl - ok
09:01:58.0712 0x1780 [ 6E30D02AAC9CAC84F421622E3A2F6178, 229DC527C1D6C778BCA2C855A2A6F6D2C4B0F4F6DE56C886B3AAD26E3347952C ] AxInstSV C:\Windows\System32\AxInstSV.dll
09:01:58.0722 0x1780 AxInstSV - ok
09:01:58.0782 0x1780 [ 1A231ABEC60FD316EC54C66715543CEC, 09E2897BA80737997A286EA5408C03DD3CC0EBACD24CB391C2455B6D4BE7D67E ] b06bdrv C:\Windows\system32\DRIVERS\bxvbdx.sys
09:01:58.0803 0x1780 b06bdrv - ok
09:01:58.0843 0x1780 [ BD8869EB9CDE6BBE4508D869929869EE, F4363A12EBFDBB89C69FD59B22F9EE05BADA07D477A1DF2DE01F59D6EE496543 ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys
09:01:58.0843 0x1780 b57nd60x - ok
09:01:58.0893 0x1780 [ EE1E9C3BB8228AE423DD38DB69128E71, ED54FD9795F3A4D32F02BED6052AD9404409A05644CDBEBFF19C662D104DA95A ] BDESVC C:\Windows\System32\bdesvc.dll
09:01:58.0903 0x1780 BDESVC - ok
09:01:58.0933 0x1780 [ 505506526A9D467307B3C393DEDAF858, 8AD6F1492E357F57CF42261497BA29122045D4FC0DCC9669AA5AC9B2A4BABFA4 ] Beep C:\Windows\system32\drivers\Beep.sys
09:01:58.0943 0x1780 Beep - ok
09:01:59.0123 0x1780 [ 1E2BAC209D184BB851E1A187D8A29136, 53933C938DA5126986FFF2918C1F522ABE93ABAB460AE32E4453161C2F7B68DF ] BFE C:\Windows\System32\bfe.dll
09:01:59.0133 0x1780 BFE - ok
09:01:59.0163 0x1780 [ E585445D5021971FAE10393F0F1C3961, 178C008A9A0A6BFDA65EB0B98C510271360AD4474F22F13594F5EB60AA4E1CF5 ] BITS C:\Windows\System32\qmgr.dll
09:01:59.0183 0x1780 BITS - ok
09:01:59.0193 0x1780 [ 2287078ED48FCFC477B05B20CF38F36F, 55BCA6174E6034A8D61CBE4126B2F1989F6052BFA624BEA9C0A0A664AEC74521 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
09:01:59.0193 0x1780 blbdrive - ok
09:01:59.0233 0x1780 [ 8F2DA3028D5FCBD1A060A3DE64CD6506, E234672E9CFE1A95AD2E78E306E41E010B870221E6EBBC0E2B0BE2FA5CE0CD76 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
09:01:59.0233 0x1780 bowser - ok
09:01:59.0243 0x1780 [ 9F9ACC7F7CCDE8A15C282D3F88B43309, A9131334BD9CF8FD60BA9D54AA054E2DF2BE1219FB650DF1464F2787BDEAE98F ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
09:01:59.0243 0x1780 BrFiltLo - ok
09:01:59.0263 0x1780 [ 56801AD62213A41F6497F96DEE83755A, 0DEB8318FB47DF6473C171C795C735E26A73FA12232876C6856549EA16F33361 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
09:01:59.0263 0x1780 BrFiltUp - ok
09:01:59.0293 0x1780 [ 3DAA727B5B0A45039B0E1C9A211B8400, 903B51E75F0C503A0E255120F53BF51B047B219FEC1E15F2F1D02DDD562FC73B ] Browser C:\Windows\System32\browser.dll
09:01:59.0293 0x1780 Browser - ok
09:01:59.0313 0x1780 [ 845B8CE732E67F3B4133164868C666EA, 9309B094CD9B5EBC46295A5EB806BED472C3CEDE3B5F6F497EBDABA496A2A27F ] Brserid C:\Windows\System32\Drivers\Brserid.sys
09:01:59.0323 0x1780 Brserid - ok
09:01:59.0333 0x1780 [ 203F0B1E73ADADBBB7B7B1FABD901F6B, 782FA7B26940FE479C49C9BAA2EB582CDAAAD607013E9BCFC85E6FBBB7D49A6D ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
09:01:59.0333 0x1780 BrSerWdm - ok
09:01:59.0353 0x1780 [ BD456606156BA17E60A04E18016AE54B, DFBDC9DA6A3EA40BACFF204BC6C55C2C122B5885D2CBF6D45054DE43EE15EC4D ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
09:01:59.0353 0x1780 BrUsbMdm - ok
09:01:59.0363 0x1780 [ AF72ED54503F717A43268B3CC5FAEC2E, 4A638669B0C30B1BDED242A8BF2015A37749570FF4D67D190BACC8D7E0C44468 ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
09:01:59.0363 0x1780 BrUsbSer - ok
09:01:59.0393 0x1780 [ ED3DF7C56CE0084EB2034432FC56565A, B5B75E002E7BC0209582C635CCCA26DB569BDB23C33A126634E00C6434BF941B ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
09:01:59.0393 0x1780 BTHMODEM - ok
09:01:59.0433 0x1780 [ 1DF19C96EEF6C29D1C3E1A8678E07190, 1F4BB161FF3A1C5B1465BB52F3520FEDB7ACB1FAA132466F07D16DB8E394AEA5 ] bthserv C:\Windows\system32\bthserv.dll
09:01:59.0433 0x1780 bthserv - ok
09:01:59.0443 0x1780 [ 77EA11B065E0A8AB902D78145CA51E10, 160EB3BBE9E5F3CC4A02584E6F2576A812C7565B940D74838B983F1EE51FA73A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
09:01:59.0443 0x1780 cdfs - ok
09:01:59.0673 0x1780 [ BE167ED0FDB9C1FA1133953C18D5A6C9, E26A851CA13E7300F977E5B20FA5D25FD0E1442AB6AD5DB58BBDB2DAAD87027C ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
09:01:59.0683 0x1780 cdrom - ok
09:01:59.0723 0x1780 [ 319C6B309773D063541D01DF8AC6F55F, 182F392FE839499D159A30A3CD04B5D0C87219930BFB1A7456880B7DA75B9820 ] CertPropSvc C:\Windows\System32\certprop.dll
09:01:59.0733 0x1780 CertPropSvc - ok
09:01:59.0753 0x1780 [ 3FE3FE94A34DF6FB06E6418D0F6A0060, 6B3A2A26609A75B690D4C0B3059E40822F3B3DB08943F58EC496BABDA7D0A735 ] circlass C:\Windows\system32\DRIVERS\circlass.sys
09:01:59.0753 0x1780 circlass - ok
09:01:59.0793 0x1780 [ 33A60554882FDF59CDA3E1806370BBA1, 3DE5451E1CB84AAEBD03F54BEFC670C401447B4881A8B022748B6ECF0F500F01 ] CLFS C:\Windows\system32\CLFS.sys
09:01:59.0803 0x1780 CLFS - ok
09:01:59.0873 0x1780 [ F13EC8A783E0CB0D6DC26A3CA848B7B8, 0809E3B71709F1343086EEB6C820543C1A7119E74EEF8AC1AEE1F81093ABEC66 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
09:01:59.0883 0x1780 clr_optimization_v2.0.50727_32 - ok
09:01:59.0953 0x1780 [ C5A75EB48E2344ABDC162BDA79E16841, 6070A8AAFD38FBC6A68A2B10C20117612354DF21B4492D90CA522BFB6870D726 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
09:01:59.0983 0x1780 clr_optimization_v4.0.30319_32 - ok
09:02:00.0003 0x1780 [ DEA805815E587DAD1DD2C502220B5616, 2D6A7668C95352B818F5EC59FF462894935833D34190257DA9CAC7E67FD3631C ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
09:02:00.0003 0x1780 CmBatt - ok
09:02:00.0033 0x1780 [ C537B1DB64D495B9B4717B4D6D9EDBF2, 400EEFE662DE117C9CC956E4CBD5E98F28F962E7447CD93E8A78FDD8CA39EB4B ] cmdide C:\Windows\system32\drivers\cmdide.sys
09:02:00.0033 0x1780 cmdide - ok
09:02:00.0153 0x1780 [ 3051724F223EA48968B19567DE2A81F4, DCC27DE1B2B35866FC6DBDE95A368E7D0D346B6C3F31D0BACA63DD39B0A8874E ] CNG C:\Windows\system32\Drivers\cng.sys
09:02:00.0163 0x1780 CNG - ok
09:02:00.0323 0x1780 [ 091A2D76A1FFFA523CD453CBABC4078D, 69B9383028D5690CD94022ED6E714D796B291DC21538B4D853B9D26AFA7D1378 ] ColorZillaStatsUpdater C:\Users\Oliver\AppData\LocalLow\ColorZillaStats\IE\ColorZillaStatsUpdater.exe
09:02:00.0323 0x1780 ColorZillaStatsUpdater - ok
09:02:00.0343 0x1780 [ A6023D3823C37043986713F118A89BEE, FAC239A7FA6251C7EDFFA34B4BAE3910B8BC0BD4A3574B6DB6931A8D691E207B ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
09:02:00.0353 0x1780 Compbatt - ok
09:02:00.0383 0x1780 [ CBE8C58A8579CFE5FCCF809E6F114E89, AC083A1C649EBA18C59FCC1772D0784B10E2B8C63094E3C14388E147DBC3F6DF ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
09:02:00.0383 0x1780 CompositeBus - ok
09:02:00.0393 0x1780 COMSysApp - ok
09:02:00.0413 0x1780 [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1, 6FC323217D82EF661BA0E3F949B61B05BB5235D1A69C81D24876C2153FAECEF6 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
09:02:00.0423 0x1780 crcdisk - ok
09:02:00.0473 0x1780 [ 49474B3E37969AF4B5C076F42B623AFF, BDA6B57E9B60EF1B67C74099263D33A367AAA035667239F76AB8B268FD3E8F23 ] CryptSvc C:\Windows\system32\cryptsvc.dll
09:02:00.0483 0x1780 CryptSvc - ok
09:02:00.0523 0x1780 [ 7660F01D3B38ACA1747E397D21D790AF, 04611B43705C064C2A8331F6D3F8E4530295694AE2C3E3EC3F62CFF4A5EFA88D ] DcomLaunch C:\Windows\system32\rpcss.dll
09:02:00.0543 0x1780 DcomLaunch - ok
09:02:00.0573 0x1780 [ 8D6E10A2D9A5EED59562D9B82CF804E1, 888F9650F4E872BA8F4E0C27E38A6672A561042B17EBA40E306A22357965B0AD ] defragsvc C:\Windows\System32\defragsvc.dll
09:02:00.0583 0x1780 defragsvc - ok
09:02:00.0613 0x1780 [ F024449C97EC1E464AAFFDA18593DB88, 7EF1E241892E098A472BCA14C724DFF1AACCF190954AF1C4A38B6D542CC74BD2 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
09:02:00.0623 0x1780 DfsC - ok
09:02:00.0663 0x1780 [ B575C523F537F24D66D31F8877E6BCAB, E2EA9A4DA052D60E7C79A07DF16CD33D5ECB53CB3C6135EDDE8403B951032C38 ] dg_ssudbus C:\Windows\system32\DRIVERS\ssudbus.sys
09:02:00.0663 0x1780 dg_ssudbus - ok
09:02:00.0703 0x1780 [ E9E01EB683C132F7FA27CD607B8A2B63, 4D9037B458C522874619143A4176BCED42472C68933E6E83D37B67242706F3C4 ] Dhcp C:\Windows\system32\dhcpcore.dll
09:02:00.0713 0x1780 Dhcp - ok
09:02:00.0763 0x1780 [ 1A050B0274BFB3890703D490F330C0DA, 79D74F4679A2EE040FAAF4D0392A9311239A10A5F8A5CCB48656C6F89B6D62FB ] discache C:\Windows\system32\drivers\discache.sys
09:02:00.0763 0x1780 discache - ok
09:02:00.0803 0x1780 [ 565003F326F99802E68CA78F2A68E9FF, ABC42B24DBA4FFC411120E09278EF26AF56CCAB463B69B4BD6C530B4A07063D2 ] Disk C:\Windows\system32\DRIVERS\disk.sys
09:02:00.0813 0x1780 Disk - ok
09:02:00.0863 0x1780 [ 33EF4861F19A0736B11314AAD9AE28D0, 4C4B84365D85758E3263B88F157D8B086B392C6F1EA5F0F3DB6BF87EF90248EC ] Dnscache C:\Windows\System32\dnsrslvr.dll
09:02:00.0873 0x1780 Dnscache - ok
09:02:00.0923 0x1780 [ 366BA8FB4B7BB7435E3B9EACB3843F67, 65B7C61ACF34F1F0149045AA9E09A3F917A927963237A385A914D0B80551DC31 ] dot3svc C:\Windows\System32\dot3svc.dll
09:02:00.0933 0x1780 dot3svc - ok
09:02:00.0953 0x1780 [ 8EC04CA86F1D68DA9E11952EB85973D6, 2E3FBC2D683D1274E8BC45EEEA87D43B77EDDCAAF0D453296D9FDA6B9D717071 ] DPS C:\Windows\system32\dps.dll
09:02:00.0963 0x1780 DPS - ok
09:02:00.0983 0x1780 [ B918E7C5F9BF77202F89E1A9539F2EB4, C589A37DE50BBEF22E2DAA9682EA43147F614AA1AF7DAAA942BA5FC192313A0B ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
09:02:00.0983 0x1780 drmkaud - ok
09:02:01.0043 0x1780 [ 3583A5A8CC2E682BFFBD4630D0FEC08B, FD0F184B358FCECAA763444B414074BEF4E871EB7527D88385519FC158435C72 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
09:02:01.0053 0x1780 DXGKrnl - ok
09:02:01.0073 0x1780 [ 8600142FA91C1B96367D3300AD0F3F3A, 5713625E27DF11FAAFDA7AC79899A6AD813166E167088FA990EC5DE87DBE83DF ] EapHost C:\Windows\System32\eapsvc.dll
09:02:01.0073 0x1780 EapHost - ok
09:02:01.0223 0x1780 [ 024E1B5CAC09731E4D868E64DBFB4AB0, AB0826A74BBEE5B7A1B035861B665C79BC98305CFC7D82BEF420558FBD3EE994 ] ebdrv C:\Windows\system32\DRIVERS\evbdx.sys
09:02:01.0283 0x1780 ebdrv - ok
09:02:01.0323 0x1780 [ 618BA9298726844DA4E9E53C7C8D4015, BCDA8D829E0D40DA8E30832D6A53A2B9882655E5B024E4171BA9732456549B3E ] EFS C:\Windows\System32\lsass.exe
09:02:01.0323 0x1780 EFS - ok
09:02:01.0403 0x1780 [ A8C362018EFC87BEB013EE28F29C0863, 07971C681FBD391C0BA0172618AF8AD77520182207F1C57F134B34D6A113857F ] ehRecvr C:\Windows\ehome\ehRecvr.exe
09:02:01.0423 0x1780 ehRecvr - ok
09:02:01.0473 0x1780 [ D389BFF34F80CAEDE417BF9D1507996A, 12859B9925D7A4631DE61A820922F43F56ED23C2AF014CBF36322685E5CF641E ] ehSched C:\Windows\ehome\ehsched.exe
09:02:01.0473 0x1780 ehSched - ok
09:02:01.0533 0x1780 [ 0ED67910C8C326796FAA00B2BF6D9D3C, 97FAA7627A162B0AEC15545E0165D13355D535B4157604BB87F8EEB72ECD24A8 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
09:02:01.0543 0x1780 elxstor - ok
09:02:01.0583 0x1780 [ 539CA34FBC74EC366A0D751028C32A08, 5A52964970564D363B9D676A182892B3CE61B3A1BAA67BEF59DFA29F15ED5815 ] epmntdrv C:\Windows\system32\epmntdrv.sys
09:02:01.0583 0x1780 epmntdrv - ok
09:02:01.0623 0x1780 [ 8FC3208352DD3912C94367A206AB3F11, 69B65C12BDADD4B730508674B1B77C5496612B4ACCC447DB9AFE49ADEA8CBF02 ] ErrDev C:\Windows\system32\drivers\errdev.sys
09:02:01.0623 0x1780 ErrDev - ok
09:02:01.0663 0x1780 [ 1F2F4AB15CE03ECC257FEB2F6DC5A013, FB06406AD9CCD946155C4E8CA769E0430589A4E4BBBDA2C90A67C84E0D2F8EE0 ] EuGdiDrv C:\Windows\system32\EuGdiDrv.sys
09:02:01.0673 0x1780 EuGdiDrv - ok
09:02:01.0723 0x1780 [ F6916EFC29D9953D5D0DF06882AE8E16, ED41893960018D5EC2F7829B1DE4B6967D9FD074D60B11B9EB854E3E0948EC24 ] EventSystem C:\Windows\system32\es.dll
09:02:01.0743 0x1780 EventSystem - ok
09:02:01.0763 0x1780 [ 2DC9108D74081149CC8B651D3A26207F, 75CB47923A867DDAC512701CE71DFCFC340FC3A2E27F4255D0836A1FBC463176 ] exfat C:\Windows\system32\drivers\exfat.sys
09:02:01.0773 0x1780 exfat - ok
09:02:01.0833 0x1780 Fabs - ok
09:02:01.0863 0x1780 [ 7E0AB74553476622FB6AE36F73D97D35, 41463A255FDA1D550B3385EC7C73ABC343B1BBBE9CEE4DF9F2A8B3E7338C4947 ] fastfat C:\Windows\system32\drivers\fastfat.sys
09:02:01.0873 0x1780 fastfat - ok
09:02:01.0943 0x1780 [ 967EA5B213E9984CBE270205DF37755B, 43153E23210B03FAE16897D62D55B8742F834EDC695F8401EAB5DE307F62602D ] Fax C:\Windows\system32\fxssvc.exe
09:02:01.0963 0x1780 Fax - ok
09:02:01.0983 0x1780 [ E817A017F82DF2A1F8CFDBDA29388B29, 4CC9320A21E6FEA2D16C48D6BEA14391B695BD541A3C5FDDAEEE086A414FC837 ] fdc C:\Windows\system32\DRIVERS\fdc.sys
09:02:01.0983 0x1780 fdc - ok
09:02:02.0003 0x1780 [ F3222C893BD2F5821A0179E5C71E88FB, A85B947249DBB986358CCD4B158DD58A9301F074F3C6CCCDEF2D01F432E59D1B ] fdPHost C:\Windows\system32\fdPHost.dll
09:02:02.0003 0x1780 fdPHost - ok
09:02:02.0013 0x1780 [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B, 0E76C29D2A974A3F2FBFCB63D066D4136B78E02F6B1F579B1865CA7A76193987 ] FDResPub C:\Windows\system32\fdrespub.dll
09:02:02.0013 0x1780 FDResPub - ok
09:02:02.0043 0x1780 [ 6CF00369C97F3CF563BE99BE983D13D8, F65F35324A2FB9DFB533B1C4D089D990CC242218FE83414329D07B786D8EFF33 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
09:02:02.0043 0x1780 FileInfo - ok
09:02:02.0063 0x1780 [ 42C51DC94C91DA21CB9196EB64C45DB9, 388C68D12ECC8FFE3116FEAAF4DB7B80CF4A3F97E935788DD21C6ADE2369F635 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
09:02:02.0063 0x1780 Filetrace - ok
09:02:02.0183 0x1780 [ 5BD96D8C5411ACE71A7EAACAF0EF2903, 2AF58E6060C7DEC44B4CA30E14E164473CD4089AE475DAFFC61DFE56990C1147 ] FirebirdServerMAGIXInstance C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe
09:02:02.0233 0x1780 FirebirdServerMAGIXInstance - ok
09:02:02.0263 0x1780 [ 87907AA70CB3C56600F1C2FB8841579B, CA1CD82A1CD453617CE5EA431A1836997F14E3580554E8A516D9FE1E9926D979 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
09:02:02.0263 0x1780 flpydisk - ok
09:02:02.0283 0x1780 [ 7520EC808E0C35E0EE6F841294316653, 6EC65511B4838A7172A8F89E35C2F9DF4F0BFCE3BE12EDA790F3EB567102FF67 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
09:02:02.0333 0x1780 FltMgr - ok
09:02:02.0433 0x1780 [ 6EC244F102C7F129678E5F7309D1366D, C30DA201AC623DA440B0A0716534557C578218C2A591FA8893CCCBD96B4518F9 ] FontCache C:\Windows\system32\FntCache.dll
09:02:02.0463 0x1780 FontCache - ok
09:02:02.0503 0x1780 [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F, DBED26852B99B362152DA9CD4F31A1883EF6F9B496F3CF3772A197BA72DB61DA ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
09:02:02.0513 0x1780 FontCache3.0.0.0 - ok
09:02:02.0523 0x1780 [ 1A16B57943853E598CFF37FE2B8CBF1D, 87609F46F3B8123552141FD70866E895220B1BBD92BC2B580CAF49201AA0197E ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
09:02:02.0523 0x1780 FsDepends - ok
09:02:02.0543 0x1780 [ 2ED0BABD4CD98ED820FD0D0BCBE96721, A5B955F77BBD299DEF0F25047EF5C6E63AD3D25E4E783D974AA8BB64878D97D7 ] fssfltr C:\Windows\system32\DRIVERS\fssfltr.sys
09:02:02.0553 0x1780 fssfltr - ok
09:02:02.0663 0x1780 [ B6AB40819ECEC4BA07266EC0EBBC85A7, 71D385043720B622305FD64BD1187C6FFD7191C30794F95629CF6BFDC0A25BA2 ] fsssvc C:\Program Files\Windows Live\Family Safety\fsssvc.exe
09:02:02.0693 0x1780 fsssvc - ok
09:02:02.0763 0x1780 [ 7DAE5EBCC80E45D3253F4923DC424D05, 8A2C4D5591509B0B0A44583520617A9AE34F32BB6E68A012A7D7870ED24F703A ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
09:02:02.0763 0x1780 Fs_Rec - ok
09:02:02.0853 0x1780 [ E306A24D9694C724FA2491278BF50FDB, 1D246B9C28550640EACBF8CF9DC980FD75106B92832D392FEBEF0C7012353091 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
09:02:02.0873 0x1780 fvevol - ok
09:02:02.0893 0x1780 [ 65EE0C7A58B65E74AE05637418153938, 0E1A398ADD8411AF4CCC3344D67BE1B261320C58328BD5C5855A357476FAEBEF ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
09:02:02.0893 0x1780 gagp30kx - ok
09:02:02.0993 0x1780 [ ADBE0A582D839FBAF416F1F07FA53AD7, 559D95D3BCF71DDB50CC10A4EB9941B2CB95091C6E317B740E9DB3367A260573 ] Garmin Core Update Service C:\Program Files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
09:02:03.0003 0x1780 Garmin Core Update Service - ok
09:02:03.0033 0x1780 [ 6E755F8DA0790AA6924B8BE91CC99A4B, 7804DC14E6CC1775DB4A7833D0B8FC73C8AA1A2A81F65811FC26FC773FB50670 ] GDBehave C:\Windows\system32\drivers\GDBehave.sys
09:02:03.0033 0x1780 GDBehave - ok
09:02:03.0183 0x1780 [ FE489997ABB4335371188561E22E08C7, 8F7859E2228464664B410FCC9224C727784A2EC115D618BF0889BFFEC96D97C2 ] GDFwSvc C:\Program Files\G Data\InternetSecurity\Firewall\GDFwSvc.exe
09:02:03.0223 0x1780 GDFwSvc - ok
09:02:03.0263 0x1780 [ 0B644EB2DA939985D674B653FA446933, BE4517F73A6A20433403100F6B30EDDB194EB243772C8D4AB0C5FB732793FF74 ] GDMnIcpt C:\Windows\system32\drivers\MiniIcpt.sys
09:02:03.0263 0x1780 GDMnIcpt - ok
09:02:03.0283 0x1780 [ B7D00C0B098A27937B249E50398D0A73, FD2EF6B9FB85E7A8FB92051C11EB7A3DCD334F9BEAE7F0F242972C06A94BD799 ] GDPkIcpt C:\Windows\system32\drivers\PktIcpt.sys
09:02:03.0283 0x1780 GDPkIcpt - ok
09:02:03.0333 0x1780 [ 846972E3EBB10D2F39A69B5E6CF08313, 7E2EC3BBF066C3C40F75F2533D1AB2307C3331FA460243A4F4B31A61714C159E ] GDScan C:\Program Files\Common Files\G Data\GDScan\GDScan.exe
09:02:03.0353 0x1780 GDScan - ok
09:02:03.0363 0x1780 [ 3B6E35FDA3AB07A081CA1D0BCB205F19, F0C92BC0152A427D11EA9B1389DA7CDE2BB1DBAE12EE8D9C781E7A215F511D61 ] gdwfpcd C:\Windows\system32\drivers\gdwfpcd32.sys
09:02:03.0363 0x1780 gdwfpcd - ok
09:02:03.0393 0x1780 [ 185ADA973B5020655CEE342059A86CBB, D3E352DFAF30761505480A4C557D980083F65EC5BD46E2656B2114D47B272A89 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
09:02:03.0403 0x1780 GEARAspiWDM - ok
09:02:03.0453 0x1780 [ E897EAF5ED6BA41E081060C9B447A673, A428DC68516F19C6C53A8B62E4BDB2587E70FB751B9D77700B6B147D347DA157 ] gpsvc C:\Windows\System32\gpsvc.dll
09:02:03.0473 0x1780 gpsvc - ok
09:02:03.0523 0x1780 [ 3CC33DAB9350C99538BB8CC2D675E1F2, 9ADB2B8CDC87E3CF6E707635EF6EB8EB4DBF14ADFE059E6C7FABCD771592066B ] GRD C:\Windows\system32\drivers\GRD.sys
09:02:03.0533 0x1780 GRD - ok
09:02:03.0593 0x1780 [ 4C6044C33A89E9905C2039BD9CAC8DA8, 1055DD19FA75F3198E6E0990F7BD34CFE58B658FFB26307CB851D6B7C374FEF5 ] GtDetectSc C:\Program Files\Option\Option WWAN Driver 5.0.32.0 Installer\GtDetectSc.exe
09:02:03.0613 0x1780 GtDetectSc - ok
09:02:03.0663 0x1780 [ C44E3C2BAB6837DB337DDEE7544736DB, 88A24FF7D2FECCEAFFD421B2039A0FB623DA47A6B220B80EF1E52DD26D9E222D ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
09:02:03.0673 0x1780 hcw85cir - ok
09:02:03.0723 0x1780 [ A5EF29D5315111C80A5C1ABAD14C8972, A181DA72E946F121C3F4A19438C547B0BFD15138AB1DB5465945EC89DF1F6B0A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
09:02:03.0743 0x1780 HdAudAddService - ok
09:02:03.0783 0x1780 [ 9036377B8A6C15DC2EEC53E489D159B5, 1E56D2ACFE92E6DF96D755B05C63D580EED82C210F075C8623E138BEE6BCD41B ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
09:02:03.0793 0x1780 HDAudBus - ok
09:02:03.0803 0x1780 [ 1D58A7F3E11A9731D0EAAAA8405ACC36, 7056FA18B86FBD52C4A6092D80476C02553EA053D6A0BEDB01A2FA5E152D5215 ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
09:02:03.0803 0x1780 HidBatt - ok
09:02:03.0813 0x1780 [ 89448F40E6DF260C206A193A4683BA78, 71E0FCC32AE6FF8DFF420DB0383D6A200E1EAE14BD2E32453F92CE18B31C1F3C ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
09:02:03.0813 0x1780 HidBth - ok
09:02:03.0833 0x1780 [ CF50B4CF4A4F229B9F3C08351F99CA5E, B97843620AF80FF0EC8F2C438255C0A42A756C6314FAF3DEF415DE16E14C108F ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
09:02:03.0833 0x1780 HidIr - ok
09:02:03.0873 0x1780 [ 2BC6F6A1992B3A77F5F41432CA6B3B6B, 2AF3312F1C8C8923C0A29AA5DAE57CE269417E53DEA2F0CCCC8DB57029698FE1 ] hidserv C:\Windows\system32\hidserv.dll
09:02:03.0873 0x1780 hidserv - ok
09:02:03.0893 0x1780 [ 10C19F8290891AF023EAEC0832E1EB4D, E208553029488A6EE2F5216CC9FE5F93E9931A94C0D0625253BB159E30642853 ] HidUsb C:\Windows\system32\drivers\hidusb.sys
09:02:03.0903 0x1780 HidUsb - ok
09:02:03.0933 0x1780 [ 196B4E3F4CCCC24AF836CE58FACBB699, 7A2E1F603A073421FA0987EFB96647F1F0F2D4E0C82AA62EBC041585DA811DAF ] hkmsvc C:\Windows\system32\kmsvc.dll
09:02:03.0933 0x1780 hkmsvc - ok
09:02:03.0953 0x1780 [ 6658F4404DE03D75FE3BA09F7ABA6A30, E51D9C1580A283EB862F09B73AAE1B647DD683A53F3DD99834222F12DD15E40F ] HomeGroupListener C:\Windows\system32\ListSvc.dll
09:02:03.0963 0x1780 HomeGroupListener - ok
09:02:03.0993 0x1780 [ DBC02D918FFF1CAD628ACBE0C0EAA8E8, 02121800D9062692C102475876AE8143EBE46D855E8328B8CDCFE6A2F0D19696 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
09:02:03.0993 0x1780 HomeGroupProvider - ok
09:02:04.0033 0x1780 [ 6AD5573C959D466C1BB6360C3CE21FEF, 7CA95C1D756C2223C16B9DF517FCDBBBAAAE3C6FD85F1EE8DA8628ECBD24E93E ] HookCentre C:\Windows\system32\drivers\HookCentre.sys
09:02:04.0033 0x1780 HookCentre - ok
09:02:04.0103 0x1780 [ F5F4818A15AF6128A2BADD1B1F102413, E566CA6097502EE411756CD5BE6504B229BB5EAF78E0DA7C485B75E5BE9B0773 ] HP DS Service C:\Program Files\HP\HPBDSService\HPBDSService.exe
09:02:04.0113 0x1780 HP DS Service - ok
09:02:04.0163 0x1780 [ 3BF3B2F977115DD06475983790032BA7, 47C374EF12C01C7E2A881CD78C874B09F1563F96028289AFF7DB40E3C4BE9CFC ] HP LaserJet Service C:\Program Files\HP\HPLaserJetService\HPLaserJetService.exe
09:02:04.0173 0x1780 HP LaserJet Service - ok
09:02:04.0213 0x1780 [ 6F98A555ACF3C1B68FCC1F50E0FD2091, 2A37C2B9BD4B38A6D832CE847B8B65B7AA1E8B38D3463A3502DD4C5E12E5D7EC ] HPFXBULKLEDM C:\Windows\system32\drivers\hppcbulkio.sys
09:02:04.0213 0x1780 HPFXBULKLEDM - ok
09:02:04.0243 0x1780 [ 295FDC419039090EB8B49FFDBB374549, 670E8015FD374640C6570F56F7FE8DE4D8F92E7A8072F5D1B2B95D0BD699CEF7 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
09:02:04.0253 0x1780 HpSAMD - ok
09:02:04.0333 0x1780 [ 487569E5DA56A5A432FF8AF6D3599CF9, 7C974D8379C60B4F69A20B01876C49181B0A63AC318C4BD0A21DABFF27A15C9D ] HTTP C:\Windows\system32\drivers\HTTP.sys
09:02:04.0353 0x1780 HTTP - ok
09:02:04.0373 0x1780 huawei_enumerator - ok
09:02:04.0413 0x1780 [ 0C4E035C7F105F1299258C90886C64C5, CFB4FBE7B28058E6D3E6E508CF3C1645F6AAE0AFEB4C5364835B9C42311DF0D4 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
09:02:04.0413 0x1780 hwpolicy - ok
09:02:04.0433 0x1780 [ F151F0BDC47F4A28B1B20A0818EA36D6, 84B24B5796D9F70A8C37773F5484A4606CC7908370CCD942627ACBEDC4952D79 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
09:02:04.0433 0x1780 i8042prt - ok
09:02:04.0453 0x1780 [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E, 72870092A80C6DAE0105025B0ED8B607E98BA81E59298364A7FE4C9C56C68FF0 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
09:02:04.0453 0x1780 iaStorV - ok
09:02:04.0563 0x1780 [ 3E9213A2A050BF429E91898C90F8B4E3, D80ABE5691087661B19F01927B631CB8C5291120B814B6F863F046E0D643E9E4 ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
09:02:04.0593 0x1780 idsvc - ok
09:02:04.0623 0x1780 IEEtwCollectorService - ok
09:02:04.0653 0x1780 [ 4173FF5708F3236CF25195FECD742915, 0A9C0701DF6EAC6602BE342FC13C7950EF04BB5BDF7D96C2C5DABBD2A29AA55D ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
09:02:04.0653 0x1780 iirsp - ok
09:02:04.0713 0x1780 [ B9C54120F46392100478F58F374E5709, A28EE8B0988F580D5984E815FC78DF41B169260814234AA0E453375542D0957B ] IKEEXT C:\Windows\System32\ikeext.dll
09:02:04.0723 0x1780 IKEEXT - ok
09:02:04.0853 0x1780 [ 19B572DD46F038509846589DCB702B19, C887F184665F04AC3C02CB154D428E47917BBAD50295166C53BA03265092ABAB ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
09:02:04.0913 0x1780 IntcAzAudAddService - ok
09:02:04.0943 0x1780 [ A0F12F2C9BA6C72F3987CE780E77C130, 5F53DF8BE1621AA7DFB655CFD9C95E0AFA1AD3CE2E290E19D7B7FB3C6E380034 ] intelide C:\Windows\system32\drivers\intelide.sys
09:02:04.0943 0x1780 intelide - ok
09:02:04.0963 0x1780 [ 3B514D27BFC4ACCB4037BC6685F766E0, F12D7AC62F8550E6F33B28AD751D8413AB7FFEF963242D99FFA76CE8A48B027A ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
09:02:04.0973 0x1780 intelppm - ok
09:02:05.0013 0x1780 [ ACB364B9075A45C0736E5C47BE5CAE19, 202F77C659103D2D0E787B8CB0A23BE32EA5AA2E6B3B0A0F0A8DFA906AB3C0C0 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
09:02:05.0013 0x1780 IPBusEnum - ok
09:02:05.0053 0x1780 [ 709D1761D3B19A932FF0238EA6D50200, 0A9D2C3A6E91CA45540555B40CB4E2DF3EBE98C1D164C4EECEE20C86782F5823 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
09:02:05.0053 0x1780 IpFilterDriver - ok
09:02:05.0093 0x1780 [ 58F67245D041FBE7AF88F4EAF79DF0FA, 67468D6A46FF4D87AD321BFEA42F2FC843D09AA292A119C76D4D795D06028F96 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
09:02:05.0103 0x1780 iphlpsvc - ok
09:02:05.0133 0x1780 [ 4BD7134618C1D2A27466A099062547BF, 20284ABEF4433A59E2981F4143CAEC67DC990864FE0B9E3DC70EE0B88539E964 ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
09:02:05.0133 0x1780 IPMIDRV - ok
09:02:05.0153 0x1780 [ A5FA468D67ABCDAA36264E463A7BB0CD, EDB828D596E43372F97DAE1AADA46428C4C45FB80646DDC64FAD5F25C826CF63 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
09:02:05.0153 0x1780 IPNAT - ok
09:02:05.0243 0x1780 [ 463790AEF94D8EAB674631257F53252E, A02972457F45AD6816CB5F60DE4CD15D68256695FA0F3E4EAD6F9E36CBE54576 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
09:02:05.0263 0x1780 iPod Service - ok
09:02:05.0283 0x1780 [ 42996CFF20A3084A56017B7902307E9F, 688176DAB91BE569280E4822E4C5BDE755794D293591C53F8047AD59C441751D ] IRENUM C:\Windows\system32\drivers\irenum.sys
09:02:05.0293 0x1780 IRENUM - ok
09:02:05.0303 0x1780 [ 1F32BB6B38F62F7DF1A7AB7292638A35, 86522358680FBB1CEBC56B4D139290689BB0F71A3EC78CE883E4D75D0B37586F ] isapnp C:\Windows\system32\drivers\isapnp.sys
09:02:05.0303 0x1780 isapnp - ok
09:02:05.0333 0x1780 [ EB34CE31FABD4DC4343FD2AD16D2CAF9, D21C91227A15DA89ECF522345D0AB80B3B7FC24A230596DABDB8BD3B7554CE8C ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
09:02:05.0333 0x1780 iScsiPrt - ok
09:02:05.0353 0x1780 [ ADEF52CA1AEAE82B50DF86B56413107E, A3AE1E96B04AC81665ABBD3CB267DFB3F78376DAE18FB0DBD447908DDAAA22D2 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
09:02:05.0353 0x1780 kbdclass - ok
09:02:05.0363 0x1780 [ 9E3CED91863E6EE98C24794D05E27A71, 90CF59F20E14E4A5A793266805E82BF7AE1F0CF4C7BAB1FD2EEF3B53C5DF770F ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
09:02:05.0363 0x1780 kbdhid - ok
09:02:05.0383 0x1780 [ 618BA9298726844DA4E9E53C7C8D4015, BCDA8D829E0D40DA8E30832D6A53A2B9882655E5B024E4171BA9732456549B3E ] KeyIso C:\Windows\system32\lsass.exe
09:02:05.0383 0x1780 KeyIso - ok
09:02:05.0413 0x1780 KL1 - ok
09:02:05.0423 0x1780 kl2 - ok
09:02:05.0433 0x1780 KLIF - ok
09:02:05.0453 0x1780 KLIM6 - ok
09:02:05.0463 0x1780 klmouflt - ok
09:02:05.0493 0x1780 [ A5B076011C853B4CAFD6296217A6E345, 3C852DC701231241881AB472A0CBBA9C1E25E92C52EF819C8AA2252833835344 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
09:02:05.0503 0x1780 KSecDD - ok
09:02:05.0523 0x1780 [ FD6A70D5D5B5BDF36AD265A232DAFB9A, C8CB4CE76A8CBD84CA1430D0E50651D3E3AEF4861FD17DEAFF2974183FAC585F ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
09:02:05.0523 0x1780 KSecPkg - ok
09:02:05.0553 0x1780 [ 89A7B9CC98D0D80C6F31B91C0A310FCD, 4583CAEEE0D50C0C7CE955E533FDA063CDC37B69033D41EF22EF1BA242E4C747 ] KtmRm C:\Windows\system32\msdtckrm.dll
09:02:05.0563 0x1780 KtmRm - ok
09:02:05.0583 0x1780 [ D64AF876D53ECA3668BB97B51B4E70AB, D5C07C019BFEAFBEDC29AB5060356A3B07449712B21B50E03378BEF04AF180F9 ] LanmanServer C:\Windows\system32\srvsvc.dll
09:02:05.0593 0x1780 LanmanServer - ok
09:02:05.0613 0x1780 [ 58405E4F68BA8E4057C6E914F326ABA2, C3E6519A1A38F1B3597D4391E42ABFE8F1F5E86256C4B3BD876CDAD9BB68B0A6 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
09:02:05.0623 0x1780 LanmanWorkstation - ok
09:02:05.0633 0x1780 [ F7611EC07349979DA9B0AE1F18CCC7A6, 879AA7A391966F00761CA039C25EBC62F6712DD5461694911EEC673E12DE103E ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
09:02:05.0633 0x1780 lltdio - ok
09:02:05.0663 0x1780 [ 5700673E13A2117FA3B9020C852C01E2, 6684A2905EE8C438F2A64BE47E51A54D287B08DEFB8E0AE7FC2809D845EE3C5F ] lltdsvc C:\Windows\System32\lltdsvc.dll
09:02:05.0673 0x1780 lltdsvc - ok
09:02:05.0693 0x1780 [ 55CA01BA19D0006C8F2639B6C045E08B, 4DBBDC820C514DB18CC13F8EE178F8C4E39C295C6E3C255416C235553CE7BDC1 ] lmhosts C:\Windows\System32\lmhsvc.dll
09:02:05.0693 0x1780 lmhosts - ok
09:02:05.0723 0x1780 [ EB119A53CCF2ACC000AC71B065B78FEF, 1FD60735C4945AE565C223F0B47EAF9602D8777E3D15600914C1A9D761215AF9 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
09:02:05.0723 0x1780 LSI_FC - ok
09:02:05.0733 0x1780 [ 8ADE1C877256A22E49B75D1CC9161F9C, 3D64F233DC866537E50549A7C1A2B40A954055B22F0BDA39825B04C38C607CB7 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
09:02:05.0743 0x1780 LSI_SAS - ok
09:02:05.0753 0x1780 [ DC9DC3D3DAA0E276FD2EC262E38B11E9, A264990857CBC74036799E17A087130626C0A09BE19879019BAF2D761C62AECC ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
09:02:05.0753 0x1780 LSI_SAS2 - ok
09:02:05.0763 0x1780 [ 0A036C7D7CAB643A7F07135AC47E0524, 2F662D07FCB74B8D493156DB555EAA90A47E93CF14C7B30039D2FE47EB8682B8 ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
09:02:05.0763 0x1780 LSI_SCSI - ok
09:02:05.0783 0x1780 [ 6703E366CC18D3B6E534F5CF7DF39CEE, 7396B9AF938284D99EC51206A7B2FA4A0DC10A493DCE6707818B03A7473782C4 ] luafv C:\Windows\system32\drivers\luafv.sys
09:02:05.0783 0x1780 luafv - ok
09:02:05.0813 0x1780 massfilter - ok
09:02:05.0813 0x1780 massfilter_hs - ok
09:02:05.0853 0x1780 [ 3E6C47A46BDDE1B6B084012B5B69C069, 96F82FCEF67F48561EFC4DE4A126355233F96CE7D154CE7CF49D8F95CC6BE817 ] Maxtor Sync Service C:\Program Files\Maxtor\Sync\SyncServices.exe
09:02:05.0863 0x1780 Maxtor Sync Service - ok
09:02:05.0903 0x1780 [ 3C21F7E95FFCA33EF1A83AA33D9663CF, C843116969E1CDBA45AEF98B33BEDBA9200C62CDB52CD7056CE6768A1EF3A637 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
09:02:05.0903 0x1780 MBAMProtector - ok
09:02:06.0013 0x1780 [ 2B983F067AEE3F9EB4DF5E97F45D21D1, 0B9ED0E91FF01A5445927650113E320C3C0EA16F1401AA55A509DDBF704DF22F ] MBAMService C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe
09:02:06.0033 0x1780 MBAMService - ok
09:02:06.0073 0x1780 [ 167BCE00050B19DA25065335645A3C7A, 5CD3EA3E09B4ED318AB6151F56A17B0E4C8CE32DBB77342A39DEF53908F7D2F0 ] MBAMWebAccessControl C:\Windows\system32\drivers\mwac.sys
09:02:06.0073 0x1780 MBAMWebAccessControl - ok
09:02:06.0103 0x1780 [ BFB9EE8EE977EFE85D1A3105ABEF6DD1, D2A84EBF0C0B7A14AD432FD2EF43CC12300027AEA3FA4075659FB088AB62B588 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
09:02:06.0103 0x1780 Mcx2Svc - ok
09:02:06.0123 0x1780 [ 0FFF5B045293002AB38EB1FD1FC2FB74, 49071B565FD5B2DE43EC00D8518C3BE70843F38919E82F13104B8C1FAFB20374 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
09:02:06.0123 0x1780 megasas - ok
09:02:06.0143 0x1780 [ DCBAB2920C75F390CAF1D29F675D03D6, 85C3A7A010BEA5E3C6179161B295F2CB900A6A214833A5F87A4327392880E2BB ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
09:02:06.0143 0x1780 MegaSR - ok
09:02:06.0193 0x1780 [ 8D8870980702F4B7FE080C84B928B9CC, 6245FB283FDC1734BE1CDCCF5AC4A2097AF0F486AA9D3EAD37DD52F6A5551BD8 ] MirayVirtualDisk C:\Windows\system32\DRIVERS\mvdo.sys
09:02:06.0193 0x1780 MirayVirtualDisk - ok
09:02:06.0223 0x1780 [ 146B6F43A673379A3C670E86D89BE5EA, C4412DCF80DE6B55466F399413271364F14BC0819C224AA161EDDC31A9775440 ] MMCSS C:\Windows\system32\mmcss.dll
09:02:06.0223 0x1780 MMCSS - ok
09:02:06.0243 0x1780 [ F001861E5700EE84E2D4E52C712F4964, F4DC5AEED6F34D76CCEF360862CC47EF71097BE0813C8CE04EE5F0DB387DFFAE ] Modem C:\Windows\system32\drivers\modem.sys
09:02:06.0243 0x1780 Modem - ok
09:02:06.0263 0x1780 [ 79D10964DE86B292320E9DFE02282A23, 52714827B7EEDACA55326A4E4F6158D4942DFAA3BACDE303A2F569BF3F4FAA72 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
09:02:06.0263 0x1780 monitor - ok
09:02:06.0273 0x1780 [ FB18CC1D4C2E716B6B903B0AC0CC0609, F10CCA63493782B16DE6B96B94A27078DBE68AECEF34FDF840CFF86D2C6E3C5E ] mouclass C:\Windows\system32\drivers\mouclass.sys
09:02:06.0273 0x1780 mouclass - ok
09:02:06.0303 0x1780 [ 2C388D2CD01C9042596CF3C8F3C7B24D, B2FB72272BB01AEDA4047B57C943B7E9BD8A6497854F8CC34672AAA592D0A703 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
09:02:06.0303 0x1780 mouhid - ok
09:02:06.0333 0x1780 [ 644905A19D0F37F2233DFCE53BC4BC19, F52CB40AA0FD1EBF8CBF0F3BFB20C47142C637719840877FB93F10D085EB8C2B ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
09:02:06.0343 0x1780 mountmgr - ok
09:02:06.0423 0x1780 [ 03D14BF1DC59130002F6B8BA3AD89DB9, 1729CCD8AAF51CDB86ED67569974D0B6B1CFFA5F90EF6E6004B0D8A305D88C27 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
09:02:06.0423 0x1780 MozillaMaintenance - ok
09:02:06.0453 0x1780 [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0, D3D903EEA465D77345AAC9B9F02CDEADF4831212EA2DE4FCA33BEE26EBB47420 ] mpio C:\Windows\system32\drivers\mpio.sys
09:02:06.0453 0x1780 mpio - ok
09:02:06.0483 0x1780 [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0, 1D6DCFA0E56C3E55B6AED819176E751502F863BA0FCF4F0B3253A81D208141A2 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
09:02:06.0483 0x1780 mpsdrv - ok
09:02:06.0523 0x1780 [ 9835584E999D25004E1EE8E5F3E3B881, 71798B0CBE9AE69F1F29B845319019C69EC7F415CBABB3B87DDE92C360675021 ] MpsSvc C:\Windows\system32\mpssvc.dll
09:02:06.0543 0x1780 MpsSvc - ok
09:02:06.0583 0x1780 [ 03F899F521D2AAED1C55008F734DF252, 4E56A51476A13F5630719018037B1F63DF9ACEA1CFE782AF04E669BD696954C5 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
09:02:06.0583 0x1780 MRxDAV - ok
09:02:06.0603 0x1780 [ 5D16C921E3671636C0EBA3BBAAC5FD25, 5BC107B95CAFC88F51FBB9F657B99944B20627A2B618F263093D7045E4FFD65C ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
09:02:06.0603 0x1780 mrxsmb - ok
09:02:06.0623 0x1780 [ 6D17A4791ACA19328C685D256349FEFC, 012AA3D84EEAAF53780D06D2D11B9727DFC3441F3FAD75BC9E751FB814403668 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
09:02:06.0623 0x1780 mrxsmb10 - ok
09:02:06.0633 0x1780 [ B81F204D146000BE76651A50670A5E9E, 78193D0F967BE9829E53F9B500342934B4B1E1F4CEFC444382959E2061BC3B17 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
09:02:06.0643 0x1780 mrxsmb20 - ok
09:02:06.0673 0x1780 [ 012C5F4E9349E711E11E0F19A8589F0A, 208B92DFCF7AD43202660FBBC9FF5E03AEDBEE38178FF3628EB74CB6CD37C584 ] msahci C:\Windows\system32\drivers\msahci.sys
09:02:06.0673 0x1780 msahci - ok
09:02:06.0683 0x1780 [ 55055F8AD8BE27A64C831322A780A228, C2C9FD1F61302997117B1CD0835E8234405BB80084065ED05363B77868397304 ] msdsm C:\Windows\system32\drivers\msdsm.sys
09:02:06.0683 0x1780 msdsm - ok
09:02:06.0703 0x1780 [ E1BCE74A3BD9902B72599C0192A07E27, 5162EB623FE64E9DFEAC6CA2410EFA1314E62EC13207FFBFED2D61AA887603C4 ] MSDTC C:\Windows\System32\msdtc.exe
09:02:06.0713 0x1780 MSDTC - ok
09:02:06.0743 0x1780 [ DAEFB28E3AF5A76ABCC2C3078C07327F, 6EB558532400B489763BAE7203538DE5F196282A8CB46A1B31D59120FC5AFCEF ] Msfs C:\Windows\system32\drivers\Msfs.sys
09:02:06.0743 0x1780 Msfs - ok
09:02:06.0763 0x1780 [ 3E1E5767043C5AF9367F0056295E9F84, B2EDFECD3C14E4FE1BA87D9A86334043A9BD696A554EBD186DA7EAEB2EBD4F70 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
09:02:06.0763 0x1780 mshidkmdf - ok
09:02:06.0773 0x1780 [ 0A4E5757AE09FA9622E3158CC1AEF114, ED574E420E57374E328C7C526504ECA569C164287966F06019EC207CB17F2C54 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
09:02:06.0773 0x1780 msisadrv - ok
09:02:06.0813 0x1780 [ 90F7D9E6B6F27E1A707D4A297F077828, BEFC220EAA7307849600748842ACB9254A6A91158812D9B23EFAF912C498BA7F ] MSiSCSI C:\Windows\system32\iscsiexe.dll
09:02:06.0813 0x1780 MSiSCSI - ok
09:02:06.0813 0x1780 msiserver - ok
09:02:06.0843 0x1780 [ 8C0860D6366AAFFB6C5BB9DF9448E631, 949C5A14E57F2D7385543C17C3485E7ADE36EA2016F6E0A1866571D2EDE90A77 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
09:02:06.0843 0x1780 MSKSSRV - ok
09:02:06.0863 0x1780 [ 3EA8B949F963562CEDBB549EAC0C11CE, 1B0B2F16A1790282504F3C548D47C3281EFB440D5D9711A1EF76D6371B768D2D ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
09:02:06.0863 0x1780 MSPCLOCK - ok
09:02:06.0873 0x1780 [ F456E973590D663B1073E9C463B40932, 48BA6D5580EE7B6A4C06E04772FD35B51779553FC0DD6C5C30DD8B5DEEB25B11 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
09:02:06.0873 0x1780 MSPQM - ok
09:02:06.0903 0x1780 [ 0E008FC4819D238C51D7C93E7B41E560, 141FCEBDD05874407EAEC35A9DCD3BB16F2A428F23E55487D6A5DBFCADBF10D2 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
09:02:06.0913 0x1780 MsRPC - ok
09:02:06.0973 0x1780 [ FC6B9FF600CC585EA38B12589BD4E246, F05DB01AE1955D2468CE6B51E51998B111CA3B0BDEED090EE6B99B625CBA564A ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
09:02:06.0973 0x1780 mssmbios - ok
09:02:06.0983 0x1780 [ B42C6B921F61A6E55159B8BE6CD54A36, 6BB0A7BE005B8F281E551D1B8046CE4202372BC7AE0161881C858BFAC675FE1C ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
09:02:06.0993 0x1780 MSTEE - ok
09:02:07.0003 0x1780 [ 33599130F44E1F34631CEA241DE8AC84, E15B31D1AFDC8DC6D2B21D4215796A99ECC69EEDBB06CEED01AECC3C99A44C8B ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
09:02:07.0013 0x1780 MTConfig - ok
09:02:07.0023 0x1780 [ 159FAD02F64E6381758C990F753BCC80, E55AB01DCFA95ECAB24A2A9656E28FF9D064BA08B3D82DC8AA42F5991BA09598 ] Mup C:\Windows\system32\Drivers\mup.sys
09:02:07.0033 0x1780 Mup - ok
09:02:07.0073 0x1780 [ 216AC775320F64DE28CFEB7C179C4FF9, 12A9E0056E4BA11C55490CED9739806D08040860C37AEFE1FA8D5EDF074A74FB ] MXOPSWD C:\Windows\system32\DRIVERS\mxopswd.sys
09:02:07.0073 0x1780 MXOPSWD - ok
09:02:07.0133 0x1780 [ 61D57A5D7C6D9AFE10E77DAE6E1B445E, D252248532142E9E2332DA693BC51B795102CA938B568FF04981E98B19BFBC5C ] napagent C:\Windows\system32\qagentRT.dll
09:02:07.0143 0x1780 napagent - ok
09:02:07.0183 0x1780 [ 26384429FCD85D83746F63E798AB1480, 957C115C263A4B4DC854558B43ECE632D8E2BCCB744E23A01EBA7476BA2E7FFB ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
09:02:07.0193 0x1780 NativeWifiP - ok
09:02:07.0243 0x1780 [ 8C9C922D71F1CD4DEF73F186416B7896, 15FF43CD90C7913F83B35F2E7986561584588E8A45196EBD965C3A355836A9C7 ] NDIS C:\Windows\system32\drivers\ndis.sys
09:02:07.0263 0x1780 NDIS - ok
09:02:07.0293 0x1780 [ 0E1787AA6C9191D3D319E8BAFE86F80C, F535022747355B2C66424BDA892D7DCB820C2EB8EE05BAE5BC6D1B1D65186278 ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
09:02:07.0293 0x1780 NdisCap - ok
09:02:07.0323 0x1780 [ E4A8AEC125A2E43A9E32AFEEA7C9C888, 6EA181117126FC70B3C1DD1AC73CC26D1603A2CF49E47F66623E2C9489C49B55 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
09:02:07.0323 0x1780 NdisTapi - ok
09:02:07.0353 0x1780 [ D8A65DAFB3EB41CBB622745676FCD072, 874D3C3D247C4A309DA813DB1D2EDB0037D3C489824BD5FE95B0C20699764EF7 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
09:02:07.0363 0x1780 Ndisuio - ok
09:02:07.0383 0x1780 [ 38FBE267E7E6983311179230FACB1017, CFD1CBCA59650795C030DB30E5795B37C11C736E14003AE1DAB081BA5C0C9B14 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
09:02:07.0383 0x1780 NdisWan - ok
09:02:07.0413 0x1780 [ A4BDC541E69674FBFF1A8FF00BE913F2, 18CCFD063E9870B8B6958715BC0414C4D920AE63528EA1E9D7E30F7138918FFA ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
09:02:07.0413 0x1780 NDProxy - ok
09:02:07.0453 0x1780 [ CC53B47CEF1A81B04EA0AA503CEC2D35, E0EC2153454B9A0FE94DA1998B800F62E19FF85AF2AC3F169CF6863AC8818FD3 ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
09:02:07.0453 0x1780 Net Driver HPZ12 - ok
09:02:07.0473 0x1780 [ 80B275B1CE3B0E79909DB7B39AF74D51, 75B406B0D9D28239D4EB2A298419A5F78A58237D88C5FD688EF1DFFAFACCF796 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
09:02:07.0473 0x1780 NetBIOS - ok
09:02:07.0513 0x1780 [ 280122DDCF04B378EDD1AD54D71C1E54, F98B2ADE34F7E67C7C06C1D0FFB80ECBC353D044D4B4784CD952910345DC2ED0 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
09:02:07.0523 0x1780 NetBT - ok
09:02:07.0543 0x1780 [ 618BA9298726844DA4E9E53C7C8D4015, BCDA8D829E0D40DA8E30832D6A53A2B9882655E5B024E4171BA9732456549B3E ] Netlogon C:\Windows\system32\lsass.exe
09:02:07.0543 0x1780 Netlogon - ok
09:02:07.0583 0x1780 [ 7CCCFCA7510684768DA22092D1FA4DB2, BB9E4F8FABBF596D888E6D303CB54A336D9DFF95B36AEA9369D2ED787DDC4B5D ] Netman C:\Windows\System32\netman.dll
09:02:07.0593 0x1780 Netman - ok
09:02:07.0653 0x1780 [ D22CD77D4F0D63D1169BB35911BFF12D, 85B1FDFA02E1B8EA4FCB9B7EEB687C5C448697FC7EC9D178C5A2F64D2C9CFEE8 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
09:02:07.0653 0x1780 NetMsmqActivator - ok
09:02:07.0673 0x1780 [ D22CD77D4F0D63D1169BB35911BFF12D, 85B1FDFA02E1B8EA4FCB9B7EEB687C5C448697FC7EC9D178C5A2F64D2C9CFEE8 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
09:02:07.0683 0x1780 NetPipeActivator - ok
09:02:07.0723 0x1780 [ 8C338238C16777A802D6A9211EB2BA50, 0D08A47CD403EDA5E8CAD7409BBBBCDC29A9861D2DC41D42B68B22B1AA1EBDD6 ] netprofm C:\Windows\System32\netprofm.dll
09:02:07.0733 0x1780 netprofm - ok
09:02:07.0743 0x1780 [ D22CD77D4F0D63D1169BB35911BFF12D, 85B1FDFA02E1B8EA4FCB9B7EEB687C5C448697FC7EC9D178C5A2F64D2C9CFEE8 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
09:02:07.0743 0x1780 NetTcpActivator - ok
09:02:07.0753 0x1780 [ D22CD77D4F0D63D1169BB35911BFF12D, 85B1FDFA02E1B8EA4FCB9B7EEB687C5C448697FC7EC9D178C5A2F64D2C9CFEE8 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
09:02:07.0753 0x1780 NetTcpPortSharing - ok
09:02:07.0823 0x1780 [ 1D85C4B390B0EE09C7A46B91EFB2C097, 6A8850B151E88EE371F3CC543A946302DDF9494908D684B8B0C706A42CC54348 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
09:02:07.0823 0x1780 nfrd960 - ok
09:02:07.0883 0x1780 [ F115C5CD29E512F18BD7138A094B77E5, 90C2CE8B256EE9AABF674ADDE7F85E91DAF48EA368452D03C187A4AE027D4E39 ] NlaSvc C:\Windows\System32\nlasvc.dll
09:02:07.0893 0x1780 NlaSvc - ok
09:02:07.0913 0x1780 [ 1DB262A9F8C087E8153D89BEF3D2235F, A51EE5D5AD3CD76B74BEA9C66C462608BF3B50C53DAA4110A75DB10495A8C101 ] Npfs C:\Windows\system32\drivers\Npfs.sys
09:02:07.0913 0x1780 Npfs - ok
09:02:07.0923 0x1780 [ BA387E955E890C8A88306D9B8D06BF17, 3477BD9686C5777A93251C154512671AAA7533B18C536DF51F7B1D6D28E7F8A5 ] nsi C:\Windows\system32\nsisvc.dll
09:02:07.0933 0x1780 nsi - ok
09:02:07.0943 0x1780 [ E9A0A4D07E53D8FEA2BB8387A3293C58, 690CAD6C4E35ECC1172A2E1FD3933DF73158B3BF42CB21244269612A53DE4D7A ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
09:02:07.0943 0x1780 nsiproxy - ok
09:02:08.0053 0x1780 [ C8DFF8D07755A66C7A4A738930F0FEAC, A2CC58312CE57988ABD976155BE91F558DCEC4C23481C6FBE64B361D511A36EA ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
09:02:08.0073 0x1780 Ntfs - ok
09:02:08.0103 0x1780 [ F9756A98D69098DCA8945D62858A812C, 572ADBFCFDE2030B34A013AADC14DBC144EB3F34D06991E2464A3EA9605BC045 ] Null C:\Windows\system32\drivers\Null.sys
09:02:08.0103 0x1780 Null - ok
09:02:08.0143 0x1780 [ B3E25EE28883877076E0E1FF877D02E0, 402B6FED6FBBF645190396DC141141EF52DD059DABD01F8AC9CF01D23664070C ] nvraid C:\Windows\system32\drivers\nvraid.sys
09:02:08.0153 0x1780 nvraid - ok
09:02:08.0193 0x1780 [ 4380E59A170D88C4F1022EFF6719A8A4, 93EDB3F4CDBF53C9C1970DD29AB146E390695C568180847BA8903F5FBEABCFF2 ] nvstor C:\Windows\system32\drivers\nvstor.sys
09:02:08.0193 0x1780 nvstor - ok
09:02:08.0223 0x1780 [ 5A0983915F02BAE73267CC2A041F717D, D83461D74597BF2BE042FEFCC27FCD18BF63CB8135B0666D731D50951C3468A8 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
09:02:08.0233 0x1780 nv_agp - ok
09:02:08.0343 0x1780 [ 785F487A64950F3CB8E9F16253BA3B7B, 02445344BD214370A6D48B1CA04921D8EFCB13E676B5648266DD0E076C0822B6 ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
09:02:08.0363 0x1780 odserv - ok
09:02:08.0383 0x1780 [ 08A70A1F2CDDE9BB49B885CB817A66EB, 0BB98123B544124B144F3E95D77E01E973D060B8B2302503FF24ABBBE803EB63 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
09:02:08.0383 0x1780 ohci1394 - ok
09:02:08.0433 0x1780 [ 9D10F99A6712E28F8ACD5641E3A7EA6B, 70964A0ED9011EA94044E15FA77EDD9CF535CC79ED8E03A3721FF007E69595CC ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
09:02:08.0443 0x1780 ose - ok
09:02:08.0493 0x1780 [ 82A8521DDC60710C3D3D3E7325209BEC, C4E34571EDD57C7FBB3D736B5FE8BD154624705B5C8EA2EC898F19F75B9A5942 ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
09:02:08.0523 0x1780 p2pimsvc - ok
09:02:08.0543 0x1780 [ 59C3DDD501E39E006DAC31BF55150D91, E02B63AB7F34CF6FF3F644AF354D10004E6F50014E03172D80BD78934EF71EF1 ] p2psvc C:\Windows\system32\p2psvc.dll
09:02:08.0543 0x1780 p2psvc - ok
09:02:08.0563 0x1780 [ 2EA877ED5DD9713C5AC74E8EA7348D14, 14BA3722CE5F8FF07F2D97DCDD6558EB49C9B02E5E6FAD6D9F18D354733EFECE ] Parport C:\Windows\system32\DRIVERS\parport.sys
09:02:08.0563 0x1780 Parport - ok
09:02:08.0593 0x1780 [ 3F34A1B4C5F6475F320C275E63AFCE9B, 31295D5121C0C3F2085E0EEBA260EEE4CA003993C026E2F81986D19158036E6B ] partmgr C:\Windows\system32\drivers\partmgr.sys
09:02:08.0593 0x1780 partmgr - ok
09:02:08.0603 0x1780 [ EB0A59F29C19B86479D36B35983DAADC, AC09AFE7F13BE4079D01383BAC44091997E1AAF6512C9673A42B9E3780EB08A8 ] Parvdm C:\Windows\system32\DRIVERS\parvdm.sys
09:02:08.0603 0x1780 Parvdm - ok
09:02:08.0653 0x1780 [ 52954BE460EC6C54C0ACB2B3B126FFC6, 9F9878EC5ABC74C5A8EE8E1D940F0934F081895B07D844F42F80A638FE713F7B ] PcaSvc C:\Windows\System32\pcasvc.dll
09:02:08.0663 0x1780 PcaSvc - ok
09:02:08.0683 0x1780 [ 673E55C3498EB970088E812EA820AA8F, 1F81315664B8CBFDD569416C0ECCE4C6251F34577313A0858AB46609781303B5 ] pci C:\Windows\system32\drivers\pci.sys
09:02:08.0683 0x1780 pci - ok
09:02:08.0713 0x1780 [ AFE86F419014DB4E5593F69FFE26CE0A, CAF36E61BE7B511D3A03A65FF5A3017CEE4D2F53005B410F2D4A2AAE9FED4C00 ] pciide C:\Windows\system32\drivers\pciide.sys
09:02:08.0713 0x1780 pciide - ok
09:02:08.0733 0x1780 [ F396431B31693E71E8A80687EF523506, BC614FC21E029E2497F1CCE3131BBD295B827F2310762B47D5BBC7703D80554B ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
09:02:08.0743 0x1780 pcmcia - ok
09:02:08.0753 0x1780 [ 250F6B43D2B613172035C6747AEEB19F, A91F15B133F2619912CF750E6F3662E011CD0FA4B9477CE532CE3196D23307D9 ] pcw C:\Windows\system32\drivers\pcw.sys
09:02:08.0763 0x1780 pcw - ok
09:02:08.0813 0x1780 [ AEBC369F7DC72AB3F5B9BDF34FA0D43F, 2A819154AC6C23E97C583D90B4D0C112188B7AE9D8D9B3F88811BFCED124E551 ] PEAUTH C:\Windows\system32\drivers\peauth.sys
09:02:08.0823 0x1780 PEAUTH - ok
09:02:08.0923 0x1780 [ 414BBA67A3DED1D28437EB66AEB8A720, D6DF254E2615FA402044824DCD9004F579FC0DF74B90E44C99D5F0253CF8AD88 ] pla C:\Windows\system32\pla.dll
09:02:08.0953 0x1780 pla - ok
09:02:09.0043 0x1780 [ EC7BC28D207DA09E79B3E9FAF8B232CA, A42F8F69C3CD753D787A5D558659DEA2CC306C896D75B8C82549219CF654504F ] PlugPlay C:\Windows\system32\umpnpmgr.dll
09:02:09.0063 0x1780 PlugPlay - ok
09:02:09.0103 0x1780 [ 0C1A70B460E706D986609496BCCD9660, AE493F214D913D31B4509D606A07A0295A05A158F264DAF99DDCEBBC27481404 ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
09:02:09.0103 0x1780 Pml Driver HPZ12 - ok
09:02:09.0113 0x1780 [ 63FF8572611249931EB16BB8EED6AFC8, 9732CCBCB93A7A4BEC88812B952C20244479E9BD781240C195E57F09E619EA33 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
09:02:09.0113 0x1780 PNRPAutoReg - ok
09:02:09.0133 0x1780 [ 82A8521DDC60710C3D3D3E7325209BEC, C4E34571EDD57C7FBB3D736B5FE8BD154624705B5C8EA2EC898F19F75B9A5942 ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
09:02:09.0143 0x1780 PNRPsvc - ok
09:02:09.0163 0x1780 [ 53946B69BA0836BD95B03759530C81EC, 7F14A34635354CCA0F5342C8D9DF5A6AA1B94F6A508BD8834029E9BACF252920 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
09:02:09.0163 0x1780 PolicyAgent - ok
09:02:09.0193 0x1780 [ F87D30E72E03D579A5199CCB3831D6EA, B09328E89954584F97908FA5946376BA990B8C650DABCBF3CA3B08719937C694 ] Power C:\Windows\system32\umpo.dll
09:02:09.0203 0x1780 Power - ok
09:02:09.0233 0x1780 [ 631E3E205AD6D86F2AED6A4A8E69F2DB, 1D3BF0CFC37D91A3A56246920B9CF1084E78A055D56E85A773417809C58C8065 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
09:02:09.0233 0x1780 PptpMiniport - ok
09:02:09.0253 0x1780 [ 85B1E3A0C7585BC4AAE6899EC6FCF011, 1E067113C146D6842D7FB04007F363D6FB7783C6BC7C9AB6614E44075C4F86C3 ] Processor C:\Windows\system32\DRIVERS\processr.sys
09:02:09.0253 0x1780 Processor - ok
09:02:09.0283 0x1780 [ FD9692A3D31E021207D3C2A9DDDC2BE3, 5295EFAD9BD4B59996935A41825392C12A4C968D161BEEA37797F90AF8E54229 ] ProfSvc C:\Windows\system32\profsvc.dll
09:02:09.0283 0x1780 ProfSvc - ok
09:02:09.0303 0x1780 [ 618BA9298726844DA4E9E53C7C8D4015, BCDA8D829E0D40DA8E30832D6A53A2B9882655E5B024E4171BA9732456549B3E ] ProtectedStorage C:\Windows\system32\lsass.exe
09:02:09.0303 0x1780 ProtectedStorage - ok
09:02:09.0323 0x1780 [ 6270CCAE2A86DE6D146529FE55B3246A, 463209CBAF1B0E269DC8FC6FBDEE5BB7E5ADB5D3F024930BFD0B97E0A9678883 ] Psched C:\Windows\system32\DRIVERS\pacer.sys
09:02:09.0323 0x1780 Psched - ok
09:02:09.0383 0x1780 [ AB95ECF1F6659A60DDC166D8315B0751, 0ED6D3460D28978BADF31B930DBB3298A6A10EFF8883763EABA0E36A21A0E83D ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
09:02:09.0413 0x1780 ql2300 - ok
09:02:09.0433 0x1780 [ B4DD51DD25182244B86737DC51AF2270, 7E62B04F054A6330B7F9968222523BDE8F3EE47A11D17E6C0E2D5ACDC07B9E6B ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
09:02:09.0433 0x1780 ql40xx - ok
09:02:09.0463 0x1780 [ 31AC809E7707EB580B2BDB760390765A, A8481FD19A0F778F5591B7676F591F664ADC68B6867E663C0F9564173F4AC909 ] QWAVE C:\Windows\system32\qwave.dll
09:02:09.0473 0x1780 QWAVE - ok
09:02:09.0473 0x1780 [ 584078CA1B95CA72DF2A27C336F9719D, 836F115C92D343463C14A9DE39648C1EFA7C7EE4720F5C692EE0F68B84830121 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
09:02:09.0473 0x1780 QWAVEdrv - ok
09:02:09.0493 0x1780 [ 30A81B53C766D0133BB86D234E5556AB, 726C6B83B5ACAA84CAB1689B6DD6DDAE3199D61A57B5D7B5B5A0F62FCF838090 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
09:02:09.0493 0x1780 RasAcd - ok
09:02:09.0513 0x1780 [ 57EC4AEF73660166074D8F7F31C0D4FD, C66B425EC4DB5E7FD289AE631C9B019EB16717C55E80FAE964BB22203E4AACEF ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
09:02:09.0513 0x1780 RasAgileVpn - ok
09:02:09.0543 0x1780 [ A60F1839849C0C00739787FD5EC03F13, B210DFA5A843CF1DA73635F168E2EA5052CBED15C664F8523CDFB34CA165D0E0 ] RasAuto C:\Windows\System32\rasauto.dll
09:02:09.0543 0x1780 RasAuto - ok
09:02:09.0553 0x1780 [ D9F91EAFEC2815365CBE6D167E4E332A, 8350457A39D141C13807E7DB5A8D4113197C4016F7744B9993391F4AEA0C4A5C ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
09:02:09.0563 0x1780 Rasl2tp - ok
09:02:09.0593 0x1780 [ CB9E04DC05EACF5B9A36CA276D475006, 4D8C0AEF1D4F84F375AD2BAF786C9F6C52316A3E655B913449E71AD7C0FCA56E ] RasMan C:\Windows\System32\rasmans.dll
09:02:09.0603 0x1780 RasMan - ok
09:02:09.0613 0x1780 [ 0FE8B15916307A6AC12BFB6A63E45507, 64119474DE7499E6E8B82E78BBD50074B3AA70B3E8329089FAE9B7F29919004E ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
09:02:09.0613 0x1780 RasPppoe - ok
09:02:09.0633 0x1780 [ 44101F495A83EA6401D886E7FD70096B, 56A0CE5C89870752B9B2AB795C1A248CA28209E049B2F20CCA0308CBE2488A0A ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
09:02:09.0633 0x1780 RasSstp - ok
09:02:09.0663 0x1780 [ D528BC58A489409BA40334EBF96A311B, C71E9A4B101DB6C3183B9F97B9098D73D6FE1B12C05C2EB3CE8A8041BEE6BA61 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
09:02:09.0673 0x1780 rdbss - ok
09:02:09.0703 0x1780 [ 0D8F05481CB76E70E1DA06EE9F0DA9DF, 2AFCBE3237D27AFBF095F91F1FCCA63E6890F34A9E4F00E5C34C92394CDA89FB ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
09:02:09.0703 0x1780 rdpbus - ok
09:02:09.0723 0x1780 [ 23DAE03F29D253AE74C44F99E515F9A1, 8FED93D10B2062F0526FE3508101F8FCF8F72DEB90AFB472EB7CBAE83A0EC430 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
09:02:09.0723 0x1780 RDPCDD - ok
09:02:09.0753 0x1780 [ 5A53CA1598DD4156D44196D200C94B8A, 8112FE14FEC94C67B1C5BDE4171E37584F1D0098D2C557C9E4BDD3E0291E25E4 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
09:02:09.0753 0x1780 RDPENCDD - ok
09:02:09.0763 0x1780 [ 44B0A53CD4F27D50ED461DAE0C0B4E1F, CDA80B08E67AD034081C0C920CD66147689F1844403CBC552F65005E7C011A91 ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
09:02:09.0763 0x1780 RDPREFMP - ok
09:02:09.0853 0x1780 [ 65375DF758CA1872AB7EBBBA457FD5E6, 8AC7681F51277E799C22FF95FA0B833E9E260D37C0416319FF05B66FB3948005 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
09:02:09.0863 0x1780 RdpVideoMiniport - ok
09:02:09.0913 0x1780 [ CD9214A6AE17D188D17C3CF8CB9CC693, 2E16FF1F7446F0600D6519010FD05A30B94D97167C16B3E7FC396A97D8139D60 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
09:02:09.0923 0x1780 RDPWD - ok
09:02:09.0993 0x1780 [ 518395321DC96FE2C9F0E96AC743B656, 5F6A0880B4F3EE7196259EA362DA9554B0687B0236F9A8E5CF7A4A77F01F1776 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
09:02:10.0013 0x1780 rdyboost - ok
09:02:10.0103 0x1780 RegFilter - ok
09:02:10.0153 0x1780 [ 7B5E1419717FAC363A31CC302895217A, 048B96B127CC20833948DAE53C59886D5C725ECA7A744424A01339447D2DDC32 ] RemoteAccess C:\Windows\System32\mprdim.dll
09:02:10.0163 0x1780 RemoteAccess - ok
09:02:10.0213 0x1780 [ CB9A8683F4EF2BF99E123D79950D7935, B9FA3E7E91E76D975CF40BFA37909E50F29CC13AB1399007884710651827E9AA ] RemoteRegistry C:\Windows\system32\regsvc.dll
09:02:10.0233 0x1780 RemoteRegistry - ok
09:02:10.0263 0x1780 [ F17713D108ACA124A139FDE877EEF68A, AB254B8B4BDB10685280A8595CA69FEA2F1E68923E676C8CAF3F5468AE4C566E ] RimUsb C:\Windows\system32\Drivers\RimUsb.sys
09:02:10.0263 0x1780 RimUsb - ok
09:02:10.0283 0x1780 [ 564297827D213F52C7A3A2FF749568CA, B09A78D3B3F0BF47818BBEEDEF73BD6ACB9C5E367592BB90C85FD262BE521876 ] ROOTMODEM C:\Windows\system32\Drivers\RootMdm.sys
09:02:10.0283 0x1780 ROOTMODEM - ok
09:02:10.0303 0x1780 [ 78D072F35BC45D9E4E1B61895C152234, 80C924EE1156B4E3172E83DCB9C60817E87885FB9377647E0BF90153E415B1CA ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
09:02:10.0303 0x1780 RpcEptMapper - ok
09:02:10.0343 0x1780 [ 94D36C0E44677DD26981D2BFEEF2A29D, D77A93AC60536F3706E8A0154C0C2199E888B7748C84DB7437254FF175F4DF55 ] RpcLocator C:\Windows\system32\locator.exe
09:02:10.0343 0x1780 RpcLocator - ok
09:02:10.0373 0x1780 [ 7660F01D3B38ACA1747E397D21D790AF, 04611B43705C064C2A8331F6D3F8E4530295694AE2C3E3EC3F62CFF4A5EFA88D ] RpcSs C:\Windows\system32\rpcss.dll
09:02:10.0383 0x1780 RpcSs - ok
09:02:10.0393 0x1780 [ 032B0D36AD92B582D869879F5AF5B928, 0F8F18A6A0A689957B886D9368015889091094EDA18BE532093F06A70A7CE184 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
09:02:10.0403 0x1780 rspndr - ok
09:02:10.0433 0x1780 [ 79C8488DFA2AA377441645123CB73845, CF7A31A36C5A32949BBC77EC2A5F9B67C46BB1808670D3CE69E9EDE5F0F339DD ] RTHDMIAzAudService C:\Windows\system32\drivers\RtHDMIV.sys
09:02:10.0443 0x1780 RTHDMIAzAudService - ok
09:02:10.0493 0x1780 [ 7C7DDFF6173B158A85C29FC8B568B177, F698029359952C96D4A31780F2B63F151FB933746A91B2D1A61F0355053A8377 ] RTL8167 C:\Windows\system32\DRIVERS\Rt86win7.sys
09:02:10.0513 0x1780 RTL8167 - ok
09:02:10.0543 0x1780 [ 031C4928ABA3E209CD6F96B7F4B085ED, 1D3E60B0603365831676E8B537E74453A22A2297FB3C8B6F01975E68B6DC0BCB ] RTL8192su C:\Windows\system32\DRIVERS\RTL8192su.sys
09:02:10.0563 0x1780 RTL8192su - ok
09:02:10.0603 0x1780 [ 618BA9298726844DA4E9E53C7C8D4015, BCDA8D829E0D40DA8E30832D6A53A2B9882655E5B024E4171BA9732456549B3E ] SamSs C:\Windows\system32\lsass.exe
09:02:10.0613 0x1780 SamSs - ok
09:02:10.0653 0x1780 [ 05D860DA1040F111503AC416CCEF2BCA, DAE2F37D09A5A42F945BC8E27E4EA2303521081783A80CEE7FEE7C5A1C2CFC5E ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
09:02:10.0663 0x1780 sbp2port - ok
09:02:10.0693 0x1780 [ 8FC518FFE9519C2631D37515A68009C4, 21E10585470CF9FC3BD1977F8A426686CD2FA6BD2094B9E3594B21C7C4541D25 ] SCardSvr C:\Windows\System32\SCardSvr.dll
09:02:10.0703 0x1780 SCardSvr - ok
09:02:10.0713 0x1780 [ 0693B5EC673E34DC147E195779A4DCF6, AF1B56FBF3ADABF94CD9DBA67586B8746DE135151F6B3D1B0EE315BC1E2DB670 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
09:02:10.0713 0x1780 scfilter - ok
09:02:10.0783 0x1780 [ A04BB13F8A72F8B6E8B4071723E4E336, E63287FF71C39CBF64C3347C455324C8437F9CF398153E269543588B65389502 ] Schedule C:\Windows\system32\schedsvc.dll
09:02:10.0803 0x1780 Schedule - ok
09:02:10.0833 0x1780 [ 319C6B309773D063541D01DF8AC6F55F, 182F392FE839499D159A30A3CD04B5D0C87219930BFB1A7456880B7DA75B9820 ] SCPolicySvc C:\Windows\System32\certprop.dll
09:02:10.0843 0x1780 SCPolicySvc - ok
09:02:10.0863 0x1780 [ 08236C4BCE5EDD0A0318A438AF28E0F7, 77727F963F63C4CEC11E7AAD5FB3836179701D512CA9436C3170B9E6A4E5F888 ] SDRSVC C:\Windows\System32\SDRSVC.dll
09:02:10.0873 0x1780 SDRSVC - ok
09:02:10.0903 0x1780 [ 90A3935D05B494A5A39D37E71F09A677, F72733A69BC6E1A2BB91D7632FF3463C12563F60FDCC00A2CDD67FF20D479952 ] secdrv C:\Windows\system32\drivers\secdrv.sys
09:02:10.0903 0x1780 secdrv - ok
09:02:10.0903 0x1780 [ A59B3A4442C52060CC7A85293AA3546F, 1776D6DEE51991149265AAF39E17065E301C5FA1FF4068653DC0010B9B27185D ] seclogon C:\Windows\system32\seclogon.dll
09:02:10.0913 0x1780 seclogon - ok
09:02:10.0913 0x1780 [ DCB7FCDCC97F87360F75D77425B81737, F8289AF2C458C167038EEFE613EE5E3D6D5B3308B8784168374BC81C47891CE5 ] SENS C:\Windows\System32\sens.dll
09:02:10.0923 0x1780 SENS - ok
09:02:10.0933 0x1780 [ 50087FE1EE447009C9CC2997B90DE53F, B5E6CF1D991F87C29C5E28198E0962E31FFB499A46C3BD43FC20391693389959 ] SensrSvc C:\Windows\system32\sensrsvc.dll
09:02:10.0933 0x1780 SensrSvc - ok
09:02:10.0943 0x1780 [ 9AD8B8B515E3DF6ACD4212EF465DE2D1, E2F019BCD1446236D078D46065DD151DD068778F33BE2F1E8A0CC1EA2F954E86 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
09:02:10.0943 0x1780 Serenum - ok
09:02:10.0963 0x1780 [ 5FB7FCEA0490D821F26F39CC5EA3D1E2, A26DB2EB9F3E2509B4EBA949DB97595CC32332D9321DF68283BFC102E66D766F ] Serial C:\Windows\system32\DRIVERS\serial.sys
09:02:10.0963 0x1780 Serial - ok
09:02:10.0983 0x1780 [ 79BFFB520327FF916A582DFEA17AA813, 7A2A9D69BE02228591186A9F4453D4B5FD98837CA422C873C48040170E8BD18C ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
09:02:10.0983 0x1780 sermouse - ok
09:02:11.0003 0x1780 [ 4AE380F39A0032EAB7DD953030B26D28, C8F5F2DD59574E966FDF3057867BB959A554BAB6FD5DC6F1427094A6BC2B2809 ] SessionEnv C:\Windows\system32\sessenv.dll
09:02:11.0003 0x1780 SessionEnv - ok
09:02:11.0023 0x1780 [ 9F976E1EB233DF46FCE808D9DEA3EB9C, 6A5C53F27F8BCA85CE206EE7D196176F67EC6FFA5D4830373A20792C149B5E75 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
09:02:11.0023 0x1780 sffdisk - ok
09:02:11.0033 0x1780 [ 932A68EE27833CFD57C1639D375F2731, 11D6B98FBEEE2B9C7B06EF7091857BBD3B349077997D6261D66280668FD1B5C3 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
09:02:11.0033 0x1780 sffp_mmc - ok
09:02:11.0043 0x1780 [ 6D4CCAEDC018F1CF52866BBBAA235982, AAC41F5C97B3FE5A3DC0838457EB8CC9BB71FCA16D3EDBB67D603F0A9D46C131 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
09:02:11.0043 0x1780 sffp_sd - ok
09:02:11.0063 0x1780 [ DB96666CC8312EBC45032F30B007A547, C3AE60FC65A36E96E0D2CC6E184481D70F91A19DC3E2E17E2873DD670A592DD7 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
09:02:11.0063 0x1780 sfloppy - ok
09:02:11.0113 0x1780 [ D1A079A0DE2EA524513B6930C24527A2, E2BC16DBCF38841EECD49C6FA1A9AC89C17F332F12606CA826F058E995E1B83D ] SharedAccess C:\Windows\System32\ipnathlp.dll
09:02:11.0133 0x1780 SharedAccess - ok
09:02:11.0183 0x1780 [ 414DA952A35BF5D50192E28263B40577, 9C9BAFB9880DA6CC728506A142BE124E186219610DCC3460657A3CA93C865DF1 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
09:02:11.0193 0x1780 ShellHWDetection - ok
09:02:11.0213 0x1780 [ 2565CAC0DC9FE0371BDCE60832582B2E, 1A775214E86B83C2F1799F12D71077D81C89AD32734A248BA88787B7F104B79D ] sisagp C:\Windows\system32\drivers\sisagp.sys
09:02:11.0213 0x1780 sisagp - ok
09:02:11.0233 0x1780 [ A9F0486851BECB6DDA1D89D381E71055, 7E909538AB758C18AC2CCBFFEE17BA36FA6ED2E674AA70924AA87AC61375FF35 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
09:02:11.0243 0x1780 SiSRaid2 - ok
09:02:11.0283 0x1780 [ 3727097B55738E2F554972C3BE5BC1AA, 75D52A596A298C33EC79A3B0B80F25492C08A182ABC679401502DA9597687566 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
09:02:11.0283 0x1780 SiSRaid4 - ok
09:02:11.0353 0x1780 [ 3E21C083B8A01CB70BA1F09303010FCE, 803F8F91299C387110F34A49340E7136AAE91B418E2977A36285EA8F432FF197 ] Smb C:\Windows\system32\DRIVERS\smb.sys
09:02:11.0363 0x1780 Smb - ok
09:02:11.0403 0x1780 [ 6A984831644ECA1A33FFEAE4126F4F37, 753E23D2B33D47C52C05D892B052CFD96D93B97FB6E9FCB58EF1E4C4A125BF78 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
09:02:11.0413 0x1780 SNMPTRAP - ok
09:02:11.0423 0x1780 [ 95CF1AE7527FB70F7816563CBC09D942, CE8BACB91A5A86CBCE82619C6C1873B4D7593B00CED3B522E41B8F7F6258CC65 ] spldr C:\Windows\system32\drivers\spldr.sys
09:02:11.0423 0x1780 spldr - ok
09:02:11.0463 0x1780 [ 9AEA093B8F9C37CF45538382CABA2475, CC63239C412067AA72318ADB8BB80BCDF2CA60DA05D814D32753C92508BC16A8 ] Spooler C:\Windows\System32\spoolsv.exe
09:02:11.0483 0x1780 Spooler - ok
09:02:11.0613 0x1780 [ CF87A1DE791347E75B98885214CED2B8, 7AF4E03D751C951A4E5FBA28200DABFE6B3BF055490163EEEEA84EBA4D0F368A ] sppsvc C:\Windows\system32\sppsvc.exe
09:02:11.0673 0x1780 sppsvc - ok
09:02:11.0713 0x1780 [ B0180B20B065D89232A78A40FE56EAA6, 4D045B23AD58A8822BE9F20119744A8D47455469D54494745CEB099951DA60FF ] sppuinotify C:\Windows\system32\sppuinotify.dll
09:02:11.0713 0x1780 sppuinotify - ok
09:02:11.0793 0x1780 [ F42EFEFB765235F24B24E1D2B6F99F46, 5D24504D044512F3CFB05DB3968C521153562458AB86A1EA6A21CEFFF03A37F5 ] sptd C:\Windows\System32\Drivers\sptd.sys
09:02:11.0793 0x1780 Suspicious file ( NoAccess ): C:\Windows\System32\Drivers\sptd.sys. md5: F42EFEFB765235F24B24E1D2B6F99F46, sha256: 5D24504D044512F3CFB05DB3968C521153562458AB86A1EA6A21CEFFF03A37F5
09:02:11.0793 0x1780 sptd - detected LockedFile.Multi.Generic ( 1 )
09:02:21.0914 0x1780 sptd ( LockedFile.Multi.Generic ) - warning
09:02:21.0914 0x1780 Force sending object to P2P due to detect: sptd
09:02:26.0005 0x1780 Object send P2P result: false
09:02:26.0045 0x1780 [ E4C2764065D66EA1D2D3EBC28FE99C46, 043AEF06A23069DD17675955C834690A5FD8F1948A05B3969F977E823C4E25F5 ] srv C:\Windows\system32\DRIVERS\srv.sys
09:02:26.0055 0x1780 srv - ok
09:02:26.0075 0x1780 [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB, 4DF31206DF8F33C2975E23C7257ED930C4EDA8BC4E246D8FDA130BB583083ED0 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
09:02:26.0085 0x1780 srv2 - ok
09:02:26.0125 0x1780 [ BE6BD660CAA6F291AE06A718A4FA8ABC, CD38939CFBA80B882D38099194FC1EBAE15A9D27A4D941DD03C55EC745E52E59 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
09:02:26.0135 0x1780 srvnet - ok
09:02:26.0155 0x1780 [ D887C9FD02AC9FA880F6E5027A43E118, F38BAD90EC791368C37C21090302708D2DFB83ECE9096609AD9AA667B2E5592E ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
09:02:26.0165 0x1780 SSDPSRV - ok
09:02:26.0195 0x1780 [ D318F23BE45D5E3A107469EB64815B50, D74355E6FF215AA8CE53BC9DF16AF2740F2FC2FD754939478A3608BDA8C6DDA0 ] SstpSvc C:\Windows\system32\sstpsvc.dll
09:02:26.0195 0x1780 SstpSvc - ok
09:02:26.0235 0x1780 [ CA22092117F4F8BA3700B4BF9962444A, 2E82F06E700179FE2C743506FEFD0D45E1CECCD97C0E4C574159EB3A9B8D101F ] ssudmdm C:\Windows\system32\DRIVERS\ssudmdm.sys
09:02:26.0245 0x1780 ssudmdm - ok
09:02:26.0275 0x1780 [ DB32D325C192B801DF274BFD12A7E72B, F089DBA719E22BC269720A6B840B873A4AF5639745DB0C3DBC8BD2F2839A1ABA ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
09:02:26.0275 0x1780 stexstor - ok
09:02:26.0315 0x1780 [ E1FB3706030FB4578A0D72C2FC3689E4, A62EC9AA4514CAF2A10C0A3AEF7A36F593A7E7DA370A3F130C24E1B612E19427 ] StiSvc C:\Windows\System32\wiaservc.dll
09:02:26.0325 0x1780 StiSvc - ok
09:02:26.0345 0x1780 [ E58C78A848ADD9610A4DB6D214AF5224, 1575A90EB22A4FB066459BDA00C6CAC10198C3C8C74493721EC6D34B51F50426 ] swenum C:\Windows\system32\drivers\swenum.sys
09:02:26.0345 0x1780 swenum - ok
09:02:26.0365 0x1780 [ 5230AAB3A00B0A1B89580D8ED85B5BFA, F7C84C296E08D80E2291D6D2EE4DCBFDEB17480CE5DDD235F92937227D471342 ] swivsp C:\Windows\system32\DRIVERS\swivspnt.sys
09:02:26.0365 0x1780 swivsp - ok
09:02:26.0395 0x1780 [ A28BD92DF340E57B024BA433165D34D7, 889CC7FF143C3549982128473FF927CD80CF36485A347EF399C1271C8CE12CE4 ] swprv C:\Windows\System32\swprv.dll
09:02:26.0395 0x1780 swprv - ok
09:02:26.0465 0x1780 [ 36650D618CA34C9D357DFD3D89B2C56F, 7C3774E53DCF32CB3A4B3504E32D2A651E18467FA0A6AC4C7993C696741B704B ] SysMain C:\Windows\system32\sysmain.dll
09:02:26.0495 0x1780 SysMain - ok
09:02:26.0505 0x1780 [ 763FECDC3D30C815FE72DD57936C6CD1, 1A62C7E63E426D56894F4121C75D9C60FC9A14469ADBD0D6F0B94B8DE48CDA3E ] TabletInputService C:\Windows\System32\TabSvc.dll
09:02:26.0505 0x1780 TabletInputService - ok
09:02:26.0545 0x1780 [ 613BF4820361543956909043A265C6AC, FCFF02E466D2501630B452627FB218C01E5245A0921EE3D2117E7FD63AC7E98E ] TapiSrv C:\Windows\System32\tapisrv.dll
09:02:26.0575 0x1780 TapiSrv - ok
09:02:26.0615 0x1780 [ B799D9FDB26111737F58288D8DC172D9, 409A60819A4305699E2E492A6190637FAAEBD19E745A5DB2A5D6977106C86591 ] TBS C:\Windows\System32\tbssvc.dll
09:02:26.0625 0x1780 TBS - ok
09:02:26.0735 0x1780 [ 5579DD18546999F5D0EC39D018726C6B, 82432BACEE75C34F21222D9CC1607223C2940947118A63DB239777A4B1442AD3 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
09:02:26.0755 0x1780 Tcpip - ok
09:02:26.0805 0x1780 [ 5579DD18546999F5D0EC39D018726C6B, 82432BACEE75C34F21222D9CC1607223C2940947118A63DB239777A4B1442AD3 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
09:02:26.0835 0x1780 TCPIP6 - ok
09:02:26.0865 0x1780 [ 3EEBD3BD93DA46A26E89893C7AB2FF3B, 2C7204DCD2BCBC6A250FF0F6477616F327AF41FDB7CABE69E5C357361009FB4E ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
09:02:26.0865 0x1780 tcpipreg - ok
09:02:26.0895 0x1780 [ 1CB91B2BD8F6DD367DFC2EF26FD751B2, 879E2827354BB21573AC6A7CCEB746D44214540687E6882FFCB4089546FBD954 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
09:02:26.0895 0x1780 TDPIPE - ok
09:02:26.0905 0x1780 [ 2C2C5AFE7EE4F620D69C23C0617651A8, E828D974C3F9D7004A030C3AD448096C736FDB4C4C1707D043E567D08C845103 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
09:02:26.0905 0x1780 TDTCP - ok
09:02:26.0945 0x1780 [ B459575348C20E8121D6039DA063C704, 1B4328A9EA39FF5A57F258E02254D04B73455F1DF7C997C13702A8B2F12D0347 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
09:02:26.0955 0x1780 tdx - ok
09:02:26.0965 0x1780 [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20, 0D81B427720637882077C5024D738191F858FC734ED040697872D906351EF663 ] TermDD C:\Windows\system32\drivers\termdd.sys
09:02:26.0965 0x1780 TermDD - ok
09:02:27.0025 0x1780 [ FCFD4F50419B4BC72E80066DA10D2E54, 7C2314A57A404525F0444986332DBAE0964A3359374671598387051D7AAE72AE ] TermService C:\Windows\System32\termsrv.dll
09:02:27.0035 0x1780 TermService - ok
09:02:27.0045 0x1780 [ 42FB6AFD6B79D9FE07381609172E7CA4, B57C85091209A2FAD19ED490B8FA7FC98F12911F9C9CACE9AF1E540780CE6700 ] Themes C:\Windows\system32\themeservice.dll
09:02:27.0045 0x1780 Themes - ok
09:02:27.0065 0x1780 [ 146B6F43A673379A3C670E86D89BE5EA, C4412DCF80DE6B55466F399413271364F14BC0819C224AA161EDDC31A9775440 ] THREADORDER C:\Windows\system32\mmcss.dll
09:02:27.0065 0x1780 THREADORDER - ok
09:02:27.0075 0x1780 [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A, 532A3A812578B2DFD83001DE66FC73689D79EC729409EB572E07E6D65B281712 ] TrkWks C:\Windows\System32\trkwks.dll
09:02:27.0085 0x1780 TrkWks - ok
09:02:27.0155 0x1780 [ 2C49B175AEE1D4364B91B531417FE583, 6C7995E18F84E465C376D1D5F153C15ACB66CDEA86EE5BF186677F572E7E129B ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
09:02:27.0175 0x1780 TrustedInstaller - ok
09:02:27.0215 0x1780 [ 6C5139E4283249518F7743D7043775B3, 58684E8C90EBAC65459A97C905CDCFE3A915CFF7E8E96071DE1AC3489F85E67F ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
09:02:27.0215 0x1780 tssecsrv - ok
09:02:27.0265 0x1780 [ 9CE253214ACAA5A7D323327D2055EFAA, 15E7DB578EDF36DD2FD5BA960C3941B2353037323B6B96702CDCDC07588EA724 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
09:02:27.0275 0x1780 TsUsbFlt - ok
09:02:27.0295 0x1780 [ B2FA25D9B17A68BB93D58B0556E8C90D, 0146931B733CAB1CD87F94C35F97E110D6ED6C55EAFF03345400A29AEDE99BDE ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
09:02:27.0305 0x1780 tunnel - ok
09:02:27.0325 0x1780 [ 750FBCB269F4D7DD2E420C56B795DB6D, E1A95C59148FE463539C34336FD0E74B31A33B8AB2B8E34AA10349C3347471D7 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
09:02:27.0335 0x1780 uagp35 - ok
09:02:27.0375 0x1780 [ EE43346C7E4B5E63E54F927BABBB32FF, BAD6FC3BEE45E644D5A6A0A31428F5B2AEC72A0AA0C74EF8177B1FE23EEF3AA9 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
09:02:27.0385 0x1780 udfs - ok
09:02:27.0425 0x1780 [ 8344FD4FCE927880AA1AA7681D4927E5, 1B54EFA60A221E2B9FFE59BB41C7E7D8B5AC6826F1C5577456D81371D464255A ] UI0Detect C:\Windows\system32\UI0Detect.exe
09:02:27.0425 0x1780 UI0Detect - ok
09:02:27.0445 0x1780 [ 44E8048ACE47BEFBFDC2E9BE4CBC8880, 5D96D90FDF68AE470CC92CA9DF9DA2C05A53EF455A5A109DBBF7C96F3238257C ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
09:02:27.0455 0x1780 uliagpkx - ok
09:02:27.0485 0x1780 [ D295BED4B898F0FD999FCFA9B32B071B, D4130DB4AE76EE6DC0B8E7A4FEF5CB8B26EBD822C21021F6FA78FD29C1E211C2 ] umbus C:\Windows\system32\drivers\umbus.sys
09:02:27.0485 0x1780 umbus - ok
09:02:27.0495 0x1780 [ 7550AD0C6998BA1CB4843E920EE0FEAC, 24C001E422C3B3B920CDCF6003A3179CE464DE4284775403DD5122EF9780460D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
09:02:27.0495 0x1780 UmPass - ok
09:02:27.0525 0x1780 [ 833FBB672460EFCE8011D262175FAD33, C0C3067A305993CBF056C229771CB0593DD60C9C7AC5130FF1CA610BCA812AB5 ] upnphost C:\Windows\System32\upnphost.dll
09:02:27.0535 0x1780 upnphost - ok
09:02:27.0555 0x1780 UrlFilter - ok
09:02:27.0595 0x1780 [ 6E421CCC57059B0186C6259CA3B6DFC9, E348BF23CCD6C14FD10C1689BBDC77E125245331F97BFE60D4C8FD9A8711CB59 ] USBAAPL C:\Windows\system32\Drivers\usbaapl.sys
09:02:27.0595 0x1780 USBAAPL - ok
09:02:27.0665 0x1780 [ 0803FBA9FE829D61AE26EC0BCC910C46, 30D00E2C7DFC630C99C1599587D4F9C272BC30D444E07C961AA05BF84587806B ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
09:02:27.0675 0x1780 usbccgp - ok
09:02:27.0715 0x1780 [ 2352AB5F9F8F097BF9D41D5A4718A041, 25BC7828C625B9B2A5110C25B230C5828CEC18EC97ECF9EC4745E8930CBF472C ] usbcir C:\Windows\system32\drivers\usbcir.sys
09:02:27.0725 0x1780 usbcir - ok
09:02:27.0755 0x1780 [ D40855F89B69305140BBD7E9A3BA2DA6, 745DC6D770666F6B19C2B6AA89C21D1A314732E291453BFA2367F9AF86F97C3C ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
09:02:27.0755 0x1780 usbehci - ok
09:02:27.0775 0x1780 [ EDF2DF71C4F1E13A6AC75F5224DE655A, 1764D155C6B99201774B57195349304259232A12868ECFC2069CA49443EBDC2C ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
09:02:27.0785 0x1780 usbhub - ok
09:02:27.0815 0x1780 [ 9828C8D14CC2676421778F0DE638CF97, 479A28211FFB85190A01FAB0283B927588805D2C0CDB03F85F8F814B88E4F453 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
09:02:27.0815 0x1780 usbohci - ok
09:02:27.0825 0x1780 [ 797D862FE0875E75C7CC4C1AD7B30252, 1BBE745E4C85F8911076F6032ACD7A35FAC048D3CB1500C64E08D8B2C70A1069 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
09:02:27.0825 0x1780 usbprint - ok
09:02:27.0845 0x1780 [ FC6B21DB4B5B398AB93DBE59CBF11036, A94094C208F376405C07822A6143001EF1B12AE93205CD8002E87F6EB45F6374 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
09:02:27.0845 0x1780 usbscan - ok
09:02:27.0865 0x1780 [ F991AB9CC6B908DB552166768176896A, AD8E7A16B23B244B7F834622D4E38B5844193C6E31EF96F61E0E2EA16C945026 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
09:02:27.0865 0x1780 USBSTOR - ok
09:02:27.0885 0x1780 [ 800AABFD625EEFF899F7E5496BDE37AB, 3EB7ED07760CB348FCA9A06C2B838EF79B51A83C5F70A9C9EAAEAE54480067E2 ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
09:02:27.0885 0x1780 usbuhci - ok
09:02:27.0915 0x1780 [ 081E6E1C91AEC36758902A9F727CD23C, 9FDAA17A3B99067E035E5D76305427F15FFDBC5D304B2BB78AFC6463EDDE1A75 ] UxSms C:\Windows\System32\uxsms.dll
09:02:27.0915 0x1780 UxSms - ok
09:02:27.0935 0x1780 [ 618BA9298726844DA4E9E53C7C8D4015, BCDA8D829E0D40DA8E30832D6A53A2B9882655E5B024E4171BA9732456549B3E ] VaultSvc C:\Windows\system32\lsass.exe
09:02:27.0945 0x1780 VaultSvc - ok
09:02:27.0975 0x1780 [ A059C4C3EDB09E07D21A8E5C0AABD3CB, BDD3729B49DF2E2FC72FFEF9D10235B481A671DE5A721B6B9A80873B7A343F07 ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
09:02:27.0975 0x1780 vdrvroot - ok
09:02:28.0045 0x1780 [ C3CD30495687C2A2F66A65CA6FD89BE9, 582E4706C1D6A151020D14B26C7BF166F4E42BDD6E410F30EC452469270C5E9B ] vds C:\Windows\System32\vds.exe
09:02:28.0075 0x1780 vds - ok
09:02:28.0105 0x1780 [ 17C408214EA61696CEC9C66E388B14F3, 829C0416672E2B2DFABCFE641E7F281F41E8DBB3C0EF11C7784CB9BB94F87E97 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
09:02:28.0105 0x1780 vga - ok
09:02:28.0135 0x1780 [ 8E38096AD5C8570A6F1570A61E251561, 4DBA3C1397A2203548F45F006E66D99F837903F601ABBCE2304754F783CA8A39 ] VgaSave C:\Windows\System32\drivers\vga.sys
09:02:28.0135 0x1780 VgaSave - ok
09:02:28.0175 0x1780 [ 5461686CCA2FDA57B024547733AB42E3, 2721D0659AA890172FCAD4EC4D926B58ACD0EE4887DA51545DC7237420D5BF84 ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
09:02:28.0185 0x1780 vhdmp - ok
09:02:28.0205 0x1780 [ C829317A37B4BEA8F39735D4B076E923, 55D1796AE750071E1E05BD7702B6C355CCFFE27B4C00E93E7044C3184732B497 ] viaagp C:\Windows\system32\drivers\viaagp.sys
09:02:28.0205 0x1780 viaagp - ok
09:02:28.0225 0x1780 [ E02F079A6AA107F06B16549C6E5C7B74, B530DCE3EE4F285B3D5F69F7148D17E016D54F04E6F93706B829A34567748788 ] ViaC7 C:\Windows\system32\DRIVERS\viac7.sys
09:02:28.0225 0x1780 ViaC7 - ok
09:02:28.0245 0x1780 [ E43574F6A56A0EE11809B48C09E4FD3C, 3687BF638E21C00E62ABFED70D728B91ADA08F7164CA898E654F31DA196589E9 ] viaide C:\Windows\system32\drivers\viaide.sys
09:02:28.0245 0x1780 viaide - ok
09:02:28.0255 0x1780 [ 4C63E00F2F4B5F86AB48A58CD990F212, 9796BD4B9CFEEEAF57C5E332A732EFC2770B21F9B35301A5D202F5FC52C1E035 ] volmgr C:\Windows\system32\drivers\volmgr.sys
09:02:28.0255 0x1780 volmgr - ok
09:02:28.0285 0x1780 [ B5BB72067DDDDBBFB04B2F89FF8C3C87, 65B9AD55F43940A5FDD88B6EC5034A7E375DF8E6F5F1AE6519A4BD6B7E992EBC ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
09:02:28.0295 0x1780 volmgrx - ok
09:02:28.0325 0x1780 [ F497F67932C6FA693D7DE2780631CFE7, DAE544ED99D2CF570DA31343BD87D2F856D0D13529656D38E1BF854C77F017F6 ] volsnap C:\Windows\system32\drivers\volsnap.sys
09:02:28.0335 0x1780 volsnap - ok
09:02:28.0345 0x1780 [ 9DFA0CC2F8855A04816729651175B631, 37FD9E43A2A3F125E94A315FB4CD8A1B5499A5FD74806EB2D1E5DA88C070D3A3 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
09:02:28.0355 0x1780 vsmraid - ok
09:02:28.0395 0x1780 [ 209A3B1901B83AEB8527ED211CCE9E4C, 1A431F6409F8E0531F600F8F988ECECECB902DA26BBAAF1DE74A5CAC29A7CB44 ] VSS C:\Windows\system32\vssvc.exe
09:02:28.0415 0x1780 VSS - ok
09:02:28.0425 0x1780 [ 90567B1E658001E79D7C8BBD3DDE5AA6, EFC23BEEA7F54A2DC56CB523DAD1AF0358D904C5278BF08873910E2DB3F13557 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
09:02:28.0425 0x1780 vwifibus - ok
09:02:28.0455 0x1780 [ 7090D3436EEB4E7DA3373090A23448F7, 3A130B28F2BFA7DCEC8596C4CE4E187B019F5ECF1AAC8DD1BBDE9CBD2428FEC2 ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
09:02:28.0455 0x1780 vwififlt - ok
09:02:28.0485 0x1780 [ A3F04CBEA6C2A10E6CB01F8B47611882, 32AFE18B07FECA30BC95831A5DC94C784E543784DF16165334A777DC84E91EF3 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
09:02:28.0485 0x1780 vwifimp - ok
09:02:28.0515 0x1780 [ 55187FD710E27D5095D10A472C8BAF1C, AE298E2D3BA366BCBDC092C717214C181E8843FA564A6DFB07FC3238A5A68DC3 ] W32Time C:\Windows\system32\w32time.dll
09:02:28.0525 0x1780 W32Time - ok
09:02:28.0545 0x1780 [ DE3721E89C653AA281428C8A69745D90, 501C78056ED4295625D8A5412025FD2F0CA24077044D3A5800BA79DF3D946516 ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
09:02:28.0545 0x1780 WacomPen - ok
09:02:28.0565 0x1780 [ 3C3C78515F5AB448B022BDF5B8FFDD2E, 35284174A42039C3C1FF8A3C8BC187A5E067C7782FC62D19749C2CB28C4E36C7 ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
09:02:28.0575 0x1780 WANARP - ok
09:02:28.0575 0x1780 [ 3C3C78515F5AB448B022BDF5B8FFDD2E, 35284174A42039C3C1FF8A3C8BC187A5E067C7782FC62D19749C2CB28C4E36C7 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
09:02:28.0575 0x1780 Wanarpv6 - ok
09:02:28.0625 0x1780 [ 691E3285E53DCA558E1A84667F13E15A, 12EDB66EF8FC100402BEA221F354D3BD5542F6DDF715B6E7D873D6BAE7E3D329 ] wbengine C:\Windows\system32\wbengine.exe
09:02:28.0645 0x1780 wbengine - ok
09:02:28.0695 0x1780 [ 9614B5D29DC76AC3C29F6D2D3AA70E67, A2FFB92F0030B4CD771E862DA575ECCF2F3A5B4B85858C1241A0C59262C0EC88 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
09:02:28.0705 0x1780 WbioSrvc - ok
09:02:28.0745 0x1780 [ 34EEE0DFAADB4F691D6D5308A51315DC, A040A03E25A0C78B9E26F86C2DF95BCAF8E7EC90183CEB295615D3265350EBEE ] wcncsvc C:\Windows\System32\wcncsvc.dll
09:02:28.0765 0x1780 wcncsvc - ok
09:02:28.0775 0x1780 [ 5D930B6357A6D2AF4D7653BDABBF352F, 677FF2ED14EE0B0CAA710DA81556CC16D5971DAB10E7C7432D167A87CA6F0EAA ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
09:02:28.0775 0x1780 WcsPlugInService - ok
09:02:28.0795 0x1780 [ 1112A9BADACB47B7C0BB0392E3158DFF, 1AE2AFA125973571F91E6945FE8A735F63D76EBB250A0075D98C580167FD9ED4 ] Wd C:\Windows\system32\DRIVERS\wd.sys
09:02:28.0795 0x1780 Wd - ok
09:02:28.0825 0x1780 [ 25944D2CC49E0A6C581D02A74B7D6645, AF8FFAFEC07F1A6A3D4008E609E8E1D705A8DFCC7995C766E3946887203F7BEE ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
09:02:28.0835 0x1780 Wdf01000 - ok
09:02:28.0855 0x1780 [ 46EF9DC96265FD0B423DB72E7C38C2A5, 43801A51FB0E45CFFC73DF6441B54A75FC2FEAF5E0424DFE7AB04FC26CF6CD16 ] WdiServiceHost C:\Windows\system32\wdi.dll
09:02:28.0855 0x1780 WdiServiceHost - ok
09:02:28.0865 0x1780 [ 46EF9DC96265FD0B423DB72E7C38C2A5, 43801A51FB0E45CFFC73DF6441B54A75FC2FEAF5E0424DFE7AB04FC26CF6CD16 ] WdiSystemHost C:\Windows\system32\wdi.dll
09:02:28.0865 0x1780 WdiSystemHost - ok
09:02:28.0905 0x1780 [ 75E8EBD7040CE238684333F97014762A, 2CA0B267FBAEB303D1F8B639D733DC0DE17BA1276CC9096035B4F2BBBED3EF7F ] WebClient C:\Windows\System32\webclnt.dll
09:02:28.0905 0x1780 WebClient - ok
09:02:28.0935 0x1780 [ F56A25B240391620B6E31ACF656F2018, 38FEF5616E68FCAFF7B573611EEFEC1B330424BD39D88364E44C4C125FF7E235 ] Wecsvc C:\Windows\system32\wecsvc.dll
09:02:28.0945 0x1780 Wecsvc - ok
09:02:28.0955 0x1780 [ AC804569BB2364FB6017370258A4091B, 1856F354146A5946F3E7D0DD09726FC8A3502B0F0776FEADDF10669C81CC28E2 ] wercplsupport C:\Windows\System32\wercplsupport.dll
09:02:28.0965 0x1780 wercplsupport - ok
09:02:28.0985 0x1780 [ 08E420D873E4FD85241EE2421B02C4A4, E1E9436EB096FF7DE9A76DA6217035257EF9FC7565DDB9016DCA3859E7F1EF0F ] WerSvc C:\Windows\System32\WerSvc.dll
09:02:28.0985 0x1780 WerSvc - ok
09:02:28.0995 0x1780 [ 8B9A943F3B53861F2BFAF6C186168F79, 88E2F79F32AFBA17CB8377A508B83A1EC2315E9F3A365F591C87FE4525AA6713 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
09:02:28.0995 0x1780 WfpLwf - ok
09:02:29.0015 0x1780 [ 5CF95B35E59E2A38023836FFF31BE64C, CEA21302B3E855EE592810D4E0DE10E47A47A393064C435463CD54598735CD8D ] WIMMount C:\Windows\system32\drivers\wimmount.sys
09:02:29.0015 0x1780 WIMMount - ok
09:02:29.0095 0x1780 [ 082CF481F659FAE0DE51AD060881EB47, BB67D2AF0BB9192D4CCF66C23D80CE5A1B38715556D94E2561DBF8F805FA30A5 ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
09:02:29.0115 0x1780 WinDefend - ok
09:02:29.0135 0x1780 WinHttpAutoProxySvc - ok
09:02:29.0175 0x1780 [ 320B13F43726EB73B2D7AE8869AFAACE, 56E882AA2749F401C28EE3DE2D23088C479CDE54E4CD4FBCC18374F348332607 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
09:02:29.0175 0x1780 Winmgmt - ok
09:02:29.0245 0x1780 [ 895AD0D039FAAE12D4C25E028051344C, 49FCB06EF59846CAC665BCFA1D0B0CCB7A52B414FA80FE97438B5CE2AD60C31D ] WinRM C:\Windows\system32\WsmSvc.dll
09:02:29.0295 0x1780 WinRM - ok
09:02:29.0335 0x1780 [ A67E5F9A400F3BD1BE3D80613B45F708, E170A8BD31A779403DC9C43ED6483DA8E186512D3EE700B87F6BA292E284E367 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
09:02:29.0335 0x1780 WinUsb - ok
09:02:29.0375 0x1780 [ 16935C98FF639D185086A3529B1F2067, E9C6B73A572A04FCE9B1B0E6815F941B10332D9A6D55B92927C2B1275F119091 ] Wlansvc C:\Windows\System32\wlansvc.dll
09:02:29.0395 0x1780 Wlansvc - ok
09:02:29.0475 0x1780 [ 5E7C103F8475C4289847D15E129C20F7, C6325D3557545FA1DA26B0B1EA9A1C95AED1FA84A93BE29A771DAD9ECB00768B ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
09:02:29.0515 0x1780 wlidsvc - ok
09:02:29.0545 0x1780 [ 0217679B8FCA58714C3BF2726D2CA84E, 4494984B922DCF24D37BCD0E6831CEBD07D1CA49235D04E821D17ED3DF84ED2A ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
09:02:29.0545 0x1780 WmiAcpi - ok
09:02:29.0565 0x1780 [ A1BCA34F741D285E8A7CD3F3E734BBBD, 0BD51632576ECDBF99560AD3F57B1A819C7216840818328C44C471471009AA8B ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
09:02:29.0565 0x1780 wmiApSrv - ok
09:02:29.0655 0x1780 [ 3B40D3A61AA8C21B88AE57C58AB3122E, 6C67DCB007C3CDF2EB0BBF5FD89C32CD7800C20F7166872F8C387BE262C5CD21 ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
09:02:29.0695 0x1780 WMPNetworkSvc - ok
09:02:29.0735 0x1780 [ A2F0EC770A92F2B3F9DE6D518E11409C, 6838F2148B11285E00DC449D51F8AD85AAE57694E89BA2C607B87AC1C650D845 ] WPCSvc C:\Windows\System32\wpcsvc.dll
09:02:29.0735 0x1780 WPCSvc - ok
09:02:29.0765 0x1780 [ AA53356D60AF47EACC85BC617A4F3F66, 155CB8112AA382D841C1891750FF29EF4F1BF716CD9CDF0F2243209E2CCCAC98 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
09:02:29.0775 0x1780 WPDBusEnum - ok
09:02:29.0785 0x1780 [ 6DB3276587B853BF886B69528FDB048C, 9972FF6DF0DF6F86D1E9BCEF4C29064748B217DA196B0633C30D3D580144951C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
09:02:29.0785 0x1780 ws2ifsl - ok
09:02:29.0795 0x1780 [ 6F5D49EFE0E7164E03AE773A3FE25340, 15B6AFF7455538189A96F8863CC995A271E02C6FBDAC15B037D44DDA65E61339 ] wscsvc C:\Windows\System32\wscsvc.dll
09:02:29.0805 0x1780 wscsvc - ok
09:02:29.0805 0x1780 WSearch - ok
09:02:30.0055 0x1780 [ 7E5C454A3F986FEBAD075DB8D915917E, 9E9147DDACD075958689523130DB92FC4ED0E38433461D8AB8792BCFBD9376DA ] wuauserv C:\Windows\system32\wuaueng.dll
09:02:30.0105 0x1780 wuauserv - ok
09:02:30.0125 0x1780 [ 06E6F32C8D0A3F66D956F57B43A2E070, 9A6BD96A28294B0372F16E13D652FD603308F64B74A56E41E0C68C5E8011F943 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
09:02:30.0125 0x1780 WudfPf - ok
09:02:30.0145 0x1780 [ 867C301E8B790040AE9CF6486E8041DF, D867D6498C987944D99508B2FAD6D6B749FA1EDFE8124B0863D4A642352F0855 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
09:02:30.0145 0x1780 WUDFRd - ok
09:02:30.0155 0x1780 [ FE47B7BC8EA320C2D9B5E5BF6E303765, 34518DBD1E9EA6E5DA62273B18613761E1D9C6B4E074A93C6D639FBAF02222EA ] wudfsvc C:\Windows\System32\WUDFSvc.dll
09:02:30.0165 0x1780 wudfsvc - ok
09:02:30.0205 0x1780 [ 7CC38741B8F68F1E0D5D79DA6123666A, F90D2DA1C9AFB506C381CD386E1430931B5F81813FEDFD720F87FBC54E7A00DA ] WwanSvc C:\Windows\System32\wwansvc.dll
09:02:30.0205 0x1780 WwanSvc - ok
09:02:30.0225 0x1780 ZTEusbmdm6k - ok
09:02:30.0235 0x1780 ZTEusbnmea - ok
09:02:30.0235 0x1780 ZTEusbser6k - ok
09:02:30.0265 0x1780 ================ Scan global ===============================
09:02:30.0275 0x1780 [ DAB748AE0439955ED2FA22357533DDDB, 73EDD402C7479DDCE1998D0C7E99E1EC2974F64EFC33A851439CC85D09EDCDF9 ] C:\Windows\system32\basesrv.dll
09:02:30.0305 0x1780 [ 51BB04243DF6196C06E125898127E397, E1B6C83FC6E455F6806185027C5B56F8BA9ECDF1CD69E97301EC0291F0D3466E ] C:\Windows\system32\winsrv.dll
09:02:30.0315 0x1780 [ 51BB04243DF6196C06E125898127E397, E1B6C83FC6E455F6806185027C5B56F8BA9ECDF1CD69E97301EC0291F0D3466E ] C:\Windows\system32\winsrv.dll
09:02:30.0345 0x1780 [ 364455805E64882844EE9ACB72522830, 906561DBBB33F744844CF27E456226044C85DF0FCFD26DE1FD11E09E2CFA6F8F ] C:\Windows\system32\sxssrv.dll
09:02:30.0405 0x1780 [ 0780A42DBD7D9969F9BF4A19AA4285B5, 8EA41124A4E97732C5DAA616457FBA7111CB38986F3427FA776ED00BC1407171 ] C:\Windows\system32\services.exe
09:02:30.0415 0x1780 [ Global ] - ok
09:02:30.0415 0x1780 ================ Scan MBR ==================================
09:02:30.0435 0x1780 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
09:02:30.0785 0x1780 \Device\Harddisk0\DR0 - ok
09:02:30.0785 0x1780 [ A4A15D6782E6FE1DCE41A606CB3AFFE3 ] \Device\Harddisk4\DR4
09:02:31.0065 0x1780 \Device\Harddisk4\DR4 - ok
09:02:31.0065 0x1780 ================ Scan VBR ==================================
09:02:31.0065 0x1780 [ 736BCE823272F01328C32FAD040874C1 ] \Device\Harddisk0\DR0\Partition1
09:02:31.0105 0x1780 \Device\Harddisk0\DR0\Partition1 - ok
09:02:31.0135 0x1780 [ 538667450BF50DA4DACDC36266E49CF2 ] \Device\Harddisk0\DR0\Partition2
09:02:31.0185 0x1780 \Device\Harddisk0\DR0\Partition2 - ok
09:02:31.0195 0x1780 [ 5166237B7612FE4A35E38B3B79D46285 ] \Device\Harddisk0\DR0\Partition3
09:02:31.0195 0x1780 \Device\Harddisk0\DR0\Partition3 - ok
09:02:31.0205 0x1780 [ 3C1764EF7AF8509E39B5F12EA9B8C36F ] \Device\Harddisk0\DR0\Partition4
09:02:31.0235 0x1780 \Device\Harddisk0\DR0\Partition4 - ok
09:02:31.0235 0x1780 [ 1CD3E966881B0F1808560D4DA018E980 ] \Device\Harddisk4\DR4\Partition1
09:02:31.0275 0x1780 \Device\Harddisk4\DR4\Partition1 - ok
09:02:31.0285 0x1780 ================ Scan generic autorun ======================
09:02:31.0385 0x1780 [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files\Windows Sidebar\Sidebar.exe
09:02:31.0435 0x1780 Sidebar - ok
09:02:31.0605 0x1780 [ BBA1A5B86134F496B926DDAF247DB871, 636990AE49C55189B7EF69C419787440B57EC0BAD98A9C280E1028F741BB222E ] C:\Windows\System32\mctadmin.exe
09:02:31.0615 0x1780 mctadmin - ok
09:02:31.0685 0x1780 [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files\Windows Sidebar\Sidebar.exe
09:02:31.0705 0x1780 Sidebar - ok
09:02:31.0705 0x1780 [ BBA1A5B86134F496B926DDAF247DB871, 636990AE49C55189B7EF69C419787440B57EC0BAD98A9C280E1028F741BB222E ] C:\Windows\System32\mctadmin.exe
09:02:31.0715 0x1780 mctadmin - ok
09:02:31.0785 0x1780 [ 29F2EB3936BD71EC68B87330E3286E2C, 7CEAFDF28F34ED91DA061DD1FC5AC2C9BC019FDA7B65D68B1EA47FAED21D3BE1 ] C:\Program Files\COMPUTER BILD Account-Alarm\COMPUTER BILD Account-Alarm.exe
09:02:31.0835 0x1780 COMPUTER BILD Account-Alarm - ok
09:02:31.0855 0x1780 AV detected via SS2: G Data InternetSecurity CBE, C:\Program Files\G Data\InternetSecurity\AVK\avkwscpe.exe ( 25.0.0.0 ), 0x41000 ( enabled : updated )
09:02:31.0855 0x1780 FW detected via SS2: G Data Personal Firewall, C:\Program Files\G Data\InternetSecurity\Firewall\GDFwSvc.exe ( 22.0.0.1 ), 0x41010 ( enabled )
09:02:31.0855 0x1780 ============================================================
09:02:31.0855 0x1780 Scan finished
09:02:31.0855 0x1780 ============================================================
09:02:31.0865 0x1724 Detected object count: 1
09:02:31.0865 0x1724 Actual detected object count: 1
09:03:01.0199 0x1724 sptd ( LockedFile.Multi.Generic ) - skipped by user
09:03:01.0199 0x1724 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
10:21:30.0087 0x03f0 ============================================================
10:21:30.0087 0x03f0 Scan started
10:21:30.0087 0x03f0 Mode: Manual;
10:21:30.0087 0x03f0 ============================================================
10:21:30.0087 0x03f0 KSN ping started
10:21:58.0620 0x03f0 KSN ping finished: false
10:22:00.0492 0x03f0 ================ Scan system memory ========================
10:22:00.0492 0x03f0 System memory - ok
|
|
15.05.2015, 09:34
| #7 |
| | TDSS Teil 2Code:
ATTFilter 10:22:00.0492 0x03f0 ================ Scan services ============================= 10:22:00.0616 0x03f0 [ 1B133875B8AA8AC48969BD3458AFE9F5, 01753BDD47F3F9BC0E0D23A069B9C56D4AE6A6B6295BC19B95AE245D25B12744 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys 10:22:00.0632 0x03f0 1394ohci - ok 10:22:00.0663 0x03f0 [ CEA80C80BED809AA0DA6FEBC04733349, AE69C142DC2210A4AE657C23CEA4A6E7CB32C4F4EBA039414123CAC52157509B ] ACPI C:\Windows\system32\drivers\ACPI.sys 10:22:00.0663 0x03f0 ACPI - ok 10:22:00.0679 0x03f0 [ 1EFBC664ABFF416D1D07DB115DCB264F, BF94D069D692140B792DBF4FD3CB0127D27C26CC5BFB6B0C28A8B6346767EE58 ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys 10:22:00.0679 0x03f0 AcpiPmi - ok 10:22:00.0804 0x03f0 [ 929593D76589294BA3F74540298D1B3E, 3D1C1772579141BD1040363BD65F2A2D78BF42EC85AE96317AE397E3D5267145 ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe 10:22:00.0819 0x03f0 AdobeARMservice - ok 10:22:00.0897 0x03f0 [ 080255CDCB878813B481B8C348D47D8E, 75808821FBC732D0504795B8F85852E4C01D3B412989A1E597E1295CFF7B7A45 ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe 10:22:00.0928 0x03f0 AdobeFlashPlayerUpdateSvc - ok 10:22:00.0975 0x03f0 [ 21E785EBD7DC90A06391141AAC7892FB, A2D3D764C5E6DC0AD5AAF48485FFB8B121D2A40DC08ECF2D2CB92278A1002B25 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys 10:22:00.0991 0x03f0 adp94xx - ok 10:22:01.0022 0x03f0 [ 0C676BC278D5B59FF5ABD57BBE9123F2, 339E8A433D186BAAB6FCB44C82CC9FB6FCD63C87981449494CBEB2072CB6B7BB ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys 10:22:01.0038 0x03f0 adpahci - ok 10:22:01.0053 0x03f0 [ 7C7B5EE4B7B822EC85321FE23A27DB33, A934AFB71D439555E6376DA9B34F82E8D39A300A4547BE9AC9311F6A3C36270C ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys 10:22:01.0053 0x03f0 adpu320 - ok 10:22:01.0084 0x03f0 [ 8B5EEFEEC1E6D1A72A06C526628AD161, 026CDF4C96F4D493E7BABF79A14C4B0B5ADCCEF0B081FFFA2E3B243B2414167F ] AeLookupSvc C:\Windows\System32\aelupsvc.dll 10:22:01.0084 0x03f0 AeLookupSvc - ok 10:22:01.0147 0x03f0 [ D0B388DA1D111A34366E04EB4A5DD156, 60D226F027F4025CC032CAFF73A80FAFB5FA75445654FDCF80CA8C0419C6E938 ] AFD C:\Windows\system32\drivers\afd.sys 10:22:01.0178 0x03f0 AFD - ok 10:22:01.0194 0x03f0 [ 507812C3054C21CEF746B6EE3D04DD6E, D7E59350AC338AD229E3D10C76E32AE16D120311B263714A9CD94AB538633B0E ] agp440 C:\Windows\system32\drivers\agp440.sys 10:22:01.0194 0x03f0 agp440 - ok 10:22:01.0209 0x03f0 [ 8B30250D573A8F6B4BD23195160D8707, 64EC289AFCD63D84EAFD9D81C50D0A77BCC79A1EFF32C50B2776BB0C0151757D ] aic78xx C:\Windows\system32\DRIVERS\djsvs.sys 10:22:01.0225 0x03f0 aic78xx - ok 10:22:01.0240 0x03f0 [ 18A54E132947CD98FEA9ACCC57F98F13, 9D39AF972785E49F0DD12C4BAEF39A79CD69F098886BF152AF1B7CCE2E902115 ] ALG C:\Windows\System32\alg.exe 10:22:01.0256 0x03f0 ALG - ok 10:22:01.0272 0x03f0 [ 0D40BCF52EA90FC7DF2AEAB6503DEA44, 1D1AA8F50935D976C29DE7A84708CADBBBDD936F0DD2C059E820F0D21367B3B6 ] aliide C:\Windows\system32\drivers\aliide.sys 10:22:01.0272 0x03f0 aliide - ok 10:22:01.0334 0x03f0 [ 90EC928E9542B166583D865F99F85BE8, F484697A6D0FE6E1DC7CAE3D21BEC8041D45111109E887FE6754817ADFCF6DDA ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe 10:22:01.0350 0x03f0 AMD External Events Utility - ok 10:22:01.0381 0x03f0 [ 3C6600A0696E90A463771C7422E23AB5, 370B33DC1C25B981628A318BAE434A78A5F0A0DA93C2896DC7A3D7B87AE1A5E7 ] amdagp C:\Windows\system32\drivers\amdagp.sys 10:22:01.0381 0x03f0 amdagp - ok 10:22:01.0396 0x03f0 [ CD5914170297126B6266860198D1D4F0, 2239FCBD1A7EC27CE4F10DA36AE6BD6CCB87E5128C82CA71B84BFE5AF5602A60 ] amdide C:\Windows\system32\drivers\amdide.sys 10:22:01.0396 0x03f0 amdide - ok 10:22:01.0428 0x03f0 [ 00DDA200D71BAC534BF56A9DB5DFD666, CA316B1FFD85BA1CF8664B3229DA1F238A5341E016059F7ED89702324CFD124B ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys 10:22:01.0428 0x03f0 AmdK8 - ok 10:22:01.0849 0x03f0 [ D4EF00B622EBEBEF85AB53C51A509A14, AFDFF78D61D1495BD51197CF26EB34F77871DA0A13E9056DE3776C9364FBC9A9 ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys 10:22:02.0114 0x03f0 amdkmdag - ok 10:22:02.0177 0x03f0 [ 0A536B713BF916E62A14D48B0C1739A3, 425184896AD276AD45822655ADEC9EC499A9574E5815426AD6231029B46DD194 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys 10:22:02.0177 0x03f0 amdkmdap - ok 10:22:02.0208 0x03f0 [ 3CBF30F5370FDA40DD3E87DF38EA53B6, 7EACF1743367BE805357B6FD10F8F99E9B1C301FE3782D77719347B13DFA65EC ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys 10:22:02.0208 0x03f0 AmdPPM - ok 10:22:02.0223 0x03f0 [ D320BF87125326F996D4904FE24300FC, F767D8C5C58D57202905D829F7AE1B1FF33937F407FDCE4C90E32A6638F27416 ] amdsata C:\Windows\system32\drivers\amdsata.sys 10:22:02.0223 0x03f0 amdsata - ok 10:22:02.0255 0x03f0 [ EA43AF0C423FF267355F74E7A53BDABA, 3F1335909AB0281A2FBDD7AD90E18309E091656CD32B48894B992789D8C61DB4 ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys 10:22:02.0255 0x03f0 amdsbs - ok 10:22:02.0270 0x03f0 [ 46387FB17B086D16DEA267D5BE23A2F2, 8B8AC61B91F154B4EB5CC6DECB5FCCEBA8B42EFE94859947136AD06681EA8ED0 ] amdxata C:\Windows\system32\drivers\amdxata.sys 10:22:02.0270 0x03f0 amdxata - ok 10:22:02.0317 0x03f0 [ 81F97D8F8B3FB94A451CC6F7CF8B2965, 8DEBA4E47E1016D69740C0BB7CDD23852D86E0D42C1C1EA5A847ECB115C38CB1 ] AppID C:\Windows\system32\drivers\appid.sys 10:22:02.0317 0x03f0 AppID - ok 10:22:02.0348 0x03f0 [ F5090F8FA6757C58E17BAEAA86093636, 5E14CF3032DF5801240F45C59AA93962EA41AA5648A0C6458D16D9B9D95A131F ] AppIDSvc C:\Windows\System32\appidsvc.dll 10:22:02.0348 0x03f0 AppIDSvc - ok 10:22:02.0395 0x03f0 [ EACFDF31921F51C097629F1F3C9129B4, 24138755D823E69760579ECBD672421192457CDC9941B2BC499C2D34D83E86C3 ] Appinfo C:\Windows\System32\appinfo.dll 10:22:02.0395 0x03f0 Appinfo - ok 10:22:02.0520 0x03f0 [ 221564CC7BE37611FE15EACF443E1BF6, 381BDF17418C779D72332431BA174C2AD76CD9C7C1711FF5142EA9B05D5555E4 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe 10:22:02.0520 0x03f0 Apple Mobile Device - ok 10:22:02.0551 0x03f0 [ 2932004F49677BD84DBC72EDB754FFB3, 73F84582244AC53994A2F4499A119B4A84A6BF7FD3046C29A8080C763DE540B8 ] arc C:\Windows\system32\DRIVERS\arc.sys 10:22:02.0551 0x03f0 arc - ok 10:22:02.0582 0x03f0 [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7, F7C9C3B4F2C816F57A43B2921672858C291054220BADE291044343778216F6BA ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys 10:22:02.0598 0x03f0 arcsas - ok 10:22:02.0707 0x03f0 [ 776ACEFA0CA9DF0FAA51A5FB2F435705, 72DF7ED6B085BC468994F5B3189506FD726A9A17A9C42ACA1E420D787691361D ] aspnet_state C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe 10:22:02.0707 0x03f0 aspnet_state - ok 10:22:02.0738 0x03f0 [ ADD2ADE1C2B285AB8378D2DAAF991481, 7965A705F37924C0EC7A934E64E89C5DF4069816E2EEA3509E0AC90F78910519 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys 10:22:02.0738 0x03f0 AsyncMac - ok 10:22:02.0754 0x03f0 [ 338C86357871C167A96AB976519BF59E, F28CC534523D1701B0552F5D7E18E88369C4218BDB1F69110C3E31D395884AD6 ] atapi C:\Windows\system32\drivers\atapi.sys 10:22:02.0754 0x03f0 atapi - ok 10:22:02.0785 0x03f0 [ 636C40DAC5D13F4C354973017AA8ADC2, A32B0F39092765FCBC7D0135D8CD905C9FDB302B7A7474195108F8118833A842 ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW73.sys 10:22:02.0785 0x03f0 AtiHDAudioService - ok 10:22:02.0863 0x03f0 [ C1619A13B10CAC5038BF7129F57D8DE3, 9F71EA6C844650658938E68CCC1383F92D37C68E46E08461A8351491185BA791 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll 10:22:02.0879 0x03f0 AudioEndpointBuilder - ok 10:22:02.0941 0x03f0 [ C1619A13B10CAC5038BF7129F57D8DE3, 9F71EA6C844650658938E68CCC1383F92D37C68E46E08461A8351491185BA791 ] Audiosrv C:\Windows\System32\Audiosrv.dll 10:22:02.0941 0x03f0 Audiosrv - ok 10:22:03.0128 0x03f0 [ B90962C56D37665500E3B2510844F57E, D3A97436CACA7FD2E6EF6B07536F26665C06F6251472FAB96E923039412E6E85 ] AVKProxy C:\Program Files\Common Files\G Data\AVKProxy\AVKProxy.exe 10:22:03.0159 0x03f0 AVKProxy - ok 10:22:03.0300 0x03f0 [ 56C6F2D7F1D515B4B534217443D3B67F, CB9E94EE515EE7C426B34EC40DFDEF27893C3379C011B2FF6EEF318A34BCF482 ] AVKService C:\Program Files\G Data\InternetSecurity\AVK\AVKService.exe 10:22:03.0331 0x03f0 AVKService - ok 10:22:03.0456 0x03f0 [ 460DF58F2B393689EA6B87288BA7DFC5, D0330FC768B98DB4E76132CB40044E600AFE83964E63845C2534254EA5B15DA2 ] AVKWCtl C:\Program Files\G Data\InternetSecurity\AVK\AVKWCtl.exe 10:22:03.0503 0x03f0 AVKWCtl - ok 10:22:03.0534 0x03f0 [ 6E30D02AAC9CAC84F421622E3A2F6178, 229DC527C1D6C778BCA2C855A2A6F6D2C4B0F4F6DE56C886B3AAD26E3347952C ] AxInstSV C:\Windows\System32\AxInstSV.dll 10:22:03.0534 0x03f0 AxInstSV - ok 10:22:03.0596 0x03f0 [ 1A231ABEC60FD316EC54C66715543CEC, 09E2897BA80737997A286EA5408C03DD3CC0EBACD24CB391C2455B6D4BE7D67E ] b06bdrv C:\Windows\system32\DRIVERS\bxvbdx.sys 10:22:03.0596 0x03f0 b06bdrv - ok 10:22:03.0627 0x03f0 [ BD8869EB9CDE6BBE4508D869929869EE, F4363A12EBFDBB89C69FD59B22F9EE05BADA07D477A1DF2DE01F59D6EE496543 ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys 10:22:03.0627 0x03f0 b57nd60x - ok 10:22:03.0659 0x03f0 [ EE1E9C3BB8228AE423DD38DB69128E71, ED54FD9795F3A4D32F02BED6052AD9404409A05644CDBEBFF19C662D104DA95A ] BDESVC C:\Windows\System32\bdesvc.dll 10:22:03.0659 0x03f0 BDESVC - ok 10:22:03.0659 0x03f0 [ 505506526A9D467307B3C393DEDAF858, 8AD6F1492E357F57CF42261497BA29122045D4FC0DCC9669AA5AC9B2A4BABFA4 ] Beep C:\Windows\system32\drivers\Beep.sys 10:22:03.0659 0x03f0 Beep - ok 10:22:03.0705 0x03f0 [ 1E2BAC209D184BB851E1A187D8A29136, 53933C938DA5126986FFF2918C1F522ABE93ABAB460AE32E4453161C2F7B68DF ] BFE C:\Windows\System32\bfe.dll 10:22:03.0721 0x03f0 BFE - ok 10:22:03.0768 0x03f0 [ E585445D5021971FAE10393F0F1C3961, 178C008A9A0A6BFDA65EB0B98C510271360AD4474F22F13594F5EB60AA4E1CF5 ] BITS C:\Windows\System32\qmgr.dll 10:22:03.0768 0x03f0 BITS - ok 10:22:03.0783 0x03f0 [ 2287078ED48FCFC477B05B20CF38F36F, 55BCA6174E6034A8D61CBE4126B2F1989F6052BFA624BEA9C0A0A664AEC74521 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys 10:22:03.0783 0x03f0 blbdrive - ok 10:22:03.0815 0x03f0 [ 8F2DA3028D5FCBD1A060A3DE64CD6506, E234672E9CFE1A95AD2E78E306E41E010B870221E6EBBC0E2B0BE2FA5CE0CD76 ] bowser C:\Windows\system32\DRIVERS\bowser.sys 10:22:03.0815 0x03f0 bowser - ok 10:22:03.0830 0x03f0 [ 9F9ACC7F7CCDE8A15C282D3F88B43309, A9131334BD9CF8FD60BA9D54AA054E2DF2BE1219FB650DF1464F2787BDEAE98F ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys 10:22:03.0830 0x03f0 BrFiltLo - ok 10:22:03.0846 0x03f0 [ 56801AD62213A41F6497F96DEE83755A, 0DEB8318FB47DF6473C171C795C735E26A73FA12232876C6856549EA16F33361 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys 10:22:03.0846 0x03f0 BrFiltUp - ok 10:22:03.0893 0x03f0 [ 3DAA727B5B0A45039B0E1C9A211B8400, 903B51E75F0C503A0E255120F53BF51B047B219FEC1E15F2F1D02DDD562FC73B ] Browser C:\Windows\System32\browser.dll 10:22:03.0893 0x03f0 Browser - ok 10:22:03.0939 0x03f0 [ 845B8CE732E67F3B4133164868C666EA, 9309B094CD9B5EBC46295A5EB806BED472C3CEDE3B5F6F497EBDABA496A2A27F ] Brserid C:\Windows\System32\Drivers\Brserid.sys 10:22:03.0955 0x03f0 Brserid - ok 10:22:03.0971 0x03f0 [ 203F0B1E73ADADBBB7B7B1FABD901F6B, 782FA7B26940FE479C49C9BAA2EB582CDAAAD607013E9BCFC85E6FBBB7D49A6D ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys 10:22:03.0971 0x03f0 BrSerWdm - ok 10:22:03.0986 0x03f0 [ BD456606156BA17E60A04E18016AE54B, DFBDC9DA6A3EA40BACFF204BC6C55C2C122B5885D2CBF6D45054DE43EE15EC4D ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys 10:22:04.0002 0x03f0 BrUsbMdm - ok 10:22:04.0017 0x03f0 [ AF72ED54503F717A43268B3CC5FAEC2E, 4A638669B0C30B1BDED242A8BF2015A37749570FF4D67D190BACC8D7E0C44468 ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys 10:22:04.0017 0x03f0 BrUsbSer - ok 10:22:04.0033 0x03f0 [ ED3DF7C56CE0084EB2034432FC56565A, B5B75E002E7BC0209582C635CCCA26DB569BDB23C33A126634E00C6434BF941B ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys 10:22:04.0033 0x03f0 BTHMODEM - ok 10:22:04.0064 0x03f0 [ 1DF19C96EEF6C29D1C3E1A8678E07190, 1F4BB161FF3A1C5B1465BB52F3520FEDB7ACB1FAA132466F07D16DB8E394AEA5 ] bthserv C:\Windows\system32\bthserv.dll 10:22:04.0064 0x03f0 bthserv - ok 10:22:04.0111 0x03f0 [ 77EA11B065E0A8AB902D78145CA51E10, 160EB3BBE9E5F3CC4A02584E6F2576A812C7565B940D74838B983F1EE51FA73A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys 10:22:04.0111 0x03f0 cdfs - ok 10:22:04.0158 0x03f0 [ BE167ED0FDB9C1FA1133953C18D5A6C9, E26A851CA13E7300F977E5B20FA5D25FD0E1442AB6AD5DB58BBDB2DAAD87027C ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys 10:22:04.0158 0x03f0 cdrom - ok 10:22:04.0189 0x03f0 [ 319C6B309773D063541D01DF8AC6F55F, 182F392FE839499D159A30A3CD04B5D0C87219930BFB1A7456880B7DA75B9820 ] CertPropSvc C:\Windows\System32\certprop.dll 10:22:04.0205 0x03f0 CertPropSvc - ok 10:22:04.0220 0x03f0 [ 3FE3FE94A34DF6FB06E6418D0F6A0060, 6B3A2A26609A75B690D4C0B3059E40822F3B3DB08943F58EC496BABDA7D0A735 ] circlass C:\Windows\system32\DRIVERS\circlass.sys 10:22:04.0220 0x03f0 circlass - ok 10:22:04.0283 0x03f0 [ 33A60554882FDF59CDA3E1806370BBA1, 3DE5451E1CB84AAEBD03F54BEFC670C401447B4881A8B022748B6ECF0F500F01 ] CLFS C:\Windows\system32\CLFS.sys 10:22:04.0298 0x03f0 CLFS - ok 10:22:04.0361 0x03f0 [ F13EC8A783E0CB0D6DC26A3CA848B7B8, 0809E3B71709F1343086EEB6C820543C1A7119E74EEF8AC1AEE1F81093ABEC66 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 10:22:04.0361 0x03f0 clr_optimization_v2.0.50727_32 - ok 10:22:04.0407 0x03f0 [ C5A75EB48E2344ABDC162BDA79E16841, 6070A8AAFD38FBC6A68A2B10C20117612354DF21B4492D90CA522BFB6870D726 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 10:22:04.0407 0x03f0 clr_optimization_v4.0.30319_32 - ok 10:22:04.0439 0x03f0 [ DEA805815E587DAD1DD2C502220B5616, 2D6A7668C95352B818F5EC59FF462894935833D34190257DA9CAC7E67FD3631C ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys 10:22:04.0439 0x03f0 CmBatt - ok 10:22:04.0454 0x03f0 [ C537B1DB64D495B9B4717B4D6D9EDBF2, 400EEFE662DE117C9CC956E4CBD5E98F28F962E7447CD93E8A78FDD8CA39EB4B ] cmdide C:\Windows\system32\drivers\cmdide.sys 10:22:04.0454 0x03f0 cmdide - ok 10:22:04.0517 0x03f0 [ 3051724F223EA48968B19567DE2A81F4, DCC27DE1B2B35866FC6DBDE95A368E7D0D346B6C3F31D0BACA63DD39B0A8874E ] CNG C:\Windows\system32\Drivers\cng.sys 10:22:04.0532 0x03f0 CNG - ok 10:22:04.0673 0x03f0 [ 091A2D76A1FFFA523CD453CBABC4078D, 69B9383028D5690CD94022ED6E714D796B291DC21538B4D853B9D26AFA7D1378 ] ColorZillaStatsUpdater C:\Users\Oliver\AppData\LocalLow\ColorZillaStats\IE\ColorZillaStatsUpdater.exe 10:22:04.0673 0x03f0 ColorZillaStatsUpdater - ok 10:22:04.0688 0x03f0 [ A6023D3823C37043986713F118A89BEE, FAC239A7FA6251C7EDFFA34B4BAE3910B8BC0BD4A3574B6DB6931A8D691E207B ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys 10:22:04.0688 0x03f0 Compbatt - ok 10:22:04.0719 0x03f0 [ CBE8C58A8579CFE5FCCF809E6F114E89, AC083A1C649EBA18C59FCC1772D0784B10E2B8C63094E3C14388E147DBC3F6DF ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys 10:22:04.0735 0x03f0 CompositeBus - ok 10:22:04.0735 0x03f0 COMSysApp - ok 10:22:04.0766 0x03f0 [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1, 6FC323217D82EF661BA0E3F949B61B05BB5235D1A69C81D24876C2153FAECEF6 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys 10:22:04.0766 0x03f0 crcdisk - ok 10:22:04.0829 0x03f0 [ 49474B3E37969AF4B5C076F42B623AFF, BDA6B57E9B60EF1B67C74099263D33A367AAA035667239F76AB8B268FD3E8F23 ] CryptSvc C:\Windows\system32\cryptsvc.dll 10:22:04.0844 0x03f0 CryptSvc - ok 10:22:04.0907 0x03f0 [ 7660F01D3B38ACA1747E397D21D790AF, 04611B43705C064C2A8331F6D3F8E4530295694AE2C3E3EC3F62CFF4A5EFA88D ] DcomLaunch C:\Windows\system32\rpcss.dll 10:22:04.0938 0x03f0 DcomLaunch - ok 10:22:04.0969 0x03f0 [ 8D6E10A2D9A5EED59562D9B82CF804E1, 888F9650F4E872BA8F4E0C27E38A6672A561042B17EBA40E306A22357965B0AD ] defragsvc C:\Windows\System32\defragsvc.dll 10:22:04.0985 0x03f0 defragsvc - ok 10:22:05.0016 0x03f0 [ F024449C97EC1E464AAFFDA18593DB88, 7EF1E241892E098A472BCA14C724DFF1AACCF190954AF1C4A38B6D542CC74BD2 ] DfsC C:\Windows\system32\Drivers\dfsc.sys 10:22:05.0016 0x03f0 DfsC - ok 10:22:05.0031 0x03f0 [ B575C523F537F24D66D31F8877E6BCAB, E2EA9A4DA052D60E7C79A07DF16CD33D5ECB53CB3C6135EDDE8403B951032C38 ] dg_ssudbus C:\Windows\system32\DRIVERS\ssudbus.sys 10:22:05.0031 0x03f0 dg_ssudbus - ok 10:22:05.0078 0x03f0 [ E9E01EB683C132F7FA27CD607B8A2B63, 4D9037B458C522874619143A4176BCED42472C68933E6E83D37B67242706F3C4 ] Dhcp C:\Windows\system32\dhcpcore.dll 10:22:05.0078 0x03f0 Dhcp - ok 10:22:05.0094 0x03f0 [ 1A050B0274BFB3890703D490F330C0DA, 79D74F4679A2EE040FAAF4D0392A9311239A10A5F8A5CCB48656C6F89B6D62FB ] discache C:\Windows\system32\drivers\discache.sys 10:22:05.0094 0x03f0 discache - ok 10:22:05.0141 0x03f0 [ 565003F326F99802E68CA78F2A68E9FF, ABC42B24DBA4FFC411120E09278EF26AF56CCAB463B69B4BD6C530B4A07063D2 ] Disk C:\Windows\system32\DRIVERS\disk.sys 10:22:05.0141 0x03f0 Disk - ok 10:22:05.0172 0x03f0 [ 33EF4861F19A0736B11314AAD9AE28D0, 4C4B84365D85758E3263B88F157D8B086B392C6F1EA5F0F3DB6BF87EF90248EC ] Dnscache C:\Windows\System32\dnsrslvr.dll 10:22:05.0187 0x03f0 Dnscache - ok 10:22:05.0234 0x03f0 [ 366BA8FB4B7BB7435E3B9EACB3843F67, 65B7C61ACF34F1F0149045AA9E09A3F917A927963237A385A914D0B80551DC31 ] dot3svc C:\Windows\System32\dot3svc.dll 10:22:05.0234 0x03f0 dot3svc - ok 10:22:05.0265 0x03f0 [ 8EC04CA86F1D68DA9E11952EB85973D6, 2E3FBC2D683D1274E8BC45EEEA87D43B77EDDCAAF0D453296D9FDA6B9D717071 ] DPS C:\Windows\system32\dps.dll 10:22:05.0265 0x03f0 DPS - ok 10:22:05.0281 0x03f0 [ B918E7C5F9BF77202F89E1A9539F2EB4, C589A37DE50BBEF22E2DAA9682EA43147F614AA1AF7DAAA942BA5FC192313A0B ] drmkaud C:\Windows\system32\drivers\drmkaud.sys 10:22:05.0281 0x03f0 drmkaud - ok 10:22:05.0343 0x03f0 [ 3583A5A8CC2E682BFFBD4630D0FEC08B, FD0F184B358FCECAA763444B414074BEF4E871EB7527D88385519FC158435C72 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys 10:22:05.0375 0x03f0 DXGKrnl - ok 10:22:05.0406 0x03f0 [ 8600142FA91C1B96367D3300AD0F3F3A, 5713625E27DF11FAAFDA7AC79899A6AD813166E167088FA990EC5DE87DBE83DF ] EapHost C:\Windows\System32\eapsvc.dll 10:22:05.0406 0x03f0 EapHost - ok 10:22:05.0546 0x03f0 [ 024E1B5CAC09731E4D868E64DBFB4AB0, AB0826A74BBEE5B7A1B035861B665C79BC98305CFC7D82BEF420558FBD3EE994 ] ebdrv C:\Windows\system32\DRIVERS\evbdx.sys 10:22:05.0609 0x03f0 ebdrv - ok 10:22:05.0780 0x03f0 [ 618BA9298726844DA4E9E53C7C8D4015, BCDA8D829E0D40DA8E30832D6A53A2B9882655E5B024E4171BA9732456549B3E ] EFS C:\Windows\System32\lsass.exe 10:22:05.0780 0x03f0 EFS - ok 10:22:05.0843 0x03f0 [ A8C362018EFC87BEB013EE28F29C0863, 07971C681FBD391C0BA0172618AF8AD77520182207F1C57F134B34D6A113857F ] ehRecvr C:\Windows\ehome\ehRecvr.exe 10:22:05.0858 0x03f0 ehRecvr - ok 10:22:05.0889 0x03f0 [ D389BFF34F80CAEDE417BF9D1507996A, 12859B9925D7A4631DE61A820922F43F56ED23C2AF014CBF36322685E5CF641E ] ehSched C:\Windows\ehome\ehsched.exe 10:22:05.0889 0x03f0 ehSched - ok 10:22:05.0921 0x03f0 [ 0ED67910C8C326796FAA00B2BF6D9D3C, 97FAA7627A162B0AEC15545E0165D13355D535B4157604BB87F8EEB72ECD24A8 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys 10:22:05.0936 0x03f0 elxstor - ok 10:22:05.0967 0x03f0 [ 539CA34FBC74EC366A0D751028C32A08, 5A52964970564D363B9D676A182892B3CE61B3A1BAA67BEF59DFA29F15ED5815 ] epmntdrv C:\Windows\system32\epmntdrv.sys 10:22:05.0967 0x03f0 epmntdrv - ok 10:22:05.0999 0x03f0 [ 8FC3208352DD3912C94367A206AB3F11, 69B65C12BDADD4B730508674B1B77C5496612B4ACCC447DB9AFE49ADEA8CBF02 ] ErrDev C:\Windows\system32\drivers\errdev.sys 10:22:05.0999 0x03f0 ErrDev - ok 10:22:06.0030 0x03f0 [ 1F2F4AB15CE03ECC257FEB2F6DC5A013, FB06406AD9CCD946155C4E8CA769E0430589A4E4BBBDA2C90A67C84E0D2F8EE0 ] EuGdiDrv C:\Windows\system32\EuGdiDrv.sys 10:22:06.0030 0x03f0 EuGdiDrv - ok 10:22:06.0077 0x03f0 [ F6916EFC29D9953D5D0DF06882AE8E16, ED41893960018D5EC2F7829B1DE4B6967D9FD074D60B11B9EB854E3E0948EC24 ] EventSystem C:\Windows\system32\es.dll 10:22:06.0092 0x03f0 EventSystem - ok 10:22:06.0123 0x03f0 [ 2DC9108D74081149CC8B651D3A26207F, 75CB47923A867DDAC512701CE71DFCFC340FC3A2E27F4255D0836A1FBC463176 ] exfat C:\Windows\system32\drivers\exfat.sys 10:22:06.0123 0x03f0 exfat - ok 10:22:06.0170 0x03f0 Fabs - ok 10:22:06.0201 0x03f0 [ 7E0AB74553476622FB6AE36F73D97D35, 41463A255FDA1D550B3385EC7C73ABC343B1BBBE9CEE4DF9F2A8B3E7338C4947 ] fastfat C:\Windows\system32\drivers\fastfat.sys 10:22:06.0217 0x03f0 fastfat - ok 10:22:06.0279 0x03f0 [ 967EA5B213E9984CBE270205DF37755B, 43153E23210B03FAE16897D62D55B8742F834EDC695F8401EAB5DE307F62602D ] Fax C:\Windows\system32\fxssvc.exe 10:22:06.0311 0x03f0 Fax - ok 10:22:06.0326 0x03f0 [ E817A017F82DF2A1F8CFDBDA29388B29, 4CC9320A21E6FEA2D16C48D6BEA14391B695BD541A3C5FDDAEEE086A414FC837 ] fdc C:\Windows\system32\DRIVERS\fdc.sys 10:22:06.0326 0x03f0 fdc - ok 10:22:06.0342 0x03f0 [ F3222C893BD2F5821A0179E5C71E88FB, A85B947249DBB986358CCD4B158DD58A9301F074F3C6CCCDEF2D01F432E59D1B ] fdPHost C:\Windows\system32\fdPHost.dll 10:22:06.0342 0x03f0 fdPHost - ok 10:22:06.0357 0x03f0 [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B, 0E76C29D2A974A3F2FBFCB63D066D4136B78E02F6B1F579B1865CA7A76193987 ] FDResPub C:\Windows\system32\fdrespub.dll 10:22:06.0357 0x03f0 FDResPub - ok 10:22:06.0389 0x03f0 [ 6CF00369C97F3CF563BE99BE983D13D8, F65F35324A2FB9DFB533B1C4D089D990CC242218FE83414329D07B786D8EFF33 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys 10:22:06.0389 0x03f0 FileInfo - ok 10:22:06.0404 0x03f0 [ 42C51DC94C91DA21CB9196EB64C45DB9, 388C68D12ECC8FFE3116FEAAF4DB7B80CF4A3F97E935788DD21C6ADE2369F635 ] Filetrace C:\Windows\system32\drivers\filetrace.sys 10:22:06.0404 0x03f0 Filetrace - ok 10:22:06.0529 0x03f0 [ 5BD96D8C5411ACE71A7EAACAF0EF2903, 2AF58E6060C7DEC44B4CA30E14E164473CD4089AE475DAFFC61DFE56990C1147 ] FirebirdServerMAGIXInstance C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe 10:22:06.0576 0x03f0 FirebirdServerMAGIXInstance - ok 10:22:06.0591 0x03f0 [ 87907AA70CB3C56600F1C2FB8841579B, CA1CD82A1CD453617CE5EA431A1836997F14E3580554E8A516D9FE1E9926D979 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys 10:22:06.0591 0x03f0 flpydisk - ok 10:22:06.0623 0x03f0 [ 7520EC808E0C35E0EE6F841294316653, 6EC65511B4838A7172A8F89E35C2F9DF4F0BFCE3BE12EDA790F3EB567102FF67 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys 10:22:06.0623 0x03f0 FltMgr - ok 10:22:06.0685 0x03f0 [ 6EC244F102C7F129678E5F7309D1366D, C30DA201AC623DA440B0A0716534557C578218C2A591FA8893CCCBD96B4518F9 ] FontCache C:\Windows\system32\FntCache.dll 10:22:06.0701 0x03f0 FontCache - ok 10:22:06.0747 0x03f0 [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F, DBED26852B99B362152DA9CD4F31A1883EF6F9B496F3CF3772A197BA72DB61DA ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe 10:22:06.0763 0x03f0 FontCache3.0.0.0 - ok 10:22:06.0779 0x03f0 [ 1A16B57943853E598CFF37FE2B8CBF1D, 87609F46F3B8123552141FD70866E895220B1BBD92BC2B580CAF49201AA0197E ] FsDepends C:\Windows\system32\drivers\FsDepends.sys 10:22:06.0794 0x03f0 FsDepends - ok 10:22:06.0825 0x03f0 [ 2ED0BABD4CD98ED820FD0D0BCBE96721, A5B955F77BBD299DEF0F25047EF5C6E63AD3D25E4E783D974AA8BB64878D97D7 ] fssfltr C:\Windows\system32\DRIVERS\fssfltr.sys 10:22:06.0825 0x03f0 fssfltr - ok 10:22:06.0950 0x03f0 [ B6AB40819ECEC4BA07266EC0EBBC85A7, 71D385043720B622305FD64BD1187C6FFD7191C30794F95629CF6BFDC0A25BA2 ] fsssvc C:\Program Files\Windows Live\Family Safety\fsssvc.exe 10:22:06.0981 0x03f0 fsssvc - ok 10:22:07.0013 0x03f0 [ 7DAE5EBCC80E45D3253F4923DC424D05, 8A2C4D5591509B0B0A44583520617A9AE34F32BB6E68A012A7D7870ED24F703A ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys 10:22:07.0013 0x03f0 Fs_Rec - ok 10:22:07.0059 0x03f0 [ E306A24D9694C724FA2491278BF50FDB, 1D246B9C28550640EACBF8CF9DC980FD75106B92832D392FEBEF0C7012353091 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys 10:22:07.0075 0x03f0 fvevol - ok 10:22:07.0091 0x03f0 [ 65EE0C7A58B65E74AE05637418153938, 0E1A398ADD8411AF4CCC3344D67BE1B261320C58328BD5C5855A357476FAEBEF ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys 10:22:07.0091 0x03f0 gagp30kx - ok 10:22:07.0169 0x03f0 [ ADBE0A582D839FBAF416F1F07FA53AD7, 559D95D3BCF71DDB50CC10A4EB9941B2CB95091C6E317B740E9DB3367A260573 ] Garmin Core Update Service C:\Program Files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe 10:22:07.0184 0x03f0 Garmin Core Update Service - ok 10:22:07.0215 0x03f0 [ 6E755F8DA0790AA6924B8BE91CC99A4B, 7804DC14E6CC1775DB4A7833D0B8FC73C8AA1A2A81F65811FC26FC773FB50670 ] GDBehave C:\Windows\system32\drivers\GDBehave.sys 10:22:07.0215 0x03f0 GDBehave - ok 10:22:07.0340 0x03f0 [ FE489997ABB4335371188561E22E08C7, 8F7859E2228464664B410FCC9224C727784A2EC115D618BF0889BFFEC96D97C2 ] GDFwSvc C:\Program Files\G Data\InternetSecurity\Firewall\GDFwSvc.exe 10:22:07.0403 0x03f0 GDFwSvc - ok 10:22:07.0418 0x03f0 [ 0B644EB2DA939985D674B653FA446933, BE4517F73A6A20433403100F6B30EDDB194EB243772C8D4AB0C5FB732793FF74 ] GDMnIcpt C:\Windows\system32\drivers\MiniIcpt.sys 10:22:07.0418 0x03f0 GDMnIcpt - ok 10:22:07.0465 0x03f0 [ B7D00C0B098A27937B249E50398D0A73, FD2EF6B9FB85E7A8FB92051C11EB7A3DCD334F9BEAE7F0F242972C06A94BD799 ] GDPkIcpt C:\Windows\system32\drivers\PktIcpt.sys 10:22:07.0465 0x03f0 GDPkIcpt - ok 10:22:07.0559 0x03f0 [ 846972E3EBB10D2F39A69B5E6CF08313, 7E2EC3BBF066C3C40F75F2533D1AB2307C3331FA460243A4F4B31A61714C159E ] GDScan C:\Program Files\Common Files\G Data\GDScan\GDScan.exe 10:22:07.0559 0x03f0 GDScan - ok 10:22:07.0574 0x03f0 [ 3B6E35FDA3AB07A081CA1D0BCB205F19, F0C92BC0152A427D11EA9B1389DA7CDE2BB1DBAE12EE8D9C781E7A215F511D61 ] gdwfpcd C:\Windows\system32\drivers\gdwfpcd32.sys 10:22:07.0590 0x03f0 gdwfpcd - ok 10:22:07.0605 0x03f0 [ 185ADA973B5020655CEE342059A86CBB, D3E352DFAF30761505480A4C557D980083F65EC5BD46E2656B2114D47B272A89 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys 10:22:07.0605 0x03f0 GEARAspiWDM - ok 10:22:07.0652 0x03f0 [ E897EAF5ED6BA41E081060C9B447A673, A428DC68516F19C6C53A8B62E4BDB2587E70FB751B9D77700B6B147D347DA157 ] gpsvc C:\Windows\System32\gpsvc.dll 10:22:07.0652 0x03f0 gpsvc - ok 10:22:07.0683 0x03f0 [ 3CC33DAB9350C99538BB8CC2D675E1F2, 9ADB2B8CDC87E3CF6E707635EF6EB8EB4DBF14ADFE059E6C7FABCD771592066B ] GRD C:\Windows\system32\drivers\GRD.sys 10:22:07.0683 0x03f0 GRD - ok 10:22:07.0746 0x03f0 [ 4C6044C33A89E9905C2039BD9CAC8DA8, 1055DD19FA75F3198E6E0990F7BD34CFE58B658FFB26307CB851D6B7C374FEF5 ] GtDetectSc C:\Program Files\Option\Option WWAN Driver 5.0.32.0 Installer\GtDetectSc.exe 10:22:07.0777 0x03f0 GtDetectSc - ok 10:22:07.0793 0x03f0 [ C44E3C2BAB6837DB337DDEE7544736DB, 88A24FF7D2FECCEAFFD421B2039A0FB623DA47A6B220B80EF1E52DD26D9E222D ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys 10:22:07.0793 0x03f0 hcw85cir - ok 10:22:07.0824 0x03f0 [ A5EF29D5315111C80A5C1ABAD14C8972, A181DA72E946F121C3F4A19438C547B0BFD15138AB1DB5465945EC89DF1F6B0A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys 10:22:07.0839 0x03f0 HdAudAddService - ok 10:22:07.0871 0x03f0 [ 9036377B8A6C15DC2EEC53E489D159B5, 1E56D2ACFE92E6DF96D755B05C63D580EED82C210F075C8623E138BEE6BCD41B ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys 10:22:07.0871 0x03f0 HDAudBus - ok 10:22:07.0902 0x03f0 [ 1D58A7F3E11A9731D0EAAAA8405ACC36, 7056FA18B86FBD52C4A6092D80476C02553EA053D6A0BEDB01A2FA5E152D5215 ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys 10:22:07.0902 0x03f0 HidBatt - ok 10:22:07.0902 0x03f0 [ 89448F40E6DF260C206A193A4683BA78, 71E0FCC32AE6FF8DFF420DB0383D6A200E1EAE14BD2E32453F92CE18B31C1F3C ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys 10:22:07.0917 0x03f0 HidBth - ok 10:22:07.0933 0x03f0 [ CF50B4CF4A4F229B9F3C08351F99CA5E, B97843620AF80FF0EC8F2C438255C0A42A756C6314FAF3DEF415DE16E14C108F ] HidIr C:\Windows\system32\DRIVERS\hidir.sys 10:22:07.0933 0x03f0 HidIr - ok 10:22:07.0964 0x03f0 [ 2BC6F6A1992B3A77F5F41432CA6B3B6B, 2AF3312F1C8C8923C0A29AA5DAE57CE269417E53DEA2F0CCCC8DB57029698FE1 ] hidserv C:\Windows\system32\hidserv.dll 10:22:07.0964 0x03f0 hidserv - ok 10:22:07.0980 0x03f0 [ 10C19F8290891AF023EAEC0832E1EB4D, E208553029488A6EE2F5216CC9FE5F93E9931A94C0D0625253BB159E30642853 ] HidUsb C:\Windows\system32\drivers\hidusb.sys 10:22:07.0980 0x03f0 HidUsb - ok 10:22:08.0011 0x03f0 [ 196B4E3F4CCCC24AF836CE58FACBB699, 7A2E1F603A073421FA0987EFB96647F1F0F2D4E0C82AA62EBC041585DA811DAF ] hkmsvc C:\Windows\system32\kmsvc.dll 10:22:08.0027 0x03f0 hkmsvc - ok 10:22:08.0042 0x03f0 [ 6658F4404DE03D75FE3BA09F7ABA6A30, E51D9C1580A283EB862F09B73AAE1B647DD683A53F3DD99834222F12DD15E40F ] HomeGroupListener C:\Windows\system32\ListSvc.dll 10:22:08.0042 0x03f0 HomeGroupListener - ok 10:22:08.0089 0x03f0 [ DBC02D918FFF1CAD628ACBE0C0EAA8E8, 02121800D9062692C102475876AE8143EBE46D855E8328B8CDCFE6A2F0D19696 ] HomeGroupProvider C:\Windows\system32\provsvc.dll 10:22:08.0089 0x03f0 HomeGroupProvider - ok 10:22:08.0105 0x03f0 [ 6AD5573C959D466C1BB6360C3CE21FEF, 7CA95C1D756C2223C16B9DF517FCDBBBAAAE3C6FD85F1EE8DA8628ECBD24E93E ] HookCentre C:\Windows\system32\drivers\HookCentre.sys 10:22:08.0105 0x03f0 HookCentre - ok 10:22:08.0167 0x03f0 [ F5F4818A15AF6128A2BADD1B1F102413, E566CA6097502EE411756CD5BE6504B229BB5EAF78E0DA7C485B75E5BE9B0773 ] HP DS Service C:\Program Files\HP\HPBDSService\HPBDSService.exe 10:22:08.0167 0x03f0 HP DS Service - ok 10:22:08.0229 0x03f0 [ 3BF3B2F977115DD06475983790032BA7, 47C374EF12C01C7E2A881CD78C874B09F1563F96028289AFF7DB40E3C4BE9CFC ] HP LaserJet Service C:\Program Files\HP\HPLaserJetService\HPLaserJetService.exe 10:22:08.0245 0x03f0 HP LaserJet Service - ok 10:22:08.0292 0x03f0 [ 6F98A555ACF3C1B68FCC1F50E0FD2091, 2A37C2B9BD4B38A6D832CE847B8B65B7AA1E8B38D3463A3502DD4C5E12E5D7EC ] HPFXBULKLEDM C:\Windows\system32\drivers\hppcbulkio.sys 10:22:08.0292 0x03f0 HPFXBULKLEDM - ok 10:22:08.0307 0x03f0 [ 295FDC419039090EB8B49FFDBB374549, 670E8015FD374640C6570F56F7FE8DE4D8F92E7A8072F5D1B2B95D0BD699CEF7 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys 10:22:08.0307 0x03f0 HpSAMD - ok 10:22:08.0385 0x03f0 [ 487569E5DA56A5A432FF8AF6D3599CF9, 7C974D8379C60B4F69A20B01876C49181B0A63AC318C4BD0A21DABFF27A15C9D ] HTTP C:\Windows\system32\drivers\HTTP.sys 10:22:08.0401 0x03f0 HTTP - ok 10:22:08.0401 0x03f0 huawei_enumerator - ok 10:22:08.0448 0x03f0 [ 0C4E035C7F105F1299258C90886C64C5, CFB4FBE7B28058E6D3E6E508CF3C1645F6AAE0AFEB4C5364835B9C42311DF0D4 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys 10:22:08.0448 0x03f0 hwpolicy - ok 10:22:08.0479 0x03f0 [ F151F0BDC47F4A28B1B20A0818EA36D6, 84B24B5796D9F70A8C37773F5484A4606CC7908370CCD942627ACBEDC4952D79 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys 10:22:08.0495 0x03f0 i8042prt - ok 10:22:08.0541 0x03f0 [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E, 72870092A80C6DAE0105025B0ED8B607E98BA81E59298364A7FE4C9C56C68FF0 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys 10:22:08.0557 0x03f0 iaStorV - ok 10:22:08.0651 0x03f0 [ 3E9213A2A050BF429E91898C90F8B4E3, D80ABE5691087661B19F01927B631CB8C5291120B814B6F863F046E0D643E9E4 ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe 10:22:08.0666 0x03f0 idsvc - ok 10:22:08.0666 0x03f0 IEEtwCollectorService - ok 10:22:08.0697 0x03f0 [ 4173FF5708F3236CF25195FECD742915, 0A9C0701DF6EAC6602BE342FC13C7950EF04BB5BDF7D96C2C5DABBD2A29AA55D ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys 10:22:08.0697 0x03f0 iirsp - ok 10:22:08.0760 0x03f0 [ B9C54120F46392100478F58F374E5709, A28EE8B0988F580D5984E815FC78DF41B169260814234AA0E453375542D0957B ] IKEEXT C:\Windows\System32\ikeext.dll 10:22:08.0791 0x03f0 IKEEXT - ok 10:22:08.0931 0x03f0 [ 19B572DD46F038509846589DCB702B19, C887F184665F04AC3C02CB154D428E47917BBAD50295166C53BA03265092ABAB ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys 10:22:08.0978 0x03f0 IntcAzAudAddService - ok 10:22:09.0009 0x03f0 [ A0F12F2C9BA6C72F3987CE780E77C130, 5F53DF8BE1621AA7DFB655CFD9C95E0AFA1AD3CE2E290E19D7B7FB3C6E380034 ] intelide C:\Windows\system32\drivers\intelide.sys 10:22:09.0009 0x03f0 intelide - ok 10:22:09.0025 0x03f0 [ 3B514D27BFC4ACCB4037BC6685F766E0, F12D7AC62F8550E6F33B28AD751D8413AB7FFEF963242D99FFA76CE8A48B027A ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys 10:22:09.0041 0x03f0 intelppm - ok 10:22:09.0072 0x03f0 [ ACB364B9075A45C0736E5C47BE5CAE19, 202F77C659103D2D0E787B8CB0A23BE32EA5AA2E6B3B0A0F0A8DFA906AB3C0C0 ] IPBusEnum C:\Windows\system32\ipbusenum.dll 10:22:09.0072 0x03f0 IPBusEnum - ok 10:22:09.0087 0x03f0 [ 709D1761D3B19A932FF0238EA6D50200, 0A9D2C3A6E91CA45540555B40CB4E2DF3EBE98C1D164C4EECEE20C86782F5823 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys 10:22:09.0103 0x03f0 IpFilterDriver - ok 10:22:09.0134 0x03f0 [ 58F67245D041FBE7AF88F4EAF79DF0FA, 67468D6A46FF4D87AD321BFEA42F2FC843D09AA292A119C76D4D795D06028F96 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll 10:22:09.0150 0x03f0 iphlpsvc - ok 10:22:09.0165 0x03f0 [ 4BD7134618C1D2A27466A099062547BF, 20284ABEF4433A59E2981F4143CAEC67DC990864FE0B9E3DC70EE0B88539E964 ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys 10:22:09.0165 0x03f0 IPMIDRV - ok 10:22:09.0181 0x03f0 [ A5FA468D67ABCDAA36264E463A7BB0CD, EDB828D596E43372F97DAE1AADA46428C4C45FB80646DDC64FAD5F25C826CF63 ] IPNAT C:\Windows\system32\drivers\ipnat.sys 10:22:09.0197 0x03f0 IPNAT - ok 10:22:09.0243 0x03f0 [ 463790AEF94D8EAB674631257F53252E, A02972457F45AD6816CB5F60DE4CD15D68256695FA0F3E4EAD6F9E36CBE54576 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe 10:22:09.0259 0x03f0 iPod Service - ok 10:22:09.0259 0x03f0 [ 42996CFF20A3084A56017B7902307E9F, 688176DAB91BE569280E4822E4C5BDE755794D293591C53F8047AD59C441751D ] IRENUM C:\Windows\system32\drivers\irenum.sys 10:22:09.0259 0x03f0 IRENUM - ok 10:22:09.0275 0x03f0 [ 1F32BB6B38F62F7DF1A7AB7292638A35, 86522358680FBB1CEBC56B4D139290689BB0F71A3EC78CE883E4D75D0B37586F ] isapnp C:\Windows\system32\drivers\isapnp.sys 10:22:09.0290 0x03f0 isapnp - ok 10:22:09.0306 0x03f0 [ EB34CE31FABD4DC4343FD2AD16D2CAF9, D21C91227A15DA89ECF522345D0AB80B3B7FC24A230596DABDB8BD3B7554CE8C ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys 10:22:09.0321 0x03f0 iScsiPrt - ok 10:22:09.0337 0x03f0 [ ADEF52CA1AEAE82B50DF86B56413107E, A3AE1E96B04AC81665ABBD3CB267DFB3F78376DAE18FB0DBD447908DDAAA22D2 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys 10:22:09.0337 0x03f0 kbdclass - ok 10:22:09.0337 0x03f0 [ 9E3CED91863E6EE98C24794D05E27A71, 90CF59F20E14E4A5A793266805E82BF7AE1F0CF4C7BAB1FD2EEF3B53C5DF770F ] kbdhid C:\Windows\system32\drivers\kbdhid.sys 10:22:09.0353 0x03f0 kbdhid - ok 10:22:09.0368 0x03f0 [ 618BA9298726844DA4E9E53C7C8D4015, BCDA8D829E0D40DA8E30832D6A53A2B9882655E5B024E4171BA9732456549B3E ] KeyIso C:\Windows\system32\lsass.exe 10:22:09.0368 0x03f0 KeyIso - ok 10:22:09.0368 0x03f0 KL1 - ok 10:22:09.0368 0x03f0 kl2 - ok 10:22:09.0384 0x03f0 KLIF - ok 10:22:09.0399 0x03f0 KLIM6 - ok 10:22:09.0399 0x03f0 klmouflt - ok 10:22:09.0431 0x03f0 [ A5B076011C853B4CAFD6296217A6E345, 3C852DC701231241881AB472A0CBBA9C1E25E92C52EF819C8AA2252833835344 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys 10:22:09.0431 0x03f0 KSecDD - ok 10:22:09.0446 0x03f0 [ FD6A70D5D5B5BDF36AD265A232DAFB9A, C8CB4CE76A8CBD84CA1430D0E50651D3E3AEF4861FD17DEAFF2974183FAC585F ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys 10:22:09.0446 0x03f0 KSecPkg - ok 10:22:09.0493 0x03f0 [ 89A7B9CC98D0D80C6F31B91C0A310FCD, 4583CAEEE0D50C0C7CE955E533FDA063CDC37B69033D41EF22EF1BA242E4C747 ] KtmRm C:\Windows\system32\msdtckrm.dll 10:22:09.0493 0x03f0 KtmRm - ok 10:22:09.0524 0x03f0 [ D64AF876D53ECA3668BB97B51B4E70AB, D5C07C019BFEAFBEDC29AB5060356A3B07449712B21B50E03378BEF04AF180F9 ] LanmanServer C:\Windows\system32\srvsvc.dll 10:22:09.0524 0x03f0 LanmanServer - ok 10:22:09.0555 0x03f0 [ 58405E4F68BA8E4057C6E914F326ABA2, C3E6519A1A38F1B3597D4391E42ABFE8F1F5E86256C4B3BD876CDAD9BB68B0A6 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll 10:22:09.0555 0x03f0 LanmanWorkstation - ok 10:22:09.0571 0x03f0 [ F7611EC07349979DA9B0AE1F18CCC7A6, 879AA7A391966F00761CA039C25EBC62F6712DD5461694911EEC673E12DE103E ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys 10:22:09.0571 0x03f0 lltdio - ok 10:22:09.0602 0x03f0 [ 5700673E13A2117FA3B9020C852C01E2, 6684A2905EE8C438F2A64BE47E51A54D287B08DEFB8E0AE7FC2809D845EE3C5F ] lltdsvc C:\Windows\System32\lltdsvc.dll 10:22:09.0618 0x03f0 lltdsvc - ok 10:22:09.0633 0x03f0 [ 55CA01BA19D0006C8F2639B6C045E08B, 4DBBDC820C514DB18CC13F8EE178F8C4E39C295C6E3C255416C235553CE7BDC1 ] lmhosts C:\Windows\System32\lmhsvc.dll 10:22:09.0633 0x03f0 lmhosts - ok 10:22:09.0649 0x03f0 [ EB119A53CCF2ACC000AC71B065B78FEF, 1FD60735C4945AE565C223F0B47EAF9602D8777E3D15600914C1A9D761215AF9 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys 10:22:09.0649 0x03f0 LSI_FC - ok 10:22:09.0665 0x03f0 [ 8ADE1C877256A22E49B75D1CC9161F9C, 3D64F233DC866537E50549A7C1A2B40A954055B22F0BDA39825B04C38C607CB7 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys 10:22:09.0665 0x03f0 LSI_SAS - ok 10:22:09.0680 0x03f0 [ DC9DC3D3DAA0E276FD2EC262E38B11E9, A264990857CBC74036799E17A087130626C0A09BE19879019BAF2D761C62AECC ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys 10:22:09.0680 0x03f0 LSI_SAS2 - ok 10:22:09.0680 0x03f0 [ 0A036C7D7CAB643A7F07135AC47E0524, 2F662D07FCB74B8D493156DB555EAA90A47E93CF14C7B30039D2FE47EB8682B8 ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys 10:22:09.0680 0x03f0 LSI_SCSI - ok 10:22:09.0696 0x03f0 [ 6703E366CC18D3B6E534F5CF7DF39CEE, 7396B9AF938284D99EC51206A7B2FA4A0DC10A493DCE6707818B03A7473782C4 ] luafv C:\Windows\system32\drivers\luafv.sys 10:22:09.0711 0x03f0 luafv - ok 10:22:09.0711 0x03f0 massfilter - ok 10:22:09.0711 0x03f0 massfilter_hs - ok 10:22:09.0774 0x03f0 [ 3E6C47A46BDDE1B6B084012B5B69C069, 96F82FCEF67F48561EFC4DE4A126355233F96CE7D154CE7CF49D8F95CC6BE817 ] Maxtor Sync Service C:\Program Files\Maxtor\Sync\SyncServices.exe 10:22:09.0774 0x03f0 Maxtor Sync Service - ok 10:22:09.0805 0x03f0 [ 3C21F7E95FFCA33EF1A83AA33D9663CF, C843116969E1CDBA45AEF98B33BEDBA9200C62CDB52CD7056CE6768A1EF3A637 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys 10:22:09.0805 0x03f0 MBAMProtector - ok 10:22:09.0930 0x03f0 [ 2B983F067AEE3F9EB4DF5E97F45D21D1, 0B9ED0E91FF01A5445927650113E320C3C0EA16F1401AA55A509DDBF704DF22F ] MBAMService C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe 10:22:09.0945 0x03f0 MBAMService - ok 10:22:09.0977 0x03f0 [ 167BCE00050B19DA25065335645A3C7A, 5CD3EA3E09B4ED318AB6151F56A17B0E4C8CE32DBB77342A39DEF53908F7D2F0 ] MBAMWebAccessControl C:\Windows\system32\drivers\mwac.sys 10:22:09.0977 0x03f0 MBAMWebAccessControl - ok 10:22:10.0023 0x03f0 [ BFB9EE8EE977EFE85D1A3105ABEF6DD1, D2A84EBF0C0B7A14AD432FD2EF43CC12300027AEA3FA4075659FB088AB62B588 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll 10:22:10.0039 0x03f0 Mcx2Svc - ok 10:22:10.0086 0x03f0 [ 0FFF5B045293002AB38EB1FD1FC2FB74, 49071B565FD5B2DE43EC00D8518C3BE70843F38919E82F13104B8C1FAFB20374 ] megasas C:\Windows\system32\DRIVERS\megasas.sys 10:22:10.0086 0x03f0 megasas - ok 10:22:10.0117 0x03f0 [ DCBAB2920C75F390CAF1D29F675D03D6, 85C3A7A010BEA5E3C6179161B295F2CB900A6A214833A5F87A4327392880E2BB ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys 10:22:10.0133 0x03f0 MegaSR - ok 10:22:10.0179 0x03f0 [ 8D8870980702F4B7FE080C84B928B9CC, 6245FB283FDC1734BE1CDCCF5AC4A2097AF0F486AA9D3EAD37DD52F6A5551BD8 ] MirayVirtualDisk C:\Windows\system32\DRIVERS\mvdo.sys 10:22:10.0195 0x03f0 MirayVirtualDisk - ok 10:22:10.0211 0x03f0 [ 146B6F43A673379A3C670E86D89BE5EA, C4412DCF80DE6B55466F399413271364F14BC0819C224AA161EDDC31A9775440 ] MMCSS C:\Windows\system32\mmcss.dll 10:22:10.0211 0x03f0 MMCSS - ok 10:22:10.0226 0x03f0 [ F001861E5700EE84E2D4E52C712F4964, F4DC5AEED6F34D76CCEF360862CC47EF71097BE0813C8CE04EE5F0DB387DFFAE ] Modem C:\Windows\system32\drivers\modem.sys 10:22:10.0226 0x03f0 Modem - ok 10:22:10.0242 0x03f0 [ 79D10964DE86B292320E9DFE02282A23, 52714827B7EEDACA55326A4E4F6158D4942DFAA3BACDE303A2F569BF3F4FAA72 ] monitor C:\Windows\system32\DRIVERS\monitor.sys 10:22:10.0242 0x03f0 monitor - ok 10:22:10.0273 0x03f0 [ FB18CC1D4C2E716B6B903B0AC0CC0609, F10CCA63493782B16DE6B96B94A27078DBE68AECEF34FDF840CFF86D2C6E3C5E ] mouclass C:\Windows\system32\drivers\mouclass.sys 10:22:10.0273 0x03f0 mouclass - ok 10:22:10.0273 0x03f0 [ 2C388D2CD01C9042596CF3C8F3C7B24D, B2FB72272BB01AEDA4047B57C943B7E9BD8A6497854F8CC34672AAA592D0A703 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys 10:22:10.0273 0x03f0 mouhid - ok 10:22:10.0320 0x03f0 [ 644905A19D0F37F2233DFCE53BC4BC19, F52CB40AA0FD1EBF8CBF0F3BFB20C47142C637719840877FB93F10D085EB8C2B ] mountmgr C:\Windows\system32\drivers\mountmgr.sys 10:22:10.0320 0x03f0 mountmgr - ok 10:22:10.0367 0x03f0 [ 03D14BF1DC59130002F6B8BA3AD89DB9, 1729CCD8AAF51CDB86ED67569974D0B6B1CFFA5F90EF6E6004B0D8A305D88C27 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe 10:22:10.0382 0x03f0 MozillaMaintenance - ok 10:22:10.0413 0x03f0 [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0, D3D903EEA465D77345AAC9B9F02CDEADF4831212EA2DE4FCA33BEE26EBB47420 ] mpio C:\Windows\system32\drivers\mpio.sys 10:22:10.0413 0x03f0 mpio - ok 10:22:10.0445 0x03f0 [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0, 1D6DCFA0E56C3E55B6AED819176E751502F863BA0FCF4F0B3253A81D208141A2 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys 10:22:10.0460 0x03f0 mpsdrv - ok 10:22:10.0491 0x03f0 [ 9835584E999D25004E1EE8E5F3E3B881, 71798B0CBE9AE69F1F29B845319019C69EC7F415CBABB3B87DDE92C360675021 ] MpsSvc C:\Windows\system32\mpssvc.dll 10:22:10.0507 0x03f0 MpsSvc - ok 10:22:10.0538 0x03f0 [ 03F899F521D2AAED1C55008F734DF252, 4E56A51476A13F5630719018037B1F63DF9ACEA1CFE782AF04E669BD696954C5 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys 10:22:10.0538 0x03f0 MRxDAV - ok 10:22:10.0569 0x03f0 [ 5D16C921E3671636C0EBA3BBAAC5FD25, 5BC107B95CAFC88F51FBB9F657B99944B20627A2B618F263093D7045E4FFD65C ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys 10:22:10.0569 0x03f0 mrxsmb - ok 10:22:10.0585 0x03f0 [ 6D17A4791ACA19328C685D256349FEFC, 012AA3D84EEAAF53780D06D2D11B9727DFC3441F3FAD75BC9E751FB814403668 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys 10:22:10.0601 0x03f0 mrxsmb10 - ok 10:22:10.0632 0x03f0 [ B81F204D146000BE76651A50670A5E9E, 78193D0F967BE9829E53F9B500342934B4B1E1F4CEFC444382959E2061BC3B17 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys 10:22:10.0632 0x03f0 mrxsmb20 - ok 10:22:10.0663 0x03f0 [ 012C5F4E9349E711E11E0F19A8589F0A, 208B92DFCF7AD43202660FBBC9FF5E03AEDBEE38178FF3628EB74CB6CD37C584 ] msahci C:\Windows\system32\drivers\msahci.sys 10:22:10.0663 0x03f0 msahci - ok 10:22:10.0679 0x03f0 [ 55055F8AD8BE27A64C831322A780A228, C2C9FD1F61302997117B1CD0835E8234405BB80084065ED05363B77868397304 ] msdsm C:\Windows\system32\drivers\msdsm.sys 10:22:10.0679 0x03f0 msdsm - ok 10:22:10.0694 0x03f0 [ E1BCE74A3BD9902B72599C0192A07E27, 5162EB623FE64E9DFEAC6CA2410EFA1314E62EC13207FFBFED2D61AA887603C4 ] MSDTC C:\Windows\System32\msdtc.exe 10:22:10.0694 0x03f0 MSDTC - ok 10:22:10.0710 0x03f0 [ DAEFB28E3AF5A76ABCC2C3078C07327F, 6EB558532400B489763BAE7203538DE5F196282A8CB46A1B31D59120FC5AFCEF ] Msfs C:\Windows\system32\drivers\Msfs.sys 10:22:10.0725 0x03f0 Msfs - ok 10:22:10.0725 0x03f0 [ 3E1E5767043C5AF9367F0056295E9F84, B2EDFECD3C14E4FE1BA87D9A86334043A9BD696A554EBD186DA7EAEB2EBD4F70 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys 10:22:10.0725 0x03f0 mshidkmdf - ok 10:22:10.0741 0x03f0 [ 0A4E5757AE09FA9622E3158CC1AEF114, ED574E420E57374E328C7C526504ECA569C164287966F06019EC207CB17F2C54 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys 10:22:10.0741 0x03f0 msisadrv - ok 10:22:10.0772 0x03f0 [ 90F7D9E6B6F27E1A707D4A297F077828, BEFC220EAA7307849600748842ACB9254A6A91158812D9B23EFAF912C498BA7F ] MSiSCSI C:\Windows\system32\iscsiexe.dll 10:22:10.0788 0x03f0 MSiSCSI - ok 10:22:10.0788 0x03f0 msiserver - ok 10:22:10.0803 0x03f0 [ 8C0860D6366AAFFB6C5BB9DF9448E631, 949C5A14E57F2D7385543C17C3485E7ADE36EA2016F6E0A1866571D2EDE90A77 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys 10:22:10.0803 0x03f0 MSKSSRV - ok 10:22:10.0819 0x03f0 [ 3EA8B949F963562CEDBB549EAC0C11CE, 1B0B2F16A1790282504F3C548D47C3281EFB440D5D9711A1EF76D6371B768D2D ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys 10:22:10.0819 0x03f0 MSPCLOCK - ok 10:22:10.0835 0x03f0 [ F456E973590D663B1073E9C463B40932, 48BA6D5580EE7B6A4C06E04772FD35B51779553FC0DD6C5C30DD8B5DEEB25B11 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys 10:22:10.0835 0x03f0 MSPQM - ok 10:22:10.0850 0x03f0 [ 0E008FC4819D238C51D7C93E7B41E560, 141FCEBDD05874407EAEC35A9DCD3BB16F2A428F23E55487D6A5DBFCADBF10D2 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys 10:22:10.0866 0x03f0 MsRPC - ok 10:22:10.0866 0x03f0 [ FC6B9FF600CC585EA38B12589BD4E246, F05DB01AE1955D2468CE6B51E51998B111CA3B0BDEED090EE6B99B625CBA564A ] mssmbios C:\Windows\system32\drivers\mssmbios.sys 10:22:10.0866 0x03f0 mssmbios - ok 10:22:10.0881 0x03f0 [ B42C6B921F61A6E55159B8BE6CD54A36, 6BB0A7BE005B8F281E551D1B8046CE4202372BC7AE0161881C858BFAC675FE1C ] MSTEE C:\Windows\system32\drivers\MSTEE.sys 10:22:10.0881 0x03f0 MSTEE - ok 10:22:10.0897 0x03f0 [ 33599130F44E1F34631CEA241DE8AC84, E15B31D1AFDC8DC6D2B21D4215796A99ECC69EEDBB06CEED01AECC3C99A44C8B ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys 10:22:10.0897 0x03f0 MTConfig - ok 10:22:10.0913 0x03f0 [ 159FAD02F64E6381758C990F753BCC80, E55AB01DCFA95ECAB24A2A9656E28FF9D064BA08B3D82DC8AA42F5991BA09598 ] Mup C:\Windows\system32\Drivers\mup.sys 10:22:10.0913 0x03f0 Mup - ok 10:22:10.0928 0x03f0 [ 216AC775320F64DE28CFEB7C179C4FF9, 12A9E0056E4BA11C55490CED9739806D08040860C37AEFE1FA8D5EDF074A74FB ] MXOPSWD C:\Windows\system32\DRIVERS\mxopswd.sys 10:22:10.0944 0x03f0 MXOPSWD - ok 10:22:10.0991 0x03f0 [ 61D57A5D7C6D9AFE10E77DAE6E1B445E, D252248532142E9E2332DA693BC51B795102CA938B568FF04981E98B19BFBC5C ] napagent C:\Windows\system32\qagentRT.dll 10:22:11.0006 0x03f0 napagent - ok 10:22:11.0022 0x03f0 [ 26384429FCD85D83746F63E798AB1480, 957C115C263A4B4DC854558B43ECE632D8E2BCCB744E23A01EBA7476BA2E7FFB ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys 10:22:11.0037 0x03f0 NativeWifiP - ok 10:22:11.0100 0x03f0 [ 8C9C922D71F1CD4DEF73F186416B7896, 15FF43CD90C7913F83B35F2E7986561584588E8A45196EBD965C3A355836A9C7 ] NDIS C:\Windows\system32\drivers\ndis.sys 10:22:11.0115 0x03f0 NDIS - ok 10:22:11.0147 0x03f0 [ 0E1787AA6C9191D3D319E8BAFE86F80C, F535022747355B2C66424BDA892D7DCB820C2EB8EE05BAE5BC6D1B1D65186278 ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys 10:22:11.0147 0x03f0 NdisCap - ok 10:22:11.0162 0x03f0 [ E4A8AEC125A2E43A9E32AFEEA7C9C888, 6EA181117126FC70B3C1DD1AC73CC26D1603A2CF49E47F66623E2C9489C49B55 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys 10:22:11.0162 0x03f0 NdisTapi - ok 10:22:11.0193 0x03f0 [ D8A65DAFB3EB41CBB622745676FCD072, 874D3C3D247C4A309DA813DB1D2EDB0037D3C489824BD5FE95B0C20699764EF7 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys 10:22:11.0193 0x03f0 Ndisuio - ok 10:22:11.0225 0x03f0 [ 38FBE267E7E6983311179230FACB1017, CFD1CBCA59650795C030DB30E5795B37C11C736E14003AE1DAB081BA5C0C9B14 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys 10:22:11.0240 0x03f0 NdisWan - ok 10:22:11.0271 0x03f0 [ A4BDC541E69674FBFF1A8FF00BE913F2, 18CCFD063E9870B8B6958715BC0414C4D920AE63528EA1E9D7E30F7138918FFA ] NDProxy C:\Windows\system32\drivers\NDProxy.sys 10:22:11.0271 0x03f0 NDProxy - ok 10:22:11.0318 0x03f0 [ CC53B47CEF1A81B04EA0AA503CEC2D35, E0EC2153454B9A0FE94DA1998B800F62E19FF85AF2AC3F169CF6863AC8818FD3 ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll 10:22:11.0318 0x03f0 Net Driver HPZ12 - ok 10:22:11.0349 0x03f0 [ 80B275B1CE3B0E79909DB7B39AF74D51, 75B406B0D9D28239D4EB2A298419A5F78A58237D88C5FD688EF1DFFAFACCF796 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys 10:22:11.0349 0x03f0 NetBIOS - ok 10:22:11.0396 0x03f0 [ 280122DDCF04B378EDD1AD54D71C1E54, F98B2ADE34F7E67C7C06C1D0FFB80ECBC353D044D4B4784CD952910345DC2ED0 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys 10:22:11.0412 0x03f0 NetBT - ok 10:22:11.0443 0x03f0 [ 618BA9298726844DA4E9E53C7C8D4015, BCDA8D829E0D40DA8E30832D6A53A2B9882655E5B024E4171BA9732456549B3E ] Netlogon C:\Windows\system32\lsass.exe 10:22:11.0443 0x03f0 Netlogon - ok 10:22:11.0474 0x03f0 [ 7CCCFCA7510684768DA22092D1FA4DB2, BB9E4F8FABBF596D888E6D303CB54A336D9DFF95B36AEA9369D2ED787DDC4B5D ] Netman C:\Windows\System32\netman.dll 10:22:11.0474 0x03f0 Netman - ok 10:22:11.0505 0x03f0 [ D22CD77D4F0D63D1169BB35911BFF12D, 85B1FDFA02E1B8EA4FCB9B7EEB687C5C448697FC7EC9D178C5A2F64D2C9CFEE8 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe 10:22:11.0505 0x03f0 NetMsmqActivator - ok 10:22:11.0521 0x03f0 [ D22CD77D4F0D63D1169BB35911BFF12D, 85B1FDFA02E1B8EA4FCB9B7EEB687C5C448697FC7EC9D178C5A2F64D2C9CFEE8 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe 10:22:11.0521 0x03f0 NetPipeActivator - ok 10:22:11.0568 0x03f0 [ 8C338238C16777A802D6A9211EB2BA50, 0D08A47CD403EDA5E8CAD7409BBBBCDC29A9861D2DC41D42B68B22B1AA1EBDD6 ] netprofm C:\Windows\System32\netprofm.dll 10:22:11.0583 0x03f0 netprofm - ok 10:22:11.0583 0x03f0 [ D22CD77D4F0D63D1169BB35911BFF12D, 85B1FDFA02E1B8EA4FCB9B7EEB687C5C448697FC7EC9D178C5A2F64D2C9CFEE8 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe 10:22:11.0599 0x03f0 NetTcpActivator - ok 10:22:11.0599 0x03f0 [ D22CD77D4F0D63D1169BB35911BFF12D, 85B1FDFA02E1B8EA4FCB9B7EEB687C5C448697FC7EC9D178C5A2F64D2C9CFEE8 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe 10:22:11.0599 0x03f0 NetTcpPortSharing - ok 10:22:11.0615 0x03f0 [ 1D85C4B390B0EE09C7A46B91EFB2C097, 6A8850B151E88EE371F3CC543A946302DDF9494908D684B8B0C706A42CC54348 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys 10:22:11.0615 0x03f0 nfrd960 - ok 10:22:11.0677 0x03f0 [ F115C5CD29E512F18BD7138A094B77E5, 90C2CE8B256EE9AABF674ADDE7F85E91DAF48EA368452D03C187A4AE027D4E39 ] NlaSvc C:\Windows\System32\nlasvc.dll 10:22:11.0693 0x03f0 NlaSvc - ok 10:22:11.0708 0x03f0 [ 1DB262A9F8C087E8153D89BEF3D2235F, A51EE5D5AD3CD76B74BEA9C66C462608BF3B50C53DAA4110A75DB10495A8C101 ] Npfs C:\Windows\system32\drivers\Npfs.sys 10:22:11.0708 0x03f0 Npfs - ok 10:22:11.0724 0x03f0 [ BA387E955E890C8A88306D9B8D06BF17, 3477BD9686C5777A93251C154512671AAA7533B18C536DF51F7B1D6D28E7F8A5 ] nsi C:\Windows\system32\nsisvc.dll 10:22:11.0724 0x03f0 nsi - ok 10:22:11.0739 0x03f0 [ E9A0A4D07E53D8FEA2BB8387A3293C58, 690CAD6C4E35ECC1172A2E1FD3933DF73158B3BF42CB21244269612A53DE4D7A ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys 10:22:11.0739 0x03f0 nsiproxy - ok 10:22:11.0833 0x03f0 [ C8DFF8D07755A66C7A4A738930F0FEAC, A2CC58312CE57988ABD976155BE91F558DCEC4C23481C6FBE64B361D511A36EA ] Ntfs C:\Windows\system32\drivers\Ntfs.sys 10:22:11.0864 0x03f0 Ntfs - ok 10:22:11.0880 0x03f0 [ F9756A98D69098DCA8945D62858A812C, 572ADBFCFDE2030B34A013AADC14DBC144EB3F34D06991E2464A3EA9605BC045 ] Null C:\Windows\system32\drivers\Null.sys 10:22:11.0880 0x03f0 Null - ok 10:22:11.0911 0x03f0 [ B3E25EE28883877076E0E1FF877D02E0, 402B6FED6FBBF645190396DC141141EF52DD059DABD01F8AC9CF01D23664070C ] nvraid C:\Windows\system32\drivers\nvraid.sys 10:22:11.0927 0x03f0 nvraid - ok 10:22:11.0927 0x03f0 [ 4380E59A170D88C4F1022EFF6719A8A4, 93EDB3F4CDBF53C9C1970DD29AB146E390695C568180847BA8903F5FBEABCFF2 ] nvstor C:\Windows\system32\drivers\nvstor.sys 10:22:11.0942 0x03f0 nvstor - ok 10:22:11.0958 0x03f0 [ 5A0983915F02BAE73267CC2A041F717D, D83461D74597BF2BE042FEFCC27FCD18BF63CB8135B0666D731D50951C3468A8 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys 10:22:11.0958 0x03f0 nv_agp - ok 10:22:12.0083 0x03f0 [ 785F487A64950F3CB8E9F16253BA3B7B, 02445344BD214370A6D48B1CA04921D8EFCB13E676B5648266DD0E076C0822B6 ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE 10:22:12.0098 0x03f0 odserv - ok 10:22:12.0114 0x03f0 [ 08A70A1F2CDDE9BB49B885CB817A66EB, 0BB98123B544124B144F3E95D77E01E973D060B8B2302503FF24ABBBE803EB63 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys 10:22:12.0114 0x03f0 ohci1394 - ok 10:22:12.0145 0x03f0 [ 9D10F99A6712E28F8ACD5641E3A7EA6B, 70964A0ED9011EA94044E15FA77EDD9CF535CC79ED8E03A3721FF007E69595CC ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE 10:22:12.0145 0x03f0 ose - ok 10:22:12.0192 0x03f0 [ 82A8521DDC60710C3D3D3E7325209BEC, C4E34571EDD57C7FBB3D736B5FE8BD154624705B5C8EA2EC898F19F75B9A5942 ] p2pimsvc C:\Windows\system32\pnrpsvc.dll 10:22:12.0207 0x03f0 p2pimsvc - ok 10:22:12.0223 0x03f0 [ 59C3DDD501E39E006DAC31BF55150D91, E02B63AB7F34CF6FF3F644AF354D10004E6F50014E03172D80BD78934EF71EF1 ] p2psvc C:\Windows\system32\p2psvc.dll 10:22:12.0239 0x03f0 p2psvc - ok 10:22:12.0254 0x03f0 [ 2EA877ED5DD9713C5AC74E8EA7348D14, 14BA3722CE5F8FF07F2D97DCDD6558EB49C9B02E5E6FAD6D9F18D354733EFECE ] Parport C:\Windows\system32\DRIVERS\parport.sys 10:22:12.0254 0x03f0 Parport - ok 10:22:12.0285 0x03f0 [ 3F34A1B4C5F6475F320C275E63AFCE9B, 31295D5121C0C3F2085E0EEBA260EEE4CA003993C026E2F81986D19158036E6B ] partmgr C:\Windows\system32\drivers\partmgr.sys 10:22:12.0285 0x03f0 partmgr - ok 10:22:12.0301 0x03f0 [ EB0A59F29C19B86479D36B35983DAADC, AC09AFE7F13BE4079D01383BAC44091997E1AAF6512C9673A42B9E3780EB08A8 ] Parvdm C:\Windows\system32\DRIVERS\parvdm.sys 10:22:12.0301 0x03f0 Parvdm - ok 10:22:12.0348 0x03f0 [ 52954BE460EC6C54C0ACB2B3B126FFC6, 9F9878EC5ABC74C5A8EE8E1D940F0934F081895B07D844F42F80A638FE713F7B ] PcaSvc C:\Windows\System32\pcasvc.dll 10:22:12.0363 0x03f0 PcaSvc - ok 10:22:12.0395 0x03f0 [ 673E55C3498EB970088E812EA820AA8F, 1F81315664B8CBFDD569416C0ECCE4C6251F34577313A0858AB46609781303B5 ] pci C:\Windows\system32\drivers\pci.sys 10:22:12.0395 0x03f0 pci - ok 10:22:12.0410 0x03f0 [ AFE86F419014DB4E5593F69FFE26CE0A, CAF36E61BE7B511D3A03A65FF5A3017CEE4D2F53005B410F2D4A2AAE9FED4C00 ] pciide C:\Windows\system32\drivers\pciide.sys 10:22:12.0410 0x03f0 pciide - ok 10:22:12.0426 0x03f0 [ F396431B31693E71E8A80687EF523506, BC614FC21E029E2497F1CCE3131BBD295B827F2310762B47D5BBC7703D80554B ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys 10:22:12.0441 0x03f0 pcmcia - ok 10:22:12.0457 0x03f0 [ 250F6B43D2B613172035C6747AEEB19F, A91F15B133F2619912CF750E6F3662E011CD0FA4B9477CE532CE3196D23307D9 ] pcw C:\Windows\system32\drivers\pcw.sys 10:22:12.0457 0x03f0 pcw - ok 10:22:12.0504 0x03f0 [ AEBC369F7DC72AB3F5B9BDF34FA0D43F, 2A819154AC6C23E97C583D90B4D0C112188B7AE9D8D9B3F88811BFCED124E551 ] PEAUTH C:\Windows\system32\drivers\peauth.sys 10:22:12.0519 0x03f0 PEAUTH - ok 10:22:12.0597 0x03f0 [ 414BBA67A3DED1D28437EB66AEB8A720, D6DF254E2615FA402044824DCD9004F579FC0DF74B90E44C99D5F0253CF8AD88 ] pla C:\Windows\system32\pla.dll 10:22:12.0629 0x03f0 pla - ok 10:22:12.0675 0x03f0 [ EC7BC28D207DA09E79B3E9FAF8B232CA, A42F8F69C3CD753D787A5D558659DEA2CC306C896D75B8C82549219CF654504F ] PlugPlay C:\Windows\system32\umpnpmgr.dll 10:22:12.0675 0x03f0 PlugPlay - ok 10:22:12.0707 0x03f0 [ 0C1A70B460E706D986609496BCCD9660, AE493F214D913D31B4509D606A07A0295A05A158F264DAF99DDCEBBC27481404 ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll 10:22:12.0722 0x03f0 Pml Driver HPZ12 - ok 10:22:12.0738 0x03f0 [ 63FF8572611249931EB16BB8EED6AFC8, 9732CCBCB93A7A4BEC88812B952C20244479E9BD781240C195E57F09E619EA33 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll 10:22:12.0738 0x03f0 PNRPAutoReg - ok 10:22:12.0753 0x03f0 [ 82A8521DDC60710C3D3D3E7325209BEC, C4E34571EDD57C7FBB3D736B5FE8BD154624705B5C8EA2EC898F19F75B9A5942 ] PNRPsvc C:\Windows\system32\pnrpsvc.dll 10:22:12.0769 0x03f0 PNRPsvc - ok 10:22:12.0785 0x03f0 [ 53946B69BA0836BD95B03759530C81EC, 7F14A34635354CCA0F5342C8D9DF5A6AA1B94F6A508BD8834029E9BACF252920 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll 10:22:12.0800 0x03f0 PolicyAgent - ok 10:22:12.0831 0x03f0 [ F87D30E72E03D579A5199CCB3831D6EA, B09328E89954584F97908FA5946376BA990B8C650DABCBF3CA3B08719937C694 ] Power C:\Windows\system32\umpo.dll 10:22:12.0831 0x03f0 Power - ok 10:22:12.0863 0x03f0 [ 631E3E205AD6D86F2AED6A4A8E69F2DB, 1D3BF0CFC37D91A3A56246920B9CF1084E78A055D56E85A773417809C58C8065 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys 10:22:12.0863 0x03f0 PptpMiniport - ok 10:22:12.0878 0x03f0 [ 85B1E3A0C7585BC4AAE6899EC6FCF011, 1E067113C146D6842D7FB04007F363D6FB7783C6BC7C9AB6614E44075C4F86C3 ] Processor C:\Windows\system32\DRIVERS\processr.sys 10:22:12.0878 0x03f0 Processor - ok 10:22:12.0909 0x03f0 [ FD9692A3D31E021207D3C2A9DDDC2BE3, 5295EFAD9BD4B59996935A41825392C12A4C968D161BEEA37797F90AF8E54229 ] ProfSvc C:\Windows\system32\profsvc.dll 10:22:12.0909 0x03f0 ProfSvc - ok 10:22:12.0941 0x03f0 [ 618BA9298726844DA4E9E53C7C8D4015, BCDA8D829E0D40DA8E30832D6A53A2B9882655E5B024E4171BA9732456549B3E ] ProtectedStorage C:\Windows\system32\lsass.exe 10:22:12.0941 0x03f0 ProtectedStorage - ok 10:22:12.0972 0x03f0 [ 6270CCAE2A86DE6D146529FE55B3246A, 463209CBAF1B0E269DC8FC6FBDEE5BB7E5ADB5D3F024930BFD0B97E0A9678883 ] Psched C:\Windows\system32\DRIVERS\pacer.sys 10:22:12.0972 0x03f0 Psched - ok 10:22:13.0034 0x03f0 [ AB95ECF1F6659A60DDC166D8315B0751, 0ED6D3460D28978BADF31B930DBB3298A6A10EFF8883763EABA0E36A21A0E83D ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys 10:22:13.0050 0x03f0 ql2300 - ok 10:22:13.0081 0x03f0 [ B4DD51DD25182244B86737DC51AF2270, 7E62B04F054A6330B7F9968222523BDE8F3EE47A11D17E6C0E2D5ACDC07B9E6B ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys 10:22:13.0081 0x03f0 ql40xx - ok 10:22:13.0112 0x03f0 [ 31AC809E7707EB580B2BDB760390765A, A8481FD19A0F778F5591B7676F591F664ADC68B6867E663C0F9564173F4AC909 ] QWAVE C:\Windows\system32\qwave.dll 10:22:13.0112 0x03f0 QWAVE - ok 10:22:13.0128 0x03f0 [ 584078CA1B95CA72DF2A27C336F9719D, 836F115C92D343463C14A9DE39648C1EFA7C7EE4720F5C692EE0F68B84830121 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys 10:22:13.0128 0x03f0 QWAVEdrv - ok 10:22:13.0143 0x03f0 [ 30A81B53C766D0133BB86D234E5556AB, 726C6B83B5ACAA84CAB1689B6DD6DDAE3199D61A57B5D7B5B5A0F62FCF838090 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys 10:22:13.0143 0x03f0 RasAcd - ok 10:22:13.0159 0x03f0 [ 57EC4AEF73660166074D8F7F31C0D4FD, C66B425EC4DB5E7FD289AE631C9B019EB16717C55E80FAE964BB22203E4AACEF ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys 10:22:13.0159 0x03f0 RasAgileVpn - ok 10:22:13.0175 0x03f0 [ A60F1839849C0C00739787FD5EC03F13, B210DFA5A843CF1DA73635F168E2EA5052CBED15C664F8523CDFB34CA165D0E0 ] RasAuto C:\Windows\System32\rasauto.dll 10:22:13.0175 0x03f0 RasAuto - ok 10:22:13.0190 0x03f0 [ D9F91EAFEC2815365CBE6D167E4E332A, 8350457A39D141C13807E7DB5A8D4113197C4016F7744B9993391F4AEA0C4A5C ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys 10:22:13.0190 0x03f0 Rasl2tp - ok 10:22:13.0221 0x03f0 [ CB9E04DC05EACF5B9A36CA276D475006, 4D8C0AEF1D4F84F375AD2BAF786C9F6C52316A3E655B913449E71AD7C0FCA56E ] RasMan C:\Windows\System32\rasmans.dll 10:22:13.0221 0x03f0 RasMan - ok 10:22:13.0237 0x03f0 [ 0FE8B15916307A6AC12BFB6A63E45507, 64119474DE7499E6E8B82E78BBD50074B3AA70B3E8329089FAE9B7F29919004E ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys 10:22:13.0237 0x03f0 RasPppoe - ok 10:22:13.0253 0x03f0 [ 44101F495A83EA6401D886E7FD70096B, 56A0CE5C89870752B9B2AB795C1A248CA28209E049B2F20CCA0308CBE2488A0A ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys 10:22:13.0253 0x03f0 RasSstp - ok 10:22:13.0268 0x03f0 [ D528BC58A489409BA40334EBF96A311B, C71E9A4B101DB6C3183B9F97B9098D73D6FE1B12C05C2EB3CE8A8041BEE6BA61 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys 10:22:13.0268 0x03f0 rdbss - ok 10:22:13.0284 0x03f0 [ 0D8F05481CB76E70E1DA06EE9F0DA9DF, 2AFCBE3237D27AFBF095F91F1FCCA63E6890F34A9E4F00E5C34C92394CDA89FB ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys 10:22:13.0284 0x03f0 rdpbus - ok 10:22:13.0315 0x03f0 [ 23DAE03F29D253AE74C44F99E515F9A1, 8FED93D10B2062F0526FE3508101F8FCF8F72DEB90AFB472EB7CBAE83A0EC430 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys 10:22:13.0315 0x03f0 RDPCDD - ok 10:22:13.0331 0x03f0 [ 5A53CA1598DD4156D44196D200C94B8A, 8112FE14FEC94C67B1C5BDE4171E37584F1D0098D2C557C9E4BDD3E0291E25E4 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys 10:22:13.0331 0x03f0 RDPENCDD - ok 10:22:13.0331 0x03f0 [ 44B0A53CD4F27D50ED461DAE0C0B4E1F, CDA80B08E67AD034081C0C920CD66147689F1844403CBC552F65005E7C011A91 ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys 10:22:13.0331 0x03f0 RDPREFMP - ok 10:22:13.0409 0x03f0 [ 65375DF758CA1872AB7EBBBA457FD5E6, 8AC7681F51277E799C22FF95FA0B833E9E260D37C0416319FF05B66FB3948005 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys 10:22:13.0409 0x03f0 RdpVideoMiniport - ok 10:22:13.0455 0x03f0 [ CD9214A6AE17D188D17C3CF8CB9CC693, 2E16FF1F7446F0600D6519010FD05A30B94D97167C16B3E7FC396A97D8139D60 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys 10:22:13.0471 0x03f0 RDPWD - ok 10:22:13.0533 0x03f0 [ 518395321DC96FE2C9F0E96AC743B656, 5F6A0880B4F3EE7196259EA362DA9554B0687B0236F9A8E5CF7A4A77F01F1776 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys 10:22:13.0549 0x03f0 rdyboost - ok 10:22:13.0627 0x03f0 RegFilter - ok 10:22:13.0689 0x03f0 [ 7B5E1419717FAC363A31CC302895217A, 048B96B127CC20833948DAE53C59886D5C725ECA7A744424A01339447D2DDC32 ] RemoteAccess C:\Windows\System32\mprdim.dll 10:22:13.0689 0x03f0 RemoteAccess - ok 10:22:13.0752 0x03f0 [ CB9A8683F4EF2BF99E123D79950D7935, B9FA3E7E91E76D975CF40BFA37909E50F29CC13AB1399007884710651827E9AA ] RemoteRegistry C:\Windows\system32\regsvc.dll 10:22:13.0767 0x03f0 RemoteRegistry - ok 10:22:13.0799 0x03f0 [ F17713D108ACA124A139FDE877EEF68A, AB254B8B4BDB10685280A8595CA69FEA2F1E68923E676C8CAF3F5468AE4C566E ] RimUsb C:\Windows\system32\Drivers\RimUsb.sys 10:22:13.0799 0x03f0 RimUsb - ok 10:22:13.0830 0x03f0 [ 564297827D213F52C7A3A2FF749568CA, B09A78D3B3F0BF47818BBEEDEF73BD6ACB9C5E367592BB90C85FD262BE521876 ] ROOTMODEM C:\Windows\system32\Drivers\RootMdm.sys 10:22:13.0830 0x03f0 ROOTMODEM - ok 10:22:13.0845 0x03f0 [ 78D072F35BC45D9E4E1B61895C152234, 80C924EE1156B4E3172E83DCB9C60817E87885FB9377647E0BF90153E415B1CA ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll 10:22:13.0861 0x03f0 RpcEptMapper - ok 10:22:13.0892 0x03f0 [ 94D36C0E44677DD26981D2BFEEF2A29D, D77A93AC60536F3706E8A0154C0C2199E888B7748C84DB7437254FF175F4DF55 ] RpcLocator C:\Windows\system32\locator.exe 10:22:13.0908 0x03f0 RpcLocator - ok 10:22:13.0939 0x03f0 [ 7660F01D3B38ACA1747E397D21D790AF, 04611B43705C064C2A8331F6D3F8E4530295694AE2C3E3EC3F62CFF4A5EFA88D ] RpcSs C:\Windows\system32\rpcss.dll 10:22:13.0955 0x03f0 RpcSs - ok 10:22:13.0970 0x03f0 [ 032B0D36AD92B582D869879F5AF5B928, 0F8F18A6A0A689957B886D9368015889091094EDA18BE532093F06A70A7CE184 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys 10:22:13.0970 0x03f0 rspndr - ok 10:22:14.0001 0x03f0 [ 79C8488DFA2AA377441645123CB73845, CF7A31A36C5A32949BBC77EC2A5F9B67C46BB1808670D3CE69E9EDE5F0F339DD ] RTHDMIAzAudService C:\Windows\system32\drivers\RtHDMIV.sys 10:22:14.0001 0x03f0 RTHDMIAzAudService - ok 10:22:14.0111 0x03f0 [ 7C7DDFF6173B158A85C29FC8B568B177, F698029359952C96D4A31780F2B63F151FB933746A91B2D1A61F0355053A8377 ] RTL8167 C:\Windows\system32\DRIVERS\Rt86win7.sys 10:22:14.0111 0x03f0 RTL8167 - ok 10:22:14.0142 0x03f0 [ 031C4928ABA3E209CD6F96B7F4B085ED, 1D3E60B0603365831676E8B537E74453A22A2297FB3C8B6F01975E68B6DC0BCB ] RTL8192su C:\Windows\system32\DRIVERS\RTL8192su.sys 10:22:14.0157 0x03f0 RTL8192su - ok 10:22:14.0173 0x03f0 [ 618BA9298726844DA4E9E53C7C8D4015, BCDA8D829E0D40DA8E30832D6A53A2B9882655E5B024E4171BA9732456549B3E ] SamSs C:\Windows\system32\lsass.exe 10:22:14.0173 0x03f0 SamSs - ok 10:22:14.0220 0x03f0 [ 05D860DA1040F111503AC416CCEF2BCA, DAE2F37D09A5A42F945BC8E27E4EA2303521081783A80CEE7FEE7C5A1C2CFC5E ] sbp2port C:\Windows\system32\drivers\sbp2port.sys 10:22:14.0220 0x03f0 sbp2port - ok 10:22:14.0251 0x03f0 [ 8FC518FFE9519C2631D37515A68009C4, 21E10585470CF9FC3BD1977F8A426686CD2FA6BD2094B9E3594B21C7C4541D25 ] SCardSvr C:\Windows\System32\SCardSvr.dll 10:22:14.0251 0x03f0 SCardSvr - ok 10:22:14.0267 0x03f0 [ 0693B5EC673E34DC147E195779A4DCF6, AF1B56FBF3ADABF94CD9DBA67586B8746DE135151F6B3D1B0EE315BC1E2DB670 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys 10:22:14.0267 0x03f0 scfilter - ok 10:22:14.0345 0x03f0 [ A04BB13F8A72F8B6E8B4071723E4E336, E63287FF71C39CBF64C3347C455324C8437F9CF398153E269543588B65389502 ] Schedule C:\Windows\system32\schedsvc.dll 10:22:14.0376 0x03f0 Schedule - ok 10:22:14.0407 0x03f0 [ 319C6B309773D063541D01DF8AC6F55F, 182F392FE839499D159A30A3CD04B5D0C87219930BFB1A7456880B7DA75B9820 ] SCPolicySvc C:\Windows\System32\certprop.dll 10:22:14.0407 0x03f0 SCPolicySvc - ok 10:22:14.0438 0x03f0 [ 08236C4BCE5EDD0A0318A438AF28E0F7, 77727F963F63C4CEC11E7AAD5FB3836179701D512CA9436C3170B9E6A4E5F888 ] SDRSVC C:\Windows\System32\SDRSVC.dll 10:22:14.0438 0x03f0 SDRSVC - ok 10:22:14.0454 0x03f0 [ 90A3935D05B494A5A39D37E71F09A677, F72733A69BC6E1A2BB91D7632FF3463C12563F60FDCC00A2CDD67FF20D479952 ] secdrv C:\Windows\system32\drivers\secdrv.sys 10:22:14.0454 0x03f0 secdrv - ok 10:22:14.0469 0x03f0 [ A59B3A4442C52060CC7A85293AA3546F, 1776D6DEE51991149265AAF39E17065E301C5FA1FF4068653DC0010B9B27185D ] seclogon C:\Windows\system32\seclogon.dll 10:22:14.0469 0x03f0 seclogon - ok 10:22:14.0485 0x03f0 [ DCB7FCDCC97F87360F75D77425B81737, F8289AF2C458C167038EEFE613EE5E3D6D5B3308B8784168374BC81C47891CE5 ] SENS C:\Windows\System32\sens.dll 10:22:14.0485 0x03f0 SENS - ok 10:22:14.0516 0x03f0 [ 50087FE1EE447009C9CC2997B90DE53F, B5E6CF1D991F87C29C5E28198E0962E31FFB499A46C3BD43FC20391693389959 ] SensrSvc C:\Windows\system32\sensrsvc.dll 10:22:14.0516 0x03f0 SensrSvc - ok 10:22:14.0532 0x03f0 [ 9AD8B8B515E3DF6ACD4212EF465DE2D1, E2F019BCD1446236D078D46065DD151DD068778F33BE2F1E8A0CC1EA2F954E86 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys 10:22:14.0532 0x03f0 Serenum - ok 10:22:14.0547 0x03f0 [ 5FB7FCEA0490D821F26F39CC5EA3D1E2, A26DB2EB9F3E2509B4EBA949DB97595CC32332D9321DF68283BFC102E66D766F ] Serial C:\Windows\system32\DRIVERS\serial.sys 10:22:14.0563 0x03f0 Serial - ok 10:22:14.0563 0x03f0 [ 79BFFB520327FF916A582DFEA17AA813, 7A2A9D69BE02228591186A9F4453D4B5FD98837CA422C873C48040170E8BD18C ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys 10:22:14.0563 0x03f0 sermouse - ok 10:22:14.0610 0x03f0 [ 4AE380F39A0032EAB7DD953030B26D28, C8F5F2DD59574E966FDF3057867BB959A554BAB6FD5DC6F1427094A6BC2B2809 ] SessionEnv C:\Windows\system32\sessenv.dll 10:22:14.0610 0x03f0 SessionEnv - ok 10:22:14.0641 0x03f0 [ 9F976E1EB233DF46FCE808D9DEA3EB9C, 6A5C53F27F8BCA85CE206EE7D196176F67EC6FFA5D4830373A20792C149B5E75 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys 10:22:14.0641 0x03f0 sffdisk - ok 10:22:14.0657 0x03f0 [ 932A68EE27833CFD57C1639D375F2731, 11D6B98FBEEE2B9C7B06EF7091857BBD3B349077997D6261D66280668FD1B5C3 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys 10:22:14.0657 0x03f0 sffp_mmc - ok 10:22:14.0672 0x03f0 [ 6D4CCAEDC018F1CF52866BBBAA235982, AAC41F5C97B3FE5A3DC0838457EB8CC9BB71FCA16D3EDBB67D603F0A9D46C131 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys 10:22:14.0672 0x03f0 sffp_sd - ok 10:22:14.0688 0x03f0 [ DB96666CC8312EBC45032F30B007A547, C3AE60FC65A36E96E0D2CC6E184481D70F91A19DC3E2E17E2873DD670A592DD7 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys 10:22:14.0688 0x03f0 sfloppy - ok 10:22:14.0719 0x03f0 [ D1A079A0DE2EA524513B6930C24527A2, E2BC16DBCF38841EECD49C6FA1A9AC89C17F332F12606CA826F058E995E1B83D ] SharedAccess C:\Windows\System32\ipnathlp.dll 10:22:14.0735 0x03f0 SharedAccess - ok 10:22:14.0766 0x03f0 [ 414DA952A35BF5D50192E28263B40577, 9C9BAFB9880DA6CC728506A142BE124E186219610DCC3460657A3CA93C865DF1 ] ShellHWDetection C:\Windows\System32\shsvcs.dll 10:22:14.0766 0x03f0 ShellHWDetection - ok 10:22:14.0781 0x03f0 [ 2565CAC0DC9FE0371BDCE60832582B2E, 1A775214E86B83C2F1799F12D71077D81C89AD32734A248BA88787B7F104B79D ] sisagp C:\Windows\system32\drivers\sisagp.sys 10:22:14.0781 0x03f0 sisagp - ok 10:22:14.0813 0x03f0 [ A9F0486851BECB6DDA1D89D381E71055, 7E909538AB758C18AC2CCBFFEE17BA36FA6ED2E674AA70924AA87AC61375FF35 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys 10:22:14.0813 0x03f0 SiSRaid2 - ok 10:22:14.0828 0x03f0 [ 3727097B55738E2F554972C3BE5BC1AA, 75D52A596A298C33EC79A3B0B80F25492C08A182ABC679401502DA9597687566 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys 10:22:14.0828 0x03f0 SiSRaid4 - ok 10:22:14.0844 0x03f0 [ 3E21C083B8A01CB70BA1F09303010FCE, 803F8F91299C387110F34A49340E7136AAE91B418E2977A36285EA8F432FF197 ] Smb C:\Windows\system32\DRIVERS\smb.sys 10:22:14.0844 0x03f0 Smb - ok 10:22:14.0875 0x03f0 [ 6A984831644ECA1A33FFEAE4126F4F37, 753E23D2B33D47C52C05D892B052CFD96D93B97FB6E9FCB58EF1E4C4A125BF78 ] SNMPTRAP C:\Windows\System32\snmptrap.exe 10:22:14.0875 0x03f0 SNMPTRAP - ok 10:22:14.0875 0x03f0 [ 95CF1AE7527FB70F7816563CBC09D942, CE8BACB91A5A86CBCE82619C6C1873B4D7593B00CED3B522E41B8F7F6258CC65 ] spldr C:\Windows\system32\drivers\spldr.sys 10:22:14.0875 0x03f0 spldr - ok 10:22:14.0937 0x03f0 [ 9AEA093B8F9C37CF45538382CABA2475, CC63239C412067AA72318ADB8BB80BCDF2CA60DA05D814D32753C92508BC16A8 ] Spooler C:\Windows\System32\spoolsv.exe 10:22:14.0953 0x03f0 Spooler - ok 10:22:15.0062 0x03f0 [ CF87A1DE791347E75B98885214CED2B8, 7AF4E03D751C951A4E5FBA28200DABFE6B3BF055490163EEEEA84EBA4D0F368A ] sppsvc C:\Windows\system32\sppsvc.exe 10:22:15.0125 0x03f0 sppsvc - ok 10:22:15.0156 0x03f0 [ B0180B20B065D89232A78A40FE56EAA6, 4D045B23AD58A8822BE9F20119744A8D47455469D54494745CEB099951DA60FF ] sppuinotify C:\Windows\system32\sppuinotify.dll 10:22:15.0156 0x03f0 sppuinotify - ok 10:22:15.0203 0x03f0 [ F42EFEFB765235F24B24E1D2B6F99F46, 5D24504D044512F3CFB05DB3968C521153562458AB86A1EA6A21CEFFF03A37F5 ] sptd C:\Windows\System32\Drivers\sptd.sys 10:22:15.0203 0x03f0 Suspicious file ( NoAccess ): C:\Windows\System32\Drivers\sptd.sys. md5: F42EFEFB765235F24B24E1D2B6F99F46, sha256: 5D24504D044512F3CFB05DB3968C521153562458AB86A1EA6A21CEFFF03A37F5 10:22:15.0203 0x03f0 sptd - detected LockedFile.Multi.Generic ( 1 ) 10:22:15.0203 0x03f0 sptd ( LockedFile.Multi.Generic ) - warning 10:22:15.0203 0x03f0 Force sending object to P2P due to detect: sptd 10:22:15.0203 0x03f0 Object send P2P result: false 10:22:15.0234 0x03f0 [ E4C2764065D66EA1D2D3EBC28FE99C46, 043AEF06A23069DD17675955C834690A5FD8F1948A05B3969F977E823C4E25F5 ] srv C:\Windows\system32\DRIVERS\srv.sys 10:22:15.0249 0x03f0 srv - ok 10:22:15.0265 0x03f0 [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB, 4DF31206DF8F33C2975E23C7257ED930C4EDA8BC4E246D8FDA130BB583083ED0 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys 10:22:15.0281 0x03f0 srv2 - ok 10:22:15.0312 0x03f0 [ BE6BD660CAA6F291AE06A718A4FA8ABC, CD38939CFBA80B882D38099194FC1EBAE15A9D27A4D941DD03C55EC745E52E59 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys 10:22:15.0312 0x03f0 srvnet - ok 10:22:15.0327 0x03f0 [ D887C9FD02AC9FA880F6E5027A43E118, F38BAD90EC791368C37C21090302708D2DFB83ECE9096609AD9AA667B2E5592E ] SSDPSRV C:\Windows\System32\ssdpsrv.dll 10:22:15.0343 0x03f0 SSDPSRV - ok 10:22:15.0359 0x03f0 [ D318F23BE45D5E3A107469EB64815B50, D74355E6FF215AA8CE53BC9DF16AF2740F2FC2FD754939478A3608BDA8C6DDA0 ] SstpSvc C:\Windows\system32\sstpsvc.dll 10:22:15.0359 0x03f0 SstpSvc - ok 10:22:15.0390 0x03f0 [ CA22092117F4F8BA3700B4BF9962444A, 2E82F06E700179FE2C743506FEFD0D45E1CECCD97C0E4C574159EB3A9B8D101F ] ssudmdm C:\Windows\system32\DRIVERS\ssudmdm.sys 10:22:15.0390 0x03f0 ssudmdm - ok 10:22:15.0405 0x03f0 [ DB32D325C192B801DF274BFD12A7E72B, F089DBA719E22BC269720A6B840B873A4AF5639745DB0C3DBC8BD2F2839A1ABA ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys 10:22:15.0405 0x03f0 stexstor - ok 10:22:15.0452 0x03f0 [ E1FB3706030FB4578A0D72C2FC3689E4, A62EC9AA4514CAF2A10C0A3AEF7A36F593A7E7DA370A3F130C24E1B612E19427 ] StiSvc C:\Windows\System32\wiaservc.dll 10:22:15.0452 0x03f0 StiSvc - ok 10:22:15.0468 0x03f0 [ E58C78A848ADD9610A4DB6D214AF5224, 1575A90EB22A4FB066459BDA00C6CAC10198C3C8C74493721EC6D34B51F50426 ] swenum C:\Windows\system32\drivers\swenum.sys 10:22:15.0468 0x03f0 swenum - ok 10:22:15.0483 0x03f0 [ 5230AAB3A00B0A1B89580D8ED85B5BFA, F7C84C296E08D80E2291D6D2EE4DCBFDEB17480CE5DDD235F92937227D471342 ] swivsp C:\Windows\system32\DRIVERS\swivspnt.sys 10:22:15.0483 0x03f0 swivsp - ok 10:22:15.0515 0x03f0 [ A28BD92DF340E57B024BA433165D34D7, 889CC7FF143C3549982128473FF927CD80CF36485A347EF399C1271C8CE12CE4 ] swprv C:\Windows\System32\swprv.dll 10:22:15.0530 0x03f0 swprv - ok 10:22:15.0608 0x03f0 [ 36650D618CA34C9D357DFD3D89B2C56F, 7C3774E53DCF32CB3A4B3504E32D2A651E18467FA0A6AC4C7993C696741B704B ] SysMain C:\Windows\system32\sysmain.dll 10:22:15.0624 0x03f0 SysMain - ok 10:22:15.0655 0x03f0 [ 763FECDC3D30C815FE72DD57936C6CD1, 1A62C7E63E426D56894F4121C75D9C60FC9A14469ADBD0D6F0B94B8DE48CDA3E ] TabletInputService C:\Windows\System32\TabSvc.dll 10:22:15.0655 0x03f0 TabletInputService - ok 10:22:15.0702 0x03f0 [ 613BF4820361543956909043A265C6AC, FCFF02E466D2501630B452627FB218C01E5245A0921EE3D2117E7FD63AC7E98E ] TapiSrv C:\Windows\System32\tapisrv.dll 10:22:15.0702 0x03f0 TapiSrv - ok 10:22:15.0717 0x03f0 [ B799D9FDB26111737F58288D8DC172D9, 409A60819A4305699E2E492A6190637FAAEBD19E745A5DB2A5D6977106C86591 ] TBS C:\Windows\System32\tbssvc.dll 10:22:15.0717 0x03f0 TBS - ok 10:22:15.0780 0x03f0 [ 5579DD18546999F5D0EC39D018726C6B, 82432BACEE75C34F21222D9CC1607223C2940947118A63DB239777A4B1442AD3 ] Tcpip C:\Windows\system32\drivers\tcpip.sys 10:22:15.0811 0x03f0 Tcpip - ok 10:22:15.0905 0x03f0 [ 5579DD18546999F5D0EC39D018726C6B, 82432BACEE75C34F21222D9CC1607223C2940947118A63DB239777A4B1442AD3 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys 10:22:15.0936 0x03f0 TCPIP6 - ok 10:22:15.0983 0x03f0 [ 3EEBD3BD93DA46A26E89893C7AB2FF3B, 2C7204DCD2BCBC6A250FF0F6477616F327AF41FDB7CABE69E5C357361009FB4E ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys 10:22:15.0983 0x03f0 tcpipreg - ok 10:22:16.0014 0x03f0 [ 1CB91B2BD8F6DD367DFC2EF26FD751B2, 879E2827354BB21573AC6A7CCEB746D44214540687E6882FFCB4089546FBD954 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys 10:22:16.0014 0x03f0 TDPIPE - ok 10:22:16.0029 0x03f0 [ 2C2C5AFE7EE4F620D69C23C0617651A8, E828D974C3F9D7004A030C3AD448096C736FDB4C4C1707D043E567D08C845103 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys 10:22:16.0029 0x03f0 TDTCP - ok 10:22:16.0076 0x03f0 [ B459575348C20E8121D6039DA063C704, 1B4328A9EA39FF5A57F258E02254D04B73455F1DF7C997C13702A8B2F12D0347 ] tdx C:\Windows\system32\DRIVERS\tdx.sys 10:22:16.0076 0x03f0 tdx - ok 10:22:16.0123 0x03f0 [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20, 0D81B427720637882077C5024D738191F858FC734ED040697872D906351EF663 ] TermDD C:\Windows\system32\drivers\termdd.sys 10:22:16.0123 0x03f0 TermDD - ok 10:22:16.0201 0x03f0 [ FCFD4F50419B4BC72E80066DA10D2E54, 7C2314A57A404525F0444986332DBAE0964A3359374671598387051D7AAE72AE ] TermService C:\Windows\System32\termsrv.dll 10:22:16.0217 0x03f0 TermService - ok 10:22:16.0263 0x03f0 [ 42FB6AFD6B79D9FE07381609172E7CA4, B57C85091209A2FAD19ED490B8FA7FC98F12911F9C9CACE9AF1E540780CE6700 ] Themes C:\Windows\system32\themeservice.dll 10:22:16.0263 0x03f0 Themes - ok 10:22:16.0279 0x03f0 [ 146B6F43A673379A3C670E86D89BE5EA, C4412DCF80DE6B55466F399413271364F14BC0819C224AA161EDDC31A9775440 ] THREADORDER C:\Windows\system32\mmcss.dll 10:22:16.0295 0x03f0 THREADORDER - ok 10:22:16.0310 0x03f0 [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A, 532A3A812578B2DFD83001DE66FC73689D79EC729409EB572E07E6D65B281712 ] TrkWks C:\Windows\System32\trkwks.dll 10:22:16.0310 0x03f0 TrkWks - ok 10:22:16.0388 0x03f0 [ 2C49B175AEE1D4364B91B531417FE583, 6C7995E18F84E465C376D1D5F153C15ACB66CDEA86EE5BF186677F572E7E129B ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe 10:22:16.0404 0x03f0 TrustedInstaller - ok 10:22:16.0451 0x03f0 [ 6C5139E4283249518F7743D7043775B3, 58684E8C90EBAC65459A97C905CDCFE3A915CFF7E8E96071DE1AC3489F85E67F ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys 10:22:16.0451 0x03f0 tssecsrv - ok 10:22:16.0482 0x03f0 [ 9CE253214ACAA5A7D323327D2055EFAA, 15E7DB578EDF36DD2FD5BA960C3941B2353037323B6B96702CDCDC07588EA724 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys 10:22:16.0497 0x03f0 TsUsbFlt - ok 10:22:16.0529 0x03f0 [ B2FA25D9B17A68BB93D58B0556E8C90D, 0146931B733CAB1CD87F94C35F97E110D6ED6C55EAFF03345400A29AEDE99BDE ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys 10:22:16.0529 0x03f0 tunnel - ok 10:22:16.0560 0x03f0 [ 750FBCB269F4D7DD2E420C56B795DB6D, E1A95C59148FE463539C34336FD0E74B31A33B8AB2B8E34AA10349C3347471D7 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys 10:22:16.0560 0x03f0 uagp35 - ok 10:22:16.0607 0x03f0 [ EE43346C7E4B5E63E54F927BABBB32FF, BAD6FC3BEE45E644D5A6A0A31428F5B2AEC72A0AA0C74EF8177B1FE23EEF3AA9 ] udfs C:\Windows\system32\DRIVERS\udfs.sys 10:22:16.0607 0x03f0 udfs - ok 10:22:16.0653 0x03f0 [ 8344FD4FCE927880AA1AA7681D4927E5, 1B54EFA60A221E2B9FFE59BB41C7E7D8B5AC6826F1C5577456D81371D464255A ] UI0Detect C:\Windows\system32\UI0Detect.exe 10:22:16.0669 0x03f0 UI0Detect - ok 10:22:16.0700 0x03f0 [ 44E8048ACE47BEFBFDC2E9BE4CBC8880, 5D96D90FDF68AE470CC92CA9DF9DA2C05A53EF455A5A109DBBF7C96F3238257C ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys 10:22:16.0716 0x03f0 uliagpkx - ok 10:22:16.0747 0x03f0 [ D295BED4B898F0FD999FCFA9B32B071B, D4130DB4AE76EE6DC0B8E7A4FEF5CB8B26EBD822C21021F6FA78FD29C1E211C2 ] umbus C:\Windows\system32\drivers\umbus.sys 10:22:16.0747 0x03f0 umbus - ok 10:22:16.0763 0x03f0 [ 7550AD0C6998BA1CB4843E920EE0FEAC, 24C001E422C3B3B920CDCF6003A3179CE464DE4284775403DD5122EF9780460D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys 10:22:16.0763 0x03f0 UmPass - ok 10:22:16.0809 0x03f0 [ 833FBB672460EFCE8011D262175FAD33, C0C3067A305993CBF056C229771CB0593DD60C9C7AC5130FF1CA610BCA812AB5 ] upnphost C:\Windows\System32\upnphost.dll 10:22:16.0825 0x03f0 upnphost - ok 10:22:16.0825 0x03f0 UrlFilter - ok 10:22:16.0856 0x03f0 [ 6E421CCC57059B0186C6259CA3B6DFC9, E348BF23CCD6C14FD10C1689BBDC77E125245331F97BFE60D4C8FD9A8711CB59 ] USBAAPL C:\Windows\system32\Drivers\usbaapl.sys 10:22:16.0872 0x03f0 USBAAPL - ok 10:22:16.0903 0x03f0 [ 0803FBA9FE829D61AE26EC0BCC910C46, 30D00E2C7DFC630C99C1599587D4F9C272BC30D444E07C961AA05BF84587806B ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys 10:22:16.0919 0x03f0 usbccgp - ok 10:22:16.0965 0x03f0 [ 2352AB5F9F8F097BF9D41D5A4718A041, 25BC7828C625B9B2A5110C25B230C5828CEC18EC97ECF9EC4745E8930CBF472C ] usbcir C:\Windows\system32\drivers\usbcir.sys 10:22:16.0965 0x03f0 usbcir - ok 10:22:16.0981 0x03f0 [ D40855F89B69305140BBD7E9A3BA2DA6, 745DC6D770666F6B19C2B6AA89C21D1A314732E291453BFA2367F9AF86F97C3C ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys 10:22:16.0997 0x03f0 usbehci - ok 10:22:17.0028 0x03f0 [ EDF2DF71C4F1E13A6AC75F5224DE655A, 1764D155C6B99201774B57195349304259232A12868ECFC2069CA49443EBDC2C ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys 10:22:17.0043 0x03f0 usbhub - ok 10:22:17.0075 0x03f0 [ 9828C8D14CC2676421778F0DE638CF97, 479A28211FFB85190A01FAB0283B927588805D2C0CDB03F85F8F814B88E4F453 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys 10:22:17.0075 0x03f0 usbohci - ok 10:22:17.0075 0x03f0 [ 797D862FE0875E75C7CC4C1AD7B30252, 1BBE745E4C85F8911076F6032ACD7A35FAC048D3CB1500C64E08D8B2C70A1069 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys 10:22:17.0075 0x03f0 usbprint - ok 10:22:17.0090 0x03f0 [ FC6B21DB4B5B398AB93DBE59CBF11036, A94094C208F376405C07822A6143001EF1B12AE93205CD8002E87F6EB45F6374 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys 10:22:17.0090 0x03f0 usbscan - ok 10:22:17.0106 0x03f0 [ F991AB9CC6B908DB552166768176896A, AD8E7A16B23B244B7F834622D4E38B5844193C6E31EF96F61E0E2EA16C945026 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS 10:22:17.0106 0x03f0 USBSTOR - ok 10:22:17.0121 0x03f0 [ 800AABFD625EEFF899F7E5496BDE37AB, 3EB7ED07760CB348FCA9A06C2B838EF79B51A83C5F70A9C9EAAEAE54480067E2 ] usbuhci C:\Windows\system32\drivers\usbuhci.sys 10:22:17.0121 0x03f0 usbuhci - ok 10:22:17.0168 0x03f0 [ 081E6E1C91AEC36758902A9F727CD23C, 9FDAA17A3B99067E035E5D76305427F15FFDBC5D304B2BB78AFC6463EDDE1A75 ] UxSms C:\Windows\System32\uxsms.dll 10:22:17.0168 0x03f0 UxSms - ok 10:22:17.0184 0x03f0 [ 618BA9298726844DA4E9E53C7C8D4015, BCDA8D829E0D40DA8E30832D6A53A2B9882655E5B024E4171BA9732456549B3E ] VaultSvc C:\Windows\system32\lsass.exe 10:22:17.0199 0x03f0 VaultSvc - ok 10:22:17.0215 0x03f0 [ A059C4C3EDB09E07D21A8E5C0AABD3CB, BDD3729B49DF2E2FC72FFEF9D10235B481A671DE5A721B6B9A80873B7A343F07 ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys 10:22:17.0231 0x03f0 vdrvroot - ok 10:22:17.0262 0x03f0 [ C3CD30495687C2A2F66A65CA6FD89BE9, 582E4706C1D6A151020D14B26C7BF166F4E42BDD6E410F30EC452469270C5E9B ] vds C:\Windows\System32\vds.exe 10:22:17.0277 0x03f0 vds - ok 10:22:17.0293 0x03f0 [ 17C408214EA61696CEC9C66E388B14F3, 829C0416672E2B2DFABCFE641E7F281F41E8DBB3C0EF11C7784CB9BB94F87E97 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys 10:22:17.0293 0x03f0 vga - ok 10:22:17.0324 0x03f0 [ 8E38096AD5C8570A6F1570A61E251561, 4DBA3C1397A2203548F45F006E66D99F837903F601ABBCE2304754F783CA8A39 ] VgaSave C:\Windows\System32\drivers\vga.sys 10:22:17.0324 0x03f0 VgaSave - ok 10:22:17.0355 0x03f0 [ 5461686CCA2FDA57B024547733AB42E3, 2721D0659AA890172FCAD4EC4D926B58ACD0EE4887DA51545DC7237420D5BF84 ] vhdmp C:\Windows\system32\drivers\vhdmp.sys 10:22:17.0355 0x03f0 vhdmp - ok 10:22:17.0371 0x03f0 [ C829317A37B4BEA8F39735D4B076E923, 55D1796AE750071E1E05BD7702B6C355CCFFE27B4C00E93E7044C3184732B497 ] viaagp C:\Windows\system32\drivers\viaagp.sys 10:22:17.0371 0x03f0 viaagp - ok 10:22:17.0387 0x03f0 [ E02F079A6AA107F06B16549C6E5C7B74, B530DCE3EE4F285B3D5F69F7148D17E016D54F04E6F93706B829A34567748788 ] ViaC7 C:\Windows\system32\DRIVERS\viac7.sys 10:22:17.0387 0x03f0 ViaC7 - ok 10:22:17.0418 0x03f0 [ E43574F6A56A0EE11809B48C09E4FD3C, 3687BF638E21C00E62ABFED70D728B91ADA08F7164CA898E654F31DA196589E9 ] viaide C:\Windows\system32\drivers\viaide.sys 10:22:17.0418 0x03f0 viaide - ok 10:22:17.0449 0x03f0 [ 4C63E00F2F4B5F86AB48A58CD990F212, 9796BD4B9CFEEEAF57C5E332A732EFC2770B21F9B35301A5D202F5FC52C1E035 ] volmgr C:\Windows\system32\drivers\volmgr.sys 10:22:17.0449 0x03f0 volmgr - ok 10:22:17.0511 0x03f0 [ B5BB72067DDDDBBFB04B2F89FF8C3C87, 65B9AD55F43940A5FDD88B6EC5034A7E375DF8E6F5F1AE6519A4BD6B7E992EBC ] volmgrx C:\Windows\system32\drivers\volmgrx.sys 10:22:17.0527 0x03f0 volmgrx - ok 10:22:17.0558 0x03f0 [ F497F67932C6FA693D7DE2780631CFE7, DAE544ED99D2CF570DA31343BD87D2F856D0D13529656D38E1BF854C77F017F6 ] volsnap C:\Windows\system32\drivers\volsnap.sys 10:22:17.0558 0x03f0 volsnap - ok 10:22:17.0589 0x03f0 [ 9DFA0CC2F8855A04816729651175B631, 37FD9E43A2A3F125E94A315FB4CD8A1B5499A5FD74806EB2D1E5DA88C070D3A3 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys 10:22:17.0589 0x03f0 vsmraid - ok 10:22:17.0636 0x03f0 [ 209A3B1901B83AEB8527ED211CCE9E4C, 1A431F6409F8E0531F600F8F988ECECECB902DA26BBAAF1DE74A5CAC29A7CB44 ] VSS C:\Windows\system32\vssvc.exe 10:22:17.0667 0x03f0 VSS - ok 10:22:17.0683 0x03f0 [ 90567B1E658001E79D7C8BBD3DDE5AA6, EFC23BEEA7F54A2DC56CB523DAD1AF0358D904C5278BF08873910E2DB3F13557 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys 10:22:17.0683 0x03f0 vwifibus - ok 10:22:17.0683 0x03f0 [ 7090D3436EEB4E7DA3373090A23448F7, 3A130B28F2BFA7DCEC8596C4CE4E187B019F5ECF1AAC8DD1BBDE9CBD2428FEC2 ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys 10:22:17.0683 0x03f0 vwififlt - ok 10:22:17.0699 0x03f0 [ A3F04CBEA6C2A10E6CB01F8B47611882, 32AFE18B07FECA30BC95831A5DC94C784E543784DF16165334A777DC84E91EF3 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys 10:22:17.0699 0x03f0 vwifimp - ok 10:22:17.0714 0x03f0 [ 55187FD710E27D5095D10A472C8BAF1C, AE298E2D3BA366BCBDC092C717214C181E8843FA564A6DFB07FC3238A5A68DC3 ] W32Time C:\Windows\system32\w32time.dll 10:22:17.0714 0x03f0 W32Time - ok 10:22:17.0745 0x03f0 [ DE3721E89C653AA281428C8A69745D90, 501C78056ED4295625D8A5412025FD2F0CA24077044D3A5800BA79DF3D946516 ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys 10:22:17.0745 0x03f0 WacomPen - ok 10:22:17.0777 0x03f0 [ 3C3C78515F5AB448B022BDF5B8FFDD2E, 35284174A42039C3C1FF8A3C8BC187A5E067C7782FC62D19749C2CB28C4E36C7 ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys 10:22:17.0777 0x03f0 WANARP - ok 10:22:17.0777 0x03f0 [ 3C3C78515F5AB448B022BDF5B8FFDD2E, 35284174A42039C3C1FF8A3C8BC187A5E067C7782FC62D19749C2CB28C4E36C7 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys 10:22:17.0777 0x03f0 Wanarpv6 - ok 10:22:17.0823 0x03f0 [ 691E3285E53DCA558E1A84667F13E15A, 12EDB66EF8FC100402BEA221F354D3BD5542F6DDF715B6E7D873D6BAE7E3D329 ] wbengine C:\Windows\system32\wbengine.exe 10:22:17.0855 0x03f0 wbengine - ok 10:22:17.0901 0x03f0 [ 9614B5D29DC76AC3C29F6D2D3AA70E67, A2FFB92F0030B4CD771E862DA575ECCF2F3A5B4B85858C1241A0C59262C0EC88 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll 10:22:17.0917 0x03f0 WbioSrvc - ok 10:22:17.0948 0x03f0 [ 34EEE0DFAADB4F691D6D5308A51315DC, A040A03E25A0C78B9E26F86C2DF95BCAF8E7EC90183CEB295615D3265350EBEE ] wcncsvc C:\Windows\System32\wcncsvc.dll 10:22:17.0964 0x03f0 wcncsvc - ok 10:22:17.0964 0x03f0 [ 5D930B6357A6D2AF4D7653BDABBF352F, 677FF2ED14EE0B0CAA710DA81556CC16D5971DAB10E7C7432D167A87CA6F0EAA ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll 10:22:17.0979 0x03f0 WcsPlugInService - ok 10:22:18.0011 0x03f0 [ 1112A9BADACB47B7C0BB0392E3158DFF, 1AE2AFA125973571F91E6945FE8A735F63D76EBB250A0075D98C580167FD9ED4 ] Wd C:\Windows\system32\DRIVERS\wd.sys 10:22:18.0011 0x03f0 Wd - ok 10:22:18.0057 0x03f0 [ 25944D2CC49E0A6C581D02A74B7D6645, AF8FFAFEC07F1A6A3D4008E609E8E1D705A8DFCC7995C766E3946887203F7BEE ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys 10:22:18.0073 0x03f0 Wdf01000 - ok 10:22:18.0089 0x03f0 [ 46EF9DC96265FD0B423DB72E7C38C2A5, 43801A51FB0E45CFFC73DF6441B54A75FC2FEAF5E0424DFE7AB04FC26CF6CD16 ] WdiServiceHost C:\Windows\system32\wdi.dll 10:22:18.0089 0x03f0 WdiServiceHost - ok 10:22:18.0104 0x03f0 [ 46EF9DC96265FD0B423DB72E7C38C2A5, 43801A51FB0E45CFFC73DF6441B54A75FC2FEAF5E0424DFE7AB04FC26CF6CD16 ] WdiSystemHost C:\Windows\system32\wdi.dll 10:22:18.0104 0x03f0 WdiSystemHost - ok 10:22:18.0135 0x03f0 [ 75E8EBD7040CE238684333F97014762A, 2CA0B267FBAEB303D1F8B639D733DC0DE17BA1276CC9096035B4F2BBBED3EF7F ] WebClient C:\Windows\System32\webclnt.dll 10:22:18.0135 0x03f0 WebClient - ok 10:22:18.0167 0x03f0 [ F56A25B240391620B6E31ACF656F2018, 38FEF5616E68FCAFF7B573611EEFEC1B330424BD39D88364E44C4C125FF7E235 ] Wecsvc C:\Windows\system32\wecsvc.dll 10:22:18.0182 0x03f0 Wecsvc - ok 10:22:18.0198 0x03f0 [ AC804569BB2364FB6017370258A4091B, 1856F354146A5946F3E7D0DD09726FC8A3502B0F0776FEADDF10669C81CC28E2 ] wercplsupport C:\Windows\System32\wercplsupport.dll 10:22:18.0198 0x03f0 wercplsupport - ok 10:22:18.0213 0x03f0 [ 08E420D873E4FD85241EE2421B02C4A4, E1E9436EB096FF7DE9A76DA6217035257EF9FC7565DDB9016DCA3859E7F1EF0F ] WerSvc C:\Windows\System32\WerSvc.dll 10:22:18.0213 0x03f0 WerSvc - ok 10:22:18.0229 0x03f0 [ 8B9A943F3B53861F2BFAF6C186168F79, 88E2F79F32AFBA17CB8377A508B83A1EC2315E9F3A365F591C87FE4525AA6713 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys 10:22:18.0229 0x03f0 WfpLwf - ok 10:22:18.0245 0x03f0 [ 5CF95B35E59E2A38023836FFF31BE64C, CEA21302B3E855EE592810D4E0DE10E47A47A393064C435463CD54598735CD8D ] WIMMount C:\Windows\system32\drivers\wimmount.sys 10:22:18.0245 0x03f0 WIMMount - ok 10:22:18.0338 0x03f0 [ 082CF481F659FAE0DE51AD060881EB47, BB67D2AF0BB9192D4CCF66C23D80CE5A1B38715556D94E2561DBF8F805FA30A5 ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll 10:22:18.0354 0x03f0 WinDefend - ok 10:22:18.0354 0x03f0 WinHttpAutoProxySvc - ok 10:22:18.0401 0x03f0 [ 320B13F43726EB73B2D7AE8869AFAACE, 56E882AA2749F401C28EE3DE2D23088C479CDE54E4CD4FBCC18374F348332607 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll 10:22:18.0416 0x03f0 Winmgmt - ok 10:22:18.0494 0x03f0 [ 895AD0D039FAAE12D4C25E028051344C, 49FCB06EF59846CAC665BCFA1D0B0CCB7A52B414FA80FE97438B5CE2AD60C31D ] WinRM C:\Windows\system32\WsmSvc.dll 10:22:18.0541 0x03f0 WinRM - ok 10:22:18.0572 0x03f0 [ A67E5F9A400F3BD1BE3D80613B45F708, E170A8BD31A779403DC9C43ED6483DA8E186512D3EE700B87F6BA292E284E367 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys 10:22:18.0588 0x03f0 WinUsb - ok 10:22:18.0619 0x03f0 [ 16935C98FF639D185086A3529B1F2067, E9C6B73A572A04FCE9B1B0E6815F941B10332D9A6D55B92927C2B1275F119091 ] Wlansvc C:\Windows\System32\wlansvc.dll 10:22:18.0650 0x03f0 Wlansvc - ok 10:22:18.0744 0x03f0 [ 5E7C103F8475C4289847D15E129C20F7, C6325D3557545FA1DA26B0B1EA9A1C95AED1FA84A93BE29A771DAD9ECB00768B ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE 10:22:18.0791 0x03f0 wlidsvc - ok 10:22:18.0806 0x03f0 [ 0217679B8FCA58714C3BF2726D2CA84E, 4494984B922DCF24D37BCD0E6831CEBD07D1CA49235D04E821D17ED3DF84ED2A ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys 10:22:18.0806 0x03f0 WmiAcpi - ok 10:22:18.0822 0x03f0 [ A1BCA34F741D285E8A7CD3F3E734BBBD, 0BD51632576ECDBF99560AD3F57B1A819C7216840818328C44C471471009AA8B ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe 10:22:18.0822 0x03f0 wmiApSrv - ok 10:22:18.0931 0x03f0 [ 3B40D3A61AA8C21B88AE57C58AB3122E, 6C67DCB007C3CDF2EB0BBF5FD89C32CD7800C20F7166872F8C387BE262C5CD21 ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe 10:22:18.0947 0x03f0 WMPNetworkSvc - ok 10:22:18.0962 0x03f0 [ A2F0EC770A92F2B3F9DE6D518E11409C, 6838F2148B11285E00DC449D51F8AD85AAE57694E89BA2C607B87AC1C650D845 ] WPCSvc C:\Windows\System32\wpcsvc.dll 10:22:18.0962 0x03f0 WPCSvc - ok 10:22:18.0993 0x03f0 [ AA53356D60AF47EACC85BC617A4F3F66, 155CB8112AA382D841C1891750FF29EF4F1BF716CD9CDF0F2243209E2CCCAC98 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll 10:22:18.0993 0x03f0 WPDBusEnum - ok 10:22:19.0009 0x03f0 [ 6DB3276587B853BF886B69528FDB048C, 9972FF6DF0DF6F86D1E9BCEF4C29064748B217DA196B0633C30D3D580144951C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys 10:22:19.0009 0x03f0 ws2ifsl - ok 10:22:19.0025 0x03f0 [ 6F5D49EFE0E7164E03AE773A3FE25340, 15B6AFF7455538189A96F8863CC995A271E02C6FBDAC15B037D44DDA65E61339 ] wscsvc C:\Windows\System32\wscsvc.dll 10:22:19.0025 0x03f0 wscsvc - ok 10:22:19.0025 0x03f0 WSearch - ok 10:22:19.0149 0x03f0 [ 7E5C454A3F986FEBAD075DB8D915917E, 9E9147DDACD075958689523130DB92FC4ED0E38433461D8AB8792BCFBD9376DA ] wuauserv C:\Windows\system32\wuaueng.dll 10:22:19.0196 0x03f0 wuauserv - ok 10:22:19.0227 0x03f0 [ 06E6F32C8D0A3F66D956F57B43A2E070, 9A6BD96A28294B0372F16E13D652FD603308F64B74A56E41E0C68C5E8011F943 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys 10:22:19.0227 0x03f0 WudfPf - ok 10:22:19.0243 0x03f0 [ 867C301E8B790040AE9CF6486E8041DF, D867D6498C987944D99508B2FAD6D6B749FA1EDFE8124B0863D4A642352F0855 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys 10:22:19.0243 0x03f0 WUDFRd - ok 10:22:19.0259 0x03f0 [ FE47B7BC8EA320C2D9B5E5BF6E303765, 34518DBD1E9EA6E5DA62273B18613761E1D9C6B4E074A93C6D639FBAF02222EA ] wudfsvc C:\Windows\System32\WUDFSvc.dll 10:22:19.0259 0x03f0 wudfsvc - ok 10:22:19.0290 0x03f0 [ 7CC38741B8F68F1E0D5D79DA6123666A, F90D2DA1C9AFB506C381CD386E1430931B5F81813FEDFD720F87FBC54E7A00DA ] WwanSvc C:\Windows\System32\wwansvc.dll 10:22:19.0305 0x03f0 WwanSvc - ok 10:22:19.0305 0x03f0 ZTEusbmdm6k - ok 10:22:19.0305 0x03f0 ZTEusbnmea - ok 10:22:19.0321 0x03f0 ZTEusbser6k - ok 10:22:19.0337 0x03f0 ================ Scan global =============================== 10:22:19.0368 0x03f0 [ DAB748AE0439955ED2FA22357533DDDB, 73EDD402C7479DDCE1998D0C7E99E1EC2974F64EFC33A851439CC85D09EDCDF9 ] C:\Windows\system32\basesrv.dll 10:22:19.0415 0x03f0 [ 51BB04243DF6196C06E125898127E397, E1B6C83FC6E455F6806185027C5B56F8BA9ECDF1CD69E97301EC0291F0D3466E ] C:\Windows\system32\winsrv.dll 10:22:19.0446 0x03f0 [ 51BB04243DF6196C06E125898127E397, E1B6C83FC6E455F6806185027C5B56F8BA9ECDF1CD69E97301EC0291F0D3466E ] C:\Windows\system32\winsrv.dll 10:22:19.0461 0x03f0 [ 364455805E64882844EE9ACB72522830, 906561DBBB33F744844CF27E456226044C85DF0FCFD26DE1FD11E09E2CFA6F8F ] C:\Windows\system32\sxssrv.dll 10:22:19.0524 0x03f0 [ 0780A42DBD7D9969F9BF4A19AA4285B5, 8EA41124A4E97732C5DAA616457FBA7111CB38986F3427FA776ED00BC1407171 ] C:\Windows\system32\services.exe 10:22:19.0539 0x03f0 [ Global ] - ok 10:22:19.0539 0x03f0 ================ Scan MBR ================================== 10:22:19.0555 0x03f0 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0 10:22:19.0820 0x03f0 \Device\Harddisk0\DR0 - ok 10:22:19.0836 0x03f0 [ A4A15D6782E6FE1DCE41A606CB3AFFE3 ] \Device\Harddisk4\DR4 10:22:20.0117 0x03f0 \Device\Harddisk4\DR4 - ok 10:22:20.0117 0x03f0 ================ Scan VBR ================================== 10:22:20.0117 0x03f0 [ 736BCE823272F01328C32FAD040874C1 ] \Device\Harddisk0\DR0\Partition1 10:22:20.0163 0x03f0 \Device\Harddisk0\DR0\Partition1 - ok 10:22:20.0163 0x03f0 [ 538667450BF50DA4DACDC36266E49CF2 ] \Device\Harddisk0\DR0\Partition2 10:22:20.0210 0x03f0 \Device\Harddisk0\DR0\Partition2 - ok 10:22:20.0210 0x03f0 [ 5166237B7612FE4A35E38B3B79D46285 ] \Device\Harddisk0\DR0\Partition3 10:22:20.0210 0x03f0 \Device\Harddisk0\DR0\Partition3 - ok 10:22:20.0226 0x03f0 [ 3C1764EF7AF8509E39B5F12EA9B8C36F ] \Device\Harddisk0\DR0\Partition4 10:22:20.0288 0x03f0 \Device\Harddisk0\DR0\Partition4 - ok 10:22:20.0304 0x03f0 [ 1CD3E966881B0F1808560D4DA018E980 ] \Device\Harddisk4\DR4\Partition1 10:22:20.0351 0x03f0 \Device\Harddisk4\DR4\Partition1 - ok 10:22:20.0351 0x03f0 ================ Scan generic autorun ====================== 10:22:20.0460 0x03f0 [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files\Windows Sidebar\Sidebar.exe 10:22:20.0507 0x03f0 Sidebar - ok 10:22:20.0538 0x03f0 [ BBA1A5B86134F496B926DDAF247DB871, 636990AE49C55189B7EF69C419787440B57EC0BAD98A9C280E1028F741BB222E ] C:\Windows\System32\mctadmin.exe 10:22:20.0538 0x03f0 mctadmin - ok 10:22:20.0585 0x03f0 [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files\Windows Sidebar\Sidebar.exe 10:22:20.0600 0x03f0 Sidebar - ok 10:22:20.0616 0x03f0 [ BBA1A5B86134F496B926DDAF247DB871, 636990AE49C55189B7EF69C419787440B57EC0BAD98A9C280E1028F741BB222E ] C:\Windows\System32\mctadmin.exe 10:22:20.0616 0x03f0 mctadmin - ok 10:22:20.0756 0x03f0 [ 29F2EB3936BD71EC68B87330E3286E2C, 7CEAFDF28F34ED91DA061DD1FC5AC2C9BC019FDA7B65D68B1EA47FAED21D3BE1 ] C:\Program Files\COMPUTER BILD Account-Alarm\COMPUTER BILD Account-Alarm.exe 10:22:20.0819 0x03f0 COMPUTER BILD Account-Alarm - ok 10:22:20.0834 0x03f0 AV detected via SS2: G Data InternetSecurity CBE, C:\Program Files\G Data\InternetSecurity\AVK\avkwscpe.exe ( 25.0.0.0 ), 0x41000 ( enabled : updated ) 10:22:20.0834 0x03f0 FW detected via SS2: G Data Personal Firewall, C:\Program Files\G Data\InternetSecurity\Firewall\GDFwSvc.exe ( 22.0.0.1 ), 0x41010 ( enabled ) 10:22:20.0834 0x03f0 ============================================================ 10:22:20.0834 0x03f0 Scan finished 10:22:20.0834 0x03f0 ============================================================ 10:22:20.0850 0x10b8 Detected object count: 1 10:22:20.0850 0x10b8 Actual detected object count: 1 |
|
16.05.2015, 06:04
| #8 |
| /// the machine /// TB-Ausbilder | DHL PDF im Spam Email geöffnet hi, Scan mit Combofix
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
16.05.2015, 09:54
| #9 |
| | DHL PDF im Spam Email geöffnetCode:
ATTFilter ComboFix 15-05-13.01 - Oliver 16.05.2015 10:13:35.2.4 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.3326.1911 [GMT 2:00]
ausgeführt von:: c:\users\Oliver\Desktop\ComboFix.exe
AV: G Data InternetSecurity CBE *Disabled/Updated* {545C8713-0744-B079-87F8-349A6D5C8CF0}
FW: G Data Personal Firewall *Disabled* {6C670636-4D2B-B121-ACA7-9DAF938FCB8B}
SP: G Data InternetSecurity CBE *Disabled/Updated* {EF3D66F7-217E-BFF7-BD48-0FE816DBC64D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
H:\autorun.inf
.
---- Vorheriger Suchlauf -------
.
c:\users\Oliver\AppData\Roaming\Microsoft\Windows\Templates\install_flashplayer11x64_mssd_aih_de.exe
c:\users\Oliver\x-mp4-to-dvd-converter.exe
H:\autorun.inf
.
.
((((((((((((((((((((((( Dateien erstellt von 2015-04-16 bis 2015-05-16 ))))))))))))))))))))))))))))))
.
.
2015-05-16 08:21 . 2015-05-16 08:21 -------- d-----w- c:\users\Oliver\AppData\Local\temp
2015-05-16 08:21 . 2015-05-16 08:21 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-05-14 15:44 . 2015-05-14 15:49 -------- d-----w- C:\AdwCleaner
2015-05-14 08:48 . 2015-05-14 08:52 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
2015-05-14 08:13 . 2015-05-15 08:18 -------- d-----w- C:\FRST
2015-05-14 08:10 . 2015-05-14 08:10 -------- dc-h--w- c:\programdata\{7AD360CC-1D61-4011-83BE-B257782BA5CB}
2015-05-14 08:10 . 2015-05-14 15:39 -------- d-----w- c:\program files\WinSysClean X5
2015-05-13 22:18 . 2015-05-01 13:16 102608 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-13 22:15 . 2015-05-13 22:16 -------- d-----w- c:\users\Oliver\AppData\Roaming\QuickScan
2015-05-13 22:12 . 2015-04-04 06:39 9201616 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{0EBD16DE-D8B3-4EB4-80F5-BDCEDAD482FD}\mpengine.dll
2015-05-13 21:38 . 2015-04-13 03:19 259072 ----a-w- c:\windows\system32\services.exe
2015-05-13 21:33 . 2015-04-08 03:14 1223680 ----a-w- c:\program files\Windows Journal\NBDoc.DLL
2015-05-13 21:28 . 2015-05-13 21:28 15192 ----a-w- c:\windows\system32\drivers\GdPhyMem.sys
2015-05-13 21:27 . 2015-05-13 21:27 29528 ----a-w- c:\windows\system32\drivers\GRD.sys
2015-05-13 21:25 . 2015-05-14 08:48 119512 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-05-13 21:24 . 2015-05-14 08:47 92888 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2015-05-13 21:24 . 2015-04-14 07:37 51928 ----a-w- c:\windows\system32\drivers\mwac.sys
2015-05-13 21:24 . 2015-04-14 07:37 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
2015-04-17 16:47 . 2015-03-04 04:16 249784 ----a-w- c:\windows\system32\clfs.sys
2015-04-17 16:45 . 2015-02-25 03:03 514560 ----a-w- c:\windows\system32\drivers\http.sys
2015-04-17 16:45 . 2015-03-10 03:08 1237504 ----a-w- c:\windows\system32\msxml3.dll
2015-04-17 16:45 . 2015-03-10 03:05 2048 ----a-w- c:\windows\system32\msxml3r.dll
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-02-24 02:32 . 2015-03-12 09:58 342696 ----a-w- c:\windows\system32\iedkcs32(713).dll
2015-02-24 02:23 . 2012-06-23 22:36 246920 ------w- c:\windows\system32\MpSigStub.exe
2015-02-21 00:27 . 2015-03-12 09:58 418304 ----a-w- c:\windows\system32\dxtmsft(710).dll
2015-02-20 23:32 . 2015-03-12 09:58 76288 ----a-w- c:\windows\system32\mshtmled(718).dll
2015-02-20 04:13 . 2015-03-12 09:57 26624 ----a-w- c:\windows\system32\lpk.dll
2015-02-20 04:13 . 2015-03-12 09:57 70656 ----a-w- c:\windows\system32\fontsub.dll
2015-02-20 04:13 . 2015-03-12 09:57 10240 ----a-w- c:\windows\system32\dciman32.dll
2015-02-20 04:13 . 2015-03-12 09:57 34304 ----a-w- c:\windows\system32\atmlib.dll
2015-02-20 03:09 . 2015-03-12 09:57 299008 ----a-w- c:\windows\system32\atmfd.dll
2015-02-20 02:08 . 2015-03-12 09:58 47616 ----a-w- c:\windows\system32\ieetwproxystub(714).dll
2015-02-20 02:01 . 2015-03-12 09:58 47104 ----a-w- c:\windows\system32\jsproxy(717).dll
2015-02-20 01:56 . 2015-03-12 09:58 620032 ----a-w- c:\windows\system32\jscript9diag(716).dll
2015-02-20 01:50 . 2015-03-12 09:58 667648 ----a-w- c:\windows\system32\MsSpellCheckingFacility(719).exe
2015-02-20 01:41 . 2015-03-12 09:58 60416 ----a-w- c:\windows\system32\JavaScriptCollectionAgent(715).dll
2015-02-20 00:57 . 2015-03-12 09:58 1311232 ----a-w- c:\windows\system32\urlmon(720).dll
2015-02-15 14:10 . 2012-06-24 08:40 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2015-02-15 14:10 . 2012-06-24 08:40 701616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-06-16 12:30 . 2013-05-29 13:04 8334304 ----a-w- c:\program files\CopyTransManager.exe
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{10921475-03CE-4E04-90CE-E2E7EF20C814}]
2014-10-18 09:17 752960 ----a-w- c:\program files\IObit\IObit Uninstaller\UninstallExplorer32.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{9D974C8C-6D92-44FB-BEAF-B45A1C0CF17F}]
2014-06-11 13:20 464720 ----a-w- c:\program files\IObit\IObit Malware Fighter\adsremoval\IE\Adblock.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ AccExtIco1]
@="{AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47}"
[HKEY_CLASSES_ROOT\CLSID\{AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47}]
2014-07-16 09:05 710304 ----a-w- c:\program files\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x86.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ AccExtIco2]
@="{853B7E05-C47D-4985-909A-D0DC5C6D7303}"
[HKEY_CLASSES_ROOT\CLSID\{853B7E05-C47D-4985-909A-D0DC5C6D7303}]
2014-07-16 09:05 710304 ----a-w- c:\program files\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x86.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ AccExtIco3]
@="{42D38F2E-98E9-4382-B546-E24E4D6D04BB}"
[HKEY_CLASSES_ROOT\CLSID\{42D38F2E-98E9-4382-B546-E24E4D6D04BB}]
2014-07-16 09:05 710304 ----a-w- c:\program files\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x86.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"COMPUTER BILD Account-Alarm"="c:\program files\COMPUTER BILD Account-Alarm\COMPUTER BILD Account-Alarm.exe" [2014-09-09 2059264]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Biet-O-Matic.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Biet-O-Matic.lnk
backup=c:\windows\pss\Biet-O-Matic.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^Oliver^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=c:\users\Oliver\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup=c:\windows\pss\Adobe Gamma.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^Oliver^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Luffi.lnk]
path=c:\users\Oliver\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Luffi.lnk
backup=c:\windows\pss\Luffi.lnk.Startup
backupExtension=.Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Browser Infrastructure Helper
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DriverScanner
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ROC_ROC_NT
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vProt
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2015-03-06 22:22 1018056 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Creative Cloud]
2014-07-22 15:15 2694040 ----a-w- c:\program files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
2014-02-27 19:38 558496 ----a-w- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2014-02-12 19:57 43848 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GarminExpressTrayApp]
2013-12-13 09:36 1095000 ----a-w- c:\program files\Garmin\Express Tray\ExpressTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2013-05-30 12:50 96056 ----a-w- c:\program files\HP\HP Software Update\hpwuschd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2014-02-21 02:54 152392 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesPreload]
2013-04-23 11:48 1561968 ----a-w- c:\program files\Samsung\Kies\Kies.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesTrayAgent]
2013-04-23 11:48 311152 ----a-w- c:\program files\Samsung\Kies\KiesTrayAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mxomssmenu]
2007-09-06 12:53 169264 ----a-w- c:\program files\Maxtor\OneTouch Status\MaxMenuMgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Protector]
2013-10-12 01:15 141824 ----a-w- c:\windows\System32\wscript.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QTTask.exe]
2014-01-17 15:24 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2014-09-26 17:19 271744 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
.
R1 kl2;kl2;c:\windows\system32\DRIVERS\kl2.sys [x]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [x]
R2 ColorZillaStatsUpdater;ColorZillaStats Updater;c:\users\Oliver\AppData\LocalLow\ColorZillaStats\IE\ColorZillaStatsUpdater.exe [2012-06-18 18432]
R2 HP LaserJet Service;HP LaserJet Service;c:\program files\HP\HPLaserJetService\HPLaserJetService.exe [2010-10-27 145920]
R2 MBAMService;MBAMService;c:\program files\ Malwarebytes Anti-Malware \mbamservice.exe [2015-04-14 1080120]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [2013-04-03 83864]
R3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2010-07-15 14216]
R3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2010-07-15 8456]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\Common Files\MAGIX Services\Database\bin\fbserver.exe [2011-04-26 2702848]
R3 HPFXBULKLEDM;HPFXBULKLEDM;c:\windows\system32\drivers\hppcbulkio.sys [2010-10-03 20504]
R3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2015-04-21 102912]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [x]
R3 massfilter;Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [x]
R3 massfilter_hs;USB Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter_hs.sys [x]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys [2015-04-14 51928]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-12-16 14848]
R3 RegFilter;RegFilter;c:\program files\IObit\IObit Malware Fighter\drivers\win7_x86\regfilter.sys [x]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [2013-04-03 181912]
R3 swivsp;AC8xx Virtual Serial Port;c:\windows\system32\DRIVERS\swivspnt.sys [2007-03-26 20352]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-12-16 49664]
R3 UrlFilter;UrlFilter;c:\program files\IObit\IObit Malware Fighter\drivers\win7_x86\UrlFilter.sys [x]
S0 GDBehave;GDBehave;c:\windows\system32\drivers\GDBehave.sys [2014-11-30 44544]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S1 GDMnIcpt;GDMnIcpt;c:\windows\system32\drivers\MiniIcpt.sys [2014-11-30 101504]
S1 gdwfpcd;G Data WFP CD;c:\windows\system32\drivers\gdwfpcd32.sys [2014-11-30 53248]
S1 GRD;G Data Rootkit Detector Driver;c:\windows\system32\drivers\GRD.sys [2015-05-13 29528]
S1 HookCentre;HookCentre;c:\windows\system32\drivers\HookCentre.sys [2014-11-30 50176]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2014-08-02 208896]
S2 AVKProxy;G Data AntiVirus Proxy;c:\program files\Common Files\G Data\AVKProxy\AVKProxy.exe [2014-02-12 2244728]
S2 AVKService;G Data Scheduler;c:\program files\G Data\InternetSecurity\AVK\AVKService.exe [2013-12-19 914552]
S2 AVKWCtl;G Data Dateisystem Wächter;c:\program files\G Data\InternetSecurity\AVK\AVKWCtl.exe [2014-03-25 2159472]
S2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files\Common Files\MAGIX Services\Database\bin\FABS.exe [2012-01-23 1858048]
S2 Garmin Core Update Service;Garmin Core Update Service;c:\program files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [2013-12-13 250712]
S2 GtDetectSc;GtDetectSc;c:\program files\Option\Option WWAN Driver 5.0.32.0 Installer\GtDetectSc.exe [2009-05-04 545792]
S2 HP DS Service;HP DS Service;c:\program files\HP\HPBDSService\HPBDSService.exe [2010-10-27 13824]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [2014-08-02 77824]
S3 GDFwSvc;G Data Personal Firewall;c:\program files\G Data\InternetSecurity\Firewall\GDFwSvc.exe [2014-01-30 2409280]
S3 GDPkIcpt;GDPkIcpt;c:\windows\system32\drivers\PktIcpt.sys [2014-11-30 56832]
S3 GDScan;G Data Scanner;c:\program files\Common Files\G Data\GDScan\GDScan.exe [2014-02-03 700024]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2015-04-14 23256]
S3 MirayVirtualDisk;MirayVirtualDisk;c:\windows\system32\DRIVERS\mvdo.sys [2014-05-12 189392]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2014-08-02 716504]
S3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8192su.sys [2014-08-02 602216]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Inhalt des "geplante Tasks" Ordners
.
2015-02-16 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-24 14:10]
.
2015-05-12 c:\windows\Tasks\One-Click Optimizer.job
- c:\program files\Ashampoo\Ashampoo WinOptimizer 2014\WO2014.exe [2014-12-06 13:09]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
mStart Page = about:blank
uSearchAssistant = www.google.com
IE: An OneNote s&enden - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: Free YouTube Download - c:\program files\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm
IE: Free YouTube to MP3 Converter - c:\program files\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm
IE: Nach Microsoft E&xcel exportieren - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Oliver\AppData\Roaming\Mozilla\Firefox\Profiles\qq5xyiez.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo!
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
FF - prefs.js: keyword.URL - hxxps://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=800236&p=
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-10 - (no file)
HKU-Default-Run-Advanced SystemCare 7 - c:\program files\IObit\Advanced SystemCare 7\ASCTray.exe
SafeBoot-IMFservice
MSConfigStartUp-cltmng - (no file)
MSConfigStartUp-DataMgr - c:\users\Oliver\AppData\Roaming\DataMgr\datamgr.exe
MSConfigStartUp-FlashPlayerUpdate - c:\windows\system32\Macromed\Flash\FlashUtil32_11_4_402_287_Plugin.exe
MSConfigStartUp-IObit Malware Fighter - c:\program files\IObit\IObit Malware Fighter\IMF.exe
MSConfigStartUp-TU - c:\users\Oliver\AppData\Roaming\SDIV 2.0\Prot\tu\tu.exe
MSConfigStartUp-Yontoo Desktop - c:\users\Oliver\AppData\Roaming\Yontoo\YontooDesktop.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,e5,fc,ba,85,f2,8d,37,45,b7,10,a4,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2015-05-16 10:23:05
ComboFix-quarantined-files.txt 2015-05-16 08:23
.
Vor Suchlauf: 25 Verzeichnis(se), 484.583.170.048 Bytes frei
Nach Suchlauf: 26 Verzeichnis(se), 484.475.351.040 Bytes frei
.
- - End Of File - - D3E153054E3C4EAD24A3D37370428800
A36C5E4F47E84449FF07ED3517B43A31
|
|
17.05.2015, 07:17
| #10 |
| /// the machine /// TB-Ausbilder | DHL PDF im Spam Email geöffnet Downloade Dir bitte  Malwarebytes Anti-Malware
Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
17.05.2015, 14:20
| #11 |
| | DHL PDF im Spam Email geöffnetCode:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Error, 17.05.2015 11:01:50, SYSTEM, OLIVER-PC, Protection, IsLicensed, 13, Protection, 17.05.2015 11:01:50, SYSTEM, OLIVER-PC, Protection, Malware Protection, Stopping, Protection, 17.05.2015 11:01:50, SYSTEM, OLIVER-PC, Protection, Malware Protection, Stopped, Update, 17.05.2015 12:23:22, SYSTEM, OLIVER-PC, Manual, Rootkit Database, 2015.2.25.1, 2015.5.16.1, Update, 17.05.2015 12:23:22, SYSTEM, OLIVER-PC, Manual, Remediation Database, 2015.3.9.1, 2015.5.13.1, Update, 17.05.2015 12:23:24, SYSTEM, OLIVER-PC, Manual, Malware Database, 2015.3.9.5, 2015.5.16.6, Scan, 17.05.2015 14:19:34, SYSTEM, OLIVER-PC, Manual, Start: 17.05.2015 12:23:25, Dauer: 12 Minuten 46 Sekunden, Bedrohungs-Suchlauf, Abgeschlossen, 0 Malwareerkennung, "3" nicht-Malwareerkennung, Error, 17.05.2015 14:21:34, SYSTEM, OLIVER-PC, Protection, IsLicensed, 13, Protection, 17.05.2015 14:21:34, SYSTEM, OLIVER-PC, Protection, Malware Protection, Stopping, Protection, 17.05.2015 14:21:34, SYSTEM, OLIVER-PC, Protection, Malware Protection, Stopped, (end) Code:
ATTFilter # AdwCleaner v4.204 - Bericht erstellt 17/05/2015 um 14:30:37
# Aktualisiert 12/05/2015 von Xplode
# Datenbank : 2015-05-12.2 [Server]
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (x86)
# Benutzername : Oliver - OLIVER-PC
# Gestarted von : C:\Users\Oliver\Downloads\AdwCleaner_4.204.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
***** [ Geplante Tasks ] *****
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
***** [ Internetbrowser ] *****
-\\ Internet Explorer v11.0.9600.17801
-\\ Mozilla Firefox v37.0.2 (x86 de)
-\\ Google Chrome v
*************************
AdwCleaner[R0].txt - [14939 Bytes] - [14/05/2015 17:44:43]
AdwCleaner[R1].txt - [942 Bytes] - [17/05/2015 14:27:41]
AdwCleaner[R2].txt - [1058 Bytes] - [17/05/2015 14:29:32]
AdwCleaner[R3].txt - [1059 Bytes] - [17/05/2015 14:29:57]
AdwCleaner[S0].txt - [14331 Bytes] - [14/05/2015 17:49:24]
AdwCleaner[S1].txt - [981 Bytes] - [17/05/2015 14:30:37]
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1039 Bytes] ##########
Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.7.2 (05.15.2015:1)
OS: Windows 7 Home Premium x86
Ran by Oliver on 17.05.2015 at 14:38:13,83
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Tasks
Successfully deleted: [Task] C:\Windows\System32\tasks\Driver Booster Beta SkipUAC (Oliver)
Successfully deleted: [Task] C:\Windows\System32\tasks\Driver Booster SkipUAC (Oliver)
Successfully deleted: [Task] C:\Windows\System32\tasks\Driver Booster Update
Successfully deleted: [Task] C:\Windows\System32\tasks\One-Click Optimizer
Successfully deleted: [Task] C:\Windows\tasks\One-Click Optimizer.job
~~~ Registry Values
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{10921475-03CE-4E04-90CE-E2E7EF20C814}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{9D974C8C-6D92-44FB-BEAF-B45A1C0CF17F}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{10921475-03CE-4E04-90CE-E2E7EF20C814}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9D974C8C-6D92-44FB-BEAF-B45A1C0CF17F}
~~~ Files
Successfully deleted: [File] C:\Windows\wininit.ini
~~~ Folders
Successfully deleted: [Folder] C:\Program Files\myfree codec
Successfully deleted: [Folder] C:\Users\Oliver\documents\optimizer pro
~~~ FireFox
Successfully deleted: [File] C:\user.js
Emptied folder: C:\Users\Oliver\AppData\Roaming\mozilla\firefox\profiles\qq5xyiez.default\minidumps [1 files]
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 17.05.2015 at 14:39:41,19
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 16-05-2015 02
Ran by Oliver (administrator) on OLIVER-PC on 17-05-2015 15:18:30
Running from C:\Users\Oliver\Downloads
Loaded Profiles: Oliver (Available profiles: Oliver)
Platform: Microsoft Windows 7 Home Premium Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(G Data Software AG) C:\Program Files\Common Files\G Data\GDScan\GDScan.exe
(G Data Software AG) C:\Program Files\G Data\InternetSecurity\AVK\AVKWCtl.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(G Data Software AG) C:\Program Files\Common Files\G Data\AVKProxy\AVKProxy.exe
(G Data Software AG) C:\Program Files\G Data\InternetSecurity\AVK\AVKService.exe
() C:\Users\Oliver\AppData\LocalLow\ColorZillaStats\IE\ColorZillaStatsUpdater.exe
(Garmin Ltd or its subsidiaries) C:\Program Files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
(J3S GmbH) C:\Program Files\COMPUTER BILD Account-Alarm\COMPUTER BILD Account-Alarm.exe
(OptionNV) C:\Program Files\Option\Option WWAN Driver 5.0.32.0 Installer\GtDetectSc.exe
(Hewlett-Packard Company) C:\Program Files\HP\HPBDSService\HPBDSService.exe
(Seagate Technology LLC) C:\Program Files\Maxtor\Sync\SyncServices.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(G Data Software AG) C:\Program Files\G Data\InternetSecurity\Firewall\GDFwSvc.exe
(MAGIX AG) C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKU\S-1-5-19\...\Winlogon: [Shell] C:\Windows\explorer.exe [2616320 2012-12-16] (Microsoft Corporation) <==== ATTENTION
HKU\S-1-5-20\...\Winlogon: [Shell] C:\Windows\explorer.exe [2616320 2012-12-16] (Microsoft Corporation) <==== ATTENTION
HKU\S-1-5-21-718057176-2926429940-2907879898-1001\...\Run: [COMPUTER BILD Account-Alarm] => C:\Program Files\COMPUTER BILD Account-Alarm\COMPUTER BILD Account-Alarm.exe [2059264 2014-09-09] (J3S GmbH)
HKU\S-1-5-18\...\Winlogon: [Shell] C:\Windows\explorer.exe [2616320 2012-12-16] (Microsoft Corporation) <==== ATTENTION
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x86.dll [2014-07-16] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x86.dll [2014-07-16] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x86.dll [2014-07-16] ()
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\S-1-5-21-718057176-2926429940-2907879898-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-718057176-2926429940-2907879898-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-718057176-2926429940-2907879898-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-718057176-2926429940-2907879898-1001 -> {762EBE14-9072-4023-AA94-CEFD06BF3C89} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=vc_trans_8140&type=foxysecurity
BHO: CBAbzockschutz.InitToolbarBHO -> {2e250b90-0e7a-42a3-9d65-e39f9f227fa4} -> C:\Windows\system32\mscoree.dll [2010-11-05] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2014-11-30] (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2014-11-30] (Oracle Corporation)
Toolbar: HKLM - COMPUTERBILD-Abzockschutz - {353e2a48-6254-4bd3-88f4-3b51a0ca7870} - C:\Windows\system32\mscoree.dll [2010-11-05] (Microsoft Corporation)
Toolbar: HKU\.DEFAULT -> No Name - {5786D022-540E-4699-B350-B4BE0AE94B79} - No File
Toolbar: HKU\S-1-5-21-718057176-2926429940-2907879898-1001 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455}
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
FireFox:
========
FF ProfilePath: C:\Users\Oliver\AppData\Roaming\Mozilla\Firefox\Profiles\qq5xyiez.default
FF SelectedSearchEngine: Yahoo!
FF Homepage: hxxp://www.google.de/
FF Keyword.URL: https://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=800236&p=
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-15] ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2014-02-20] ()
FF Plugin: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-11-30] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2014-11-30] (Oracle Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)
FF Plugin: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2013-02-05] (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2012-12-13] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-03-17] (Adobe Systems Inc.)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2014-07-22] (Adobe Systems)
FF SearchPlugin: C:\Users\Oliver\AppData\Roaming\Mozilla\Firefox\Profiles\qq5xyiez.default\searchplugins\google-images.xml [2014-12-07]
FF SearchPlugin: C:\Users\Oliver\AppData\Roaming\Mozilla\Firefox\Profiles\qq5xyiez.default\searchplugins\google-maps.xml [2014-12-07]
FF Extension: No Name - C:\Users\Oliver\AppData\Roaming\Mozilla\Firefox\profiles\extensions\searchplugins [2013-07-01]
FF Extension: Movie2kDownloader - C:\Users\Oliver\AppData\Roaming\Mozilla\Firefox\profiles\extensions\movie2kdownloader@movie2kdownloader.com.xpi [2012-12-13]
FF Extension: Bitdefender QuickScan - C:\Users\Oliver\AppData\Roaming\Mozilla\Firefox\Profiles\qq5xyiez.default\Extensions\{e001c731-5e37-4538-a5cb-8168736a2360} [2015-05-14]
FF Extension: No Name - C:\Users\Oliver\AppData\Roaming\Mozilla\Firefox\Profiles\qq5xyiez.default\Extensions\cliqz@cliqz.com.xpi [2014-12-07]
FF HKU\S-1-5-21-718057176-2926429940-2907879898-1001\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files\Common Files\DVDVideoSoft\plugins\ff
FF Extension: Download videos and MP3s from YouTube - C:\Program Files\Common Files\DVDVideoSoft\plugins\ff [2014-08-03]
Chrome:
=======
CHR Profile: C:\Users\Oliver\AppData\Local\Google\Chrome\User Data\Default
CHR HKLM\...\Chrome\Extension: [cgfambohdeocadlemmdceabhlgccijal] - C:\Users\Oliver\AppData\LocalLow\ColorZillaStats\CHROME\ColorZillaStats.crx [2012-06-18]
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AVKProxy; C:\Program Files\Common Files\G Data\AVKProxy\AVKProxy.exe [2244728 2014-02-12] (G Data Software AG)
R2 AVKService; C:\Program Files\G Data\InternetSecurity\AVK\AVKService.exe [914552 2013-12-19] (G Data Software AG)
R2 AVKWCtl; C:\Program Files\G Data\InternetSecurity\AVK\AVKWCtl.exe [2159472 2014-03-25] (G Data Software AG)
R2 ColorZillaStatsUpdater; C:\Users\Oliver\AppData\LocalLow\ColorZillaStats\IE\ColorZillaStatsUpdater.exe [18432 2012-06-18] () [File not signed]
R2 Fabs; C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe [1858048 2012-01-23] (MAGIX AG) [File not signed]
S3 FirebirdServerMAGIXInstance; C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe [2702848 2011-04-26] (MAGIX®) [File not signed]
R2 Garmin Core Update Service; C:\Program Files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [250712 2013-12-13] (Garmin Ltd or its subsidiaries)
R3 GDFwSvc; C:\Program Files\G Data\InternetSecurity\Firewall\GDFwSvc.exe [2409280 2014-01-30] (G Data Software AG)
R3 GDScan; C:\Program Files\Common Files\G Data\GDScan\GDScan.exe [700024 2014-02-03] (G Data Software AG)
R2 GtDetectSc; C:\Program Files\Option\Option WWAN Driver 5.0.32.0 Installer\GtDetectSc.exe [545792 2009-05-04] (OptionNV) [File not signed]
R2 HP DS Service; C:\Program Files\HP\HPBDSService\HPBDSService.exe [13824 2010-10-27] (Hewlett-Packard Company) [File not signed]
S2 HP LaserJet Service; C:\Program Files\HP\HPLaserJetService\HPLaserJetService.exe [145920 2010-10-27] (HP) [File not signed]
R2 Maxtor Sync Service; C:\Program Files\Maxtor\Sync\SyncServices.exe [156976 2007-09-28] (Seagate Technology LLC)
S2 MBAMService; C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [45568 2012-07-31] (Hewlett-Packard) [File not signed]
S2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [55808 2012-07-31] (Hewlett-Packard) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S3 epmntdrv; C:\Windows\system32\epmntdrv.sys [14216 2010-07-15] () [File not signed]
S3 EuGdiDrv; C:\Windows\system32\EuGdiDrv.sys [8456 2010-07-15] () [File not signed]
R0 GDBehave; C:\Windows\System32\drivers\GDBehave.sys [44544 2014-11-30] (G Data Software AG)
R1 GDMnIcpt; C:\Windows\system32\drivers\MiniIcpt.sys [101504 2014-11-30] (G Data Software AG)
R3 GDPkIcpt; C:\Windows\system32\drivers\PktIcpt.sys [56832 2014-11-30] (G Data Software AG)
R1 gdwfpcd; C:\Windows\System32\drivers\gdwfpcd32.sys [53248 2014-11-30] (G Data Software AG)
R1 GRD; C:\Windows\system32\drivers\GRD.sys [29528 2015-05-13] (G Data Software)
R1 HookCentre; C:\Windows\system32\drivers\HookCentre.sys [50176 2014-11-30] (G Data Software AG)
S3 HPFXBULKLEDM; C:\Windows\System32\drivers\hppcbulkio.sys [20504 2010-10-03] (Hewlett Packard)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-04-14] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-04-14] (Malwarebytes Corporation)
R3 MirayVirtualDisk; C:\Windows\System32\DRIVERS\mvdo.sys [189392 2014-05-12] (Miray)
R3 MXOPSWD; C:\Windows\System32\DRIVERS\mxopswd.sys [22152 2007-05-03] (Maxtor Corp.)
S3 RTHDMIAzAudService; C:\Windows\System32\drivers\RtHDMIV.sys [204432 2014-03-29] (Realtek Semiconductor Corp.)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [428088 2012-11-04] () [File not signed]
S3 swivsp; C:\Windows\System32\DRIVERS\swivspnt.sys [20352 2007-03-26] (Sierra Wireless Inc.) [File not signed]
U5 AppMgmt; C:\Windows\system32\svchost.exe [20992 2009-07-14] (Microsoft Corporation)
S3 catchme; \??\C:\Users\Oliver\AppData\Local\Temp\catchme.sys [X]
U3 DfSdkS; No ImagePath
S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X]
S0 KL1; system32\DRIVERS\kl1.sys [X]
S1 kl2; system32\DRIVERS\kl2.sys [X]
S1 KLIF; system32\DRIVERS\klif.sys [X]
S1 KLIM6; system32\DRIVERS\klim6.sys [X]
S3 klmouflt; system32\DRIVERS\klmouflt.sys [X]
S3 massfilter; system32\drivers\massfilter.sys [X]
S3 massfilter_hs; system32\drivers\massfilter_hs.sys [X]
S3 RegFilter; \??\C:\Program Files\IObit\IObit Malware Fighter\drivers\win7_x86\regfilter.sys [X]
S3 UrlFilter; \??\C:\Program Files\IObit\IObit Malware Fighter\drivers\win7_x86\UrlFilter.sys [X]
S3 ZTEusbmdm6k; system32\DRIVERS\ZTEusbmdm6k.sys [X]
S3 ZTEusbnmea; system32\DRIVERS\ZTEusbnmea.sys [X]
S3 ZTEusbser6k; system32\DRIVERS\ZTEusbser6k.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-05-17 15:18 - 2015-05-17 15:18 - 00000000 ____D () C:\Users\Oliver\Downloads\FRST-OlderVersion
2015-05-17 14:39 - 2015-05-17 14:39 - 00001917 _____ () C:\Users\Oliver\Desktop\JRT.txt
2015-05-17 14:38 - 2015-05-17 14:38 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-OLIVER-PC-Windows-7-Home-Premium-(32-bit).dat
2015-05-17 14:38 - 2015-05-17 14:38 - 00000000 ____D () C:\RegBackup
2015-05-17 14:36 - 2015-05-16 02:11 - 02719698 _____ (Thisisu) C:\Users\Oliver\Desktop\JRT_NEW.exe
2015-05-17 14:27 - 2015-05-17 14:27 - 00001868 _____ () C:\Users\Oliver\Desktop\MBAM 170515.txt
2015-05-17 14:25 - 2015-05-17 14:25 - 00001103 _____ () C:\Users\Oliver\Desktop\MBAM.txt
2015-05-16 10:54 - 2015-05-16 10:54 - 00018489 _____ () C:\Users\Oliver\Desktop\Combofix.txt
2015-05-16 10:23 - 2015-05-16 10:23 - 00018489 _____ () C:\ComboFix.txt
2015-05-16 09:36 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-05-16 09:36 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-05-16 09:36 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-05-16 09:36 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-05-16 09:36 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-05-16 09:36 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2015-05-16 09:36 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2015-05-16 09:36 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2015-05-16 09:33 - 2015-05-16 09:05 - 05623645 ____R (Swearware) C:\Users\Oliver\Desktop\ComboFix.exe
2015-05-16 09:27 - 2015-05-16 09:27 - 01574204 _____ () C:\Users\Oliver\Downloads\Charts for KPI Board.xlsx
2015-05-16 09:07 - 2015-05-16 10:23 - 00000000 ____D () C:\Qoobox
2015-05-16 09:06 - 2015-05-16 10:22 - 00000000 ____D () C:\Windows\erdnt
2015-05-16 09:05 - 2015-05-16 09:05 - 05623645 ____R (Swearware) C:\Users\Oliver\Downloads\ComboFix.exe
2015-05-16 08:15 - 2015-05-16 08:15 - 00151854 _____ () C:\Users\Oliver\Downloads\5S Walks Scorecard.xlsx
2015-05-16 08:15 - 2015-05-16 08:15 - 00034164 _____ () C:\Users\Oliver\Downloads\5S Punchlist.xlsx
2015-05-16 08:12 - 2015-05-16 08:12 - 01334865 _____ () C:\Users\Oliver\Downloads\WKW MBO Matrix Review 2015 Updated.xlsx
2015-05-16 07:48 - 2015-05-16 07:48 - 01389909 _____ () C:\Users\Oliver\Downloads\Rework daily Report by Vincent.xlsx
2015-05-16 07:48 - 2015-05-16 07:48 - 00604095 _____ () C:\Users\Oliver\Downloads\Scrap Management Tracker (3).xlsx
2015-05-16 07:39 - 2015-05-16 07:39 - 00080093 _____ () C:\Users\Oliver\Downloads\Summary 5-14(2).xlsx
2015-05-16 07:38 - 2015-05-16 07:38 - 00080093 _____ () C:\Users\Oliver\Downloads\Summary 5-14(1).xlsx
2015-05-16 07:37 - 2015-05-16 07:37 - 00080093 _____ () C:\Users\Oliver\Downloads\Summary 5-14.xlsx
2015-05-15 08:58 - 2015-05-15 08:58 - 04197016 _____ (Kaspersky Lab ZAO) C:\Users\Oliver\Downloads\tdsskiller.exe
2015-05-14 17:53 - 2015-05-14 17:53 - 02721175 _____ (Thisisu) C:\Users\Oliver\Downloads\JRT.exe
2015-05-14 17:44 - 2015-05-17 14:30 - 00000000 ____D () C:\AdwCleaner
2015-05-14 17:43 - 2015-05-14 17:43 - 02209792 _____ () C:\Users\Oliver\Downloads\AdwCleaner_4.204.exe
2015-05-14 10:48 - 2015-05-14 10:52 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-05-14 10:47 - 2015-05-14 10:52 - 00000000 ____D () C:\Users\Oliver\Desktop\mbar
2015-05-14 10:47 - 2015-05-14 10:47 - 16502728 _____ (Malwarebytes Corp.) C:\Users\Oliver\Downloads\mbar-1.09.1.1004.exe
2015-05-14 10:41 - 2015-05-14 10:41 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Oliver\Downloads\revosetup95.exe
2015-05-14 10:20 - 2015-05-17 15:18 - 00014309 _____ () C:\Users\Oliver\Downloads\FRST.txt
2015-05-14 10:17 - 2015-05-15 10:18 - 00028590 _____ () C:\Users\Oliver\Downloads\Addition.txt
2015-05-14 10:15 - 2015-05-15 10:18 - 00035870 _____ () C:\Users\Oliver\Downloads\FRST.txt.txt
2015-05-14 10:13 - 2015-05-17 15:18 - 00000000 ____D () C:\FRST
2015-05-14 10:13 - 2015-05-14 10:13 - 00002471 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2015-05-14 10:13 - 2015-05-14 10:13 - 00002029 _____ () C:\Users\Public\Desktop\Acrobat Reader DC.lnk
2015-05-14 10:10 - 2015-05-14 17:39 - 00000000 ____D () C:\Program Files\WinSysClean X5
2015-05-14 10:10 - 2015-05-14 10:10 - 00000946 _____ () C:\Users\Public\Desktop\WinSysClean X5.lnk
2015-05-14 10:10 - 2015-05-14 10:10 - 00000000 __HDC () C:\ProgramData\{7AD360CC-1D61-4011-83BE-B257782BA5CB}
2015-05-14 10:10 - 2015-05-14 10:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ultimate Systems
2015-05-14 00:29 - 2015-05-17 14:31 - 00201908 _____ () C:\Windows\PFRO.log
2015-05-14 00:18 - 2015-05-01 15:16 - 00102608 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-14 00:15 - 2015-05-14 00:16 - 00000000 ____D () C:\Users\Oliver\AppData\Roaming\QuickScan
2015-05-14 00:12 - 2015-05-14 00:12 - 50811104 _____ (Microsoft Corporation) C:\Users\Oliver\Downloads\Windows-KB890830-V5.24.exe
2015-05-14 00:09 - 2015-05-14 00:09 - 01203488 _____ () C:\Users\Oliver\Downloads\SpyBot Search Destroy - CHIP-Installer.exe
2015-05-14 00:03 - 2015-05-14 00:03 - 00079470 _____ () C:\Maleware.txt
2015-05-13 23:43 - 2015-05-13 23:43 - 50629792 _____ (Adobe Systems Incorporated) C:\Users\Oliver\Downloads\AcroRdrDC1500720033_de_DE.exe
2015-05-13 23:39 - 2015-05-05 03:12 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-05-13 23:39 - 2015-04-20 04:56 - 01250816 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-05-13 23:39 - 2015-04-20 04:56 - 00909312 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-05-13 23:39 - 2015-04-20 04:03 - 02382336 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-05-13 23:39 - 2015-04-18 04:56 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2015-05-13 23:39 - 2015-04-04 05:10 - 00137656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-05-13 23:39 - 2015-04-04 05:10 - 00067512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-05-13 23:39 - 2015-04-04 05:05 - 01061376 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-05-13 23:39 - 2015-04-04 05:05 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-05-13 23:39 - 2015-04-04 05:05 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-05-13 23:39 - 2015-04-04 05:05 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-05-13 23:39 - 2015-04-04 05:05 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-05-13 23:39 - 2015-04-04 05:05 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-05-13 23:39 - 2015-04-04 05:05 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-05-13 23:39 - 2015-04-04 05:05 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-05-13 23:39 - 2015-04-04 05:05 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-05-13 23:39 - 2015-04-04 05:05 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-05-13 23:39 - 2015-04-04 05:04 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-05-13 23:39 - 2015-04-04 05:04 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-05-13 23:39 - 2015-04-04 05:01 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-05-13 23:39 - 2015-04-04 05:01 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-05-13 23:39 - 2015-04-04 04:59 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-05-13 23:38 - 2015-04-22 03:48 - 00342736 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-05-13 23:38 - 2015-04-21 18:25 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-05-13 23:38 - 2015-04-21 18:25 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-05-13 23:38 - 2015-04-21 18:24 - 19691008 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-05-13 23:38 - 2015-04-21 18:11 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-05-13 23:38 - 2015-04-21 18:11 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-05-13 23:38 - 2015-04-21 18:10 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-05-13 23:38 - 2015-04-21 18:09 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-05-13 23:38 - 2015-04-21 18:08 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-05-13 23:38 - 2015-04-21 18:04 - 02278400 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-05-13 23:38 - 2015-04-21 18:03 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-05-13 23:38 - 2015-04-21 18:02 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-05-13 23:38 - 2015-04-21 18:00 - 00478208 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-05-13 23:38 - 2015-04-21 17:58 - 00664576 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-05-13 23:38 - 2015-04-21 17:58 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-05-13 23:38 - 2015-04-21 17:58 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-05-13 23:38 - 2015-04-21 17:57 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-05-13 23:38 - 2015-04-21 17:51 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-05-13 23:38 - 2015-04-21 17:48 - 00418304 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-05-13 23:38 - 2015-04-21 17:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-05-13 23:38 - 2015-04-21 17:39 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-05-13 23:38 - 2015-04-21 17:38 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-05-13 23:38 - 2015-04-21 17:36 - 00285696 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-05-13 23:38 - 2015-04-21 17:31 - 04305920 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-05-13 23:38 - 2015-04-21 17:26 - 00688640 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-05-13 23:38 - 2015-04-21 17:26 - 00685568 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-05-13 23:38 - 2015-04-21 17:25 - 02052608 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-05-13 23:38 - 2015-04-21 17:24 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-05-13 23:38 - 2015-04-21 17:17 - 12828672 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-05-13 23:38 - 2015-04-21 17:02 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-05-13 23:38 - 2015-04-21 16:58 - 01310208 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-05-13 23:38 - 2015-04-21 16:56 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-05-13 23:38 - 2015-04-13 05:19 - 00259072 _____ (Microsoft Corporation) C:\Windows\system32\services.exe
2015-05-13 23:33 - 2015-04-08 05:14 - 00216064 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2015-05-13 23:33 - 2015-04-08 05:14 - 00019968 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll
2015-05-13 23:33 - 2015-02-18 09:06 - 00123904 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2015-05-13 23:28 - 2015-05-13 23:28 - 00015192 _____ (G Data Software) C:\Windows\system32\Drivers\GdPhyMem.sys
2015-05-13 23:27 - 2015-05-13 23:27 - 00029528 _____ (G Data Software) C:\Windows\system32\Drivers\GRD.sys
2015-05-13 23:25 - 2015-05-17 14:26 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-05-13 23:24 - 2015-05-14 10:47 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-05-13 23:24 - 2015-05-13 23:24 - 00387960 _____ () C:\Users\Oliver\Downloads\spybot-2.4_CB-DL-Manager.exe
2015-05-13 23:24 - 2015-05-13 23:24 - 00001080 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-05-13 23:24 - 2015-05-13 23:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2015-05-13 23:24 - 2015-04-14 09:37 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-05-13 23:24 - 2015-04-14 09:37 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-05-13 23:22 - 2015-05-13 23:23 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\Oliver\Downloads\mbam-setup-2.1.6.1022.exe
2015-05-08 06:55 - 2015-05-08 06:55 - 00144216 _____ () C:\Windows\Minidump\050815-34757-01.dmp
2015-05-07 17:23 - 2015-05-07 17:23 - 00000000 _____ () C:\Windows\Minidump\050715-37284-01.dmp
2015-05-03 12:14 - 2015-05-03 12:14 - 64660408 _____ (DVDVideoSoft Ltd. ) C:\Users\Oliver\Downloads\FreeStudio(1).exe
2015-05-03 12:08 - 2015-05-03 12:08 - 00001283 _____ () C:\Users\Oliver\Desktop\Free YouTube to MP3 Converter Installation fortsetzen.lnk
2015-05-03 11:53 - 2015-05-03 11:53 - 00001127 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-05-03 11:53 - 2015-05-03 11:53 - 00001115 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-04-17 18:47 - 2015-03-25 05:00 - 03088384 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-04-17 18:47 - 2015-03-25 05:00 - 02020864 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-04-17 18:47 - 2015-03-25 05:00 - 00566784 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-04-17 18:47 - 2015-03-25 05:00 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-04-17 18:47 - 2015-03-25 05:00 - 00131584 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-04-17 18:47 - 2015-03-25 05:00 - 00092672 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-04-17 18:47 - 2015-03-25 05:00 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-04-17 18:47 - 2015-03-25 05:00 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-04-17 18:47 - 2015-03-25 05:00 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-04-17 18:47 - 2015-03-25 05:00 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-04-17 18:47 - 2015-03-25 05:00 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-04-17 18:47 - 2015-03-17 07:01 - 03976632 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2015-04-17 18:47 - 2015-03-17 07:01 - 03920824 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-04-17 18:47 - 2015-03-17 06:59 - 01306112 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-04-17 18:47 - 2015-03-17 06:57 - 00400896 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-04-17 18:47 - 2015-03-17 06:57 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-04-17 18:47 - 2015-03-17 06:56 - 00262656 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-04-17 18:47 - 2015-03-17 06:56 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-04-17 18:47 - 2015-03-17 06:56 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-04-17 18:47 - 2015-03-17 06:50 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-04-17 18:47 - 2015-03-05 06:06 - 00305152 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-04-17 18:47 - 2015-03-04 06:16 - 00249784 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
2015-04-17 18:47 - 2015-03-04 06:10 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\clfsw32.dll
2015-04-17 18:45 - 2015-03-10 05:08 - 01237504 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-04-17 18:45 - 2015-03-10 05:05 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2015-04-17 18:45 - 2015-02-25 05:03 - 00514560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-05-17 15:18 - 2014-10-04 21:29 - 01146368 _____ (Farbar) C:\Users\Oliver\Downloads\FRST.exe
2015-05-17 14:51 - 2009-07-14 06:34 - 00009696 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-05-17 14:51 - 2009-07-14 06:34 - 00009696 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-05-17 14:48 - 2012-06-24 00:24 - 01612484 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-05-17 14:47 - 2015-03-01 11:36 - 01594261 _____ () C:\Windows\WindowsUpdate.log
2015-05-17 14:43 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-05-17 14:42 - 2015-03-01 12:33 - 00003136 _____ () C:\Windows\setupact.log
2015-05-16 10:23 - 2009-07-14 04:37 - 00000000 __RHD () C:\Users\Default
2015-05-16 10:23 - 2009-07-14 04:37 - 00000000 ___RD () C:\Users\Public
2015-05-16 10:21 - 2009-07-14 04:04 - 00000215 _____ () C:\Windows\system.ini
2015-05-16 09:46 - 2012-06-24 00:20 - 00000000 ____D () C:\Users\Oliver
2015-05-16 09:04 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\rescache
2015-05-16 07:50 - 2012-06-24 11:30 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-05-15 09:18 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2015-05-14 17:39 - 2013-05-25 18:42 - 00000000 ____D () C:\Users\Oliver\AppData\Local\CrashDumps
2015-05-14 11:16 - 2009-07-14 10:56 - 00000000 ____D () C:\Program Files\Windows Journal
2015-05-14 10:45 - 2014-11-30 12:25 - 00000000 ____D () C:\Users\Oliver\AppData\Roaming\Adobe
2015-05-14 10:45 - 2012-06-24 16:16 - 00000000 ____D () C:\Users\Oliver\AppData\Local\Adobe
2015-05-14 10:41 - 2013-08-14 16:00 - 00001244 _____ () C:\Users\Oliver\Desktop\Revo Uninstaller.lnk
2015-05-14 10:13 - 2012-11-25 22:15 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2015-05-14 10:13 - 2012-11-25 22:15 - 00000000 ____D () C:\Program Files\Adobe
2015-05-14 10:12 - 2012-06-24 08:01 - 00000000 ____D () C:\ProgramData\Adobe
2015-05-14 00:32 - 2014-12-21 14:39 - 03917872 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-05-14 00:30 - 2012-07-28 17:23 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2015-05-14 00:28 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\de-DE
2015-05-13 23:24 - 2014-11-30 11:35 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware
2015-05-13 22:46 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\wfp
2015-05-13 22:44 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\registration
2015-05-13 22:44 - 2009-07-14 04:37 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2015-05-13 09:02 - 2014-12-10 21:59 - 00000000 ____D () C:\Windows\system32\MRT
2015-05-08 06:55 - 2015-03-27 10:51 - 270438553 _____ () C:\Windows\MEMORY.DMP
2015-05-08 06:55 - 2014-03-25 10:08 - 00000000 ____D () C:\Windows\Minidump
2015-05-04 15:59 - 2014-08-17 18:40 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2015-05-03 12:39 - 2012-10-28 19:49 - 00742912 ___SH () C:\Users\Oliver\Downloads\Thumbs.db
2015-05-03 12:16 - 2014-11-30 12:34 - 00000000 ____D () C:\Users\Oliver\AppData\Roaming\DVDVideoSoft
2015-05-03 12:16 - 2014-08-03 16:07 - 00001213 _____ () C:\Users\Public\Desktop\DVDVideoSoft Free Studio.lnk
2015-05-03 12:16 - 2014-08-03 16:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
2015-05-03 12:16 - 2014-08-03 16:06 - 00000000 ____D () C:\Program Files\DVDVideoSoft
2015-05-03 12:16 - 2013-06-30 12:35 - 00002316 _____ () C:\Users\Public\Desktop\Free YouTube to MP3 Converter.lnk
2015-05-03 12:15 - 2014-08-03 16:06 - 00000000 ____D () C:\Program Files\Common Files\DVDVideoSoft
2015-05-03 11:53 - 2015-02-15 14:11 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-05-03 11:37 - 2013-08-04 10:59 - 00000000 ____D () C:\Program Files\AntiBrowserSpy
2015-05-03 11:36 - 2015-02-15 14:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AntiBrowserSpy
2015-05-03 11:36 - 2012-06-24 08:21 - 00000000 ____D () C:\Users\Oliver\AppData\Local\Abelssoft
2015-05-03 11:36 - 2012-06-24 00:29 - 00000000 ____D () C:\Users\Oliver\AppData\Local\Mozilla
2015-04-30 10:07 - 2012-06-24 08:23 - 137310008 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-04-17 19:24 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\AppCompat
==================== Files in the root of some directories =======
2013-05-29 15:04 - 2013-06-16 14:30 - 8334304 _____ (WindSolutions) C:\Program Files\CopyTransManager.exe
2012-01-05 18:39 - 2013-06-16 14:30 - 0012943 _____ () C:\Program Files\License Agreement.rtf
2014-11-30 13:12 - 2014-11-30 13:12 - 0000000 _____ () C:\Users\Oliver\AppData\Roaming\gdfw.log
2014-11-30 13:12 - 2014-11-30 13:12 - 0000779 _____ () C:\Users\Oliver\AppData\Roaming\gdscan.log
2012-09-30 21:24 - 2012-10-28 15:08 - 0010752 _____ () C:\Users\Oliver\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-03-08 09:40 - 2013-03-08 09:40 - 0000017 _____ () C:\Users\Oliver\AppData\Local\resmon.resmoncfg
2012-06-24 07:54 - 2012-06-24 07:54 - 0017408 _____ () C:\Users\Oliver\AppData\Local\WebpageIcons.db
2012-09-23 10:48 - 2012-09-23 10:48 - 0000045 _____ () C:\ProgramData\.SimImages
2014-03-29 11:01 - 2014-03-29 11:01 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
Files to move or delete:
====================
C:\Users\Oliver\ashampoo_burning_studio_2013_11.0.6_12630.exe
Some content of TEMP:
====================
C:\Users\Oliver\AppData\Local\temp\Quarantine.exe
C:\Users\Oliver\AppData\Local\temp\sqlite3.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-05-16 08:56
==================== End Of Log ============================
--- --- --- Geändert von OliverF (17.05.2015 um 13:40 Uhr) |
|
18.05.2015, 09:08
| #12 |
| /// the machine /// TB-Ausbilder | DHL PDF im Spam Email geöffnetESET Online Scanner
Downloade Dir bitte  SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
19.05.2015, 19:49
| #13 |
| | DHL PDF im Spam Email geöffnetCode:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=6fae39a46a62344495a4980a5930ab87
# engine=23900
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-05-19 06:12:34
# local_time=2015-05-19 08:12:34 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 292639 183690345 0 0
# scanned=515543
# found=109
# cleaned=0
# scan_time=77350
sh=A1280B1F085B8284DC157EC359BD1ADA091CFE7E ft=1 fh=d8aa3384d1249a40 vn="Variante von Win32/Toolbar.Conduit.P evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Oliver\AppData\LocalLow\Ashampoo_DE\ldrtbAsh0.dll.vir"
sh=0460B794834ED78BE69BA5EB9C0E6211EBEAD9B6 ft=1 fh=0f8145e534b0e78b vn="Variante von Win32/Toolbar.Conduit.P evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Oliver\AppData\LocalLow\Ashampoo_DE\ldrtbAsha.dll.vir"
sh=92E84D2216A7763D580E42FA2493CCF67D0D0560 ft=1 fh=e8efc42494afd9f6 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Oliver\AppData\LocalLow\Ashampoo_DE\tbAsh0.dll.vir"
sh=42C28E041EA5F8B06D4857E8E6FCA75ABD4BCF2F ft=1 fh=b55fe72874790c5f vn="Win32/Toolbar.Conduit.Y evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Oliver\AppData\LocalLow\Ashampoo_DE\tbAsh1.dll.vir"
sh=8CA209A796CAB152BC9907BCEF283C221AC5F058 ft=1 fh=16efebacbcd5a9c9 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Oliver\AppData\LocalLow\Ashampoo_DE\tbAsha.dll.vir"
sh=42772F07BC6904244A02C1C3D4936653067CD956 ft=1 fh=a28f72486ce580da vn="Variante von Win32/Adware.Snoozer.I Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Oliver\AppData\Roaming\SDIV 2.0\Prot\tu\tu.exe.vir"
sh=C789CA20FB9046F4F28BB58D8684C38F217DEAF5 ft=1 fh=c71c001100829487 vn="Variante von Win32/Toolbar.SearchSuite.P evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files\Free Videos To DVD\Helper.dll"
sh=EF4D2802FC4981213869E8FF1B9845F5D016563F ft=1 fh=559bad56e0a30c3a vn="Variante von Win32/KoyoteLab.A evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files\Free Videos To DVD\Uninstall.exe"
sh=ADF04CE43F39FCA757947B4609B8C16AF0A83983 ft=0 fh=0000000000000000 vn="Variante von Android/AdDisplay.AppFlood.A evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files\IObit\ManageMyMobile\MobileCare.apk"
sh=CEF8BAE91D4D3EC24FD95E5D614F12E61CD10245 ft=0 fh=0000000000000000 vn="JS/SecurityDisabler.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Oliver\AppData\Roaming\Mozilla\Firefox\Profiles\user.js"
sh=88DBE5F113DF37C1780ED9B0D8FC144CA20600D8 ft=1 fh=ae439cb8cb701357 vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Oliver\Downloads\ashampoo_burning_studio_2012_cbe_11.0.4_sd.exe"
sh=9AAEEE36FF7D7BF9FFDF7FFA28C8AA51B82E1685 ft=1 fh=9ad6d679119793fd vn="Variante von Win32/InstallShare.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Oliver\Downloads\ashampoo_burning_studio_6_free_6.81_4312+(1).exe"
sh=873C7BAB0437D0B3A06B30F43BFD035921C232E8 ft=1 fh=fd339984886f2551 vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Oliver\Downloads\ashampoo_photo_commander_9_9.4.3_11587.exe"
sh=F07B0D8D95C2C0FFAF182B35A52936684F165EFF ft=1 fh=45f9f39b7cff38f3 vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Oliver\Downloads\ashampoo_winoptimizer_2012_8.1.4_11293.exe"
sh=A286C0831A97F92D5B02D4B93E86530036A8699D ft=1 fh=541a6d15877510a0 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Oliver\Downloads\ashampoo_winoptimizer_6_6.60_7259.exe"
sh=B0540109FE5A48A6D745A1D6C63E5B3114C1B330 ft=1 fh=543fa6740cf59aca vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Oliver\Downloads\Cain Abel - CHIP-Installer.exe"
sh=5A57010EA3C1E61AE84AA45A2551DBBD9649D692 ft=1 fh=86b596c4c976ff4c vn="Variante von Win32/CNETInstaller.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Oliver\Downloads\cbsidlm-cbsi5_4_0_104-Advanced_SystemCare-BP-10407614.exe"
sh=A3EE0D539F0781413EF0CE09FEF4700E8CA966E7 ft=1 fh=71669897b613790b vn="Variante von Win32/InstallCore.SW evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Oliver\Downloads\ccsetup501_CB-DL-Manager.exe"
sh=97190A7811348D960B0DAD97AF3BF0FE99ED26FE ft=1 fh=ea6109d47396bc06 vn="Win32/AdWare.1ClickDownload.AT Anwendung" ac=I fn="C:\Users\Oliver\Downloads\die_bestimmer.exe"
sh=3837DCC6FC0D2C7D2CD6765EE18175468E314815 ft=1 fh=404bf2cda126427a vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Oliver\Downloads\FreeYouTubeToMP3Converter31126.exe"
sh=EF476640E69604879C540915C4BCBA9CF9F6A332 ft=1 fh=f1da0bf17500491a vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Oliver\Downloads\FreeYouTubeToMP3Converter33.exe"
sh=7A7C3EB794BE718DCF4A0174205B63B62321A796 ft=1 fh=c71c00112927adeb vn="Variante von Win32/InstallCore.BY evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Oliver\Downloads\FreeYouTubeToMP3Converter_3.12.31.325.exe"
sh=C20CFE6E767EF500FB6040954A731C2ADB7F7963 ft=1 fh=0cda0195842264eb vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Oliver\Downloads\Microsoft NET Framework 4 5 2 - CHIP-Installer.exe"
sh=C18FD5821B298270D28948BE01C61C5C7BD46AD8 ft=1 fh=e915d585e272ff86 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Oliver\Downloads\SpyBot Search Destroy - CHIP-Installer.exe"
sh=3DC59426191858EFB608133920C27C21E0505FA1 ft=1 fh=2f24179b042dc93a vn="Variante von Win32/DownloadGuide.H evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Oliver\Downloads\spybot-2.4_CB-DL-Manager.exe"
sh=968039F0A18559EBFD708FF9006E48552EC57416 ft=1 fh=65fff58717781a8d vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Oliver\Downloads\T Online Software - CHIP-Installer.exe"
sh=A4DA23AA2476A215E88671C71353BDF2917045BD ft=1 fh=17dc477ef32558a6 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Oliver\Downloads\VLC media player 32 Bit - CHIP-Installer.exe"
sh=16281647E4142852245C84C1D79F789EBD1DFE0B ft=1 fh=5865e39aac92b6c9 vn="Variante von Win32/WinloadSDA.J evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Oliver\Downloads\Windows-Movie-Maker-2012-Setup.exe"
sh=A1280B1F085B8284DC157EC359BD1ADA091CFE7E ft=1 fh=d8aa3384d1249a40 vn="Variante von Win32/Toolbar.Conduit.P evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\LocalLow\Ashampoo_DE\ldrtbAsh0.dll"
sh=C2C7BD3BD6C75D5DBCCA298C785C208AB6C73CF0 ft=1 fh=154117e7567d41ef vn="Variante von Win32/Toolbar.Conduit.P evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\LocalLow\Ashampoo_DE\ldrtbAsh2.dll"
sh=92E84D2216A7763D580E42FA2493CCF67D0D0560 ft=1 fh=e8efc42494afd9f6 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\LocalLow\Ashampoo_DE\tbAsh0.dll"
sh=41CDE566540E31CF556FFC948255F45D4A94EAF8 ft=1 fh=3fb8233a96c1e513 vn="Variante von Win32/Toolbar.Conduit.Y evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\LocalLow\Ashampoo_DE\tbAsh1.dll"
sh=5C684D51F07A183EEA13D66F5C7E9630C48D93B5 ft=1 fh=53be76e80c29ad73 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\LocalLow\Ashampoo_DE\tbAsh2.dll"
sh=61A8D16A5586134040C587C83F285C978EC432E3 ft=1 fh=550beeaa64c08289 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Program Files\tbsoft.dll"
sh=A47739F27C4BC8FD3A48B4A90B40679DF1218E1B ft=1 fh=ab4f3351c96b3042 vn="Win32/Toolbar.Conduit.Y evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Program Files\Conduit\Community Alerts\Alert.dll"
sh=535083D61D58BC4975012BC060A7D06DC6012DDE ft=1 fh=0d7c9d1074a9eb70 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Program Files\ConduitEngine\ConduitEngine.dll"
sh=1E00782FEC3CA539AE30F866502633FF550356C6 ft=1 fh=46da0b21d76c5220 vn="Variante von Win32/Toolbar.Conduit.P evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Program Files\DVDVideoSoftTB\ldrtbDVDV.dll"
sh=3E30150D840AC9A0C0A7969D2FFD45118BE827D6 ft=1 fh=afbdb7c39edb934a vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Program Files\DVDVideoSoftTB\tbDVDV.dll"
sh=1E00782FEC3CA539AE30F866502633FF550356C6 ft=1 fh=46da0b21d76c5220 vn="Variante von Win32/Toolbar.Conduit.P evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Program Files\MyAshampoo\ldrtbMyA0.dll"
sh=3E30150D840AC9A0C0A7969D2FFD45118BE827D6 ft=1 fh=afbdb7c39edb934a vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Program Files\MyAshampoo\tbMyA0.dll"
sh=B4267CC9FBAA1133921BBF40835E07DAA481E025 ft=1 fh=39d86043333a1074 vn="Variante von Win32/Toolbar.Conduit.Y evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Program Files\MyAshampoo\tbMyA1.dll"
sh=535083D61D58BC4975012BC060A7D06DC6012DDE ft=1 fh=0d7c9d1074a9eb70 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Program Files\MyAshampoo\tbMyAs.dll"
sh=1E00782FEC3CA539AE30F866502633FF550356C6 ft=1 fh=46da0b21d76c5220 vn="Variante von Win32/Toolbar.Conduit.P evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Program Files\softonic-de3\ldrtbsof2.dll"
sh=B4267CC9FBAA1133921BBF40835E07DAA481E025 ft=1 fh=39d86043333a1074 vn="Variante von Win32/Toolbar.Conduit.Y evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Program Files\softonic-de3\tbsof0.dll"
sh=DB1C8E852F46071B2163E77F88966B7951A2CE59 ft=1 fh=fcd24e9a58665dd2 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Program Files\softonic-de3\tbsof1.dll"
sh=3E30150D840AC9A0C0A7969D2FFD45118BE827D6 ft=1 fh=afbdb7c39edb934a vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Program Files\softonic-de3\tbsof2.dll"
sh=61A8D16A5586134040C587C83F285C978EC432E3 ft=1 fh=550beeaa64c08289 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Program Files\softonic-de3\tbsoft.dll"
sh=18A8B55C6CC3AA33FB809DF66BCCE9D5044ABDC8 ft=0 fh=0000000000000000 vn="Variante von Win32/Toolbar.SearchSuite.Z evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\ProgramData\{A37818CF-E0CC-4A13-B685-605AE2F01FD2}\iLividSetupV1.res"
sh=18A8B55C6CC3AA33FB809DF66BCCE9D5044ABDC8 ft=0 fh=0000000000000000 vn="Variante von Win32/Toolbar.SearchSuite.Z evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Users\All Users\Anwendungsdaten\{A37818CF-E0CC-4A13-B685-605AE2F01FD2}\iLividSetupV1.res"
sh=18A8B55C6CC3AA33FB809DF66BCCE9D5044ABDC8 ft=0 fh=0000000000000000 vn="Variante von Win32/Toolbar.SearchSuite.Z evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Users\All Users\Application Data\{A37818CF-E0CC-4A13-B685-605AE2F01FD2}\iLividSetupV1.res"
sh=18A8B55C6CC3AA33FB809DF66BCCE9D5044ABDC8 ft=0 fh=0000000000000000 vn="Variante von Win32/Toolbar.SearchSuite.Z evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Users\All Users\{A37818CF-E0CC-4A13-B685-605AE2F01FD2}\iLividSetupV1.res"
sh=61A8D16A5586134040C587C83F285C978EC432E3 ft=1 fh=550beeaa64c08289 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Users\Oliver\AppData\Local\Temp\GLF52C5.tmp.tbsoft.dll"
sh=1E00782FEC3CA539AE30F866502633FF550356C6 ft=1 fh=46da0b21d76c5220 vn="Variante von Win32/Toolbar.Conduit.P evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Users\Oliver\AppData\LocalLow\DVDVideoSoftTB\ldrtbDVDV.dll"
sh=3E30150D840AC9A0C0A7969D2FFD45118BE827D6 ft=1 fh=afbdb7c39edb934a vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Users\Oliver\AppData\LocalLow\DVDVideoSoftTB\tbDVDV.dll"
sh=7A5B168BB2B8C06B2A9134B656BBF195830D21C2 ft=1 fh=55d4f387d8566cf4 vn="Variante von Win32/PriceGong.A evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Users\Oliver\AppData\LocalLow\DVDVideoSoftTB\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}\3.1.1\bin\PriceGongIE.dll"
sh=7A5B168BB2B8C06B2A9134B656BBF195830D21C2 ft=1 fh=55d4f387d8566cf4 vn="Variante von Win32/PriceGong.A evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Users\Oliver\AppData\LocalLow\MyAshampoo\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}\3.1.1\bin\PriceGongIE.dll"
sh=7A5B168BB2B8C06B2A9134B656BBF195830D21C2 ft=1 fh=55d4f387d8566cf4 vn="Variante von Win32/PriceGong.A evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Users\Oliver\AppData\LocalLow\softonic-de3\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}\3.1.1\bin\PriceGongIE.dll"
sh=26590FB2BCD90BDE7F3C89B7AE4B684B24F74CD2 ft=1 fh=f46f5e2b9517bece vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Users\Oliver\Desktop\softonic-Deutsch.exe"
sh=5DB98979ADD38D336948BF2F7C3F0E6522D57653 ft=1 fh=1705691294487aa4 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Users\Oliver\Documents\FreeYouTubeToMp3Converter36.exe"
sh=6263607BB180464D842C41133E5E924858DEE08A ft=1 fh=96e51c6b5d09d479 vn="Win32/Toolbar.Montiera.I evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Users\Oliver\Downloads\agsetup183se.exe"
sh=EAC09F47D553E51104873715F0AFA0EEA7581A3D ft=1 fh=b629d4a88e042e05 vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Users\Oliver\Downloads\FreeAudioCDToMP3Converter.exe"
sh=360EC09373EE0D5AC1C3B9E8936C25210EBA18DD ft=1 fh=697d93dfd60539b8 vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Users\Oliver\Downloads\FreeYouTubeToiPodConverter.exe"
sh=EFE18936F2B5E8A0B5C12EC91AABE61340D0E21F ft=1 fh=5b72a786647d35c4 vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Users\Oliver\Downloads\FreeYouTubeToiPodConverter31014.exe"
sh=BEB2872C5EE9890C656B293C5EFBAD0220B4E538 ft=1 fh=3852d8d68dbe73c3 vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Users\Oliver\Downloads\FreeYouTubeToMP3Converter.exe"
sh=5DB98979ADD38D336948BF2F7C3F0E6522D57653 ft=1 fh=1705691294487aa4 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Users\Oliver\Eigene Dateien\FreeYouTubeToMp3Converter36.exe"
sh=61A8D16A5586134040C587C83F285C978EC432E3 ft=1 fh=550beeaa64c08289 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Users\Oliver\Lokale Einstellungen\Temp\GLF52C5.tmp.tbsoft.dll"
sh=99B7227A5AA4CBE43507266FC2309D52398175A2 ft=0 fh=0000000000000000 vn="Variante von Win32/Toolbar.Babylon.Q evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Windows\Installer\37c964f.msi"
sh=ABF759CA3BFB16DE62197DD7C417AC5039A43AE0 ft=1 fh=1801af74030ebca1 vn="Variante von Win32/PriceGong.A evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Windows\System32\config\Oliver\AppData\LocalLow\softonic-de3\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}\3.5.3\bin\PriceGongIE.dll"
sh=1E00782FEC3CA539AE30F866502633FF550356C6 ft=1 fh=46da0b21d76c5220 vn="Variante von Win32/Toolbar.Conduit.P evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Windows\System32\config\systemprofile\AppData\LocalLow\DVDVideoSoftTB\ldrtbDVDV.dll"
sh=3E30150D840AC9A0C0A7969D2FFD45118BE827D6 ft=1 fh=afbdb7c39edb934a vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Windows\System32\config\systemprofile\AppData\LocalLow\DVDVideoSoftTB\tbDVDV.dll"
sh=ABF759CA3BFB16DE62197DD7C417AC5039A43AE0 ft=1 fh=1801af74030ebca1 vn="Variante von Win32/PriceGong.A evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Windows\System32\config\systemprofile\AppData\LocalLow\DVDVideoSoftTB\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}\3.5.3\bin\PriceGongIE.dll"
sh=1E00782FEC3CA539AE30F866502633FF550356C6 ft=1 fh=46da0b21d76c5220 vn="Variante von Win32/Toolbar.Conduit.P evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Windows\System32\config\systemprofile\AppData\LocalLow\MyAshampoo\ldrtbMyA0.dll"
sh=3E30150D840AC9A0C0A7969D2FFD45118BE827D6 ft=1 fh=afbdb7c39edb934a vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Windows\System32\config\systemprofile\AppData\LocalLow\MyAshampoo\tbMyA0.dll"
sh=1E00782FEC3CA539AE30F866502633FF550356C6 ft=1 fh=46da0b21d76c5220 vn="Variante von Win32/Toolbar.Conduit.P evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Windows\System32\config\systemprofile\AppData\LocalLow\softonic-de3\ldrtbsof2.dll"
sh=3E30150D840AC9A0C0A7969D2FFD45118BE827D6 ft=1 fh=afbdb7c39edb934a vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Windows\System32\config\systemprofile\AppData\LocalLow\softonic-de3\tbsof2.dll"
sh=ABF759CA3BFB16DE62197DD7C417AC5039A43AE0 ft=1 fh=1801af74030ebca1 vn="Variante von Win32/PriceGong.A evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Windows\System32\config\systemprofile\AppData\LocalLow\softonic-de3\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}\3.5.3\bin\PriceGongIE.dll"
sh=450BC07BDF16426A927CFDCF6952C70D8CE5E9F5 ft=1 fh=c6a73bdcdf60520b vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="E:\Programme\ashampoo_burning_studio_6_free_6.80_3639.exe"
sh=A286C0831A97F92D5B02D4B93E86530036A8699D ft=1 fh=541a6d15877510a0 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="E:\Programme\ashampoo_winoptimizer_6_6.60_7259.exe"
sh=5E75350DC93D7AA173A1621F10F8675B0DC33086 ft=1 fh=12b450aedb89d9a7 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="E:\Programme\FreeYouTubeToMp3Converter(2).exe"
sh=450BC07BDF16426A927CFDCF6952C70D8CE5E9F5 ft=1 fh=c6a73bdcdf60520b vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="H:\Alter PC\Programme\ashampoo_burning_studio_6_free_6.80_3639.exe"
sh=A286C0831A97F92D5B02D4B93E86530036A8699D ft=1 fh=541a6d15877510a0 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="H:\Alter PC\Programme\ashampoo_winoptimizer_6_6.60_7259.exe"
sh=5E75350DC93D7AA173A1621F10F8675B0DC33086 ft=1 fh=12b450aedb89d9a7 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="H:\Alter PC\Programme\FreeYouTubeToMp3Converter(2).exe"
sh=450BC07BDF16426A927CFDCF6952C70D8CE5E9F5 ft=1 fh=c6a73bdcdf60520b vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="H:\Maxtor backup\OLIVER-PC\E\Programme\ashampoo_burning_studio_6_free_6.80_3639.exe"
sh=A286C0831A97F92D5B02D4B93E86530036A8699D ft=1 fh=541a6d15877510a0 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="H:\Maxtor backup\OLIVER-PC\E\Programme\ashampoo_winoptimizer_6_6.60_7259.exe"
sh=5E75350DC93D7AA173A1621F10F8675B0DC33086 ft=1 fh=12b450aedb89d9a7 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="H:\Maxtor backup\OLIVER-PC\E\Programme\FreeYouTubeToMp3Converter(2).exe"
sh=450BC07BDF16426A927CFDCF6952C70D8CE5E9F5 ft=1 fh=c6a73bdcdf60520b vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="H:\Maxtor backup\OLIVER-PC\I\Programme\ashampoo_burning_studio_6_free_6.80_3639.exe"
sh=A286C0831A97F92D5B02D4B93E86530036A8699D ft=1 fh=541a6d15877510a0 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="H:\Maxtor backup\OLIVER-PC\I\Programme\ashampoo_winoptimizer_6_6.60_7259.exe"
sh=5E75350DC93D7AA173A1621F10F8675B0DC33086 ft=1 fh=12b450aedb89d9a7 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="H:\Maxtor backup\OLIVER-PC\I\Programme\FreeYouTubeToMp3Converter(2).exe"
sh=F219226D194A0013DED6199DF18E90D6C19FA5D5 ft=0 fh=0000000000000000 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="H:\OLIVER-PC\Backup Set 2010-07-24 094900\Backup Files 2010-07-25 201733\Backup files 1.zip"
sh=DCA88337F1D3A263B781122544F19C279CF8DF36 ft=0 fh=0000000000000000 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="H:\OLIVER-PC\Backup Set 2010-07-24 094900\Backup Files 2010-08-01 190000\Backup files 1.zip"
sh=A0FA27964A139BACEDFA2062C8BF4AECFA7E6594 ft=0 fh=0000000000000000 vn="Variante von Win32/PriceGong.A evtl. unerwünschte Anwendung" ac=I fn="H:\OLIVER-PC\Backup Set 2010-07-24 094900\Backup Files 2010-08-21 212327\Backup files 1.zip"
sh=E7A7BA4027F97C58E9433BF3AE94CADF7C213B7C ft=0 fh=0000000000000000 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="H:\OLIVER-PC\Backup Set 2010-08-22 190000\Backup Files 2010-08-22 190000\Backup files 1.zip"
sh=428745934B6E1D21CCFC2B885709FDD5778381B3 ft=0 fh=0000000000000000 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="H:\OLIVER-PC\Backup Set 2010-08-22 190000\Backup Files 2010-09-20 082458\Backup files 1.zip"
sh=88927F22C0141BEBF9CA424E4F3EB7D0626154BB ft=0 fh=0000000000000000 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="H:\OLIVER-PC\Backup Set 2010-09-26 202645\Backup Files 2010-09-26 202645\Backup files 1.zip"
sh=3D5F960B5F9C82FC71789A3666008FDAB1C8E50B ft=0 fh=0000000000000000 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="H:\OLIVER-PC\Backup Set 2010-11-01 082728\Backup Files 2010-11-01 082728\Backup files 1.zip"
sh=3CAC3696BA622632DAB8839012B642B02374F244 ft=0 fh=0000000000000000 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="H:\OLIVER-PC\Backup Set 2010-12-06 195443\Backup Files 2010-12-06 195443\Backup files 1.zip"
sh=8E2B1CABD54112E2977C264C8DFC4D0D40048522 ft=0 fh=0000000000000000 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="H:\OLIVER-PC\Backup Set 2011-01-09 190000\Backup Files 2011-01-09 190000\Backup files 1.zip"
sh=C5A301A2924700701DF8CEFABFAFAD5281D0C4F5 ft=0 fh=0000000000000000 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="H:\OLIVER-PC\Backup Set 2011-02-06 190000\Backup Files 2011-02-06 190000\Backup files 1.zip"
sh=76D434651A1206994C29D573F7521232C0945BA2 ft=0 fh=0000000000000000 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="H:\OLIVER-PC\Backup Set 2011-02-13 201758\Backup Files 2011-02-13 201758\Backup files 1.zip"
sh=19FD6FD424DB6315D50C9058A36E1B2D2B68405D ft=0 fh=0000000000000000 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="H:\OLIVER-PC\Backup Set 2011-03-13 190000\Backup Files 2011-03-13 190000\Backup files 1.zip"
sh=28CE78C678BD37DCE8BCF9AF771FC62A685947AC ft=0 fh=0000000000000000 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="H:\OLIVER-PC\Backup Set 2011-04-17 190000\Backup Files 2011-04-17 190000\Backup files 1.zip"
sh=7E567E38174B8FE31BD78CEF60AA924B9F2976D1 ft=0 fh=0000000000000000 vn="JS/TrojanDownloader.Iframe.NKE Trojaner" ac=I fn="H:\OLIVER-PC\Backup Set 2011-04-17 190000\Backup Files 2011-05-01 190000\Backup files 4.zip"
sh=D1C92EA8E8001AC8674F39899D582769028FD644 ft=0 fh=0000000000000000 vn="Variante von Win32/PriceGong.A evtl. unerwünschte Anwendung" ac=I fn="H:\OLIVER-PC\Backup Set 2011-04-17 190000\Backup Files 2011-05-01 190000\Backup files 5.zip"
sh=3097DEF4C0CAEE79B60CDE1E0F7DBC1C47999679 ft=0 fh=0000000000000000 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="H:\OLIVER-PC\Backup Set 2011-05-08 205057\Backup Files 2011-05-08 205057\Backup files 1.zip"
sh=337AA5D13DB3A235D03C544E99A008E3056AA8C0 ft=0 fh=0000000000000000 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="H:\OLIVER-PC\Backup Set 2011-05-08 205057\Backup Files 2011-05-08 205057\Backup files 2.zip"
sh=18C7A37DFD6B96E38221A269D934F4FBDED361DD ft=0 fh=0000000000000000 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="H:\OLIVER-PC\Backup Set 2011-06-27 144808\Backup Files 2011-06-27 144808\Backup files 1.zip"
sh=AA2A311E628925E698BA434F6BCF45611CF46A06 ft=0 fh=0000000000000000 vn="Variante von Win32/PriceGong.A evtl. unerwünschte Anwendung" ac=I fn="H:\OLIVER-PC\Backup Set 2011-06-27 144808\Backup Files 2011-06-27 144808\Backup files 2.zip"
sh=A24444AE121CD0D7F41C71EEEF68DF1B5F64E9D0 ft=0 fh=0000000000000000 vn="JS/TrojanDownloader.Iframe.NKE Trojaner" ac=I fn="H:\OLIVER-PC\Backup Set 2011-06-27 144808\Backup Files 2011-07-31 190001\Backup files 2.zip"
sh=6D2031630D2BB83EA6556EFDA9B4B6480B2C951C ft=0 fh=0000000000000000 vn="Variante von Win32/Toolbar.Conduit.AI evtl. unerwünschte Anwendung" ac=I fn="H:\OLIVER-PC\Backup Set 2011-06-27 144808\Backup Files 2011-07-31 190001\Backup files 3.zip"
Code:
ATTFilter Results of screen317's Security Check version 1.001
Windows 7 Service Pack 1 x86 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
G Data InternetSecurity CBE
Antivirus up to date! (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
AntiBrowserSpy
Java 7 Update 71
Java version 32-bit out of Date!
Adobe Flash Player 16.0.0.305 Flash Player out of Date!
Mozilla Firefox (37.0.2)
````````Process Check: objlist.exe by Laurent````````
G Data InternetSecurity Firewall GDFwSvc.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:
````````````````````End of Log``````````````````````
FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 19-05-2015
Ran by Oliver (administrator) on OLIVER-PC on 19-05-2015 20:47:22
Running from C:\Users\Oliver\Downloads
Loaded Profiles: Oliver (Available profiles: Oliver)
Platform: Microsoft Windows 7 Home Premium Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(G Data Software AG) C:\Program Files\Common Files\G Data\GDScan\GDScan.exe
(G Data Software AG) C:\Program Files\G Data\InternetSecurity\AVK\AVKWCtl.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(G Data Software AG) C:\Program Files\Common Files\G Data\AVKProxy\AVKProxy.exe
(G Data Software AG) C:\Program Files\G Data\InternetSecurity\AVK\AVKService.exe
() C:\Users\Oliver\AppData\LocalLow\ColorZillaStats\IE\ColorZillaStatsUpdater.exe
(Garmin Ltd or its subsidiaries) C:\Program Files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
(J3S GmbH) C:\Program Files\COMPUTER BILD Account-Alarm\COMPUTER BILD Account-Alarm.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(OptionNV) C:\Program Files\Option\Option WWAN Driver 5.0.32.0 Installer\GtDetectSc.exe
(Hewlett-Packard Company) C:\Program Files\HP\HPBDSService\HPBDSService.exe
(Seagate Technology LLC) C:\Program Files\Maxtor\Sync\SyncServices.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(G Data Software AG) C:\Program Files\G Data\InternetSecurity\Firewall\GDFwSvc.exe
(MAGIX AG) C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe
() C:\Users\Oliver\Downloads\SecurityCheck.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKU\S-1-5-19\...\Winlogon: [Shell] C:\Windows\explorer.exe [2616320 2012-12-16] (Microsoft Corporation) <==== ATTENTION
HKU\S-1-5-20\...\Winlogon: [Shell] C:\Windows\explorer.exe [2616320 2012-12-16] (Microsoft Corporation) <==== ATTENTION
HKU\S-1-5-21-718057176-2926429940-2907879898-1001\...\Run: [COMPUTER BILD Account-Alarm] => C:\Program Files\COMPUTER BILD Account-Alarm\COMPUTER BILD Account-Alarm.exe [2059264 2014-09-09] (J3S GmbH)
HKU\S-1-5-18\...\Winlogon: [Shell] C:\Windows\explorer.exe [2616320 2012-12-16] (Microsoft Corporation) <==== ATTENTION
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x86.dll [2014-07-16] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x86.dll [2014-07-16] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x86.dll [2014-07-16] ()
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\S-1-5-21-718057176-2926429940-2907879898-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-718057176-2926429940-2907879898-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-718057176-2926429940-2907879898-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-718057176-2926429940-2907879898-1001 -> {762EBE14-9072-4023-AA94-CEFD06BF3C89} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=vc_trans_8140&type=foxysecurity
BHO: CBAbzockschutz.InitToolbarBHO -> {2e250b90-0e7a-42a3-9d65-e39f9f227fa4} -> C:\Windows\system32\mscoree.dll [2010-11-05] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2014-11-30] (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2014-11-30] (Oracle Corporation)
Toolbar: HKLM - COMPUTERBILD-Abzockschutz - {353e2a48-6254-4bd3-88f4-3b51a0ca7870} - C:\Windows\system32\mscoree.dll [2010-11-05] (Microsoft Corporation)
Toolbar: HKU\.DEFAULT -> No Name - {5786D022-540E-4699-B350-B4BE0AE94B79} - No File
Toolbar: HKU\S-1-5-21-718057176-2926429940-2907879898-1001 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455}
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
FireFox:
========
FF ProfilePath: C:\Users\Oliver\AppData\Roaming\Mozilla\Firefox\Profiles\qq5xyiez.default
FF SelectedSearchEngine: Yahoo!
FF Homepage: hxxp://www.google.de/
FF Keyword.URL: https://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=800236&p=
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-15] ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2014-02-20] ()
FF Plugin: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-11-30] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2014-11-30] (Oracle Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)
FF Plugin: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2013-02-05] (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2012-12-13] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-03-17] (Adobe Systems Inc.)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2014-07-22] (Adobe Systems)
FF SearchPlugin: C:\Users\Oliver\AppData\Roaming\Mozilla\Firefox\Profiles\qq5xyiez.default\searchplugins\google-images.xml [2014-12-07]
FF SearchPlugin: C:\Users\Oliver\AppData\Roaming\Mozilla\Firefox\Profiles\qq5xyiez.default\searchplugins\google-maps.xml [2014-12-07]
FF Extension: No Name - C:\Users\Oliver\AppData\Roaming\Mozilla\Firefox\profiles\extensions\searchplugins [2013-07-01]
FF Extension: Movie2kDownloader - C:\Users\Oliver\AppData\Roaming\Mozilla\Firefox\profiles\extensions\movie2kdownloader@movie2kdownloader.com.xpi [2012-12-13]
FF Extension: Bitdefender QuickScan - C:\Users\Oliver\AppData\Roaming\Mozilla\Firefox\Profiles\qq5xyiez.default\Extensions\{e001c731-5e37-4538-a5cb-8168736a2360} [2015-05-14]
FF Extension: No Name - C:\Users\Oliver\AppData\Roaming\Mozilla\Firefox\Profiles\qq5xyiez.default\Extensions\cliqz@cliqz.com.xpi [2014-12-07]
FF HKU\S-1-5-21-718057176-2926429940-2907879898-1001\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files\Common Files\DVDVideoSoft\plugins\ff
FF Extension: Download videos and MP3s from YouTube - C:\Program Files\Common Files\DVDVideoSoft\plugins\ff [2014-08-03]
Chrome:
=======
CHR Profile: C:\Users\Oliver\AppData\Local\Google\Chrome\User Data\Default
CHR HKLM\...\Chrome\Extension: [cgfambohdeocadlemmdceabhlgccijal] - C:\Users\Oliver\AppData\LocalLow\ColorZillaStats\CHROME\ColorZillaStats.crx [2012-06-18]
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AVKProxy; C:\Program Files\Common Files\G Data\AVKProxy\AVKProxy.exe [2244728 2014-02-12] (G Data Software AG)
R2 AVKService; C:\Program Files\G Data\InternetSecurity\AVK\AVKService.exe [914552 2013-12-19] (G Data Software AG)
R2 AVKWCtl; C:\Program Files\G Data\InternetSecurity\AVK\AVKWCtl.exe [2159472 2014-03-25] (G Data Software AG)
R2 ColorZillaStatsUpdater; C:\Users\Oliver\AppData\LocalLow\ColorZillaStats\IE\ColorZillaStatsUpdater.exe [18432 2012-06-18] () [File not signed]
R2 Fabs; C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe [1858048 2012-01-23] (MAGIX AG) [File not signed]
S3 FirebirdServerMAGIXInstance; C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe [2702848 2011-04-26] (MAGIX®) [File not signed]
R2 Garmin Core Update Service; C:\Program Files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [250712 2013-12-13] (Garmin Ltd or its subsidiaries)
R3 GDFwSvc; C:\Program Files\G Data\InternetSecurity\Firewall\GDFwSvc.exe [2409280 2014-01-30] (G Data Software AG)
R3 GDScan; C:\Program Files\Common Files\G Data\GDScan\GDScan.exe [700024 2014-02-03] (G Data Software AG)
R2 GtDetectSc; C:\Program Files\Option\Option WWAN Driver 5.0.32.0 Installer\GtDetectSc.exe [545792 2009-05-04] (OptionNV) [File not signed]
R2 HP DS Service; C:\Program Files\HP\HPBDSService\HPBDSService.exe [13824 2010-10-27] (Hewlett-Packard Company) [File not signed]
S2 HP LaserJet Service; C:\Program Files\HP\HPLaserJetService\HPLaserJetService.exe [145920 2010-10-27] (HP) [File not signed]
R2 Maxtor Sync Service; C:\Program Files\Maxtor\Sync\SyncServices.exe [156976 2007-09-28] (Seagate Technology LLC)
S2 MBAMService; C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [45568 2012-07-31] (Hewlett-Packard) [File not signed]
S2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [55808 2012-07-31] (Hewlett-Packard) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S3 epmntdrv; C:\Windows\system32\epmntdrv.sys [14216 2010-07-15] () [File not signed]
S3 EuGdiDrv; C:\Windows\system32\EuGdiDrv.sys [8456 2010-07-15] () [File not signed]
R0 GDBehave; C:\Windows\System32\drivers\GDBehave.sys [44544 2014-11-30] (G Data Software AG)
R1 GDMnIcpt; C:\Windows\system32\drivers\MiniIcpt.sys [101504 2014-11-30] (G Data Software AG)
R3 GDPkIcpt; C:\Windows\system32\drivers\PktIcpt.sys [56832 2014-11-30] (G Data Software AG)
R1 gdwfpcd; C:\Windows\System32\drivers\gdwfpcd32.sys [53248 2014-11-30] (G Data Software AG)
R1 GRD; C:\Windows\system32\drivers\GRD.sys [29528 2015-05-13] (G Data Software)
R1 HookCentre; C:\Windows\system32\drivers\HookCentre.sys [50176 2014-11-30] (G Data Software AG)
S3 HPFXBULKLEDM; C:\Windows\System32\drivers\hppcbulkio.sys [20504 2010-10-03] (Hewlett Packard)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-04-14] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-04-14] (Malwarebytes Corporation)
R3 MirayVirtualDisk; C:\Windows\System32\DRIVERS\mvdo.sys [189392 2014-05-12] (Miray)
R3 MXOPSWD; C:\Windows\System32\DRIVERS\mxopswd.sys [22152 2007-05-03] (Maxtor Corp.)
S3 RTHDMIAzAudService; C:\Windows\System32\drivers\RtHDMIV.sys [204432 2014-03-29] (Realtek Semiconductor Corp.)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [428088 2012-11-04] () [File not signed]
S3 swivsp; C:\Windows\System32\DRIVERS\swivspnt.sys [20352 2007-03-26] (Sierra Wireless Inc.) [File not signed]
U5 AppMgmt; C:\Windows\system32\svchost.exe [20992 2009-07-14] (Microsoft Corporation)
S3 catchme; \??\C:\Users\Oliver\AppData\Local\Temp\catchme.sys [X]
U3 DfSdkS; No ImagePath
S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X]
S0 KL1; system32\DRIVERS\kl1.sys [X]
S1 kl2; system32\DRIVERS\kl2.sys [X]
S1 KLIF; system32\DRIVERS\klif.sys [X]
S1 KLIM6; system32\DRIVERS\klim6.sys [X]
S3 klmouflt; system32\DRIVERS\klmouflt.sys [X]
S3 massfilter; system32\drivers\massfilter.sys [X]
S3 massfilter_hs; system32\drivers\massfilter_hs.sys [X]
S3 RegFilter; \??\C:\Program Files\IObit\IObit Malware Fighter\drivers\win7_x86\regfilter.sys [X]
S3 UrlFilter; \??\C:\Program Files\IObit\IObit Malware Fighter\drivers\win7_x86\UrlFilter.sys [X]
S3 ZTEusbmdm6k; system32\DRIVERS\ZTEusbmdm6k.sys [X]
S3 ZTEusbnmea; system32\DRIVERS\ZTEusbnmea.sys [X]
S3 ZTEusbser6k; system32\DRIVERS\ZTEusbser6k.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-05-19 20:18 - 2015-05-19 20:18 - 00852630 _____ () C:\Users\Oliver\Downloads\SecurityCheck.exe
2015-05-18 22:41 - 2015-05-19 20:18 - 00000000 ____D () C:\Program Files\ESET
2015-05-18 22:40 - 2015-05-18 22:40 - 02347384 _____ (ESET) C:\Users\Oliver\Downloads\esetsmartinstaller_deu.exe
2015-05-17 15:23 - 2015-05-18 22:37 - 00001075 _____ () C:\Windows\setupact.log
2015-05-17 15:23 - 2015-05-17 15:23 - 00000000 _____ () C:\Windows\setuperr.log
2015-05-17 15:18 - 2015-05-19 20:47 - 00000000 ____D () C:\Users\Oliver\Downloads\FRST-OlderVersion
2015-05-17 14:39 - 2015-05-17 14:39 - 00001917 _____ () C:\Users\Oliver\Desktop\JRT.txt
2015-05-17 14:38 - 2015-05-17 14:38 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-OLIVER-PC-Windows-7-Home-Premium-(32-bit).dat
2015-05-17 14:38 - 2015-05-17 14:38 - 00000000 ____D () C:\RegBackup
2015-05-17 14:36 - 2015-05-16 02:11 - 02719698 _____ (Thisisu) C:\Users\Oliver\Desktop\JRT_NEW.exe
2015-05-17 14:27 - 2015-05-17 14:27 - 00001868 _____ () C:\Users\Oliver\Desktop\MBAM 170515.txt
2015-05-17 14:25 - 2015-05-17 14:25 - 00001103 _____ () C:\Users\Oliver\Desktop\MBAM.txt
2015-05-16 10:54 - 2015-05-16 10:54 - 00018489 _____ () C:\Users\Oliver\Desktop\Combofix.txt
2015-05-16 10:23 - 2015-05-16 10:23 - 00018489 _____ () C:\ComboFix.txt
2015-05-16 09:36 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-05-16 09:36 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-05-16 09:36 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-05-16 09:36 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-05-16 09:36 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-05-16 09:36 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2015-05-16 09:36 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2015-05-16 09:36 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2015-05-16 09:33 - 2015-05-16 09:05 - 05623645 ____R (Swearware) C:\Users\Oliver\Desktop\ComboFix.exe
2015-05-16 09:27 - 2015-05-16 09:27 - 01574204 _____ () C:\Users\Oliver\Downloads\Charts for KPI Board.xlsx
2015-05-16 09:07 - 2015-05-16 10:23 - 00000000 ____D () C:\Qoobox
2015-05-16 09:06 - 2015-05-16 10:22 - 00000000 ____D () C:\Windows\erdnt
2015-05-16 09:05 - 2015-05-16 09:05 - 05623645 ____R (Swearware) C:\Users\Oliver\Downloads\ComboFix.exe
2015-05-16 08:15 - 2015-05-16 08:15 - 00151854 _____ () C:\Users\Oliver\Downloads\5S Walks Scorecard.xlsx
2015-05-16 08:15 - 2015-05-16 08:15 - 00034164 _____ () C:\Users\Oliver\Downloads\5S Punchlist.xlsx
2015-05-16 08:12 - 2015-05-16 08:12 - 01334865 _____ () C:\Users\Oliver\Downloads\WKW MBO Matrix Review 2015 Updated.xlsx
2015-05-16 07:48 - 2015-05-16 07:48 - 01389909 _____ () C:\Users\Oliver\Downloads\Rework daily Report by Vincent.xlsx
2015-05-16 07:48 - 2015-05-16 07:48 - 00604095 _____ () C:\Users\Oliver\Downloads\Scrap Management Tracker (3).xlsx
2015-05-16 07:39 - 2015-05-16 07:39 - 00080093 _____ () C:\Users\Oliver\Downloads\Summary 5-14(2).xlsx
2015-05-16 07:38 - 2015-05-16 07:38 - 00080093 _____ () C:\Users\Oliver\Downloads\Summary 5-14(1).xlsx
2015-05-16 07:37 - 2015-05-16 07:37 - 00080093 _____ () C:\Users\Oliver\Downloads\Summary 5-14.xlsx
2015-05-15 08:58 - 2015-05-15 08:58 - 04197016 _____ (Kaspersky Lab ZAO) C:\Users\Oliver\Downloads\tdsskiller.exe
2015-05-14 17:53 - 2015-05-14 17:53 - 02721175 _____ (Thisisu) C:\Users\Oliver\Downloads\JRT.exe
2015-05-14 17:44 - 2015-05-17 14:30 - 00000000 ____D () C:\AdwCleaner
2015-05-14 17:43 - 2015-05-14 17:43 - 02209792 _____ () C:\Users\Oliver\Downloads\AdwCleaner_4.204.exe
2015-05-14 10:48 - 2015-05-14 10:52 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-05-14 10:47 - 2015-05-14 10:52 - 00000000 ____D () C:\Users\Oliver\Desktop\mbar
2015-05-14 10:47 - 2015-05-14 10:47 - 16502728 _____ (Malwarebytes Corp.) C:\Users\Oliver\Downloads\mbar-1.09.1.1004.exe
2015-05-14 10:41 - 2015-05-14 10:41 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Oliver\Downloads\revosetup95.exe
2015-05-14 10:20 - 2015-05-19 20:47 - 00014666 _____ () C:\Users\Oliver\Downloads\FRST.txt
2015-05-14 10:17 - 2015-05-17 15:19 - 00025385 _____ () C:\Users\Oliver\Downloads\Addition.txt
2015-05-14 10:15 - 2015-05-15 10:18 - 00035870 _____ () C:\Users\Oliver\Downloads\FRST.txt.txt
2015-05-14 10:13 - 2015-05-19 20:47 - 00000000 ____D () C:\FRST
2015-05-14 10:13 - 2015-05-14 10:13 - 00002471 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2015-05-14 10:13 - 2015-05-14 10:13 - 00002029 _____ () C:\Users\Public\Desktop\Acrobat Reader DC.lnk
2015-05-14 10:10 - 2015-05-14 17:39 - 00000000 ____D () C:\Program Files\WinSysClean X5
2015-05-14 10:10 - 2015-05-14 10:10 - 00000946 _____ () C:\Users\Public\Desktop\WinSysClean X5.lnk
2015-05-14 10:10 - 2015-05-14 10:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ultimate Systems
2015-05-14 00:18 - 2015-05-01 15:16 - 00102608 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-14 00:15 - 2015-05-14 00:16 - 00000000 ____D () C:\Users\Oliver\AppData\Roaming\QuickScan
2015-05-14 00:12 - 2015-05-14 00:12 - 50811104 _____ (Microsoft Corporation) C:\Users\Oliver\Downloads\Windows-KB890830-V5.24.exe
2015-05-14 00:09 - 2015-05-14 00:09 - 01203488 _____ () C:\Users\Oliver\Downloads\SpyBot Search Destroy - CHIP-Installer.exe
2015-05-14 00:03 - 2015-05-14 00:03 - 00079470 _____ () C:\Maleware.txt
2015-05-13 23:43 - 2015-05-13 23:43 - 50629792 _____ (Adobe Systems Incorporated) C:\Users\Oliver\Downloads\AcroRdrDC1500720033_de_DE.exe
2015-05-13 23:39 - 2015-05-05 03:12 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-05-13 23:39 - 2015-04-20 04:56 - 01250816 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-05-13 23:39 - 2015-04-20 04:56 - 00909312 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-05-13 23:39 - 2015-04-20 04:03 - 02382336 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-05-13 23:39 - 2015-04-18 04:56 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2015-05-13 23:39 - 2015-04-04 05:10 - 00137656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-05-13 23:39 - 2015-04-04 05:10 - 00067512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-05-13 23:39 - 2015-04-04 05:05 - 01061376 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-05-13 23:39 - 2015-04-04 05:05 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-05-13 23:39 - 2015-04-04 05:05 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-05-13 23:39 - 2015-04-04 05:05 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-05-13 23:39 - 2015-04-04 05:05 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-05-13 23:39 - 2015-04-04 05:05 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-05-13 23:39 - 2015-04-04 05:05 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-05-13 23:39 - 2015-04-04 05:05 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-05-13 23:39 - 2015-04-04 05:05 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-05-13 23:39 - 2015-04-04 05:05 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-05-13 23:39 - 2015-04-04 05:04 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-05-13 23:39 - 2015-04-04 05:04 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-05-13 23:39 - 2015-04-04 05:01 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-05-13 23:39 - 2015-04-04 05:01 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-05-13 23:39 - 2015-04-04 04:59 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-05-13 23:38 - 2015-04-22 03:48 - 00342736 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-05-13 23:38 - 2015-04-21 18:25 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-05-13 23:38 - 2015-04-21 18:25 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-05-13 23:38 - 2015-04-21 18:24 - 19691008 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-05-13 23:38 - 2015-04-21 18:11 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-05-13 23:38 - 2015-04-21 18:11 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-05-13 23:38 - 2015-04-21 18:10 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-05-13 23:38 - 2015-04-21 18:09 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-05-13 23:38 - 2015-04-21 18:08 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-05-13 23:38 - 2015-04-21 18:04 - 02278400 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-05-13 23:38 - 2015-04-21 18:03 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-05-13 23:38 - 2015-04-21 18:02 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-05-13 23:38 - 2015-04-21 18:00 - 00478208 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-05-13 23:38 - 2015-04-21 17:58 - 00664576 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-05-13 23:38 - 2015-04-21 17:58 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-05-13 23:38 - 2015-04-21 17:58 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-05-13 23:38 - 2015-04-21 17:57 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-05-13 23:38 - 2015-04-21 17:51 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-05-13 23:38 - 2015-04-21 17:48 - 00418304 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-05-13 23:38 - 2015-04-21 17:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-05-13 23:38 - 2015-04-21 17:39 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-05-13 23:38 - 2015-04-21 17:38 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-05-13 23:38 - 2015-04-21 17:36 - 00285696 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-05-13 23:38 - 2015-04-21 17:31 - 04305920 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-05-13 23:38 - 2015-04-21 17:26 - 00688640 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-05-13 23:38 - 2015-04-21 17:26 - 00685568 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-05-13 23:38 - 2015-04-21 17:25 - 02052608 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-05-13 23:38 - 2015-04-21 17:24 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-05-13 23:38 - 2015-04-21 17:17 - 12828672 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-05-13 23:38 - 2015-04-21 17:02 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-05-13 23:38 - 2015-04-21 16:58 - 01310208 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-05-13 23:38 - 2015-04-21 16:56 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-05-13 23:38 - 2015-04-13 05:19 - 00259072 _____ (Microsoft Corporation) C:\Windows\system32\services.exe
2015-05-13 23:33 - 2015-04-08 05:14 - 00216064 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2015-05-13 23:33 - 2015-04-08 05:14 - 00019968 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll
2015-05-13 23:33 - 2015-02-18 09:06 - 00123904 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2015-05-13 23:28 - 2015-05-13 23:28 - 00015192 _____ (G Data Software) C:\Windows\system32\Drivers\GdPhyMem.sys
2015-05-13 23:27 - 2015-05-13 23:27 - 00029528 _____ (G Data Software) C:\Windows\system32\Drivers\GRD.sys
2015-05-13 23:25 - 2015-05-17 14:26 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-05-13 23:24 - 2015-05-14 10:47 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-05-13 23:24 - 2015-05-13 23:24 - 00387960 _____ () C:\Users\Oliver\Downloads\spybot-2.4_CB-DL-Manager.exe
2015-05-13 23:24 - 2015-05-13 23:24 - 00001080 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-05-13 23:24 - 2015-05-13 23:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2015-05-13 23:24 - 2015-04-14 09:37 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-05-13 23:24 - 2015-04-14 09:37 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-05-13 23:22 - 2015-05-13 23:23 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\Oliver\Downloads\mbam-setup-2.1.6.1022.exe
2015-05-03 12:14 - 2015-05-03 12:14 - 64660408 _____ (DVDVideoSoft Ltd. ) C:\Users\Oliver\Downloads\FreeStudio(1).exe
2015-05-03 12:08 - 2015-05-03 12:08 - 00001283 _____ () C:\Users\Oliver\Desktop\Free YouTube to MP3 Converter Installation fortsetzen.lnk
2015-05-03 11:53 - 2015-05-03 11:53 - 00001127 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-05-03 11:53 - 2015-05-03 11:53 - 00001115 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-05-19 20:47 - 2014-10-04 21:29 - 01146880 _____ (Farbar) C:\Users\Oliver\Downloads\FRST.exe
2015-05-19 18:37 - 2015-03-01 11:36 - 01660342 _____ () C:\Windows\WindowsUpdate.log
2015-05-19 17:44 - 2012-06-24 00:24 - 01612484 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-05-19 17:41 - 2009-07-14 06:34 - 00009696 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-05-19 17:41 - 2009-07-14 06:34 - 00009696 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-05-18 22:37 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-05-18 20:57 - 2012-06-24 11:30 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-05-17 15:22 - 2014-03-25 10:08 - 00000000 ____D () C:\Windows\Minidump
2015-05-16 10:23 - 2009-07-14 04:37 - 00000000 __RHD () C:\Users\Default
2015-05-16 10:23 - 2009-07-14 04:37 - 00000000 ___RD () C:\Users\Public
2015-05-16 10:21 - 2009-07-14 04:04 - 00000215 _____ () C:\Windows\system.ini
2015-05-16 09:46 - 2012-06-24 00:20 - 00000000 ____D () C:\Users\Oliver
2015-05-16 09:04 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\rescache
2015-05-15 09:18 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2015-05-14 17:39 - 2013-05-25 18:42 - 00000000 ____D () C:\Users\Oliver\AppData\Local\CrashDumps
2015-05-14 11:16 - 2009-07-14 10:56 - 00000000 ____D () C:\Program Files\Windows Journal
2015-05-14 10:45 - 2014-11-30 12:25 - 00000000 ____D () C:\Users\Oliver\AppData\Roaming\Adobe
2015-05-14 10:45 - 2012-06-24 16:16 - 00000000 ____D () C:\Users\Oliver\AppData\Local\Adobe
2015-05-14 10:41 - 2013-08-14 16:00 - 00001244 _____ () C:\Users\Oliver\Desktop\Revo Uninstaller.lnk
2015-05-14 10:13 - 2012-11-25 22:15 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2015-05-14 10:13 - 2012-11-25 22:15 - 00000000 ____D () C:\Program Files\Adobe
2015-05-14 10:12 - 2012-06-24 08:01 - 00000000 ____D () C:\ProgramData\Adobe
2015-05-14 00:32 - 2014-12-21 14:39 - 03917872 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-05-14 00:30 - 2012-07-28 17:23 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2015-05-14 00:28 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\de-DE
2015-05-13 23:24 - 2014-11-30 11:35 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware
2015-05-13 22:46 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\wfp
2015-05-13 22:44 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\registration
2015-05-13 22:44 - 2009-07-14 04:37 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2015-05-13 09:02 - 2014-12-10 21:59 - 00000000 ____D () C:\Windows\system32\MRT
2015-05-08 06:55 - 2015-03-27 10:51 - 270438553 _____ () C:\Windows\MEMORY.DMP
2015-05-04 15:59 - 2014-08-17 18:40 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2015-05-03 12:39 - 2012-10-28 19:49 - 00742912 ___SH () C:\Users\Oliver\Downloads\Thumbs.db
2015-05-03 12:16 - 2014-11-30 12:34 - 00000000 ____D () C:\Users\Oliver\AppData\Roaming\DVDVideoSoft
2015-05-03 12:16 - 2014-08-03 16:07 - 00001213 _____ () C:\Users\Public\Desktop\DVDVideoSoft Free Studio.lnk
2015-05-03 12:16 - 2014-08-03 16:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
2015-05-03 12:16 - 2014-08-03 16:06 - 00000000 ____D () C:\Program Files\DVDVideoSoft
2015-05-03 12:16 - 2013-06-30 12:35 - 00002316 _____ () C:\Users\Public\Desktop\Free YouTube to MP3 Converter.lnk
2015-05-03 12:15 - 2014-08-03 16:06 - 00000000 ____D () C:\Program Files\Common Files\DVDVideoSoft
2015-05-03 11:53 - 2015-02-15 14:11 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-05-03 11:37 - 2013-08-04 10:59 - 00000000 ____D () C:\Program Files\AntiBrowserSpy
2015-05-03 11:36 - 2015-02-15 14:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AntiBrowserSpy
2015-05-03 11:36 - 2012-06-24 08:21 - 00000000 ____D () C:\Users\Oliver\AppData\Local\Abelssoft
2015-05-03 11:36 - 2012-06-24 00:29 - 00000000 ____D () C:\Users\Oliver\AppData\Local\Mozilla
2015-04-30 10:07 - 2012-06-24 08:23 - 137310008 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
==================== Files in the root of some directories =======
2013-05-29 15:04 - 2013-06-16 14:30 - 8334304 _____ (WindSolutions) C:\Program Files\CopyTransManager.exe
2012-01-05 18:39 - 2013-06-16 14:30 - 0012943 _____ () C:\Program Files\License Agreement.rtf
2014-11-30 13:12 - 2014-11-30 13:12 - 0000000 _____ () C:\Users\Oliver\AppData\Roaming\gdfw.log
2014-11-30 13:12 - 2014-11-30 13:12 - 0000779 _____ () C:\Users\Oliver\AppData\Roaming\gdscan.log
2012-09-30 21:24 - 2012-10-28 15:08 - 0010752 _____ () C:\Users\Oliver\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-03-08 09:40 - 2013-03-08 09:40 - 0000017 _____ () C:\Users\Oliver\AppData\Local\resmon.resmoncfg
2012-06-24 07:54 - 2012-06-24 07:54 - 0017408 _____ () C:\Users\Oliver\AppData\Local\WebpageIcons.db
2012-09-23 10:48 - 2012-09-23 10:48 - 0000045 _____ () C:\ProgramData\.SimImages
2014-03-29 11:01 - 2014-03-29 11:01 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
Files to move or delete:
====================
C:\Users\Oliver\ashampoo_burning_studio_2013_11.0.6_12630.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-05-17 16:42
==================== End Of Log ============================
Der PC macht keine Probleme.  |
|
20.05.2015, 11:04
| #14 |
| /// the machine /// TB-Ausbilder | DHL PDF im Spam Email geöffnet Java und Flash updaten. Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter C:\Program Files\Free Videos To DVD\Helper.dll
C:\Program Files\Free Videos To DVD\Uninstall.exe
C:\Program Files\IObit\ManageMyMobile\MobileCare.apk
C:\Users\Oliver\AppData\Roaming\Mozilla\Firefox\Profiles\user.js
C:\Users\Oliver\Downloads\ashampoo_burning_studio_2012_cbe_11.0.4_sd.exe
C:\Users\Oliver\Downloads\ashampoo_burning_studio_6_free_6.81_4312+(1).exe
C:\Users\Oliver\Downloads\ashampoo_photo_commander_9_9.4.3_11587.exe
C:\Users\Oliver\Downloads\ashampoo_winoptimizer_2012_8.1.4_11293.exe
C:\Users\Oliver\Downloads\ashampoo_winoptimizer_6_6.60_7259.exe
C:\Users\Oliver\Downloads\Cain Abel - CHIP-Installer.exe
C:\Users\Oliver\Downloads\cbsidlm-cbsi5_4_0_104-Advanced_SystemCare-BP-10407614.exe
C:\Users\Oliver\Downloads\ccsetup501_CB-DL-Manager.exe
C:\Users\Oliver\Downloads\die_bestimmer.exe
C:\Users\Oliver\Downloads\FreeYouTubeToMP3Converter31126.exe
C:\Users\Oliver\Downloads\FreeYouTubeToMP3Converter33.exe
C:\Users\Oliver\Downloads\FreeYouTubeToMP3Converter_3.12.31.325.exe
C:\Users\Oliver\Downloads\Microsoft NET Framework 4 5 2 - CHIP-Installer.exe
C:\Users\Oliver\Downloads\SpyBot Search Destroy - CHIP-Installer.exe
C:\Users\Oliver\Downloads\spybot-2.4_CB-DL-Manager.exe
C:\Users\Oliver\Downloads\T Online Software - CHIP-Installer.exe
C:\Users\Oliver\Downloads\VLC media player 32 Bit - CHIP-Installer.exe
C:\Users\Oliver\Downloads\Windows-Movie-Maker-2012-Setup.exe
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Ashampoo_DE\ldrtbAsh0.dll
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Ashampoo_DE\ldrtbAsh2.dll
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Ashampoo_DE\tbAsh0.dll
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Ashampoo_DE\tbAsh1.dll
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Ashampoo_DE\tbAsh2.dll
C:\Windows.old\Program Files\tbsoft.dll
C:\Windows.old\Program Files\Conduit\Community Alerts\Alert.dll
C:\Windows.old\Program Files\ConduitEngine\ConduitEngine.dll
C:\Windows.old\Program Files\DVDVideoSoftTB\ldrtbDVDV.dll
C:\Windows.old\Program Files\DVDVideoSoftTB\tbDVDV.dll
C:\Windows.old\Program Files\MyAshampoo\ldrtbMyA0.dll
C:\Windows.old\Program Files\MyAshampoo\tbMyA0.dll
C:\Windows.old\Program Files\MyAshampoo\tbMyA1.dll
C:\Windows.old\Program Files\MyAshampoo\tbMyAs.dll
C:\Windows.old\Program Files\softonic-de3\ldrtbsof2.dll
C:\Windows.old\Program Files\softonic-de3\tbsof0.dll
C:\Windows.old\Program Files\softonic-de3\tbsof1.dll
C:\Windows.old\Program Files\softonic-de3\tbsof2.dll
C:\Windows.old\Program Files\softonic-de3\tbsoft.dll
C:\Windows.old\ProgramData\{A37818CF-E0CC-4A13-B685-605AE2F01FD2}\iLividSetupV1.res
C:\Windows.old\Users\All Users\Anwendungsdaten\{A37818CF-E0CC-4A13-B685-605AE2F01FD2}\iLividSetupV1.res
C:\Windows.old\Users\All Users\Application Data\{A37818CF-E0CC-4A13-B685-605AE2F01FD2}\iLividSetupV1.res
C:\Windows.old\Users\All Users\{A37818CF-E0CC-4A13-B685-605AE2F01FD2}\iLividSetupV1.res
C:\Windows.old\Users\Oliver\AppData\Local\Temp\GLF52C5.tmp.tbsoft.dll
C:\Windows.old\Users\Oliver\AppData\LocalLow\DVDVideoSoftTB\ldrtbDVDV.dll
C:\Windows.old\Users\Oliver\AppData\LocalLow\DVDVideoSoftTB\tbDVDV.dll
C:\Windows.old\Users\Oliver\AppData\LocalLow\DVDVideoSoftTB\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}\3.1.1\bin\PriceGongIE.dll
C:\Windows.old\Users\Oliver\AppData\LocalLow\MyAshampoo\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}\3.1.1\bin\PriceGongIE.dll
C:\Windows.old\Users\Oliver\AppData\LocalLow\softonic-de3\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}\3.1.1\bin\PriceGongIE.dll
C:\Windows.old\Users\Oliver\Desktop\softonic-Deutsch.exe
C:\Windows.old\Users\Oliver\Documents\FreeYouTubeToMp3Converter36.exe
C:\Windows.old\Users\Oliver\Downloads\agsetup183se.exe
C:\Windows.old\Users\Oliver\Downloads\FreeAudioCDToMP3Converter.exe
C:\Windows.old\Users\Oliver\Downloads\FreeYouTubeToiPodConverter.exe
C:\Windows.old\Users\Oliver\Downloads\FreeYouTubeToiPodConverter31014.exe
C:\Windows.old\Users\Oliver\Downloads\FreeYouTubeToMP3Converter.exe
C:\Windows.old\Users\Oliver\Eigene Dateien\FreeYouTubeToMp3Converter36.exe
C:\Windows.old\Users\Oliver\Lokale Einstellungen\Temp\GLF52C5.tmp.tbsoft.dll
C:\Windows.old\Windows\Installer\37c964f.msi
C:\Windows.old\Windows\System32\config\Oliver\AppData\LocalLow\softonic-de3\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}\3.5.3\bin\PriceGongIE.dll
C:\Windows.old\Windows\System32\config\systemprofile\AppData\LocalLow\DVDVideoSoftTB\ldrtbDVDV.dll
C:\Windows.old\Windows\System32\config\systemprofile\AppData\LocalLow\DVDVideoSoftTB\tbDVDV.dll
C:\Windows.old\Windows\System32\config\systemprofile\AppData\LocalLow\DVDVideoSoftTB\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}\3.5.3\bin\PriceGongIE.dll
C:\Windows.old\Windows\System32\config\systemprofile\AppData\LocalLow\MyAshampoo\ldrtbMyA0.dll
C:\Windows.old\Windows\System32\config\systemprofile\AppData\LocalLow\MyAshampoo\tbMyA0.dll
C:\Windows.old\Windows\System32\config\systemprofile\AppData\LocalLow\softonic-de3\ldrtbsof2.dll
C:\Windows.old\Windows\System32\config\systemprofile\AppData\LocalLow\softonic-de3\tbsof2.dll
C:\Windows.old\Windows\System32\config\systemprofile\AppData\LocalLow\softonic-de3\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}\3.5.3\bin\PriceGongIE.dll
E:\Programme\ashampoo_burning_studio_6_free_6.80_3639.exe
E:\Programme\ashampoo_winoptimizer_6_6.60_7259.exe
E:\Programme\FreeYouTubeToMp3Converter(2).exe
H:\Alter PC\Programme\ashampoo_burning_studio_6_free_6.80_3639.exe
H:\Alter PC\Programme\ashampoo_winoptimizer_6_6.60_7259.exe
H:\Alter PC\Programme\FreeYouTubeToMp3Converter(2).exe
H:\Maxtor backup\OLIVER-PC\E\Programme\ashampoo_burning_studio_6_free_6.80_3639.exe
H:\Maxtor backup\OLIVER-PC\E\Programme\ashampoo_winoptimizer_6_6.60_7259.exe
H:\Maxtor backup\OLIVER-PC\E\Programme\FreeYouTubeToMp3Converter(2).exe
H:\Maxtor backup\OLIVER-PC\I\Programme\ashampoo_burning_studio_6_free_6.80_3639.exe
H:\Maxtor backup\OLIVER-PC\I\Programme\ashampoo_winoptimizer_6_6.60_7259.exe
H:\Maxtor backup\OLIVER-PC\I\Programme\FreeYouTubeToMp3Converter(2).exe
H:\OLIVER-PC\Backup Set 2010-07-24 094900\Backup Files 2010-07-25 201733\Backup files 1.zip
H:\OLIVER-PC\Backup Set 2010-07-24 094900\Backup Files 2010-08-01 190000\Backup files 1.zip
H:\OLIVER-PC\Backup Set 2010-07-24 094900\Backup Files 2010-08-21 212327\Backup files 1.zip
H:\OLIVER-PC\Backup Set 2010-08-22 190000\Backup Files 2010-08-22 190000\Backup files 1.zip
H:\OLIVER-PC\Backup Set 2010-08-22 190000\Backup Files 2010-09-20 082458\Backup files 1.zip
H:\OLIVER-PC\Backup Set 2010-09-26 202645\Backup Files 2010-09-26 202645\Backup files 1.zip
H:\OLIVER-PC\Backup Set 2010-11-01 082728\Backup Files 2010-11-01 082728\Backup files 1.zip
H:\OLIVER-PC\Backup Set 2010-12-06 195443\Backup Files 2010-12-06 195443\Backup files 1.zip
H:\OLIVER-PC\Backup Set 2011-01-09 190000\Backup Files 2011-01-09 190000\Backup files 1.zip
H:\OLIVER-PC\Backup Set 2011-02-06 190000\Backup Files 2011-02-06 190000\Backup files 1.zip
H:\OLIVER-PC\Backup Set 2011-02-13 201758\Backup Files 2011-02-13 201758\Backup files 1.zip
H:\OLIVER-PC\Backup Set 2011-03-13 190000\Backup Files 2011-03-13 190000\Backup files 1.zip
H:\OLIVER-PC\Backup Set 2011-04-17 190000\Backup Files 2011-04-17 190000\Backup files 1.zip
H:\OLIVER-PC\Backup Set 2011-04-17 190000\Backup Files 2011-05-01 190000\Backup files 4.zip
H:\OLIVER-PC\Backup Set 2011-04-17 190000\Backup Files 2011-05-01 190000\Backup files 5.zip
H:\OLIVER-PC\Backup Set 2011-05-08 205057\Backup Files 2011-05-08 205057\Backup files 1.zip
H:\OLIVER-PC\Backup Set 2011-05-08 205057\Backup Files 2011-05-08 205057\Backup files 2.zip
H:\OLIVER-PC\Backup Set 2011-06-27 144808\Backup Files 2011-06-27 144808\Backup files 1.zip
H:\OLIVER-PC\Backup Set 2011-06-27 144808\Backup Files 2011-06-27 144808\Backup files 2.zip
H:\OLIVER-PC\Backup Set 2011-06-27 144808\Backup Files 2011-07-31 190001\Backup files 2.zip
H:\OLIVER-PC\Backup Set 2011-06-27 144808\Backup Files 2011-07-31 190001\Backup files 3.zip
HKU\S-1-5-19\...\Winlogon: [Shell] C:\Windows\explorer.exe [2616320 2012-12-16] (Microsoft Corporation) <==== ATTENTION
HKU\S-1-5-20\...\Winlogon: [Shell] C:\Windows\explorer.exe [2616320 2012-12-16] (Microsoft Corporation) <==== ATTENTION
HKU\S-1-5-21-718057176-2926429940-2907879898-1001\...\Run: [COMPUTER BILD Account-Alarm] => C:\Program Files\COMPUTER BILD Account-Alarm\COMPUTER BILD Account-Alarm.exe [2059264 2014-09-09] (J3S GmbH)
HKU\S-1-5-18\...\Winlogon: [Shell] C:\Windows\explorer.exe [2616320 2012-12-16] (Microsoft Corporation) <==== ATTENTION
Emptytemp:
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Cleanup: (Die Reihenfolge ist hier entscheidend) Falls Defogger verwendet wurde: Erneut starten und auf Re-enable klicken. Falls Combofix verwendet wurde:  Combofix deinstallieren .
Alle Logs gepostet? Dann lade Dir bitte  DelFix herunter.
Hinweis: DelFix entfernt u.a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst. Starte Deinen Rechner abschließend neu. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein, kannst Du diese bedenkenlos löschen. Wenn Du möchtest, kannst Du hier sagen, ob Du mit mir und meiner Hilfe zufrieden warst...  und/oder das Forum mit einer kleinen Spende  unterstützen.   Absicherung:Beim Betriebsystem Windows die automatischen Updates aktivieren. Auch die sicherheitsrelevante Software sollte immer nur in der aktuellsten Version vorliegen: Browser Java Flash-Player PDF-Reader Sicherheitslücken in deren alten Versionen werden dazu ausgenutzt, um beim einfachen Besuch einer manipulierten Website per "Drive-by" Malware zu installieren. Ich empfehle z.B. die Verwendung von Mozilla Firefox statt des Internet Explorers. Zudem lassen sich mit dem Firefox auch PDF-Dokumente öffnen. Aktiviere eine Firewall. Die in Windows integrierte genügt im Normalfall völlig. Verwende ein Antivirusprogramm mit Echtzeitscanner und stets aktueller Signaturendatenbank. Meine Empfehlung:  Emsisoft Zusätzlich kannst Du Deinen PC regelmäßig mit Malwarebytes Anti-Malware und ESET scannen. Optional:  NoScript verhindert das Ausführen von aktiven Inhalten (Java, JavaScript, Flash,...) für sämtliche Websites. Man kann aber nach dem Prinzip einer Whitelist festlegen, auf welchen Seiten Scripts erlaubt werden sollen. Malwarebytes Anti Exploit: Schützt die Anwendungen des Computers vor der Ausnutzung bekannter Schwachstellen.Lade Software von einem sauberen Portal wie  .Wähle beim Installieren von Software immer die benutzerdefinierte Option und entferne den Haken bei allen optional angebotenen Toolbars oder sonstigen, fürs Programm, irrelevanten Ergänzungen. Um Adware wieder los zu werden, empfiehlt sich zunächst die Deinstallation sowie die anschließende Resteentfernung mit Adwarecleaner . Abschließend noch ein paar grundsätzliche Bemerkungen: Ändere regelmäßig Deine wichtigen Online-Passwörter und erstelle regelmäßig Backups Deiner wichtigen Dateien oder des Systems. Der Nutzen von Registry-Cleanern, Optimizern usw. zur Performancesteigerung ist umstritten. Ich empfehle deshalb, die Finger von der Registry zu lassen und lieber die windowseigene Datenträgerbereinigung zu verwenden.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
| Themen zu DHL PDF im Spam Email geöffnet |
| adware, converter, defender, desktop, dhl email geöffnet, driver booster, email, entfernen, error, explorer, externes laufwerk, firefox, flash player, helper, iexplore.exe, installation, internet explorer, logfile, mp3, refresh, scan, security, software, spam, spam email, tcp, temp, udp, windows, wlan |
+ R Taste und schreibe Combofix /Uninstall in das 
Linear-Darstellung
