| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Laptop infiziert - Öffnet selbstständig ProgrammeWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
21.05.2015, 15:27
| #1 |
 |  Laptop infiziert - Öffnet selbstständig Programme Hallo, Habe leider eine hartnäckigen Besucher auf meinem Laptop. Die Maus wird ferngesteuert und öffnet selbstständig Programme. Manchmal ist dies sofort nach dem Start, oder erst nach einiger Zeit. Habe schon ein Malware-Programm und Anti-Spy durchgefürhrt. Die finden zwar etwas und bereinigen, aber das Problem ist nicht behoben. Spätestens nach dem zweiten Starten ist es wieder wie vorher. Bitte um Hilfestellunh. Viele Grüsse Ernst |
|
21.05.2015, 16:17
| #2 |
| /// the machine /// TB-Ausbilder    | Laptop infiziert - Öffnet selbstständig Programme hi,
__________________Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:  FRST 32-Bit | FRST 64-Bit(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ |
|
21.05.2015, 18:05
| #3 |
| | FRST und Additional Hi Schrauber,
__________________danke für die schnelle Info. Hier ist die FRST.txt: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 19-05-2015 Ran by dermauel (administrator) on DERMAUEL-PC on 21-05-2015 18:53:21 Running from C:\Users\dermauel\Documents\Steuer-Sparbuch\2014\Downloads Loaded Profiles: dermauel (Available profiles: dermauel) Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe (AMD) C:\Windows\System32\atiesrxx.exe (AMD) C:\Windows\System32\atieclxx.exe (SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE (Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Nero AG) C:\Program Files (x86)\Motorola Media Link\NServiceEntry.exe (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe (Acer Incorporated) C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Acer Incorporated) C:\Program Files (x86)\Packard Bell\Registration\GREGsvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe (Motorola Mobility LLC) C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe (NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe (Motorola) C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe (Acer Group) C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Corporation) C:\Windows\System32\alg.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe (Alcor Micro Corp.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Acer Incorporated) C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerTray.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe (Motorola Mobility LLC) C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe (SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (Spotify Ltd) C:\Users\dermauel\AppData\Roaming\Spotify\SpotifyWebHelper.exe (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe (Nuance Communications, Inc.) C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe (Geek Software GmbH) C:\Program Files (x86)\PDF24\pdf24.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Dropbox, Inc.) C:\Users\dermauel\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe (Acer Incorporated) C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerEvent.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Farbar) C:\Users\dermauel\Documents\Steuer-Sparbuch\2014\Downloads\FRST64 (2).exe (Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [AmIcoSinglun64] => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [324608 2010-06-10] (Alcor Micro Corp.) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11101800 2010-07-29] (Realtek Semiconductor) HKLM\...\Run: [Acer ePower Management] => C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerTray.exe [861216 2010-06-11] (Acer Incorporated) HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1337000 2015-04-30] (Microsoft Corporation) HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-01-22] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [975952 2010-08-11] (Dritek System Inc.) HKLM-x32\...\Run: [SSBkgdUpdate] => C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [210472 2006-10-25] (Nuance Communications, Inc.) HKLM-x32\...\Run: [PaperPort PTD] => C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe [29984 2008-07-09] (Nuance Communications, Inc.) HKLM-x32\...\Run: [PPort11reminder] => C:\Program Files (x86)\ScanSoft\PaperPort\Ereg\Ereg.exe [328992 2007-08-31] (Nuance Communications, Inc.) HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [191528 2014-07-04] (Geek Software GmbH) HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated) HKU\S-1-5-21-1760913815-1977244394-2032619341-1000\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7799576 2015-05-16] (SUPERAntiSpyware) HKU\S-1-5-21-1760913815-1977244394-2032619341-1000\...\Run: [Spotify Web Helper] => C:\Users\dermauel\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2022968 2015-05-15] (Spotify Ltd) Startup: C:\Users\dermauel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2015-03-29] ShortcutTarget: Dropbox.lnk -> C:\Users\dermauel\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\dermauel\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\dermauel\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\dermauel\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\dermauel\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\dermauel\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\dermauel\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\dermauel\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\dermauel\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.) GroupPolicy: Group Policy on Chrome detected <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKU\S-1-5-21-1760913815-1977244394-2032619341-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome HKU\S-1-5-21-1760913815-1977244394-2032619341-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch SearchScopes: HKLM -> {CC865B26-C31D-4D23-B17B-96548EEF03F6} URL = SearchScopes: HKU\S-1-5-21-1760913815-1977244394-2032619341-1000 -> {3A61CA71-E5DB-4CFB-990F-BB9C6913C26A} URL = https://www.google.com/search?q={searchTerms} BHO: No Name -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> No File BHO: DVDVideoSoft IE Extension -> {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -> C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll [2014-11-07] (DVDVideoSoft Ltd.) BHO-x32: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> No File BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-02-07] (Oracle Corporation) BHO-x32: Windows Live Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22] (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-02-07] (Oracle Corporation) BHO-x32: DVDVideoSoft IE Extension -> {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -> C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll [2014-11-11] (DVDVideoSoft Ltd.) Toolbar: HKLM-x32 - No Name - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - No File Toolbar: HKU\S-1-5-21-1760913815-1977244394-2032619341-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File Toolbar: HKU\S-1-5-21-1760913815-1977244394-2032619341-1000 -> No Name - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - No File Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll [2010-04-16] (Microsoft Corporation) Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll [2010-04-16] (Microsoft Corporation) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 FireFox: ======== FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-04-16] () FF Plugin: @microsoft.com/GENUINE -> disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-16] () FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1167637.dll [2012-08-08] (Adobe Systems, Inc.) FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-18] () FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-02-07] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-02-07] (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.) FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8117.0416 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-04-16] (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-21] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-21] (Google Inc.) FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2014-11-15] () FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-05-01] (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-1760913815-1977244394-2032619341-1000: @lightspark.github.com/Lightspark;version=1 -> C:\Program Files (x86)\Lightspark 0.5.3-git\nplightsparkplugin.dll No File FF Plugin HKU\S-1-5-21-1760913815-1977244394-2032619341-1000: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\dermauel\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [2014-07-24] (Skype Limited) FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2013-07-15] FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0034-ABCDEFFEDCBA} [2013-07-15] FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2013-07-15] FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2013-07-15] FF HKU\S-1-5-21-1760913815-1977244394-2032619341-1000\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff FF Extension: Download videos and MP3s from YouTube - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff [2014-11-15] Chrome: ======= CHR HomePage: Default -> hxxp://www.google.com/ CHR StartupUrls: Default -> "hxxp://www.google.de/" CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter} CHR Profile: C:\Users\dermauel\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Bookmark Manager) - C:\Users\dermauel\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-04-22] CHR Extension: (Chrome Hotword Shared Module) - C:\Users\dermauel\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-12] CHR Extension: (Google Wallet) - C:\Users\dermauel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22] CHR HKLM-x32\...\Chrome\Extension: [ildldcbkkbkhnjghnbidklpepakbepnd] - C:\Users\dermauel\AppData\LocalLow\Flagfox\CHROME\Flagfox.crx [Not Found] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2015-05-16] (SUPERAntiSpyware.com) R2 DeviceMonitorService; C:\Program Files (x86)\Motorola Media Link\NServiceEntry.exe [87336 2010-08-06] (Nero AG) R2 DiagTrack; C:\Windows\system32\diagtrack.dll [1254400 2015-04-27] (Microsoft Corporation) R2 ePowerSvc; C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe [868896 2010-06-11] (Acer Incorporated) S3 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [347200 2014-12-17] (WildTangent) R2 GREGService; C:\Program Files (x86)\Packard Bell\Registration\GREGsvc.exe [23584 2010-01-08] (Acer Incorporated) R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2015-04-14] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation) R2 Motorola Device Manager; C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [137528 2013-11-15] (Motorola Mobility LLC) R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2015-04-30] (Microsoft Corporation) R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366544 2015-04-30] (Microsoft Corporation) R2 NTI IScheduleSvc; C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe [255744 2010-06-29] (NewTech Infosystems, Inc.) R2 PST Service; C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe [65657 2011-09-02] (Motorola) [File not signed] R2 Updater Service; C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe [243232 2010-01-29] (Acer Group) S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [136408 2015-05-21] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-04-14] (Malwarebytes Corporation) R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [280376 2015-03-04] (Microsoft Corporation) R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124568 2015-03-04] (Microsoft Corporation) R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com) R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com) R3 stdriver; C:\Windows\System32\DRIVERS\stdriverx64.sys [33488 2014-01-28] () R3 WinDriver6; C:\Windows\System32\drivers\windrvr6.sys [254464 2011-03-24] (Jungo) S3 BTCFilterService; system32\DRIVERS\motfilt.sys [X] S3 catchme; \??\C:\ComboFix\catchme.sys [X] S3 motccgp; system32\DRIVERS\motccgp.sys [X] S3 motccgpfl; system32\DRIVERS\motccgpfl.sys [X] S3 motmodem; system32\DRIVERS\motmodem.sys [X] S3 MotoSwitchService; system32\DRIVERS\motswch.sys [X] S3 Motousbnet; system32\DRIVERS\Motousbnet.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-05-21 15:47 - 2015-05-21 15:47 - 00030814 _____ () C:\ComboFix.txt 2015-05-21 14:52 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe 2015-05-21 14:52 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe 2015-05-21 14:52 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe 2015-05-21 14:52 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe 2015-05-21 14:51 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe 2015-05-21 14:51 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe 2015-05-21 14:51 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe 2015-05-21 14:51 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe 2015-05-21 14:45 - 2015-05-21 15:47 - 00000000 ____D () C:\Qoobox 2015-05-21 14:44 - 2015-05-21 15:43 - 00000000 ____D () C:\Windows\erdnt 2015-05-21 13:47 - 2015-05-21 13:47 - 00000000 ____D () C:\Users\dermauel\Documents\Fax 2015-05-18 19:40 - 2015-05-21 18:50 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-05-18 19:40 - 2015-05-18 19:40 - 00001078 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2015-05-18 19:40 - 2015-05-18 19:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2015-05-18 19:40 - 2015-05-18 19:40 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2015-05-18 19:40 - 2015-04-14 09:37 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2015-05-18 19:40 - 2015-04-14 09:37 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2015-05-18 19:40 - 2015-04-14 09:37 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2015-05-15 17:40 - 2015-05-01 15:17 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll 2015-05-15 17:40 - 2015-05-01 15:16 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll 2015-05-15 16:54 - 2015-05-05 03:29 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2015-05-15 16:54 - 2015-05-05 03:12 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2015-05-15 16:54 - 2015-04-18 05:10 - 00460800 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll 2015-05-15 16:54 - 2015-04-18 04:56 - 00342016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll 2015-05-15 16:54 - 2015-02-18 09:06 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe 2015-05-15 16:54 - 2015-02-18 09:04 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe 2015-05-15 16:53 - 2015-04-22 04:28 - 00389840 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2015-05-15 16:53 - 2015-04-22 03:48 - 00342736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2015-05-15 16:53 - 2015-04-21 19:08 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2015-05-15 16:53 - 2015-04-21 19:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2015-05-15 16:53 - 2015-04-21 18:51 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2015-05-15 16:53 - 2015-04-21 18:50 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2015-05-15 16:53 - 2015-04-21 18:50 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2015-05-15 16:53 - 2015-04-21 18:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2015-05-15 16:53 - 2015-04-21 18:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2015-05-15 16:53 - 2015-04-21 18:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2015-05-15 16:53 - 2015-04-21 18:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2015-05-15 16:53 - 2015-04-21 18:35 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2015-05-15 16:53 - 2015-04-21 18:35 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2015-05-15 16:53 - 2015-04-21 18:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2015-05-15 16:53 - 2015-04-21 18:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2015-05-15 16:53 - 2015-04-21 18:31 - 06025728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2015-05-15 16:53 - 2015-04-21 18:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2015-05-15 16:53 - 2015-04-21 18:25 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2015-05-15 16:53 - 2015-04-21 18:24 - 19691008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2015-05-15 16:53 - 2015-04-21 18:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2015-05-15 16:53 - 2015-04-21 18:14 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2015-05-15 16:53 - 2015-04-21 18:11 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2015-05-15 16:53 - 2015-04-21 18:11 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2015-05-15 16:53 - 2015-04-21 18:10 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2015-05-15 16:53 - 2015-04-21 18:09 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec 2015-05-15 16:53 - 2015-04-21 18:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2015-05-15 16:53 - 2015-04-21 18:08 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2015-05-15 16:53 - 2015-04-21 18:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2015-05-15 16:53 - 2015-04-21 18:04 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2015-05-15 16:53 - 2015-04-21 18:03 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2015-05-15 16:53 - 2015-04-21 18:02 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2015-05-15 16:53 - 2015-04-21 18:00 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2015-05-15 16:53 - 2015-04-21 17:58 - 00664576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2015-05-15 16:53 - 2015-04-21 17:58 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2015-05-15 16:53 - 2015-04-21 17:57 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2015-05-15 16:53 - 2015-04-21 17:49 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2015-05-15 16:53 - 2015-04-21 17:49 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2015-05-15 16:53 - 2015-04-21 17:48 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2015-05-15 16:53 - 2015-04-21 17:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2015-05-15 16:53 - 2015-04-21 17:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2015-05-15 16:53 - 2015-04-21 17:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2015-05-15 16:53 - 2015-04-21 17:40 - 14401536 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2015-05-15 16:53 - 2015-04-21 17:39 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2015-05-15 16:53 - 2015-04-21 17:38 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2015-05-15 16:53 - 2015-04-21 17:36 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2015-05-15 16:53 - 2015-04-21 17:31 - 04305920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2015-05-15 16:53 - 2015-04-21 17:27 - 02352128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2015-05-15 16:53 - 2015-04-21 17:26 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2015-05-15 16:53 - 2015-04-21 17:25 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2015-05-15 16:53 - 2015-04-21 17:24 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2015-05-15 16:53 - 2015-04-21 17:17 - 12828672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2015-05-15 16:53 - 2015-04-21 17:15 - 01547264 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2015-05-15 16:53 - 2015-04-21 17:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2015-05-15 16:53 - 2015-04-21 17:02 - 01882112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2015-05-15 16:53 - 2015-04-21 16:58 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2015-05-15 16:53 - 2015-04-21 16:56 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2015-05-15 16:52 - 2015-04-21 19:14 - 24971776 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2015-05-15 16:52 - 2015-04-21 18:50 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec 2015-05-15 16:52 - 2015-04-21 18:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2015-05-15 16:52 - 2015-04-21 18:09 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2015-05-15 16:50 - 2015-04-13 05:28 - 00328704 _____ (Microsoft Corporation) C:\Windows\system32\services.exe 2015-05-15 16:49 - 2015-04-27 21:28 - 05569984 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2015-05-15 16:49 - 2015-04-27 21:28 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys 2015-05-15 16:49 - 2015-04-27 21:28 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys 2015-05-15 16:49 - 2015-04-27 21:26 - 01728960 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll 2015-05-15 16:49 - 2015-04-27 21:23 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2015-05-15 16:49 - 2015-04-27 21:23 - 01254400 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll 2015-05-15 16:49 - 2015-04-27 21:23 - 01162752 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll 2015-05-15 16:49 - 2015-04-27 21:23 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll 2015-05-15 16:49 - 2015-04-27 21:23 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll 2015-05-15 16:49 - 2015-04-27 21:23 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2015-05-15 16:49 - 2015-04-27 21:23 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll 2015-05-15 16:49 - 2015-04-27 21:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll 2015-05-15 16:49 - 2015-04-27 21:23 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll 2015-05-15 16:49 - 2015-04-27 21:23 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll 2015-05-15 16:49 - 2015-04-27 21:23 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll 2015-05-15 16:49 - 2015-04-27 21:23 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll 2015-05-15 16:49 - 2015-04-27 21:23 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll 2015-05-15 16:49 - 2015-04-27 21:23 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll 2015-05-15 16:49 - 2015-04-27 21:23 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll 2015-05-15 16:49 - 2015-04-27 21:23 - 00113664 _____ (Microsoft Corporation) C:\Windows\system32\sechost.dll 2015-05-15 16:49 - 2015-04-27 21:23 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll 2015-05-15 16:49 - 2015-04-27 21:23 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll 2015-05-15 16:49 - 2015-04-27 21:23 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll 2015-05-15 16:49 - 2015-04-27 21:23 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll 2015-05-15 16:49 - 2015-04-27 21:23 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll 2015-05-15 16:49 - 2015-04-27 21:23 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll 2015-05-15 16:49 - 2015-04-27 21:23 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll 2015-05-15 16:49 - 2015-04-27 21:23 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll 2015-05-15 16:49 - 2015-04-27 21:22 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\tracerpt.exe 2015-05-15 16:49 - 2015-04-27 21:22 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe 2015-05-15 16:49 - 2015-04-27 21:22 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe 2015-05-15 16:49 - 2015-04-27 21:22 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe 2015-05-15 16:49 - 2015-04-27 21:22 - 00104448 _____ (Microsoft Corporation) C:\Windows\system32\logman.exe 2015-05-15 16:49 - 2015-04-27 21:22 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\typeperf.exe 2015-05-15 16:49 - 2015-04-27 21:22 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\relog.exe 2015-05-15 16:49 - 2015-04-27 21:22 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe 2015-05-15 16:49 - 2015-04-27 21:22 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\diskperf.exe 2015-05-15 16:49 - 2015-04-27 21:21 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe 2015-05-15 16:49 - 2015-04-27 21:18 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll 2015-05-15 16:49 - 2015-04-27 21:18 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll 2015-05-15 16:49 - 2015-04-27 21:16 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll 2015-05-15 16:49 - 2015-04-27 21:16 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll 2015-05-15 16:49 - 2015-04-27 21:16 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll 2015-05-15 16:49 - 2015-04-27 21:16 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll 2015-05-15 16:49 - 2015-04-27 21:16 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll 2015-05-15 16:49 - 2015-04-27 21:16 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll 2015-05-15 16:49 - 2015-04-27 21:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll 2015-05-15 16:49 - 2015-04-27 21:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll 2015-05-15 16:49 - 2015-04-27 21:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll 2015-05-15 16:49 - 2015-04-27 21:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll 2015-05-15 16:49 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll 2015-05-15 16:49 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll 2015-05-15 16:49 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll 2015-05-15 16:49 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll 2015-05-15 16:49 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll 2015-05-15 16:49 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll 2015-05-15 16:49 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll 2015-05-15 16:49 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll 2015-05-15 16:49 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll 2015-05-15 16:49 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll 2015-05-15 16:49 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll 2015-05-15 16:49 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll 2015-05-15 16:49 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll 2015-05-15 16:49 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll 2015-05-15 16:49 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll 2015-05-15 16:49 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll 2015-05-15 16:49 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll 2015-05-15 16:49 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll 2015-05-15 16:49 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll 2015-05-15 16:49 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll 2015-05-15 16:49 - 2015-04-27 21:11 - 03989440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe 2015-05-15 16:49 - 2015-04-27 21:11 - 03934144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe 2015-05-15 16:49 - 2015-04-27 21:08 - 01310744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll 2015-05-15 16:49 - 2015-04-27 21:05 - 00635392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll 2015-05-15 16:49 - 2015-04-27 21:05 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll 2015-05-15 16:49 - 2015-04-27 21:05 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll 2015-05-15 16:49 - 2015-04-27 21:05 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll 2015-05-15 16:49 - 2015-04-27 21:05 - 00092160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sechost.dll 2015-05-15 16:49 - 2015-04-27 21:05 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll 2015-05-15 16:49 - 2015-04-27 21:05 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll 2015-05-15 16:49 - 2015-04-27 21:05 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2015-05-15 16:49 - 2015-04-27 21:05 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll 2015-05-15 16:49 - 2015-04-27 21:04 - 00641536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll 2015-05-15 16:49 - 2015-04-27 21:04 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll 2015-05-15 16:49 - 2015-04-27 21:04 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tracerpt.exe 2015-05-15 16:49 - 2015-04-27 21:04 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\logman.exe 2015-05-15 16:49 - 2015-04-27 21:04 - 00040448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\typeperf.exe 2015-05-15 16:49 - 2015-04-27 21:04 - 00037888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\relog.exe 2015-05-15 16:49 - 2015-04-27 21:04 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe 2015-05-15 16:49 - 2015-04-27 21:04 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll 2015-05-15 16:49 - 2015-04-27 21:03 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll 2015-05-15 16:49 - 2015-04-27 21:03 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll 2015-05-15 16:49 - 2015-04-27 21:03 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll 2015-05-15 16:49 - 2015-04-27 21:03 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe 2015-05-15 16:49 - 2015-04-27 21:03 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\diskperf.exe 2015-05-15 16:49 - 2015-04-27 21:03 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll 2015-05-15 16:49 - 2015-04-27 21:01 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll 2015-05-15 16:49 - 2015-04-27 21:01 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll 2015-05-15 16:49 - 2015-04-27 20:59 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll 2015-05-15 16:49 - 2015-04-27 20:59 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll 2015-05-15 16:49 - 2015-04-27 20:59 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll 2015-05-15 16:49 - 2015-04-27 20:59 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll 2015-05-15 16:49 - 2015-04-27 20:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll 2015-05-15 16:49 - 2015-04-27 20:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll 2015-05-15 16:49 - 2015-04-27 20:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll 2015-05-15 16:49 - 2015-04-27 20:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll 2015-05-15 16:49 - 2015-04-27 20:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll 2015-05-15 16:49 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll 2015-05-15 16:49 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll 2015-05-15 16:49 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll 2015-05-15 16:49 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll 2015-05-15 16:49 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll 2015-05-15 16:49 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll 2015-05-15 16:49 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll 2015-05-15 16:49 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll 2015-05-15 16:49 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll 2015-05-15 16:49 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll 2015-05-15 16:49 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll 2015-05-15 16:49 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll 2015-05-15 16:49 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll 2015-05-15 16:49 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll 2015-05-15 16:49 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll 2015-05-15 16:49 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll 2015-05-15 16:49 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll 2015-05-15 16:49 - 2015-04-27 20:06 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll 2015-05-15 16:49 - 2015-04-27 19:57 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe 2015-05-15 16:49 - 2015-04-27 19:57 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe 2015-05-15 16:49 - 2015-04-27 19:55 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll 2015-05-15 16:49 - 2015-04-27 19:55 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll 2015-05-15 16:49 - 2015-04-27 19:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll 2015-05-15 16:49 - 2015-04-27 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll 2015-05-15 16:47 - 2015-04-20 05:17 - 01647104 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll 2015-05-15 16:47 - 2015-04-20 05:17 - 01179136 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll 2015-05-15 16:47 - 2015-04-20 04:56 - 01250816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll 2015-05-15 16:47 - 2015-04-20 04:11 - 03204608 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2015-05-15 16:47 - 2015-04-08 05:29 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll 2015-05-15 16:47 - 2015-04-08 05:29 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll 2015-05-15 16:47 - 2015-04-08 05:14 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll 2015-05-15 16:47 - 2015-01-29 05:19 - 02543104 _____ (Microsoft Corporation) C:\Windows\system32\wpdshext.dll 2015-05-15 16:47 - 2015-01-29 05:02 - 02311168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wpdshext.dll 2015-05-15 16:46 - 2015-03-04 06:41 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\apphelp.dll 2015-05-15 16:46 - 2015-03-04 06:41 - 00072192 _____ (Microsoft Corporation) C:\Windows\system32\aelupsvc.dll 2015-05-15 16:46 - 2015-03-04 06:41 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\sdbinst.exe 2015-05-15 16:46 - 2015-03-04 06:41 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\shimeng.dll 2015-05-15 16:46 - 2015-03-04 06:11 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shimeng.dll 2015-05-15 16:46 - 2015-03-04 06:10 - 00295936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apphelp.dll 2015-05-15 16:46 - 2015-03-04 06:10 - 00020992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sdbinst.exe 2015-05-06 18:16 - 2015-05-06 18:16 - 00002071 _____ () C:\Users\Public\Desktop\WISO Steuer-Sparbuch 2015.lnk 2015-05-06 18:15 - 2015-05-06 18:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WISO Steuer-Sparbuch 2015 ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-05-21 18:53 - 2014-05-14 16:50 - 00000000 ____D () C:\FRST 2015-05-21 18:52 - 2010-10-19 18:11 - 02078430 _____ () C:\Windows\WindowsUpdate.log 2015-05-21 18:50 - 2014-03-04 15:38 - 00000000 ____D () C:\Temp 2015-05-21 18:50 - 2013-06-11 18:26 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-05-21 18:49 - 2014-05-23 21:04 - 00000374 _____ () C:\Windows\system32\Drivers\etc\hosts.ics 2015-05-21 18:49 - 2014-01-03 15:31 - 00000000 ____D () C:\Program Files (x86)\Motorola Media Link 2015-05-21 18:48 - 2014-08-18 18:34 - 00020995 _____ () C:\Windows\setupact.log 2015-05-21 18:48 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2015-05-21 18:46 - 2012-03-30 10:03 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware 2015-05-21 16:39 - 2009-07-14 06:45 - 00025840 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-05-21 16:39 - 2009-07-14 06:45 - 00025840 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-05-21 16:26 - 2010-10-20 04:00 - 00703230 _____ () C:\Windows\system32\perfh007.dat 2015-05-21 16:26 - 2010-10-20 04:00 - 00150838 _____ () C:\Windows\system32\perfc007.dat 2015-05-21 16:26 - 2009-07-14 07:13 - 01629508 _____ () C:\Windows\system32\PerfStringBackup.INI 2015-05-21 16:25 - 2012-01-01 13:34 - 00001150 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1760913815-1977244394-2032619341-1000UA.job 2015-05-21 16:25 - 2012-01-01 13:34 - 00001128 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1760913815-1977244394-2032619341-1000Core.job 2015-05-21 16:08 - 2012-03-28 16:34 - 00000000 ____D () C:\ProgramData\Lexware 2015-05-21 16:03 - 2014-08-22 16:29 - 00000000 ___RD () C:\Users\dermauel\Dropbox 2015-05-21 16:03 - 2014-08-22 16:26 - 00000000 ____D () C:\Users\dermauel\AppData\Roaming\Dropbox 2015-05-21 16:02 - 2014-08-18 18:33 - 00166178 _____ () C:\Windows\PFRO.log 2015-05-21 15:47 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Default 2015-05-21 15:41 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini 2015-05-21 15:31 - 2013-06-11 18:26 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-05-21 15:19 - 2012-04-06 10:05 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-05-21 15:02 - 2013-12-04 19:58 - 00001007 _____ () C:\Windows\wiso.ini 2015-05-21 15:01 - 2012-06-21 11:33 - 00000071 _____ () C:\Windows\iltwain.ini 2015-05-21 15:01 - 2011-03-13 22:35 - 00000000 ____D () C:\Users\dermauel\AppData\Local\CrashDumps 2015-05-21 15:01 - 2011-01-03 17:48 - 00000000 ____D () C:\Users\dermauel 2015-05-21 14:59 - 2012-02-24 20:47 - 00000836 _____ () C:\Windows\MyHeritage.INI 2015-05-21 13:47 - 2013-03-14 18:05 - 00000000 ____D () C:\Users\dermauel\AppData\Roaming\Audacity 2015-05-21 13:28 - 2015-04-04 23:43 - 00000000 ___SD () C:\Windows\SysWOW64\GWX 2015-05-21 13:28 - 2015-04-04 23:43 - 00000000 ___SD () C:\Windows\system32\GWX 2015-05-21 13:26 - 2012-05-20 15:12 - 00000000 ____D () C:\Users\dermauel\AppData\Roaming\Spotify 2015-05-21 13:26 - 2012-05-20 15:12 - 00000000 ____D () C:\Users\dermauel\AppData\Local\Spotify 2015-05-21 13:25 - 2013-06-11 18:26 - 00004106 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2015-05-21 13:25 - 2013-06-11 18:26 - 00003854 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2015-05-18 20:37 - 2014-08-16 15:40 - 00000000 ____D () C:\Users\dermauel\AppData\Local\com 2015-05-18 19:21 - 2014-08-16 15:39 - 00000000 ____D () C:\Program Files (x86)\F10DE075-EE9C-4182-AE10-C6767F4F23FB 2015-05-18 19:21 - 2012-06-14 10:37 - 00000000 ____D () C:\Program Files (x86)\PDFCreator 2015-05-18 19:00 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache 2015-05-16 12:26 - 2014-02-17 20:00 - 00000000 ____D () C:\Users\dermauel\AppData\Roaming\Skype 2015-05-16 12:22 - 2012-04-13 14:55 - 00000000 ____D () C:\CareLink Data 2015-05-15 18:19 - 2009-07-14 06:45 - 00431120 _____ () C:\Windows\system32\FNTCACHE.DAT 2015-05-15 18:15 - 2010-09-08 05:25 - 00000000 ____D () C:\Program Files\Windows Journal 2015-05-15 18:15 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\AdvancedInstallers 2015-05-15 18:14 - 2013-03-14 11:35 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight 2015-05-15 18:06 - 2011-02-22 20:27 - 00001912 _____ () C:\Windows\epplauncher.mif 2015-05-15 18:06 - 2011-02-22 20:08 - 00002129 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk 2015-05-15 18:05 - 2011-02-22 20:27 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client 2015-05-15 18:05 - 2011-02-22 20:26 - 00000000 ____D () C:\Program Files\Microsoft Security Client 2015-05-15 18:04 - 2011-02-22 20:36 - 00000000 ____D () C:\ProgramData\Microsoft Help 2015-05-15 18:02 - 2013-08-14 19:08 - 00000000 ____D () C:\Windows\system32\MRT 2015-05-15 17:49 - 2011-01-04 22:34 - 140425016 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2015-05-15 17:40 - 2013-03-14 11:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight 2015-05-15 17:38 - 2013-03-14 11:35 - 00000000 ____D () C:\Program Files\Microsoft Silverlight 2015-05-15 16:55 - 2013-11-30 21:08 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk 2015-05-12 19:44 - 2012-04-24 12:20 - 00000000 ____D () C:\RSM Fire Protection 2015-05-09 11:52 - 2013-12-09 17:36 - 00000000 ____D () C:\Users\dermauel\Documents\Steuer-Sparbuch 2015-05-09 10:21 - 2014-08-22 16:29 - 00001041 _____ () C:\Users\dermauel\Desktop\Dropbox.lnk 2015-05-09 10:21 - 2014-08-22 16:28 - 00000000 ____D () C:\Users\dermauel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox 2015-05-09 10:21 - 2012-07-15 17:21 - 00003115 _____ () C:\Windows\wininit.ini 2015-05-06 22:29 - 2012-05-08 12:19 - 00000000 ____D () C:\Users\dermauel\Documents\Kompanie 2015-05-06 18:53 - 2013-02-28 21:46 - 00000000 ____D () C:\Users\dermauel\Documents\Nagelstudio 2015-05-06 18:16 - 2013-12-04 19:58 - 00000000 ____D () C:\Users\dermauel\AppData\Local\Buhl 2015-05-06 18:11 - 2014-05-22 18:36 - 00000000 ____D () C:\Program Files (x86)\WISO 2015-05-06 18:11 - 2010-09-08 05:01 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information 2015-04-29 21:06 - 2012-06-14 15:13 - 00000144 _____ () C:\Windows\Pcfk32.INI ==================== Files in the root of some directories ======= 2011-03-24 10:08 - 2011-03-24 10:08 - 0458752 ____R (Macromedia) C:\Program Files (x86)\Common Files\HHActiveX.dll 1997-09-04 01:00 - 1997-09-04 01:00 - 0311296 _____ (Microsoft Corporation) C:\Program Files (x86)\Common Files\msacc8.olb 2014-09-01 10:18 - 2014-09-01 10:18 - 0002086 _____ () C:\Users\dermauel\AppData\Roaming\KATMK 2013-04-15 20:35 - 2013-04-15 20:35 - 0001181 _____ () C:\Users\dermauel\AppData\Roaming\trace_FilterInstaller.1.txt 2013-04-15 20:35 - 2014-01-28 18:44 - 0001181 _____ () C:\Users\dermauel\AppData\Roaming\trace_FilterInstaller.txt 2013-04-15 20:35 - 2014-01-28 18:44 - 0000000 _____ () C:\Users\dermauel\AppData\Roaming\trace_FilterInstaller.txt-CRT.txt 2014-08-23 14:22 - 2014-08-23 14:22 - 0000042 _____ () C:\Users\dermauel\AppData\Roaming\WB.CFG 2014-09-01 10:18 - 2014-09-01 10:18 - 0001248 _____ () C:\Users\dermauel\AppData\Roaming\WHNKTVR 2013-07-27 15:50 - 2013-07-27 15:50 - 0081582 _____ () C:\Users\dermauel\AppData\Roaming\zulagames.ico 2011-08-22 14:47 - 2012-01-18 18:50 - 0008192 _____ () C:\Users\dermauel\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2011-07-21 16:44 - 2013-05-04 19:04 - 0004096 ____H () C:\Users\dermauel\AppData\Local\keyfile3.drm 2012-11-25 16:34 - 2013-04-23 19:03 - 0007608 _____ () C:\Users\dermauel\AppData\Local\Resmon.ResmonCfg Some content of TEMP: ==================== C:\Users\dermauel\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpzf86xi.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-05-18 18:49 ==================== End Of Log ============================ Und hier die Addition.txt: Additional scan result of Farbar Recovery Scan Tool (x64) Version: 19-05-2015 Ran by dermauel at 2015-05-21 18:55:02 Running from C:\Users\dermauel\Documents\Steuer-Sparbuch\2014\Downloads Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-1760913815-1977244394-2032619341-500 - Administrator - Disabled) dermauel (S-1-5-21-1760913815-1977244394-2032619341-1000 - Administrator - Enabled) => C:\Users\dermauel Gast (S-1-5-21-1760913815-1977244394-2032619341-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-1760913815-1977244394-2032619341-1002 - Limited - Enabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A} AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7} AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated) Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.0.7220 - Adobe Systems Inc.) Adobe Flash Player 17 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 17.0.0.169 - Adobe Systems Incorporated) Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.169 - Adobe Systems Incorporated) Adobe Photoshop Elements 8.0 (HKLM-x32\...\Adobe Photoshop Elements 8.0) (Version: 8.0 - Adobe Systems Incorporated) Adobe Reader XI (11.0.11) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.11 - Adobe Systems Incorporated) Adobe Shockwave Player 11.6 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.6.7.637 - Adobe Systems, Inc.) Advertising Center (x32 Version: 0.0.0.2 - Nero AG) Hidden Agatha Christie - Death on the Nile (x32 Version: 2.2.0.95 - WildTangent) Hidden Alcor Micro USB Card Reader (HKLM-x32\...\InstallShield_{DD89CE29-BC88-40C6-A845-E2548682C5D6}) (Version: 1.9.17.06019 - Alcor Micro Corp.) Alcor Micro USB Card Reader (x32 Version: 1.9.17.06019 - Alcor Micro Corp.) Hidden ALPS Touch Pad Driver (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 7.105.2015.1107 - Alps Electric) Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.) Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.) ATI Catalyst Install Manager (HKLM\...\{8B79B3A9-6E49-5FFB-2017-A822BBDC4992}) (Version: 3.0.758.0 - ATI Technologies, Inc.) Audacity 2.0.3 (HKLM-x32\...\Audacity_is1) (Version: 2.0.3 - Audacity Team) Backup Manager Basic (x32 Version: 2.0.0.68 - NewTech Infosystems) Hidden Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden Broadcom Gigabit NetLink Controller (HKLM\...\{A84DB02B-9C2B-4272-9D2D-A80E00A56513}) (Version: 14.2.4.2 - Broadcom Corporation) Build-a-lot 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden Caribbean Mah Jong (x32 Version: 2.2.0.97 - WildTangent) Hidden ccc-core-static (x32 Version: 2010.0122.858.16002 - Ihr Firmenname) Hidden CCleaner (HKLM\...\CCleaner) (Version: 4.12 - Piriform) Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden Defraggler (HKLM\...\Defraggler) (Version: 2.11 - Piriform) Diner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.95 - WildTangent) Hidden Dropbox (HKU\S-1-5-21-1760913815-1977244394-2032619341-1000\...\Dropbox) (Version: 3.4.6 - Dropbox, Inc.) Facebook Video Calling 3.1.0.521 (HKLM-x32\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited) Farm Frenzy (x32 Version: 2.2.0.95 - WildTangent) Hidden FATE (x32 Version: 2.2.0.95 - WildTangent) Hidden Final Drive Nitro (x32 Version: 2.2.0.95 - WildTangent) Hidden Free M4a to MP3 Converter 8.3 (HKLM-x32\...\Free M4a to MP3 Converter_is1) (Version: - ManiacTools.com) Free WMA to MP3 Converter 1.16 (HKLM-x32\...\Free WMA to MP3 Converter_is1) (Version: - Jodix Technologies Ltd.) Free YouTube to MP3 Converter version 3.12.50.1111 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.50.1111 - DVDVideoSoft Ltd.) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 42.0.2311.152 - Google Inc.) Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3003 - Packard Bell) ImagXpress (x32 Version: 7.0.74.0 - Nero AG) Hidden Insaniquarium Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation) Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.6.0.1014 - Intel Corporation) iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.) Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation) Jewel Quest Solitaire 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden John Deere Drive Green (x32 Version: 2.2.0.95 - WildTangent) Hidden Junk Mail filter update (x32 Version: 14.0.8117.416 - Microsoft Corporation) Hidden LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version: - ) Launch Manager (HKLM-x32\...\LManager) (Version: 4.0.14 - Packard Bell) Lexware buchhalter 2012 (HKLM-x32\...\{0197D136-598D-4968-BEEA-91C1B764F05D}) (Version: 17.02.00.0185 - Haufe-Lexware GmbH & Co.KG) Lexware Elster (HKLM-x32\...\{B7A20537-1A1F-47D4-8526-DC9BABB315FD}) (Version: 12.10.00.0274 - Haufe-Lexware GmbH & Co.KG) Lexware faktura+auftrag 2012 (HKLM-x32\...\{E8033CB5-A8DF-47B3-BDE9-1796626994C6}) (Version: 16.02.00.0138 - Haufe-Lexware GmbH & Co.KG) Lexware Info Service (HKLM-x32\...\{F3C2ECAA-1B4D-4B75-9105-106B0D03EF02}) (Version: 2.80.00.0007 - Haufe-Lexware GmbH & Co.KG) Malwarebytes Anti-Malware Version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation) Medtronic CareLink Pro (HKLM-x32\...\InstallShield_{AF366EA3-794B-4A74-A1A4-8BFDF042A05C}) (Version: 2.5.0000 - Medtronic, Inc.) Medtronic CareLink Pro (x32 Version: 2.5.0000 - Medtronic, Inc.) Hidden Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation) Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft) Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation) Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation) Microsoft Office Visio 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0051-0000-0000-0000000FF1CE}_VISPRO_{CE144BF4-4950-4CDB-A5F7-CCE1888F49CB}) (Version: - Microsoft) Microsoft Office Visio Professional 2007 (HKLM-x32\...\VISPRO) (Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.8.204.0 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation) Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{4fcf070a-daac-45e9-a8b0-6850941f7ed8}) (Version: 12.0.21005.1 - Microsoft Corporation) Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.) MotoHelper MergeModules (x32 Version: 1.0.0 - Motorola) Hidden MotoHelper MergeModules (x32 Version: 1.2.0 - Motorola) Hidden Motorola Device Manager (HKLM-x32\...\{28DB8373-C1BB-444F-A427-A55585A12ED7}) (Version: 2.4.5 - Motorola Mobility) Motorola Device Software Update (x32 Version: 13.09.3001 - Motorola Mobility) Hidden MOTOROLA MEDIA LINK (HKLM-x32\...\{D9DC70B6-BE13-41DD-9053-9E617E72D085}) (Version: 1.2.1400.1 - Motorola) Motorola Mobile Drivers Installation 6.3.0 (HKLM\...\{759E6A2F-1F01-45EF-A0C4-22F1B56CB975}) (Version: 6.3.0 - Motorola Mobility LLC) MSVC80_x64_v2 (Version: 1.0.3.0 - Nokia) Hidden MSVC80_x86_v2 (x32 Version: 1.0.3.0 - Nokia) Hidden MSVC90_x64 (Version: 1.0.1.2 - Nokia) Hidden MSVC90_x86 (x32 Version: 1.0.1.2 - Nokia) Hidden MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation) MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation) MyHeritage Family Tree Builder (HKLM-x32\...\Family Tree Builder) (Version: 6.0.0.5634 - MyHeritage.com) Nero 9 Essentials (HKLM-x32\...\{16337ff7-9fb9-4476-837b-acc962fc4bc5}) (Version: - Nero AG) NetObjects Fusion 12.0 (HKLM-x32\...\{870AEFA8-3A0C-4A28-9E52-843E386B9061}) (Version: 12 German - NetObjects) NetObjects Fusion 12.0 (x32 Version: 12.00.5000.5222 - NetObjects) Hidden Packard Bell Games (HKLM-x32\...\WildTangent packardbell Master Uninstall) (Version: 1.0.2.5 - WildTangent) Packard Bell InfoCentre (HKLM-x32\...\Packard Bell InfoCentre) (Version: 3.02.3000 - Packard Bell) Packard Bell MyBackup (HKLM-x32\...\InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}) (Version: 2.0.0.68 - NewTech Infosystems) Packard Bell Power Management (HKLM-x32\...\{3DB0448D-AD82-4923-B305-D001E521A964}) (Version: 5.00.3005 - Packard Bell) Packard Bell Recovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 4.05.3013 - Packard Bell) Packard Bell Registration (HKLM-x32\...\Packard Bell Registration) (Version: 1.03.3003 - Packard Bell) Packard Bell ScreenSaver (HKLM-x32\...\Packard Bell Screensaver) (Version: 1.1.0915.2010 - Packard Bell ) Packard Bell Social Networks (HKLM-x32\...\InstallShield_{64EF903E-D00A-414C-94A4-FBA368FFCDC9}) (Version: 1.0.1901 - CyberLink Corp.) Packard Bell Social Networks (x32 Version: 1.0.1901 - CyberLink Corp.) Hidden Packard Bell Updater (HKLM-x32\...\{EE171732-BEB4-4576-887D-CB62727F01CA}) (Version: 1.02.3001 - Packard Bell) PaperPort Image Printer 64-bit (HKLM\...\{ABA4FAF1-6389-45F9-92CE-3914A4E5C471}) (Version: 1.00.0000 - Nuance Communications, Inc.) partypoker (HKLM-x32\...\PartyPoker) (Version: - PartyGaming) PDF to BMP JPG TIFF Converter 2.32 (HKLM-x32\...\PDF To BMP JPG TIFF Converter_is1) (Version: 2.32 - Blue Label Soft) PDF24 Creator 6.7.0 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version: - PDF24.org) Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden Plants vs. Zombies (x32 Version: 2.2.0.95 - WildTangent) Hidden Polar Bowler (x32 Version: 2.2.0.95 - WildTangent) Hidden Polar Golfer (x32 Version: 2.2.0.95 - WildTangent) Hidden QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6167 - Realtek Semiconductor Corp.) ScanSoft PaperPort 11 (HKLM-x32\...\{02570AE0-BEE0-4A6C-BE3F-D806E9F2EA17}) (Version: 11.2.0000 - Nuance Communications, Inc.) Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.) solut Kassenbuch 3.21 (HKLM-x32\...\solut Kassenbuch_is1) (Version: 3.21 - solut consulting software services) solut Mitgliederverwaltung 1.03 (HKLM-x32\...\solut Mitgliederverwaltung_is1) (Version: 1.03 - solut consulting software services) SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version: - ) Spotify (HKU\S-1-5-21-1760913815-1977244394-2032619341-1000\...\Spotify) (Version: 1.0.5.178.g885b099b - Spotify AB) SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.0.1146 - SUPERAntiSpyware.com) swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft) Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0051-0000-0000-0000000FF1CE}_VISPRO_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft) Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version: - Microsoft) Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version: - Microsoft) Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version: - Microsoft) Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version: - Microsoft) Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden Video Web Camera (HKLM-x32\...\{83299633-1261-47A3-84F3-6F02B4B8CDB1}) (Version: 2.0.4.6 - liteon) Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.95 - WildTangent) Hidden Welcome Center (HKLM-x32\...\Packard Bell Welcome Center) (Version: 1.02.3004 - Packard Bell) WildTangent Games App (x32 Version: 4.0.10.5 - WildTangent) Hidden Windows Live Anmelde-Assistent (HKLM-x32\...\{52B97218-98CB-4B8B-9283-D213C85E1AA4}) (Version: 5.000.818.5 - Microsoft Corporation) Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8117.0416 - Microsoft Corporation) Windows Live Sync (HKLM-x32\...\{586509F0-350D-48B5-B763-9CC2F8D96C4C}) (Version: 14.0.8117.416 - Microsoft Corporation) Windows Live-Uploadtool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation) WinZip 17.5 (HKLM-x32\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240DC}) (Version: 17.5.10562 - WinZip Computing, S.L. ) WISO Steuer-Sparbuch 2013 (HKLM-x32\...\{D6CC2FAF-F827-4091-96A1-D32CC9B69C79}) (Version: 20.00.8137 - Buhl Data Service GmbH) WISO Steuer-Sparbuch 2014 (HKLM-x32\...\{9CAB507F-0430-464B-B703-59C3005EA3FC}) (Version: 21.00.8480 - Buhl Data Service GmbH) WISO Steuer-Sparbuch 2015 (HKLM-x32\...\{F007AA1D-B0EB-4992-B271-BAD7724B7F77}) (Version: 22.00.8811 - Buhl Data Service GmbH) Zuma Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden Zuma's Revenge (x32 Version: 2.2.0.95 - WildTangent) Hidden ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) CustomCLSID: HKU\S-1-5-21-1760913815-1977244394-2032619341-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\dermauel\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1760913815-1977244394-2032619341-1000_Classes\CLSID\{3560575F-7C2D-48AE-AB45-DAD430A95EBE}\InprocServer32 -> C:\Program Files (x86)\WinZip\adxloader64.dll () CustomCLSID: HKU\S-1-5-21-1760913815-1977244394-2032619341-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\dermauel\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1760913815-1977244394-2032619341-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\dermauel\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1760913815-1977244394-2032619341-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\dermauel\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1760913815-1977244394-2032619341-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\dermauel\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1760913815-1977244394-2032619341-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\dermauel\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1760913815-1977244394-2032619341-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\dermauel\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1760913815-1977244394-2032619341-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\dermauel\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1760913815-1977244394-2032619341-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\dermauel\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) ==================== Restore Points ========================= 06-05-2015 18:11:15 Installiert WISO Steuer-Sparbuch 2015 07-05-2015 20:25:02 Windows Update 11-05-2015 19:39:40 Windows Update 15-05-2015 17:36:14 Windows Update 19-05-2015 18:18:05 Windows Update 21-05-2015 13:28:08 Windows Update ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-14 04:34 - 2015-05-21 15:41 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 localhost ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {06458491-4AE0-4EEE-8BE6-93B32339E45A} - System32\Tasks\{F83E5244-A10A-417D-992F-90D4F325D67D} => pcalua.exe -a "C:\Program Files (x86)\RelevantKnowledge\rlvknlg.exe" -c -bootremove -uninst:RelevantKnowledge Task: {12056C9C-7EA5-4190-9370-297F845656E0} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-04-16] (Adobe Systems Incorporated) Task: {14A8A579-E2AC-4A8D-89C6-81468ADB6333} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-06-11] (Google Inc.) Task: {19FDA9BA-9583-4B80-81BD-F8233DC0AE3B} - System32\Tasks\LaunchSignup => C:\Program Files (x86)\MyPC Backup\Signup Wizard.exe <==== ATTENTION Task: {2BEDE67E-73B9-4D1E-9063-F51B48B0C90E} - System32\Tasks\5028 => Wscript.exe C:\Users\dermauel\AppData\Local\Temp\launchie.vbs //B <==== ATTENTION Task: {355B0311-CF65-4708-85DC-B79861BFF7E2} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1760913815-1977244394-2032619341-1000UA => C:\Users\dermauel\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-12] (Facebook Inc.) Task: {3B38B740-D4E7-4616-BC9C-A59FBB1654AD} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1760913815-1977244394-2032619341-1000Core => C:\Users\dermauel\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-12] (Facebook Inc.) Task: {4135D9BE-18E2-492E-B127-23C9E80F2042} - System32\Tasks\{C2BC2C05-B64A-491F-B373-31B0F7748928} => C:\Program Files (x86)\NetObjects\NetObjects Fusion 10.0\Fusion.exe Task: {46F95103-77BD-446D-B602-6C6FD1546860} - System32\Tasks\Motorola Device Manager Update => C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2013-10-31] () Task: {4FDCC957-4763-4101-946D-78F6311C2A01} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.) Task: {71AEE8A1-CA3A-4BF7-8974-61E1AE112565} - System32\Tasks\{EA1C233D-C9BE-4906-951C-5797F7E412B1} => Chrome.exe hxxp://www.skype.com/go/downloading?source=lightinstaller&ver=4.1.0.179.370&LastError=404 Task: {79C7FB87-9658-4D91-A9B5-CCAE162DC34D} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated) Task: {8190C633-7D26-4214-B3AE-E12411D921AB} - System32\Tasks\Go for FilesUpdate => C:\Program Files (x86)\GoforFiles\GFFUpdater.exe <==== ATTENTION Task: {85B3E94E-6574-436A-8ED7-6AB2B726788F} - System32\Tasks\{88C15AD2-C0DC-4ED8-85DB-1A499A6230DC} => pcalua.exe -a C:\Users\dermauel\AppData\Roaming\mystartsearch\UninstallManager.exe -c -ptid=tugs Task: {9E56C745-71D9-481D-B616-099A1E69D5B4} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-06-11] (Google Inc.) Task: {A16F7AB1-E3A9-48CD-AE2A-D6805388953A} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-03-18] (Piriform Ltd) Task: {A5C77EA7-782E-4D0F-87AF-C54EBA9CDC25} - System32\Tasks\Motorola Device Manager Initial Update => C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2013-10-31] () Task: {C8EC20B0-7D76-4708-BBA4-DF309678F9BE} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-05-07] (Microsoft Corporation) Task: {D7A2FD7A-14EA-47CD-8A53-9689B7FE8D81} - System32\Tasks\Motorola Device Manager Engine => C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2013-10-31] () Task: {ECF25EF1-B878-4B22-9CBE-7ED6405DA8AD} - System32\Tasks\0 => Iexplore.exe <==== ATTENTION Task: {F5B8B747-1F94-47E5-8F6B-B71C5F5C6D00} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-05-07] (Microsoft Corporation) Task: {FBD21337-0116-4417-8030-D9F782C7EAA2} - System32\Tasks\{8D5C778C-44CD-4CBE-ACC3-8DB0CFCB30AC} => pcalua.exe -a "C:\Users\dermauel\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SGZTNM61\free-wma-mp3-converter.exe" -d C:\Users\dermauel\Desktop Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1760913815-1977244394-2032619341-1000Core.job => C:\Users\dermauel\AppData\Local\Facebook\Update\FacebookUpdate.exe Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1760913815-1977244394-2032619341-1000UA.job => C:\Users\dermauel\AppData\Local\Facebook\Update\FacebookUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (Whitelisted) ============== 2010-01-07 14:42 - 2010-01-07 14:42 - 00016384 ____R () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll 2010-10-19 18:11 - 2010-10-19 18:11 - 00270336 _____ () C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll 2014-10-11 14:06 - 2014-10-11 14:06 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll 2014-10-11 14:05 - 2014-10-11 14:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll 2010-08-06 15:12 - 2010-08-06 15:12 - 00116008 _____ () C:\Program Files (x86)\Motorola Media Link\liveupdatetactics.dll 2010-08-06 15:12 - 2010-08-06 15:12 - 00023848 _____ () C:\Program Files (x86)\Motorola Media Link\DbAccess.dll 2010-08-06 15:10 - 2010-08-06 15:10 - 00460199 ____R () C:\Program Files (x86)\Motorola Media Link\sqlite3.dll 2010-08-06 15:09 - 2010-08-06 15:09 - 00026624 ____R () C:\Program Files (x86)\Motorola Media Link\NFileCacheDBAccess.dll 2013-10-31 17:05 - 2013-10-31 17:05 - 00172032 _____ () C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\css_core.dll 2010-06-29 00:20 - 2010-06-29 00:20 - 00465576 _____ () C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\sqlite3.dll 2010-06-29 00:12 - 2010-06-29 00:12 - 01081600 _____ () C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\ACE.dll 2010-10-20 03:50 - 2009-05-21 00:02 - 00072200 _____ () C:\Program Files (x86)\Launch Manager\CdDirIo.dll 2015-05-21 18:50 - 2015-05-21 18:50 - 00043008 _____ () c:\users\dermauel\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpzf86xi.dll 2015-03-04 23:45 - 2015-03-04 23:45 - 00750080 _____ () C:\Users\dermauel\AppData\Roaming\Dropbox\bin\libGLESv2.dll 2015-03-04 23:45 - 2015-03-04 23:45 - 00047616 _____ () C:\Users\dermauel\AppData\Roaming\Dropbox\bin\libEGL.dll 2015-03-04 23:45 - 2015-03-04 23:45 - 00865280 _____ () C:\Users\dermauel\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll 2015-03-04 23:45 - 2015-03-04 23:45 - 00200704 _____ () C:\Users\dermauel\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) AlternateDataStreams: C:\ProgramData\Temp:11590865 AlternateDataStreams: C:\ProgramData\Temp:364682BC AlternateDataStreams: C:\ProgramData\Temp:6A9CA6CB AlternateDataStreams: C:\ProgramData\Temp:7E4E56EA AlternateDataStreams: C:\ProgramData\Temp:8C12CFCD AlternateDataStreams: C:\ProgramData\Temp:96372A73 AlternateDataStreams: C:\ProgramData\Temp:A2B3764A AlternateDataStreams: C:\ProgramData\Temp  0757AABAlternateDataStreams: C:\ProgramData\Temp:E37F131C AlternateDataStreams: C:\ProgramData\Temp:E8B61305 AlternateDataStreams: C:\ProgramData\Temp:E9900C74 AlternateDataStreams: C:\ProgramData\Temp:F98E6C67 ==================== Safe Mode (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (Whitelisted) =============== (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, the associated entry will be removed from the registry.) ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-1760913815-1977244394-2032619341-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\dermauel\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg DNS Servers: 192.168.178.1 ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^VideoWebCamera.exe.lnk => C:\Windows\pss\VideoWebCamera.exe.lnk.CommonStartup MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WISO Mein Steuer-Sparbuch heute.lnk => C:\Windows\pss\WISO Mein Steuer-Sparbuch heute.lnk.CommonStartup MSCONFIG\startupfolder: C:^Users^dermauel^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\Windows\pss\Dropbox.lnk.Startup MSCONFIG\startupreg: Apoint => C:\Program Files\Apoint2K\Apoint.exe MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" MSCONFIG\startupreg: BackupManagerTray => "C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\BackupManagerTray.exe" -h -k MSCONFIG\startupreg: Browser Infrastructure Helper => C:\Users\dermauel\AppData\Local\Smartbar\Application\QuickShare.exe startup MSCONFIG\startupreg: Facebook Update => "C:\Users\dermauel\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver MSCONFIG\startupreg: Family Tree Builder Update => C:\Program Files (x86)\MyHeritage\Bin\FTBCheckUpdates.exe MSCONFIG\startupreg: GrooveMonitor => "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" MSCONFIG\startupreg: IndexSearch => "C:\Program Files (x86)\ScanSoft\PaperPort\IndexSearch.exe" MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe" MSCONFIG\startupreg: LexwareInfoService => C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe /autostart MSCONFIG\startupreg: msnmsgr => "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background MSCONFIG\startupreg: NokiaMServer => C:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup MSCONFIG\startupreg: NokiaOviSuite2 => C:\Program Files (x86)\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe -tray MSCONFIG\startupreg: NokiaPCInternetAccess => "C:\Program Files (x86)\Nokia\PC Internet Access\NPCIA.exe" /b MSCONFIG\startupreg: PDFPrint => C:\Program Files (x86)\PDF24\pdf24.exe MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime MSCONFIG\startupreg: Spotify => "C:\Users\dermauel\AppData\Roaming\Spotify\Spotify.exe" -autostart -minimized MSCONFIG\startupreg: Spotify Web Helper => "C:\Users\dermauel\AppData\Roaming\Spotify\SpotifyWebHelper.exe" MSCONFIG\startupreg: SweetIM => C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe MSCONFIG\startupreg: Sweetpacks Communicator => C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe MSCONFIG\startupreg: TomTomHOME.exe => "C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe" ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) FirewallRules: [{155EB3F0-E18D-43A7-A779-3C4CB3839461}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\wlcsdk.exe FirewallRules: [{2AAF9657-23BF-4041-BD13-F0AA54267B2E}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe FirewallRules: [{D82CE361-D066-4C4D-9CEB-84F6DACA5980}] => (Allow) svchost.exe FirewallRules: [{00EAECC1-E5C1-4B1A-A76E-F4C4E4F41A7B}] => (Allow) C:\Program Files (x86)\Windows Live\Sync\WindowsLiveSync.exe FirewallRules: [{1C27EEF3-A380-4C2E-9C20-C3B3765793DF}] => (Allow) C:\Program Files (x86)\Adobe\Elements Organizer 8.0\AdobePhotoshopElementsMediaServer.exe FirewallRules: [{02D46C41-B4EB-4DE0-ADCB-D8502E30D23E}] => (Allow) C:\Program Files (x86)\Adobe\Elements Organizer 8.0\AdobePhotoshopElementsMediaServer.exe FirewallRules: [{A6167B4D-4DDC-4284-9A90-399BBAE0C2E2}] => (Allow) C:\Windows\SysWOW64\msiexec.exe FirewallRules: [{3058BE66-315F-430D-9F5C-72A987AA7F0A}] => (Allow) C:\Windows\SysWOW64\msiexec.exe FirewallRules: [TCP Query User{5690C590-1C59-4A6F-A000-957BEB36F6C5}C:\users\dermauel\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\dermauel\appdata\roaming\spotify\spotify.exe FirewallRules: [UDP Query User{55CFE107-525F-4036-A2E5-C5A4F3F157F8}C:\users\dermauel\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\dermauel\appdata\roaming\spotify\spotify.exe FirewallRules: [TCP Query User{C52C5BB3-7877-40C7-AF51-65ADD10778B5}C:\users\dermauel\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\dermauel\appdata\roaming\spotify\spotify.exe FirewallRules: [UDP Query User{EBDA4A36-29F4-4AB2-8392-62801CD19852}C:\users\dermauel\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\dermauel\appdata\roaming\spotify\spotify.exe FirewallRules: [TCP Query User{FB419489-B9B7-4FBF-9BA7-C995545B2898}C:\program files (x86)\motorola media link\mml.exe] => (Allow) C:\program files (x86)\motorola media link\mml.exe FirewallRules: [UDP Query User{B8B8F3CC-1307-42A6-951F-E45CE144B631}C:\program files (x86)\motorola media link\mml.exe] => (Allow) C:\program files (x86)\motorola media link\mml.exe FirewallRules: [{E7D51414-07AD-4610-94FB-D44A9C3A17CA}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe FirewallRules: [{A3DDB784-0E97-454F-8313-B1A155AA4B64}] => (Allow) C:\Users\dermauel\AppData\Local\Facebook\Video\Skype\FacebookVideoCalling.exe FirewallRules: [{95874CB7-8E29-41B1-9BBD-B7E34784AD9D}] => (Allow) C:\Users\dermauel\AppData\Roaming\Dropbox\bin\Dropbox.exe FirewallRules: [{B0E05B67-261D-401D-94CC-2CE6E8E345B5}] => (Allow) C:\Users\dermauel\AppData\Roaming\Dropbox\bin\Dropbox.exe FirewallRules: [TCP Query User{D21630FB-4E0D-419F-8D8A-035597CCC261}C:\program files (x86)\motorola media link\mml.exe] => (Allow) C:\program files (x86)\motorola media link\mml.exe FirewallRules: [UDP Query User{5EB994F5-963B-423F-8178-5E9FDD22FF9B}C:\program files (x86)\motorola media link\mml.exe] => (Allow) C:\program files (x86)\motorola media link\mml.exe FirewallRules: [{140CF100-BB9F-460D-9B2F-97C3416940A2}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe FirewallRules: [TCP Query User{038F006B-7C87-4333-B502-6BC2B76AE065}C:\users\dermauel\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\dermauel\appdata\roaming\dropbox\bin\dropbox.exe FirewallRules: [UDP Query User{9BCE0409-9C86-4632-BA65-199922F9388E}C:\users\dermauel\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\dermauel\appdata\roaming\dropbox\bin\dropbox.exe FirewallRules: [TCP Query User{A50A65E5-3A63-408C-8B39-DBABC8DF822D}C:\users\dermauel\appdata\local\temp\jivexviewer\jre\bin\jivex[dv] light] => (Allow) C:\users\dermauel\appdata\local\temp\jivexviewer\jre\bin\jivex[dv] light FirewallRules: [UDP Query User{CE2153BC-CB93-46FA-91D0-91DE2E88B2F5}C:\users\dermauel\appdata\local\temp\jivexviewer\jre\bin\jivex[dv] light] => (Allow) C:\users\dermauel\appdata\local\temp\jivexviewer\jre\bin\jivex[dv] light FirewallRules: [{F3580BC8-0BCA-43A5-8A14-DD3DED08AC13}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Faulty Device Manager Devices ============= Name: Teredo Tunneling Pseudo-Interface Description: Microsoft-Teredo-Tunneling-Adapter Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: tunnel Problem: : This device cannot start. (Code10) Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device. On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard. ==================== Event log errors: ========================= Application errors: ================== Error: (05/21/2015 04:09:27 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: Programm Pcfk32.exe, Version 16.2.0.149 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 136c Startzeit: 01d093cf91b4ec50 Endzeit: 16 Anwendungspfad: C:\Program Files (x86)\Lexware\faktura + auftrag\2012\Pcfk32.exe Berichts-ID: d6b2d229-ffc2-11e4-8fe2-206a8a1eaa62 Error: (05/21/2015 03:01:15 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: Fusion.exe, Version: 12.0.5000.5222, Zeitstempel: 0x52f9c922 Name des fehlerhaften Moduls: MFC71.DLL, Version: 7.10.3077.0, Zeitstempel: 0x3e77fdfd Ausnahmecode: 0xc0000005 Fehleroffset: 0x0002a3a3 ID des fehlerhaften Prozesses: 0x78c Startzeit der fehlerhaften Anwendung: 0xFusion.exe0 Pfad der fehlerhaften Anwendung: Fusion.exe1 Pfad des fehlerhaften Moduls: Fusion.exe2 Berichtskennung: Fusion.exe3 Error: (05/21/2015 03:00:37 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: Fusion.exe, Version: 12.0.5000.5222, Zeitstempel: 0x52f9c922 Name des fehlerhaften Moduls: MFC71.DLL, Version: 7.10.3077.0, Zeitstempel: 0x3e77fdfd Ausnahmecode: 0xc0000005 Fehleroffset: 0x0002a3a3 ID des fehlerhaften Prozesses: 0x78c Startzeit der fehlerhaften Anwendung: 0xFusion.exe0 Pfad der fehlerhaften Anwendung: Fusion.exe1 Pfad des fehlerhaften Moduls: Fusion.exe2 Berichtskennung: Fusion.exe3 Error: (05/21/2015 01:51:39 PM) (Source: Outlook) (EventID: 35) (User: ) Description: Fehler beim Bestimmen, ob sich der Speicher im Crawlbereich befindet (Fehler=0x8007043c). Error: (05/21/2015 01:51:39 PM) (Source: Outlook) (EventID: 34) (User: ) Description: Fehler beim Abrufen des Crawlbereichs-Managers. Fehler=0x8007043c. Error: (05/21/2015 01:51:39 PM) (Source: Outlook) (EventID: 35) (User: ) Description: Fehler beim Bestimmen, ob sich der Speicher im Crawlbereich befindet (Fehler=0x8007043c). Error: (05/21/2015 01:51:39 PM) (Source: Outlook) (EventID: 34) (User: ) Description: Fehler beim Abrufen des Crawlbereichs-Managers. Fehler=0x8007043c. Error: (05/21/2015 01:49:56 PM) (Source: Outlook) (EventID: 35) (User: ) Description: Fehler beim Bestimmen, ob sich der Speicher im Crawlbereich befindet (Fehler=0x8007043c). Error: (05/21/2015 01:49:56 PM) (Source: Outlook) (EventID: 34) (User: ) Description: Fehler beim Abrufen des Crawlbereichs-Managers. Fehler=0x8007043c. Error: (05/21/2015 01:49:49 PM) (Source: Outlook) (EventID: 35) (User: ) Description: Fehler beim Bestimmen, ob sich der Speicher im Crawlbereich befindet (Fehler=0x8007043c). System errors: ============= Error: (05/21/2015 06:50:13 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT) Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC) Error: (05/21/2015 06:45:56 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT) Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC) Error: (05/21/2015 04:36:42 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT) Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC) Error: (05/21/2015 04:22:36 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT) Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC) Error: (05/21/2015 04:18:23 PM) (Source: Service Control Manager) (EventID: 7043) (User: ) Description: Der Dienst Diagnostics Tracking Service konnte nach dem Empfang eines Preshutdown-Steuerelements nicht richtig heruntergefahren werden. Error: (05/21/2015 04:18:22 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT) Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC) Error: (05/21/2015 04:03:46 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT) Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC) Error: (05/21/2015 03:41:33 PM) (Source: Service Control Manager) (EventID: 7030) (User: ) Description: Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren. Error: (05/21/2015 03:40:31 PM) (Source: Application Popup) (EventID: 1060) (User: ) Description: Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\ComboFix\catchme.sys nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten. Error: (05/21/2015 03:34:41 PM) (Source: Service Control Manager) (EventID: 7030) (User: ) Description: Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren. Microsoft Office Sessions: ========================= Error: (04/09/2015 08:34:22 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: ) Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6691.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 361 seconds with 180 seconds of active time. This session ended with a crash. Error: (02/03/2014 07:56:31 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: ) Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 2319 seconds with 2160 seconds of active time. This session ended with a crash. Error: (11/11/2013 11:25:59 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: ) Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6680.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 13529 seconds with 780 seconds of active time. This session ended with a crash. Error: (07/19/2013 05:54:04 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: ) Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 90913 seconds with 1920 seconds of active time. This session ended with a crash. Error: (06/22/2013 03:09:56 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: ) Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 20251 seconds with 240 seconds of active time. This session ended with a crash. Error: (03/19/2013 07:22:29 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: ) Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 17980 seconds with 1140 seconds of active time. This session ended with a crash. CodeIntegrity Errors: =================================== Date: 2015-05-21 15:40:31.616 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2015-05-21 15:40:31.367 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. ==================== Memory info =========================== Processor: Intel(R) Core(TM) i3 CPU M 370 @ 2.40GHz Percentage of memory in use: 41% Total physical RAM: 3956.5 MB Available physical RAM: 2322.94 MB Total Pagefile: 7911.2 MB Available Pagefile: 5839.74 MB Total Virtual: 8192 MB Available Virtual: 8191.85 MB ==================== Drives ================================ Drive c: (Packard Bell) (Fixed) (Total:452.97 GB) (Free:362.31 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 465.8 GB) (Disk ID: F273F273) Partition 1: (Not Active) - (Size=12.7 GB) - (Type=27) Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=453 GB) - (Type=07 NTFS) ==================== End Of Log ============================ Viele Grüße Ernst |
|
22.05.2015, 10:33
| #4 |
| /// the machine /// TB-Ausbilder | Laptop infiziert - Öffnet selbstständig Programme So funktioniert es:Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
Downloade dir bitte  Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
25.05.2015, 10:15
| #5 |
| | Laptop infiziert - Öffnet selbstständig Programme Hallo, habe die beiden Programme drüber laufen lassen, aber beide haben anscheinend keine Malware oder ähnliches gefunden. Ich habe nun festgestellt, dass das Problem nur besteht, wenn der Laptop am Netzteil angeschlossen ist. Im Akkubetrieb läuft der problemlos. Hier die beiden Reports von den Programmen und ich versuche, diese nochmal zu starten, wenn der Laptop am Netzteil ist. Bericht mbar: Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.09.1.1004
www.malwarebytes.org
Database version:
main: v2015.05.22.03
rootkit: v2015.05.16.01
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.17801
dermauel :: DERMAUEL-PC [administrator]
22.05.2015 16:51:18
mbar-log-2015-05-22 (16-51-18).txt
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 389232
Time elapsed: 43 minute(s), 1 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
Physical Sectors Detected: 0
(No malicious items detected)
(end)
Und hier Report vom TDSSKILLER: Den muss ich in zwei Posts aufteilen, da der Text zu land ist. Hoffe, dass klappt. Hier Teil 1: Code:
ATTFilter 20:46:50.0700 0x15f4 TDSS rootkit removing tool 3.0.0.44 Jan 22 2015 08:27:04
20:46:56.0737 0x15f4 ============================================================
20:46:56.0737 0x15f4 Current date / time: 2015/05/22 20:46:56.0737
20:46:56.0737 0x15f4 SystemInfo:
20:46:56.0737 0x15f4
20:46:56.0737 0x15f4 OS Version: 6.1.7601 ServicePack: 1.0
20:46:56.0737 0x15f4 Product type: Workstation
20:46:56.0737 0x15f4 ComputerName: DERMAUEL-PC
20:46:56.0737 0x15f4 UserName: dermauel
20:46:56.0737 0x15f4 Windows directory: C:\Windows
20:46:56.0737 0x15f4 System windows directory: C:\Windows
20:46:56.0737 0x15f4 Running under WOW64
20:46:56.0737 0x15f4 Processor architecture: Intel x64
20:46:56.0737 0x15f4 Number of processors: 4
20:46:56.0737 0x15f4 Page size: 0x1000
20:46:56.0737 0x15f4 Boot type: Normal boot
20:46:56.0737 0x15f4 ============================================================
20:46:58.0126 0x15f4 KLMD registered as C:\Windows\system32\drivers\20638458.sys
20:46:59.0077 0x15f4 System UUID: {BA7CBA20-EBC9-04D2-DA2F-666F0C564C2D}
20:47:00.0981 0x15f4 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 ( 465.76 Gb ), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
20:47:00.0981 0x15f4 ============================================================
20:47:00.0981 0x15f4 \Device\Harddisk0\DR0:
20:47:00.0981 0x15f4 MBR partitions:
20:47:00.0981 0x15f4 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1964800, BlocksNum 0x32000
20:47:00.0981 0x15f4 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1996800, BlocksNum 0x389EF030
20:47:00.0981 0x15f4 ============================================================
20:47:01.0012 0x15f4 C: <-> \Device\Harddisk0\DR0\Partition2
20:47:01.0012 0x15f4 ============================================================
20:47:01.0012 0x15f4 Initialize success
20:47:01.0012 0x15f4 ============================================================
20:47:11.0573 0x1424 ============================================================
20:47:11.0573 0x1424 Scan started
20:47:11.0573 0x1424 Mode: Manual;
20:47:11.0573 0x1424 ============================================================
20:47:11.0573 0x1424 KSN ping started
20:47:25.0597 0x1424 KSN ping finished: true
20:47:26.0767 0x1424 ================ Scan system memory ========================
20:47:26.0767 0x1424 System memory - ok
20:47:26.0767 0x1424 ================ Scan services =============================
20:47:26.0877 0x1424 [ 970C70F6B2953ED43822D3797855D84C, CB22723678B514277BC6E6DDDD206F3B2377CD889C9D473A47A7056BE597BC6B ] !SASCORE C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
20:47:26.0970 0x1424 !SASCORE - ok
20:47:27.0235 0x1424 [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
20:47:27.0251 0x1424 1394ohci - ok
20:47:27.0329 0x1424 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI C:\Windows\system32\drivers\ACPI.sys
20:47:27.0345 0x1424 ACPI - ok
20:47:27.0391 0x1424 [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
20:47:27.0391 0x1424 AcpiPmi - ok
20:47:27.0532 0x1424 [ 34400005DE52842C4D6D4EE978B4D7CE, E7C3121812284B9FE6A12910C67C98354BAF5DB74865A5B4E0C2E64852BDB50A ] AdobeActiveFileMonitor8.0 c:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
20:47:27.0532 0x1424 AdobeActiveFileMonitor8.0 - ok
20:47:27.0703 0x1424 [ FC5B75CA6A1DA31EDD4F8D53F5540B98, CDC445F2790ADFC4C5568C40D4DA8BB95CD71991665B38AEC3D84571C99C3520 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
20:47:27.0703 0x1424 AdobeARMservice - ok
20:47:27.0859 0x1424 [ B04A4810C6CC205F9DC72DC22E4AB236, 547321F5C28C80D4818372D65E2A33D4BAC593015DD6613B24586FE4B4A95D5D ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
20:47:27.0875 0x1424 AdobeFlashPlayerUpdateSvc - ok
20:47:27.0937 0x1424 [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
20:47:28.0000 0x1424 adp94xx - ok
20:47:28.0047 0x1424 [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
20:47:28.0093 0x1424 adpahci - ok
20:47:28.0140 0x1424 [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
20:47:28.0140 0x1424 adpu320 - ok
20:47:28.0203 0x1424 [ 83BFCCAC53795E8A5055A93672D0C46C, B2B03473D950A5BA9DE59D81E7B14C1FAFF17B2A4D8A5808588F5CC21D63B291 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
20:47:28.0203 0x1424 AeLookupSvc - ok
20:47:28.0312 0x1424 [ FA886682CFC5D36718D3E436AACF10B9, F80AB4F91AA6B5C7ECCB000D8E1BC2CF776DC3D69B3D9EBC2558C19035A6B3AB ] AFD C:\Windows\system32\drivers\afd.sys
20:47:28.0374 0x1424 AFD - ok
20:47:28.0437 0x1424 [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440 C:\Windows\system32\drivers\agp440.sys
20:47:28.0437 0x1424 agp440 - ok
20:47:28.0499 0x1424 [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG C:\Windows\System32\alg.exe
20:47:28.0499 0x1424 ALG - ok
20:47:28.0546 0x1424 [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide C:\Windows\system32\drivers\aliide.sys
20:47:28.0561 0x1424 aliide - ok
20:47:28.0593 0x1424 [ 3D90CF67DB75823A8480E56BBCD2E028, 775D58B99ACA606D434713BC00132D43061C37CFEEAECD194FCFDF45792944A3 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
20:47:28.0608 0x1424 AMD External Events Utility - ok
20:47:28.0671 0x1424 [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide C:\Windows\system32\drivers\amdide.sys
20:47:28.0671 0x1424 amdide - ok
20:47:28.0702 0x1424 [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
20:47:28.0702 0x1424 AmdK8 - ok
20:47:29.0123 0x1424 [ 52679612D742BF74CA1BA6AB86DDF431, 9D7A8FA8952519AD83CD36038F85B958BC97D1A25596EDC01CA1F6DD45DB542A ] amdkmdag C:\Windows\system32\DRIVERS\atipmdag.sys
20:47:29.0529 0x1424 amdkmdag - ok
20:47:29.0622 0x1424 [ 414E0788920A8C856032BE2CBF29F984, 2DD027ADA24C871167C80A2F5C5ED5CB3AEA1E3A4E8C5FD352FA82C33B24479B ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
20:47:29.0638 0x1424 amdkmdap - ok
20:47:29.0669 0x1424 [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
20:47:29.0685 0x1424 AmdPPM - ok
20:47:29.0716 0x1424 [ D4121AE6D0C0E7E13AA221AA57EF2D49, 626F43C099BD197BE56648C367B711143C2BCCE96496BBDEF19F391D52FA01D0 ] amdsata C:\Windows\system32\drivers\amdsata.sys
20:47:29.0716 0x1424 amdsata - ok
20:47:29.0747 0x1424 [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
20:47:29.0763 0x1424 amdsbs - ok
20:47:29.0794 0x1424 [ 540DAF1CEA6094886D72126FD7C33048, 296578572A93F5B74E1AD443E000B79DC99D1CBD25082E02704800F886A3065F ] amdxata C:\Windows\system32\drivers\amdxata.sys
20:47:29.0794 0x1424 amdxata - ok
20:47:29.0856 0x1424 [ 391887990CDAA83DE5C56C3FDE966DA1, BC55E21E03B3FE7BBDBB13D56AADB8FBA74F58521AC73B105AD9788E7AE18F0B ] AmUStor C:\Windows\system32\drivers\AmUStor.SYS
20:47:29.0856 0x1424 AmUStor - ok
20:47:29.0919 0x1424 [ FAB590E0FC28CB474B965F8267458E14, C1A8DFD5746B27373CA402246D404A33A69A9364C1D1EBE944559F69B5DFC98F ] ApfiltrService C:\Windows\system32\DRIVERS\Apfiltr.sys
20:47:29.0934 0x1424 ApfiltrService - ok
20:47:29.0997 0x1424 [ 90C53BD47979FB8814F465A08B885102, 5EDFC1909FC1FF9133A534DFCC5408CF3A777AC41FB21FAD375436E3D86C02EC ] AppID C:\Windows\system32\drivers\appid.sys
20:47:29.0997 0x1424 AppID - ok
20:47:30.0012 0x1424 [ 72D4757510FDA69D729169C00AFC211E, FB9686D0D94EE7C19A3994C29E8331A6EC3020B2980B2CC75F72F3AB25512C15 ] AppIDSvc C:\Windows\System32\appidsvc.dll
20:47:30.0028 0x1424 AppIDSvc - ok
20:47:30.0075 0x1424 [ 9D2A2369AB4B08A4905FE72DB104498F, D6FA1705018BABABFA2362E05691A0D6408D14DE7B76129B16D0A1DAD6378E58 ] Appinfo C:\Windows\System32\appinfo.dll
20:47:30.0075 0x1424 Appinfo - ok
20:47:30.0184 0x1424 [ 650D03E40F93FAE323CB841F80368E5C, F67B97CFDCE2EE9294977725268EFDB0DD724BD16E7ED5BFCA45375AA8EBA5BB ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
20:47:30.0184 0x1424 Apple Mobile Device - ok
20:47:30.0277 0x1424 [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc C:\Windows\system32\DRIVERS\arc.sys
20:47:30.0293 0x1424 arc - ok
20:47:30.0309 0x1424 [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
20:47:30.0309 0x1424 arcsas - ok
20:47:30.0465 0x1424 [ 9A262EDD17F8473B91B333D6B031A901, 05DFBD3A7D83FDE1D062EA719ACA9EC48CB7FD42D17DDD88B82E5D25469ADD23 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
20:47:30.0465 0x1424 aspnet_state - ok
20:47:30.0496 0x1424 [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
20:47:30.0496 0x1424 AsyncMac - ok
20:47:30.0558 0x1424 [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi C:\Windows\system32\drivers\atapi.sys
20:47:30.0574 0x1424 atapi - ok
20:47:30.0714 0x1424 [ E642491F64E58CD5BC8FB8B347DCF65F, D457175EF3A0552CEA3DA78E7116D54BC2BF157857A8B764597B51FB4E29C033 ] athr C:\Windows\system32\DRIVERS\athrx.sys
20:47:30.0870 0x1424 athr - ok
20:47:30.0901 0x1424 [ FB7602C5C508BE281368AAE0B61B51C6, 81FB4ABFA006974C20CA0E9FEB279A51CC4A9F0C1DA67075AA0EAD13F43B3782 ] AtiHdmiService C:\Windows\system32\drivers\AtiHdmi.sys
20:47:30.0917 0x1424 AtiHdmiService - ok
20:47:30.0995 0x1424 [ 6968D02DC38757C3FBE7ED7C2F9670AA, C8B3115DDB32EFBE8C56C5AA78EEA05BBB77DF3F75CC2A04532EB32327E4735A ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
20:47:31.0026 0x1424 AudioEndpointBuilder - ok
20:47:31.0073 0x1424 [ 6968D02DC38757C3FBE7ED7C2F9670AA, C8B3115DDB32EFBE8C56C5AA78EEA05BBB77DF3F75CC2A04532EB32327E4735A ] AudioSrv C:\Windows\System32\Audiosrv.dll
20:47:31.0104 0x1424 AudioSrv - ok
20:47:31.0167 0x1424 [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV C:\Windows\System32\AxInstSV.dll
20:47:31.0167 0x1424 AxInstSV - ok
20:47:31.0213 0x1424 [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
20:47:31.0260 0x1424 b06bdrv - ok
20:47:31.0291 0x1424 [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
20:47:31.0323 0x1424 b57nd60a - ok
20:47:31.0432 0x1424 [ 9E84A931DBEE0292E38ED672F6293A99, 2945EAF0AC091709E0C5508B45EC343EDE507AC2B08A2D7D64F286D38424CBC4 ] BCM43XX C:\Windows\system32\DRIVERS\bcmwl664.sys
20:47:31.0510 0x1424 BCM43XX - ok
20:47:31.0557 0x1424 [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC C:\Windows\System32\bdesvc.dll
20:47:31.0557 0x1424 BDESVC - ok
20:47:31.0603 0x1424 [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep C:\Windows\system32\drivers\Beep.sys
20:47:31.0603 0x1424 Beep - ok
20:47:31.0681 0x1424 [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE C:\Windows\System32\bfe.dll
20:47:31.0713 0x1424 BFE - ok
20:47:31.0822 0x1424 [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS C:\Windows\system32\qmgr.dll
20:47:31.0853 0x1424 BITS - ok
20:47:31.0884 0x1424 [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
20:47:31.0884 0x1424 blbdrive - ok
20:47:31.0915 0x1424 [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
20:47:31.0915 0x1424 bowser - ok
20:47:31.0947 0x1424 [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
20:47:31.0947 0x1424 BrFiltLo - ok
20:47:31.0962 0x1424 [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
20:47:31.0962 0x1424 BrFiltUp - ok
20:47:31.0993 0x1424 [ 5C2F352A4E961D72518261257AAE204B, 9EE1001E1D46A414A7A86FE1DBBE232203E26F54D9EF43ED31ED8EACD4D09853 ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
20:47:31.0993 0x1424 BridgeMP - ok
20:47:32.0056 0x1424 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser C:\Windows\System32\browser.dll
20:47:32.0071 0x1424 Browser - ok
20:47:32.0118 0x1424 [ 63A00CDBEB300522C49EC7CA77324060, 99CB6D37C7D898982A192AAA8DE5CE255E6FA482E19FE9032BAA7069E652F6F5 ] BrSerIb C:\Windows\system32\DRIVERS\BrSerIb.sys
20:47:32.0118 0x1424 BrSerIb - ok
20:47:32.0181 0x1424 [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid C:\Windows\System32\Drivers\Brserid.sys
20:47:32.0212 0x1424 Brserid - ok
20:47:32.0227 0x1424 [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
20:47:32.0227 0x1424 BrSerWdm - ok
20:47:32.0243 0x1424 [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
20:47:32.0259 0x1424 BrUsbMdm - ok
20:47:32.0274 0x1424 [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
20:47:32.0274 0x1424 BrUsbSer - ok
20:47:32.0321 0x1424 [ BBCFD6C6EF66449F55AF1BFDB08C9B12, D6D5D408FCFFF9ED69D095948E786C08EEECD5F55905A3D8FE2BB08944C5E1F2 ] BrUsbSIb C:\Windows\system32\DRIVERS\BrUsbSIb.sys
20:47:32.0321 0x1424 BrUsbSIb - ok
20:47:32.0337 0x1424 BTCFilterService - ok
20:47:32.0368 0x1424 [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
20:47:32.0368 0x1424 BTHMODEM - ok
20:47:32.0399 0x1424 [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv C:\Windows\system32\bthserv.dll
20:47:32.0415 0x1424 bthserv - ok
20:47:32.0415 0x1424 catchme - ok
20:47:32.0477 0x1424 [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
20:47:32.0477 0x1424 cdfs - ok
20:47:32.0571 0x1424 [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
20:47:32.0571 0x1424 cdrom - ok
20:47:32.0633 0x1424 [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc C:\Windows\System32\certprop.dll
20:47:32.0633 0x1424 CertPropSvc - ok
20:47:32.0664 0x1424 [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass C:\Windows\system32\DRIVERS\circlass.sys
20:47:32.0664 0x1424 circlass - ok
20:47:32.0727 0x1424 [ 404B7DF9CA4D1CB675045AF220FF3285, 91FFADE2ABE5C48849E63134D5FFD20671FE0D1720F7D486F904391B3D142C96 ] CLFS C:\Windows\system32\CLFS.sys
20:47:32.0758 0x1424 CLFS - ok
20:47:32.0836 0x1424 [ F13EC8A783E0CB0D6DC26A3CA848B7B8, 0809E3B71709F1343086EEB6C820543C1A7119E74EEF8AC1AEE1F81093ABEC66 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:47:32.0851 0x1424 clr_optimization_v2.0.50727_32 - ok
20:47:32.0898 0x1424 [ B4D73F04E9BC076F7CDAC4327DF636BB, 1ADED20D5A0D0A76E2F85CB778FD06BAB814868D35F8532E17D67045FF4770C2 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
20:47:32.0914 0x1424 clr_optimization_v2.0.50727_64 - ok
20:47:32.0992 0x1424 [ E87213F37A13E2B54391E40934F071D0, 7EB221127EFB5BF158FB03D18EFDA2C55FB6CE3D1A1FE69C01D70DBED02C87E5 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
20:47:32.0992 0x1424 clr_optimization_v4.0.30319_32 - ok
20:47:33.0039 0x1424 [ 4AEDAB50F83580D0B4D6CF78191F92AA, D113C47013B018B45161911B96E93AF96A2F3B34FA47061BF6E7A71FBA03194A ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
20:47:33.0039 0x1424 clr_optimization_v4.0.30319_64 - ok
20:47:33.0054 0x1424 [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
20:47:33.0070 0x1424 CmBatt - ok
20:47:33.0101 0x1424 [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide C:\Windows\system32\drivers\cmdide.sys
20:47:33.0117 0x1424 cmdide - ok
20:47:33.0195 0x1424 [ 27667A788130A7F7A5858DE27572E6D7, 5501D80BCCB7A811ECCED3828DFD0A5D948BBED8504E9BCC4A3BFB840DD41CBC ] CNG C:\Windows\system32\Drivers\cng.sys
20:47:33.0226 0x1424 CNG - ok
20:47:33.0257 0x1424 [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
20:47:33.0257 0x1424 Compbatt - ok
20:47:33.0319 0x1424 [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
20:47:33.0335 0x1424 CompositeBus - ok
20:47:33.0335 0x1424 COMSysApp - ok
20:47:33.0351 0x1424 [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
20:47:33.0351 0x1424 crcdisk - ok
20:47:33.0413 0x1424 [ 1CD76A83B9E8E9A5A3519B39E28354D9, F9931743B99820FFBFB13136DFFD92F86802D543F9D8478648CDC554FB38899D ] CryptSvc C:\Windows\system32\cryptsvc.dll
20:47:33.0413 0x1424 CryptSvc - ok
20:47:33.0491 0x1424 [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] DcomLaunch C:\Windows\system32\rpcss.dll
20:47:33.0522 0x1424 DcomLaunch - ok
20:47:33.0569 0x1424 [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc C:\Windows\System32\defragsvc.dll
20:47:33.0585 0x1424 defragsvc - ok
20:47:33.0663 0x1424 [ 68E3DB0FCA63A04849331155A417EAD7, 00BC720BBE0D6C26B37D2B48892F1B51E84751B4794E641E7909114C4C345F11 ] DeviceMonitorService C:\Program Files (x86)\Motorola Media Link\NServiceEntry.exe
20:47:33.0663 0x1424 DeviceMonitorService - ok
20:47:33.0725 0x1424 [ 9BB2EF44EAA163B29C4A4587887A0FE4, 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F ] DfsC C:\Windows\system32\Drivers\dfsc.sys
20:47:33.0725 0x1424 DfsC - ok
20:47:33.0787 0x1424 [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp C:\Windows\system32\dhcpcore.dll
20:47:33.0803 0x1424 Dhcp - ok
20:47:33.0943 0x1424 [ EA8A3E8C674B03CB4AFA1D344DBD7BC1, 564D9370AE4D12973647997684B9637B2A5A7480F66B87018F789CE4E43C8191 ] DiagTrack C:\Windows\system32\diagtrack.dll
20:47:33.0990 0x1424 DiagTrack - ok
20:47:34.0053 0x1424 [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache C:\Windows\system32\drivers\discache.sys
20:47:34.0053 0x1424 discache - ok
20:47:34.0068 0x1424 [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk C:\Windows\system32\DRIVERS\disk.sys
20:47:34.0084 0x1424 Disk - ok
20:47:34.0115 0x1424 [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache C:\Windows\System32\dnsrslvr.dll
20:47:34.0131 0x1424 Dnscache - ok
20:47:34.0177 0x1424 [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc C:\Windows\System32\dot3svc.dll
20:47:34.0193 0x1424 dot3svc - ok
20:47:34.0240 0x1424 [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS C:\Windows\system32\dps.dll
20:47:34.0255 0x1424 DPS - ok
20:47:34.0287 0x1424 [ 9B19F34400D24DF84C858A421C205754, 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
20:47:34.0287 0x1424 drmkaud - ok
20:47:34.0349 0x1424 [ 9CF46FDF163E06B83D03FF929EF2296C, 40BB0226361DEC2E6CBFE79CA092083986BD3D94564ED5F3E54CA2EE9A756837 ] DsiWMIService C:\Program Files (x86)\Launch Manager\dsiwmis.exe
20:47:34.0365 0x1424 DsiWMIService - ok
20:47:34.0489 0x1424 [ 87CE5C8965E101CCCED1F4675557E868, 077D98F0F130B2FC710208BA34016EF2B2506EE2BD71740B228145E34A3046F1 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
20:47:34.0567 0x1424 DXGKrnl - ok
20:47:34.0599 0x1424 [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost C:\Windows\System32\eapsvc.dll
20:47:34.0614 0x1424 EapHost - ok
20:47:34.0833 0x1424 [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
20:47:35.0035 0x1424 ebdrv - ok
20:47:35.0145 0x1424 [ 9262D6E2C239EDD6D87B080F2BCCEC9F, 4947F2C3DD9D2D08CBB03FCA822C78B24F841464FF52FDBFF7D34AC7EB484104 ] EFS C:\Windows\System32\lsass.exe
20:47:35.0145 0x1424 EFS - ok
20:47:35.0238 0x1424 [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
20:47:35.0285 0x1424 ehRecvr - ok
20:47:35.0301 0x1424 [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched C:\Windows\ehome\ehsched.exe
20:47:35.0316 0x1424 ehSched - ok
20:47:35.0379 0x1424 [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
20:47:35.0425 0x1424 elxstor - ok
20:47:35.0566 0x1424 [ 3EA2C4F68A782839D97B3C83595575B6, D4C3BFD0B6817B73BE9F2378FA946BD1C213A4FB9EB3F7D2C79E9B6D9F895106 ] ePowerSvc C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe
20:47:35.0613 0x1424 ePowerSvc - ok
20:47:35.0644 0x1424 [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev C:\Windows\system32\drivers\errdev.sys
20:47:35.0644 0x1424 ErrDev - ok
20:47:35.0893 0x1424 [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem C:\Windows\system32\es.dll
20:47:35.0909 0x1424 EventSystem - ok
20:47:35.0987 0x1424 [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat C:\Windows\system32\drivers\exfat.sys
20:47:36.0003 0x1424 exfat - ok
20:47:36.0034 0x1424 [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat C:\Windows\system32\drivers\fastfat.sys
20:47:36.0049 0x1424 fastfat - ok
20:47:36.0127 0x1424 [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax C:\Windows\system32\fxssvc.exe
20:47:36.0159 0x1424 Fax - ok
20:47:36.0205 0x1424 [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc C:\Windows\system32\DRIVERS\fdc.sys
20:47:36.0205 0x1424 fdc - ok
20:47:36.0237 0x1424 [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost C:\Windows\system32\fdPHost.dll
20:47:36.0237 0x1424 fdPHost - ok
20:47:36.0252 0x1424 [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub C:\Windows\system32\fdrespub.dll
20:47:36.0252 0x1424 FDResPub - ok
20:47:36.0299 0x1424 [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
20:47:36.0315 0x1424 FileInfo - ok
20:47:36.0346 0x1424 [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
20:47:36.0346 0x1424 Filetrace - ok
20:47:36.0424 0x1424 [ ABEDFD48AC042C6AAAD32452E77217A1, BC45A1C36BDBC20EF4E7D3CFB5368912382D964CB34D050ED255F56307F4C910 ] FLEXnet Licensing Service C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
20:47:36.0486 0x1424 FLEXnet Licensing Service - ok
20:47:36.0517 0x1424 [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
20:47:36.0517 0x1424 flpydisk - ok
20:47:36.0580 0x1424 [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
20:47:36.0611 0x1424 FltMgr - ok
20:47:36.0720 0x1424 [ E612E86FA15EA1EF9A52433A2743C447, 8A66164541D2EE2334B6DE3995C31138EA85E3A06BC7FD901E60D345E4E1E8A8 ] FontCache C:\Windows\system32\FntCache.dll
20:47:36.0783 0x1424 FontCache - ok
20:47:36.0861 0x1424 [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
20:47:36.0861 0x1424 FontCache3.0.0.0 - ok
20:47:36.0892 0x1424 [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
20:47:36.0907 0x1424 FsDepends - ok
20:47:36.0939 0x1424 [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
20:47:36.0939 0x1424 Fs_Rec - ok
20:47:37.0017 0x1424 [ 8F6322049018354F45F05A2FD2D4E5E0, 73BF0FB4EBD7887E992DDEBB79E906958D6678F8D1107E8C368F5A0514D80359 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
20:47:37.0032 0x1424 fvevol - ok
20:47:37.0079 0x1424 [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
20:47:37.0079 0x1424 gagp30kx - ok
20:47:37.0188 0x1424 [ D289BA51801E162273A8385E3CCE0D0A, 461F3E85EAF33E553B047D5974D8542138E18EFB7EF905EE7E9CDC1A07CA41C7 ] GamesAppIntegrationService C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
20:47:37.0219 0x1424 GamesAppIntegrationService - ok
20:47:37.0251 0x1424 [ C23410A44ADDF0E1A9B4BA42A5DD5EA7, 384382D16D09A17E29D8348E1CF8DD7E377607DB3472AB8888EF8E83671B772C ] GamesAppService C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
20:47:37.0266 0x1424 GamesAppService - ok
20:47:37.0329 0x1424 [ 8E98D21EE06192492A5671A6144D092F, B8F656B34D361EA5AFB47F3A67AB2221580DADA59C8CD0CB83181E4AD8B562B4 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
20:47:37.0329 0x1424 GEARAspiWDM - ok
20:47:37.0422 0x1424 [ 277BBC7E1AA1EE957F573A10ECA7EF3A, 2EE60B924E583E847CC24E78B401EF95C69DB777A5B74E1EC963E18D47B94D24 ] gpsvc C:\Windows\System32\gpsvc.dll
20:47:37.0453 0x1424 gpsvc - ok
20:47:37.0516 0x1424 [ 0191DEE9B9EB7902AF2CF4F67301095D, 9E2E263E84167E1AD3FFCEA84066AF07CD6A653F5D8266A619E4973BC4B25460 ] GREGService C:\Program Files (x86)\Packard Bell\Registration\GREGsvc.exe
20:47:37.0516 0x1424 GREGService - ok
20:47:37.0578 0x1424 [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
20:47:37.0578 0x1424 gupdate - ok
20:47:37.0594 0x1424 [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
20:47:37.0594 0x1424 gupdatem - ok
20:47:37.0656 0x1424 [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
20:47:37.0656 0x1424 hcw85cir - ok
20:47:37.0703 0x1424 [ 975761C778E33CD22498059B91E7373A, 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
20:47:37.0734 0x1424 HdAudAddService - ok
20:47:37.0781 0x1424 [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
20:47:37.0781 0x1424 HDAudBus - ok
20:47:37.0843 0x1424 [ B6AC71AAA2B10848F57FC49D55A651AF, 4FAD833654E86F9FAF972AC8AF87FD4A9A765B26B96F096BBD63506B5D521A91 ] HECIx64 C:\Windows\system32\DRIVERS\HECIx64.sys
20:47:37.0843 0x1424 HECIx64 - ok
20:47:37.0875 0x1424 [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
20:47:37.0875 0x1424 HidBatt - ok
20:47:37.0890 0x1424 [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
20:47:37.0906 0x1424 HidBth - ok
20:47:37.0921 0x1424 [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
20:47:37.0921 0x1424 HidIr - ok
20:47:37.0953 0x1424 [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv C:\Windows\System32\hidserv.dll
20:47:37.0953 0x1424 hidserv - ok
20:47:38.0015 0x1424 [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
20:47:38.0015 0x1424 HidUsb - ok
20:47:38.0062 0x1424 [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc C:\Windows\system32\kmsvc.dll
20:47:38.0062 0x1424 hkmsvc - ok
20:47:38.0109 0x1424 [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
20:47:38.0124 0x1424 HomeGroupListener - ok
20:47:38.0187 0x1424 [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
20:47:38.0187 0x1424 HomeGroupProvider - ok
20:47:38.0218 0x1424 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
20:47:38.0233 0x1424 HpSAMD - ok
20:47:38.0327 0x1424 [ F61634BEC53F73702A10DE69F6DCAF57, BBA7344CF3AB96A46D1A6F1D50F2758EA8D097FE558C38B4EF45C8C334AF96E1 ] HTTP C:\Windows\system32\drivers\HTTP.sys
20:47:38.0374 0x1424 HTTP - ok
20:47:38.0421 0x1424 [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
20:47:38.0421 0x1424 hwpolicy - ok
20:47:38.0452 0x1424 [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
20:47:38.0467 0x1424 i8042prt - ok
20:47:38.0530 0x1424 [ ABBF174CB394F5C437410A788B7E404A, 95554F675329E7062F0936E4E902FEFF2456CAD95D6C9B60DCC213EF6E4C62D8 ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
20:47:38.0561 0x1424 iaStor - ok
20:47:38.0623 0x1424 [ AAAF44DB3BD0B9D1FB6969B23ECC8366, 805AA4A9464002D1AB3832E4106B2AAA1331F4281367E75956062AAE99699385 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
20:47:38.0655 0x1424 iaStorV - ok
20:47:38.0748 0x1424 [ C98A5B9D932430AD8EEBD3EF73756EF7, DF7E1D391A0F3345AD61154363922C27BD557DEEACE395A6A8A8A16BFD1BB9A8 ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
20:47:38.0811 0x1424 idsvc - ok
20:47:38.0811 0x1424 IEEtwCollectorService - ok
20:47:39.0216 0x1424 [ A87261EF1546325B559374F5689CF5BC, 8DE48A8A13A32AAAC54CDDF58F3F61BE3E2802C1D9CA1CA98E57EB0D65FB6002 ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
20:47:39.0622 0x1424 igfx - ok
20:47:39.0684 0x1424 [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
20:47:39.0684 0x1424 iirsp - ok
20:47:39.0778 0x1424 [ 344789398EC3EE5A4E00C52B31847946, 3DA5F08E4B46F4E63456AA588D49E39A6A09A97D0509880C00F327623DB6122D ] IKEEXT C:\Windows\System32\ikeext.dll
20:47:39.0825 0x1424 IKEEXT - ok
20:47:40.0027 0x1424 [ E8017F1662D9142F45CEAB694D013C00, 75EE9DF292C4D980B9461ABEB8810D22DD57EBBAD5A37FE7B046CBAD419EE9E0 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
20:47:40.0183 0x1424 IntcAzAudAddService - ok
20:47:40.0230 0x1424 [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide C:\Windows\system32\drivers\intelide.sys
20:47:40.0230 0x1424 intelide - ok
20:47:40.0277 0x1424 [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
20:47:40.0293 0x1424 intelppm - ok
20:47:40.0308 0x1424 [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum C:\Windows\system32\ipbusenum.dll
20:47:40.0324 0x1424 IPBusEnum - ok
20:47:40.0355 0x1424 [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
20:47:40.0371 0x1424 IpFilterDriver - ok
20:47:40.0417 0x1424 [ 08C2957BB30058E663720C5606885653, E13EDF6701512E2A9977A531454932CA5023087CB50E1D2F416B8BCDD92B67BE ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
20:47:40.0449 0x1424 iphlpsvc - ok
20:47:40.0495 0x1424 [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
20:47:40.0495 0x1424 IPMIDRV - ok
20:47:40.0558 0x1424 [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT C:\Windows\system32\drivers\ipnat.sys
20:47:40.0558 0x1424 IPNAT - ok
20:47:40.0651 0x1424 [ 7FAE5B6CDB18B0B2E81F32869F595022, D873A7EE94749E1700E8F6B8BB7B485AE1B0B83388D63BE06335720498D4794F ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
20:47:40.0683 0x1424 iPod Service - ok
20:47:40.0698 0x1424 [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM C:\Windows\system32\drivers\irenum.sys
20:47:40.0714 0x1424 IRENUM - ok
20:47:40.0729 0x1424 [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp C:\Windows\system32\drivers\isapnp.sys
20:47:40.0729 0x1424 isapnp - ok
20:47:40.0761 0x1424 [ 96BB922A0981BC7432C8CF52B5410FE6, 236C05509B1040059B15021CBBDBDAF3B9C0F00910142BE5887B2C7561BAAFBA ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
20:47:40.0792 0x1424 iScsiPrt - ok
20:47:40.0854 0x1424 [ 12E27942DBB7C91880163634B0D8A776, DEE56DB8993A915E8FC32F9F50FAEED591799B0694655926C4F260EBFB99FC7E ] k57nd60a C:\Windows\system32\DRIVERS\k57nd60a.sys
20:47:40.0885 0x1424 k57nd60a - ok
20:47:40.0932 0x1424 [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
20:47:40.0932 0x1424 kbdclass - ok
20:47:40.0963 0x1424 [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
20:47:40.0963 0x1424 kbdhid - ok
20:47:40.0979 0x1424 [ 9262D6E2C239EDD6D87B080F2BCCEC9F, 4947F2C3DD9D2D08CBB03FCA822C78B24F841464FF52FDBFF7D34AC7EB484104 ] KeyIso C:\Windows\system32\lsass.exe
20:47:40.0979 0x1424 KeyIso - ok
20:47:41.0041 0x1424 [ F7DFAE6040AC910B7C64EE208A34157D, AEF1100F12391692D9DB78519D843A90C97E199A80DDC4D43E3AF1919A9E8E56 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
20:47:41.0041 0x1424 KSecDD - ok
20:47:41.0057 0x1424 [ 8FE94F2EF9BF444E93E35D87E210D02F, 78E8F6FD7C1EA3556194947707BE6893538A9E25A550C22045866C5B30251D14 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
20:47:41.0073 0x1424 KSecPkg - ok
20:47:41.0104 0x1424 [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
20:47:41.0119 0x1424 ksthunk - ok
20:47:41.0166 0x1424 [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm C:\Windows\system32\msdtckrm.dll
20:47:41.0197 0x1424 KtmRm - ok
20:47:41.0244 0x1424 [ 2AC603C3188C704CFCE353659AA7AD71, 0DAC2E8858221145FA35883BAE0D6484E60EB624158DE9F063FF209951CD1CDF ] L1E C:\Windows\system32\DRIVERS\L1E62x64.sys
20:47:41.0244 0x1424 L1E - ok
20:47:41.0307 0x1424 [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer C:\Windows\System32\srvsvc.dll
20:47:41.0322 0x1424 LanmanServer - ok
20:47:41.0385 0x1424 [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
20:47:41.0400 0x1424 LanmanWorkstation - ok
20:47:41.0447 0x1424 [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
20:47:41.0463 0x1424 lltdio - ok
20:47:41.0509 0x1424 [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc C:\Windows\System32\lltdsvc.dll
20:47:41.0525 0x1424 lltdsvc - ok
20:47:41.0587 0x1424 [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts C:\Windows\System32\lmhsvc.dll
20:47:41.0587 0x1424 lmhosts - ok
20:47:41.0681 0x1424 [ 23DE5B62B0445A6F874BE633C95B483E, 39A8E5BD057F5EE049FA48848C5881DCD2CFB16CD9E2A03CC9DDF35F116FEE0B ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
20:47:41.0697 0x1424 LMS - ok
20:47:41.0743 0x1424 [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
20:47:41.0743 0x1424 LSI_FC - ok
20:47:41.0775 0x1424 [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
20:47:41.0775 0x1424 LSI_SAS - ok
20:47:41.0821 0x1424 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
20:47:41.0821 0x1424 LSI_SAS2 - ok
20:47:41.0853 0x1424 [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
20:47:41.0853 0x1424 LSI_SCSI - ok
20:47:41.0899 0x1424 [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv C:\Windows\system32\drivers\luafv.sys
20:47:41.0899 0x1424 luafv - ok
20:47:41.0962 0x1424 [ 1E9E32AEC3E1EB1B31B8169F33168B56, 39114585E1FDBBA31E1F781C6A627281907183F94626EB347B08D1F78992ED2A ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
20:47:41.0962 0x1424 MBAMProtector - ok
20:47:42.0149 0x1424 [ 516E29AD03BDF610CC36A95AE692FE42, 09F913B169AD775FF587AE59AEC5DD2A2D8646803F48BF616C74EEC0DE3BE7A2 ] MBAMScheduler C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe
20:47:42.0243 0x1424 MBAMScheduler - ok
20:47:42.0336 0x1424 [ 2B983F067AEE3F9EB4DF5E97F45D21D1, 0B9ED0E91FF01A5445927650113E320C3C0EA16F1401AA55A509DDBF704DF22F ] MBAMService C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe
20:47:42.0399 0x1424 MBAMService - ok
20:47:42.0461 0x1424 [ E9CD058C79EA15B4AA93E259FA713B07, 2B09F65188D8782F9C797545F2F791EC7EAB85D8914B2C0B30BD869C412E3980 ] MBAMSwissArmy C:\Windows\system32\drivers\MBAMSwissArmy.sys
20:47:42.0461 0x1424 MBAMSwissArmy - ok
20:47:42.0508 0x1424 [ F49FB3C88E263AE9A246593B0BB29294, FB53D6FA4A98B98334DCFF81E40712265256D31A9E9FF36022887BABD50F39EB ] MBAMWebAccessControl C:\Windows\system32\drivers\mwac.sys
20:47:42.0523 0x1424 MBAMWebAccessControl - ok
20:47:42.0570 0x1424 [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
20:47:42.0586 0x1424 Mcx2Svc - ok
20:47:42.0648 0x1424 [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
20:47:42.0648 0x1424 megasas - ok
20:47:42.0695 0x1424 [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
20:47:42.0711 0x1424 MegaSR - ok
20:47:42.0789 0x1424 [ 123271BD5237AB991DC5C21FDF8835EB, 004F8F9228EE291A0E36CE33078D572D61733516F9AA5CFC832AF204C6869E89 ] Microsoft Office Groove Audit Service C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
20:47:42.0789 0x1424 Microsoft Office Groove Audit Service - ok
20:47:42.0820 0x1424 [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS C:\Windows\system32\mmcss.dll
20:47:42.0835 0x1424 MMCSS - ok
20:47:42.0882 0x1424 [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem C:\Windows\system32\drivers\modem.sys
20:47:42.0882 0x1424 Modem - ok
20:47:42.0898 0x1424 [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
20:47:42.0898 0x1424 monitor - ok
20:47:42.0929 0x1424 motccgp - ok
20:47:42.0945 0x1424 motccgpfl - ok
20:47:42.0945 0x1424 motmodem - ok
20:47:43.0007 0x1424 [ 7ED3A9C3763725BD700946971215EE77, 6150D52945E10B69CFA5E3E637DCEBA67158092C6350B4AFE456EA846CA90C18 ] Motorola Device Manager C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe
20:47:43.0007 0x1424 Motorola Device Manager - ok
20:47:43.0023 0x1424 MotoSwitchService - ok
20:47:43.0038 0x1424 Motousbnet - ok
20:47:43.0069 0x1424 [ 1D19770F88FA22DACB7F488EA8F8EE6B, AD100C774058CF878B6006518F3DCDBDEE475F3C9808FC5D844947D9C305FAE5 ] motusbdevice C:\Windows\system32\DRIVERS\motusbdevice.sys
20:47:43.0069 0x1424 motusbdevice - ok
20:47:43.0101 0x1424 [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
20:47:43.0101 0x1424 mouclass - ok
20:47:43.0132 0x1424 [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
20:47:43.0132 0x1424 mouhid - ok
20:47:43.0194 0x1424 [ 87BCD1034CBF33537D4D4C251D39BA26, CB9DD235B62B79383F99873D75E26EEA5EE7914CA89E4B75992207F83420437F ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
20:47:43.0194 0x1424 mountmgr - ok
20:47:43.0257 0x1424 [ 73150F67D20270FF95A021A22E64F28A, A8878DEFBE437FB453F8E9243FB5C787D07AC7415A4475388D479C10417C524F ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys
20:47:43.0288 0x1424 MpFilter - ok
20:47:43.0319 0x1424 [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio C:\Windows\system32\drivers\mpio.sys
20:47:43.0335 0x1424 mpio - ok
20:47:43.0397 0x1424 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
20:47:43.0397 0x1424 mpsdrv - ok
20:47:43.0491 0x1424 [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc C:\Windows\system32\mpssvc.dll
20:47:43.0537 0x1424 MpsSvc - ok
20:47:43.0569 0x1424 [ AE3334958D8F631FF14A0AEB3D7EFB3A, F5FD6B61F896104C20DFC43FEE2FCE6930B73F78DF876BD19A333EABB9139C6D ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
20:47:43.0584 0x1424 MRxDAV - ok
20:47:43.0631 0x1424 [ A5D9106A73DC88564C825D317CAC68AC, 0457B2AEA4E05A91D0E43F317894A614434D8CEBE35020785387F307E231FBE4 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
20:47:43.0647 0x1424 mrxsmb - ok
20:47:43.0709 0x1424 [ D711B3C1D5F42C0C2415687BE09FC163, 9B3013AC60BD2D0FF52086658BA5FF486ADE15954A552D7DD590580E8BAE3EFF ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
20:47:43.0725 0x1424 mrxsmb10 - ok
20:47:43.0818 0x1424 [ 9423E9D355C8D303E76B8CFBD8A5C30C, 220B33F120C2DD937FE4D5664F4B581DC0ACF78D62EB56B7720888F67B9644CC ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
20:47:43.0818 0x1424 mrxsmb20 - ok
20:47:43.0865 0x1424 [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci C:\Windows\system32\drivers\msahci.sys
20:47:43.0865 0x1424 msahci - ok
20:47:43.0896 0x1424 [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm C:\Windows\system32\drivers\msdsm.sys
20:47:43.0896 0x1424 msdsm - ok
20:47:43.0959 0x1424 [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC C:\Windows\System32\msdtc.exe
20:47:43.0974 0x1424 MSDTC - ok
20:47:44.0037 0x1424 [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs C:\Windows\system32\drivers\Msfs.sys
20:47:44.0037 0x1424 Msfs - ok
20:47:44.0052 0x1424 [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
20:47:44.0052 0x1424 mshidkmdf - ok
20:47:44.0099 0x1424 [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
20:47:44.0099 0x1424 msisadrv - ok
20:47:44.0146 0x1424 [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
20:47:44.0161 0x1424 MSiSCSI - ok
20:47:44.0161 0x1424 msiserver - ok
20:47:44.0224 0x1424 [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
20:47:44.0224 0x1424 MSKSSRV - ok
20:47:44.0271 0x1424 [ CE996C1821021ADF8E28E80A54E846A8, 99042E895B6C2EA80F3BA65563A12C8EBA882E3AD6A21DD8E799B0112C75DDD2 ] MsMpSvc c:\Program Files\Microsoft Security Client\MsMpEng.exe
20:47:44.0271 0x1424 MsMpSvc - ok
20:47:44.0286 0x1424 [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
20:47:44.0302 0x1424 MSPCLOCK - ok
20:47:44.0302 0x1424 [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
20:47:44.0317 0x1424 MSPQM - ok
20:47:44.0380 0x1424 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
20:47:44.0395 0x1424 MsRPC - ok
20:47:44.0442 0x1424 [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
20:47:44.0442 0x1424 mssmbios - ok
20:47:44.0473 0x1424 [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
20:47:44.0473 0x1424 MSTEE - ok
20:47:44.0489 0x1424 [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
20:47:44.0489 0x1424 MTConfig - ok
20:47:44.0505 0x1424 [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup C:\Windows\system32\Drivers\mup.sys
20:47:44.0505 0x1424 Mup - ok
20:47:44.0567 0x1424 [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent C:\Windows\system32\qagentRT.dll
20:47:44.0598 0x1424 napagent - ok
20:47:44.0645 0x1424 [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
20:47:44.0676 0x1424 NativeWifiP - ok
20:47:44.0770 0x1424 [ 760E38053BF56E501D562B70AD796B88, F856E81A975D44F8684A6F2466549CEEDFAEB3950191698555A93A1206E0A42D ] NDIS C:\Windows\system32\drivers\ndis.sys
20:47:44.0817 0x1424 NDIS - ok
20:47:44.0848 0x1424 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
20:47:44.0848 0x1424 NdisCap - ok
20:47:44.0879 0x1424 [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
20:47:44.0879 0x1424 NdisTapi - ok
20:47:44.0941 0x1424 [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
20:47:44.0941 0x1424 Ndisuio - ok
20:47:44.0988 0x1424 [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
20:47:45.0004 0x1424 NdisWan - ok
20:47:45.0051 0x1424 [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
20:47:45.0066 0x1424 NDProxy - ok
20:47:45.0175 0x1424 [ 7D2633295EB6FF2B938185874884059D, B3A4E52ABCB2E2720D8ADB0B68C222D4AB98E838D40B6A731D15EB1D6C9DEA15 ] Nero BackItUp Scheduler 4.0 c:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
20:47:45.0222 0x1424 Nero BackItUp Scheduler 4.0 - ok
20:47:45.0253 0x1424 [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
20:47:45.0253 0x1424 NetBIOS - ok
20:47:45.0331 0x1424 [ 09594D1089C523423B32A4229263F068, 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
20:47:45.0347 0x1424 NetBT - ok
20:47:45.0363 0x1424 [ 9262D6E2C239EDD6D87B080F2BCCEC9F, 4947F2C3DD9D2D08CBB03FCA822C78B24F841464FF52FDBFF7D34AC7EB484104 ] Netlogon C:\Windows\system32\lsass.exe
20:47:45.0363 0x1424 Netlogon - ok
20:47:45.0425 0x1424 [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman C:\Windows\System32\netman.dll
20:47:45.0441 0x1424 Netman - ok
20:47:45.0487 0x1424 [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:47:45.0503 0x1424 NetMsmqActivator - ok
20:47:45.0519 0x1424 [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:47:45.0534 0x1424 NetPipeActivator - ok
20:47:45.0612 0x1424 [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm C:\Windows\System32\netprofm.dll
20:47:45.0628 0x1424 netprofm - ok
20:47:45.0643 0x1424 [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:47:45.0659 0x1424 NetTcpActivator - ok
20:47:45.0675 0x1424 [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:47:45.0675 0x1424 NetTcpPortSharing - ok
20:47:45.0706 0x1424 [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
20:47:45.0706 0x1424 nfrd960 - ok
20:47:45.0737 0x1424 [ 4774AD83C650001B337B92E5E5DA337B, 138ECC7F556D8A12AE58B78B68F6515BE4C00F9F062596B48B6CA6C010F13035 ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys
20:47:45.0753 0x1424 NisDrv - ok
20:47:45.0799 0x1424 [ 96B7D15161A778B359E707796CCEA646, 9E4A25D9848FAECC517474EAD548E7975CBE3F41AAA964E5245E78F2A723925E ] NisSrv c:\Program Files\Microsoft Security Client\NisSrv.exe
20:47:45.0815 0x1424 NisSrv - ok
20:47:45.0862 0x1424 [ 8B301D474B478E9A92823BAB50A7BC49, 8181816035F41B1DABEC05E65E4F67BCD785F56760A61F1049E91BA39D42F01D ] NlaSvc C:\Windows\System32\nlasvc.dll
20:47:45.0877 0x1424 NlaSvc - ok
20:47:45.0955 0x1424 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs C:\Windows\system32\drivers\Npfs.sys
20:47:45.0955 0x1424 Npfs - ok
20:47:45.0987 0x1424 [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi C:\Windows\system32\nsisvc.dll
20:47:45.0987 0x1424 nsi - ok
20:47:46.0002 0x1424 [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
20:47:46.0002 0x1424 nsiproxy - ok
20:47:46.0127 0x1424 [ 1A29A59A4C5BA6F8C85062A613B7E2B2, CC137F499A12C724D4166C2D85E9F447413419A0683DAC6F1A802B7F210C77F1 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
20:47:46.0205 0x1424 Ntfs - ok
20:47:46.0283 0x1424 [ 9A308FCDCCA98A15B6F62D36A272160E, 3991F70D42C1949067ED48CF4EB815E06360B077F6A2369AC76BF0892C3C33EE ] NTI IScheduleSvc C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe
20:47:46.0299 0x1424 NTI IScheduleSvc - ok
20:47:46.0330 0x1424 [ 64DDD0DEE976302F4BD93E5EFCC2F013, 19F54B4549999EF96FAE1B2B97973F281304843ADE0CF5823574453AB41E3E9C ] NTIDrvr C:\Windows\system32\drivers\NTIDrvr.sys
20:47:46.0345 0x1424 NTIDrvr - ok
20:47:46.0361 0x1424 [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null C:\Windows\system32\drivers\Null.sys
20:47:46.0361 0x1424 Null - ok
20:47:46.0408 0x1424 [ 0A92CB65770442ED0DC44834632F66AD, 581327F07A68DBD5CC749214BE5F1211FC2CE41C7A4F0656B680AFB51A35ACE7 ] nvraid C:\Windows\system32\drivers\nvraid.sys
20:47:46.0423 0x1424 nvraid - ok
20:47:46.0455 0x1424 [ DAB0E87525C10052BF65F06152F37E4A, AD9BFF0D5FD3FFB95C758B478E1F6A9FE45E7B37AEC71EB5070D292FEAAEDF37 ] nvstor C:\Windows\system32\drivers\nvstor.sys
20:47:46.0470 0x1424 nvstor - ok
20:47:46.0517 0x1424 [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
20:47:46.0517 0x1424 nv_agp - ok
20:47:46.0595 0x1424 [ 785F487A64950F3CB8E9F16253BA3B7B, 02445344BD214370A6D48B1CA04921D8EFCB13E676B5648266DD0E076C0822B6 ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
20:47:46.0626 0x1424 odserv - ok
20:47:46.0657 0x1424 [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
20:47:46.0657 0x1424 ohci1394 - ok
20:47:46.0704 0x1424 [ 5A432A042DAE460ABE7199B758E8606C, 6E5D1F477D290905BE27CEBF9572BAC6B05FFEF2FAD901D3C8E11F665F8B9A71 ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
20:47:46.0720 0x1424 ose - ok
20:47:46.0767 0x1424 [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
20:47:46.0782 0x1424 p2pimsvc - ok
20:47:46.0829 0x1424 [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc C:\Windows\system32\p2psvc.dll
20:47:46.0845 0x1424 p2psvc - ok
20:47:46.0891 0x1424 [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport C:\Windows\system32\DRIVERS\parport.sys
20:47:46.0891 0x1424 Parport - ok
20:47:46.0923 0x1424 [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr C:\Windows\system32\drivers\partmgr.sys
20:47:46.0923 0x1424 partmgr - ok
20:47:46.0985 0x1424 [ DB2D62AA2DF6B1F3D690A9EC9701AA2C, BEAC55E1AA0494565F1547DF5E6FE20FCEA66461764C016FCB68D8BFF0F0C375 ] PcaSvc C:\Windows\System32\pcasvc.dll
20:47:47.0001 0x1424 PcaSvc - ok
20:47:47.0032 0x1424 [ 3FDE033DFB0D07F8B7D5C9A3044AA121, 2C23B4FA34BA3060884B0168A830DD395A3853855CD6DF4065FBB303DFB4A87E ] pccsmcfd C:\Windows\system32\DRIVERS\pccsmcfdx64.sys
20:47:47.0032 0x1424 pccsmcfd - ok
20:47:47.0063 0x1424 [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci C:\Windows\system32\drivers\pci.sys
20:47:47.0079 0x1424 pci - ok
20:47:47.0125 0x1424 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide C:\Windows\system32\drivers\pciide.sys
20:47:47.0125 0x1424 pciide - ok
20:47:47.0172 0x1424 [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
20:47:47.0188 0x1424 pcmcia - ok
20:47:47.0203 0x1424 [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw C:\Windows\system32\drivers\pcw.sys
20:47:47.0203 0x1424 pcw - ok
20:47:47.0281 0x1424 [ ED6E75158D28D33A2E2A020AC5B2B59D, 0F364D9A88304C45F31318605C417A70A9D0E4CF087D73E949B42C12CC76CD6C ] PEAUTH C:\Windows\system32\drivers\peauth.sys
20:47:47.0328 0x1424 PEAUTH - ok
20:47:47.0437 0x1424 [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost C:\Windows\SysWow64\perfhost.exe
20:47:47.0437 0x1424 PerfHost - ok
20:47:47.0578 0x1424 [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla C:\Windows\system32\pla.dll
20:47:47.0687 0x1424 pla - ok
20:47:47.0781 0x1424 [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
20:47:47.0796 0x1424 PlugPlay - ok
20:47:47.0827 0x1424 [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
20:47:47.0827 0x1424 PNRPAutoReg - ok
20:47:47.0859 0x1424 [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
20:47:47.0874 0x1424 PNRPsvc - ok
20:47:47.0952 0x1424 [ 4F15D75ADF6156BF56ECED6D4A55C389, 2ADA3EA69A5D7EC2A4D2DD89178DB94EAFDDF95F07B0070D654D9F7A5C12A044 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
20:47:47.0999 0x1424 PolicyAgent - ok
20:47:48.0046 0x1424 [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power C:\Windows\system32\umpo.dll
20:47:48.0046 0x1424 Power - ok
20:47:48.0093 0x1424 [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
20:47:48.0093 0x1424 PptpMiniport - ok
20:47:48.0124 0x1424 [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor C:\Windows\system32\DRIVERS\processr.sys
20:47:48.0139 0x1424 Processor - ok
20:47:48.0186 0x1424 [ B6A58491307B4CADA572583D863DC602, 5C44936605E52C9533E4CE22F18FAB8211475877F71EFD88DA4D02FD608C90A3 ] ProfSvc C:\Windows\system32\profsvc.dll
20:47:48.0202 0x1424 ProfSvc - ok
20:47:48.0202 0x1424 [ 9262D6E2C239EDD6D87B080F2BCCEC9F, 4947F2C3DD9D2D08CBB03FCA822C78B24F841464FF52FDBFF7D34AC7EB484104 ] ProtectedStorage C:\Windows\system32\lsass.exe
20:47:48.0217 0x1424 ProtectedStorage - ok
20:47:48.0264 0x1424 [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched C:\Windows\system32\DRIVERS\pacer.sys
20:47:48.0280 0x1424 Psched - ok
20:47:48.0373 0x1424 [ EA735BF6DF13A857A83C99BF27A422AD, 026A57155FB9E01CFAFD8613980CDF0F3D744ABBBC66EFDC6C20B89980FB45CF ] PST Service C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe
20:47:48.0373 0x1424 PST Service - ok
20:47:48.0405 0x1424 [ FBF4DB6D53585437E41A113300002A2B, A0145CE87A95DA3775B28A00E741660C26ADE34BBCC7FC502ED809931482C8F2 ] PxHlpa64 C:\Windows\system32\Drivers\PxHlpa64.sys
20:47:48.0405 0x1424 PxHlpa64 - ok
20:47:48.0529 0x1424 [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
20:47:48.0607 0x1424 ql2300 - ok
20:47:48.0654 0x1424 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
20:47:48.0670 0x1424 ql40xx - ok
20:47:48.0717 0x1424 [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE C:\Windows\system32\qwave.dll
20:47:48.0732 0x1424 QWAVE - ok
20:47:48.0763 0x1424 [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
20:47:48.0763 0x1424 QWAVEdrv - ok
20:47:48.0795 0x1424 [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
20:47:48.0795 0x1424 RasAcd - ok
20:47:48.0841 0x1424 [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
20:47:48.0857 0x1424 RasAgileVpn - ok
20:47:48.0888 0x1424 [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto C:\Windows\System32\rasauto.dll
20:47:48.0904 0x1424 RasAuto - ok
20:47:48.0951 0x1424 [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
20:47:48.0951 0x1424 Rasl2tp - ok
20:47:49.0029 0x1424 [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan C:\Windows\System32\rasmans.dll
20:47:49.0060 0x1424 RasMan - ok
20:47:49.0138 0x1424 [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
20:47:49.0138 0x1424 RasPppoe - ok
20:47:49.0169 0x1424 [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
20:47:49.0185 0x1424 RasSstp - ok
20:47:49.0247 0x1424 [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
20:47:49.0263 0x1424 rdbss - ok
20:47:49.0309 0x1424 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
20:47:49.0309 0x1424 rdpbus - ok
20:47:49.0325 0x1424 [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
20:47:49.0325 0x1424 RDPCDD - ok
20:47:49.0372 0x1424 [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
20:47:49.0372 0x1424 RDPENCDD - ok
20:47:49.0387 0x1424 [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
20:47:49.0387 0x1424 RDPREFMP - ok
20:47:49.0497 0x1424 [ FE571E088C2D83619D2D48D4E961BF41, 88C5A2FCB1D0E528657842E39963471A6E42FCA3FCDF37955AEC8258AB4C48EA ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
20:47:49.0497 0x1424 RDPWD - ok
20:47:49.0606 0x1424 [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
20:47:49.0621 0x1424 rdyboost - ok
20:47:49.0699 0x1424 [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess C:\Windows\System32\mprdim.dll
20:47:49.0715 0x1424 RemoteAccess - ok
20:47:49.0746 0x1424 [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry C:\Windows\system32\regsvc.dll
20:47:49.0762 0x1424 RemoteRegistry - ok
20:47:49.0793 0x1424 [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
20:47:49.0793 0x1424 RpcEptMapper - ok
20:47:49.0824 0x1424 [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator C:\Windows\system32\locator.exe
20:47:49.0824 0x1424 RpcLocator - ok
20:47:49.0887 0x1424 [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] RpcSs C:\Windows\system32\rpcss.dll
20:47:49.0918 0x1424 RpcSs - ok
20:47:49.0965 0x1424 [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
20:47:49.0965 0x1424 rspndr - ok
20:47:49.0980 0x1424 [ 9262D6E2C239EDD6D87B080F2BCCEC9F, 4947F2C3DD9D2D08CBB03FCA822C78B24F841464FF52FDBFF7D34AC7EB484104 ] SamSs C:\Windows\system32\lsass.exe
20:47:49.0996 0x1424 SamSs - ok
20:47:50.0043 0x1424 [ 3289766038DB2CB14D07DC84392138D5, A7790B787690CC1A8B97E4532090C5295350A836A9474DEA74CEB3E81CF26124 ] SASDIFSV C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
20:47:50.0043 0x1424 SASDIFSV - ok
20:47:50.0074 0x1424 [ 58A38E75F3316A83C23DF6173D41F2B5, B0A8CDA1D164B7534FB41AB80792861384709BF0F914F44553275CF20194F1A1 ] SASKUTIL C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
20:47:50.0074 0x1424 SASKUTIL - ok
20:47:50.0105 0x1424 [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
20:47:50.0105 0x1424 sbp2port - ok
20:47:50.0245 0x1424 [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr C:\Windows\System32\SCardSvr.dll
20:47:50.0261 0x1424 SCardSvr - ok
20:47:50.0308 0x1424 [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
20:47:50.0308 0x1424 scfilter - ok
20:47:50.0401 0x1424 [ 262F6592C3299C005FD6BEC90FC4463A, 54095E37F0B6CC677A3E9BDD40F4647C713273D197DB341063AA7F342A60C4A7 ] Schedule C:\Windows\system32\schedsvc.dll
20:47:50.0479 0x1424 Schedule - ok
20:47:50.0511 0x1424 [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc C:\Windows\System32\certprop.dll
20:47:50.0526 0x1424 SCPolicySvc - ok
20:47:50.0557 0x1424 [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC C:\Windows\System32\SDRSVC.dll
20:47:50.0573 0x1424 SDRSVC - ok
20:47:50.0667 0x1424 [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv C:\Windows\system32\drivers\secdrv.sys
20:47:50.0682 0x1424 secdrv - ok
20:47:50.0713 0x1424 [ BC617A4E1B4FA8DF523A061739A0BD87, 10C4057F6B321EB5237FF619747B74F5401BC17D15A8C7060829E8204A2297F9 ] seclogon C:\Windows\system32\seclogon.dll
20:47:50.0729 0x1424 seclogon - ok
20:47:50.0760 0x1424 [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS C:\Windows\system32\sens.dll
20:47:50.0760 0x1424 SENS - ok
20:47:50.0838 0x1424 [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc C:\Windows\system32\sensrsvc.dll
20:47:50.0838 0x1424 SensrSvc - ok
20:47:50.0885 0x1424 [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
20:47:50.0901 0x1424 Serenum - ok
20:47:50.0916 0x1424 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial C:\Windows\system32\DRIVERS\serial.sys
20:47:50.0932 0x1424 Serial - ok
20:47:50.0994 0x1424 [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
20:47:50.0994 0x1424 sermouse - ok
20:47:51.0057 0x1424 [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv C:\Windows\system32\sessenv.dll
20:47:51.0072 0x1424 SessionEnv - ok
20:47:51.0150 0x1424 [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
20:47:51.0150 0x1424 sffdisk - ok
20:47:51.0197 0x1424 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
20:47:51.0197 0x1424 sffp_mmc - ok
20:47:51.0213 0x1424 [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
20:47:51.0213 0x1424 sffp_sd - ok
20:47:51.0228 0x1424 [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
20:47:51.0228 0x1424 sfloppy - ok
20:47:51.0337 0x1424 [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess C:\Windows\System32\ipnathlp.dll
20:47:51.0369 0x1424 SharedAccess - ok
20:47:51.0431 0x1424 [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
20:47:51.0462 0x1424 ShellHWDetection - ok
20:47:51.0478 0x1424 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
20:47:51.0478 0x1424 SiSRaid2 - ok
20:47:51.0509 0x1424 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
20:47:51.0525 0x1424 SiSRaid4 - ok
20:47:51.0681 0x1424 [ F6EF225A23D336CA30001E5007644C24, B0A4B1256C1074F1B4F73E3BBA16FD4683D6EEA583DEEF8E11EFD29BA7541F2A ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
20:47:51.0696 0x1424 SkypeUpdate - ok
20:47:51.0743 0x1424 [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb C:\Windows\system32\DRIVERS\smb.sys
20:47:51.0743 0x1424 Smb - ok
20:47:51.0805 0x1424 [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
20:47:51.0805 0x1424 SNMPTRAP - ok
20:47:51.0852 0x1424 [ 0FFE35F0B0CD5A324BBE22F02569AE3B, F4EE803EEFDB4EAEEDB3024C3516F1F9A202C77F4870D6B74356BBDE32B3B560 ] speedfan C:\Windows\syswow64\speedfan.sys
20:47:51.0883 0x1424 speedfan - ok
20:47:51.0899 0x1424 [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr C:\Windows\system32\drivers\spldr.sys
20:47:51.0915 0x1424 spldr - ok
20:47:51.0977 0x1424 [ 85DAA09A98C9286D4EA2BA8D0E644377, F9C324E2EF81193FE831C7EECC44A100CA06F82FA731BF555D9EA4D91DA13329 ] Spooler C:\Windows\System32\spoolsv.exe
20:47:52.0008 0x1424 Spooler - ok
20:47:52.0258 0x1424 [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc C:\Windows\system32\sppsvc.exe
20:47:52.0429 0x1424 sppsvc - ok
20:47:52.0492 0x1424 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify C:\Windows\system32\sppuinotify.dll
20:47:52.0492 0x1424 sppuinotify - ok
20:47:52.0570 0x1424 [ 441FBA48BFF01FDB9D5969EBC1838F0B, 306128F1AD489F87161A089D1BDC1542A4CB742D91A0C12A7CD1863FDB8932C0 ] srv C:\Windows\system32\DRIVERS\srv.sys
20:47:52.0648 0x1424 srv - ok
20:47:52.0695 0x1424 [ B4ADEBBF5E3677CCE9651E0F01F7CC28, 726DB2283113AB2A9681E8E9F61132303D6D86E9CD034C40EE4A8C9DB29E87F7 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
20:47:52.0741 0x1424 srv2 - ok
20:47:52.0788 0x1424 [ 27E461F0BE5BFF5FC737328F749538C3, AFA4704ED8FFC1A0BAB40DFB81D3AE3F3D933A3C9BF54DDAF39FF9AF3646D9E6 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
20:47:52.0804 0x1424 srvnet - ok
20:47:52.0851 0x1424 [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
20:47:52.0866 0x1424 SSDPSRV - ok
20:47:52.0882 0x1424 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc C:\Windows\system32\sstpsvc.dll
20:47:52.0897 0x1424 SstpSvc - ok
20:47:52.0929 0x1424 [ 30D7CE5C0B812BAF4F2FB5F47820C76A, 5C9D67637485F67A720D8582D54D880D8364108C593A020682D4695397284989 ] stdriver C:\Windows\system32\DRIVERS\stdriverx64.sys
20:47:52.0975 0x1424 stdriver - ok
20:47:53.0007 0x1424 [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
20:47:53.0007 0x1424 stexstor - ok
20:47:53.0100 0x1424 [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc C:\Windows\System32\wiaservc.dll
20:47:53.0131 0x1424 stisvc - ok
20:47:53.0178 0x1424 [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum C:\Windows\system32\drivers\swenum.sys
20:47:53.0194 0x1424 swenum - ok
20:47:53.0272 0x1424 [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv C:\Windows\System32\swprv.dll
20:47:53.0303 0x1424 swprv - ok
20:47:53.0693 0x1424 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D, 3C13217548BE61F2BDB8BD41F77345CDDA1F97BF0AE17241C335B9807EB3DBB8 ] SysMain C:\Windows\system32\sysmain.dll
20:47:53.0833 0x1424 SysMain - ok
20:47:53.0896 0x1424 [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\Windows\System32\TabSvc.dll
20:47:53.0911 0x1424 TabletInputService - ok
20:47:53.0974 0x1424 [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv C:\Windows\System32\tapisrv.dll
20:47:54.0005 0x1424 TapiSrv - ok
20:47:54.0083 0x1424 [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS C:\Windows\System32\tbssvc.dll
20:47:54.0083 0x1424 TBS - ok
20:47:54.0301 0x1424 [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
20:47:54.0457 0x1424 Tcpip - ok
20:47:54.0676 0x1424 [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
20:47:54.0769 0x1424 TCPIP6 - ok
20:47:54.0847 0x1424 [ 1B16D0BD9841794A6E0CDE0CEF744ABC, 7EB8BA97339199EEE7F2B09DA2DA6279DA64A510D4598D42CF86415D67CD674C ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
20:47:54.0863 0x1424 tcpipreg - ok
20:47:54.0910 0x1424 [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
20:47:54.0910 0x1424 TDPIPE - ok
20:47:54.0941 0x1424 [ 51C5ECEB1CDEE2468A1748BE550CFBC8, 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
20:47:54.0957 0x1424 TDTCP - ok
20:47:55.0003 0x1424 [ 70988118145F5F10EF24720B97F35F65, F80C806417A68047FFB3D63214BC4AE5445315219AC594E043293006B704A63D ] tdx C:\Windows\system32\DRIVERS\tdx.sys
20:47:55.0003 0x1424 tdx - ok
20:47:55.0050 0x1424 [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD C:\Windows\system32\drivers\termdd.sys
20:47:55.0050 0x1424 TermDD - ok
20:47:55.0128 0x1424 [ 008CD4EBFABCF78D0F19B3778492648C, 9050490EEE0AD86E73F0A82D83E4FC29DF84F6B6FDB389AE135FD712B5F425BE ] TermService C:\Windows\System32\termsrv.dll
20:47:55.0175 0x1424 TermService - ok
20:47:55.0237 0x1424 [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes C:\Windows\system32\themeservice.dll
20:47:55.0253 0x1424 Themes - ok
20:47:55.0331 0x1424 [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER C:\Windows\system32\mmcss.dll
20:47:55.0347 0x1424 THREADORDER - ok
20:47:55.0425 0x1424 [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks C:\Windows\System32\trkwks.dll
20:47:55.0440 0x1424 TrkWks - ok
20:47:55.0596 0x1424 [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
20:47:55.0596 0x1424 TrustedInstaller - ok
20:47:55.0690 0x1424 [ E232A3B43A894BB327FC161529BD9ED1, F2673DA8C920F21ACCECC25F7C59A05822E5E577D47F126EDF9C94FEB4B30C5F ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
20:47:55.0705 0x1424 tssecsrv - ok
20:47:55.0752 0x1424 [ D11C783E3EF9A3C52C0EBE83CC5000E9, A136C355D4C8945729163D15801364A614E23217B15F9313C85BA45BB71A74EB ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
20:47:55.0752 0x1424 TsUsbFlt - ok
20:47:55.0815 0x1424 [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
20:47:55.0815 0x1424 tunnel - ok
20:47:55.0846 0x1424 [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
20:47:55.0846 0x1424 uagp35 - ok
20:47:55.0924 0x1424 [ 2E22C1FD397A5A9FFEF55E9D1FC96C00, 4646712B3F3AF6188DBCE1A95D92261E8B15E9583FE5DD538EC884F48B51759D ] UBHelper C:\Windows\system32\drivers\UBHelper.sys
20:47:55.0924 0x1424 UBHelper - ok
20:47:56.0002 0x1424 [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
20:47:56.0033 0x1424 udfs - ok
20:47:56.0111 0x1424 [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect C:\Windows\system32\UI0Detect.exe
20:47:56.0127 0x1424 UI0Detect - ok
20:47:56.0142 0x1424 [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
20:47:56.0158 0x1424 uliagpkx - ok
20:47:56.0189 0x1424 [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus C:\Windows\system32\DRIVERS\umbus.sys
20:47:56.0205 0x1424 umbus - ok
20:47:56.0220 0x1424 [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
20:47:56.0220 0x1424 UmPass - ok
20:47:56.0688 0x1424 [ CC3775100ABA633984F73DFAE1F55CAE, 845F129289BB73FD78A6C3B497F17BA973FD691BC9242200F81993417C803FE9 ] UNS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
20:47:56.0798 0x1424 UNS - ok
20:47:56.0985 0x1424 [ F9EC9ACD504D823D9B9CA98A4F8D3CA2, 58DAD5111C598F14CB199FE6A61FA5918F29513B778A8664FD05EFAB3C665D4F ] Updater Service C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe
20:47:56.0985 0x1424 Updater Service - ok
20:47:57.0172 0x1424 [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost C:\Windows\System32\upnphost.dll
20:47:57.0188 0x1424 upnphost - ok
20:47:57.0250 0x1424 [ DCA68B0943D6FA415F0C56C92158A83A, BEE5A5B33B22D1DF50B884D46D89FC3B8286EB16E38AD5A20F0A49E5C6766C57 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
20:47:57.0250 0x1424 usbccgp - ok
20:47:57.0281 0x1424 [ 80B0F7D5CCF86CEB5D402EAAF61FEC31, 140C62116A425DEAD25FE8D82DE283BC92C482A9F643658D512F9F67061F28AD ] usbcir C:\Windows\system32\drivers\usbcir.sys
20:47:57.0297 0x1424 usbcir - ok
20:47:57.0375 0x1424 [ 18A85013A3E0F7E1755365D287443965, 811C5EDF38C765BCF71BCE25CB6626FF6988C3699F5EF1846240EA0052F34C33 ] usbehci C:\Windows\system32\drivers\usbehci.sys
20:47:57.0390 0x1424 usbehci - ok
20:47:57.0453 0x1424 [ 8D1196CFBB223621F2C67D45710F25BA, B5D7AFE51833B24FC9576F3AED3D8A2B290E5846060E73F9FFFAC1890A8B6003 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
20:47:57.0484 0x1424 usbhub - ok
20:47:57.0500 0x1424 [ 765A92D428A8DB88B960DA5A8D6089DC, 56DE8A2ED58E53B202C399CA7BACB1551136303C2EE0AB426BDBBF880E3C542C ] usbohci C:\Windows\system32\drivers\usbohci.sys
20:47:57.0500 0x1424 usbohci - ok
20:47:57.0531 0x1424 [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
20:47:57.0531 0x1424 usbprint - ok
20:47:57.0593 0x1424 [ 9661DA76B4531B2DA272ECCE25A8AF24, FEA93254A21E71A7EB8AD35FCCAD2C1E41F7329EC33B1734F5B41307A34D8637 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
20:47:57.0593 0x1424 usbscan - ok
20:47:57.0609 0x1424 [ B57B4F0BEC4270A281B9F8537EB2FA04, 554273482EE85F010DC62E412C9933E65BD63AA09911BD25D86F86D2618EF382 ] usbser C:\Windows\system32\drivers\usbser.sys
20:47:57.0609 0x1424 usbser - ok
20:47:57.0687 0x1424 [ FED648B01349A3C8395A5169DB5FB7D6, DC4D7594C24ADD076927B9347F1B50B91CF03A4ABDB284248D5711D9C19DEB96 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
20:47:57.0687 0x1424 USBSTOR - ok
20:47:57.0749 0x1424 [ DD253AFC3BC6CBA412342DE60C3647F3, 146F8613F1057AC054DC3593E84BC52899DA27EA33B0E72ACFB78C3699ADCDE7 ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
20:47:57.0749 0x1424 usbuhci - ok
20:47:57.0827 0x1424 [ 1F775DA4CF1A3A1834207E975A72E9D7, 6D3DE5BD3EF3A76E997E5BAF900C51D25308F5A9682D1F62017F577A24095B90 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
20:47:57.0827 0x1424 usbvideo - ok
20:47:57.0905 0x1424 [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms C:\Windows\System32\uxsms.dll
20:47:57.0905 0x1424 UxSms - ok
20:47:57.0936 0x1424 [ 9262D6E2C239EDD6D87B080F2BCCEC9F, 4947F2C3DD9D2D08CBB03FCA822C78B24F841464FF52FDBFF7D34AC7EB484104 ] VaultSvc C:\Windows\system32\lsass.exe
20:47:57.0952 0x1424 VaultSvc - ok
20:47:57.0983 0x1424 [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
20:47:57.0983 0x1424 vdrvroot - ok
20:47:58.0124 0x1424 [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds C:\Windows\System32\vds.exe
20:47:58.0155 0x1424 vds - ok
20:47:58.0202 0x1424 [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
20:47:58.0202 0x1424 vga - ok
20:47:58.0217 0x1424 [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave C:\Windows\System32\drivers\vga.sys
20:47:58.0217 0x1424 VgaSave - ok
20:47:58.0264 0x1424 [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
20:47:58.0280 0x1424 vhdmp - ok
20:47:58.0342 0x1424 [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide C:\Windows\system32\drivers\viaide.sys
20:47:58.0342 0x1424 viaide - ok
20:47:58.0358 0x1424 [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr C:\Windows\system32\drivers\volmgr.sys
20:47:58.0373 0x1424 volmgr - ok
20:47:58.0482 0x1424 [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
20:47:58.0545 0x1424 volmgrx - ok
20:47:58.0623 0x1424 [ 0D08D2F3B3FF84E433346669B5E0F639, 3D6716CEC95B8861A7CC5778E91F310528DC6BEE0E57A3C8757FC675154EBDEC ] volsnap C:\Windows\system32\drivers\volsnap.sys
20:47:58.0638 0x1424 volsnap - ok
20:47:58.0763 0x1424 [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
20:47:58.0779 0x1424 vsmraid - ok
20:47:59.0715 0x1424 [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS C:\Windows\system32\vssvc.exe
20:47:59.0793 0x1424 VSS - ok
20:47:59.0840 0x1424 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
20:47:59.0840 0x1424 vwifibus - ok
20:47:59.0855 0x1424 [ 6A3D66263414FF0D6FA754C646612F3F, 30F6BA594B0D3B94113064015A16D97811CD989DF1715CCE21CEAB9894C1B4FB ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
20:47:59.0855 0x1424 vwififlt - ok
20:47:59.0902 0x1424 [ 6A638FC4BFDDC4D9B186C28C91BD1A01, 5521F1DC515586777EC4837E0AEAA3E613CC178AF1074031C4D0D0C695A93168 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
20:47:59.0902 0x1424 vwifimp - ok
20:47:59.0949 0x1424 [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time C:\Windows\system32\w32time.dll
20:47:59.0980 0x1424 W32Time - ok
20:48:00.0058 0x1424 [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
20:48:00.0058 0x1424 WacomPen - ok
20:48:00.0136 0x1424 [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
20:48:00.0136 0x1424 WANARP - ok
20:48:00.0152 0x1424 [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
20:48:00.0152 0x1424 Wanarpv6 - ok
20:48:00.0292 0x1424 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C, 4150DAB33E8D61076F1D4767BCAFC9B4ECCCCBD58FD4FB3CFE5B8D27DCDCAB61 ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
20:48:00.0354 0x1424 WatAdminSvc - ok
20:48:00.0666 0x1424 [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine C:\Windows\system32\wbengine.exe
20:48:00.0791 0x1424 wbengine - ok
20:48:00.0854 0x1424 [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
20:48:00.0869 0x1424 WbioSrvc - ok
20:48:00.0916 0x1424 [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc C:\Windows\System32\wcncsvc.dll
20:48:00.0978 0x1424 wcncsvc - ok
20:48:01.0025 0x1424 [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
20:48:01.0041 0x1424 WcsPlugInService - ok
20:48:01.0072 0x1424 [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd C:\Windows\system32\DRIVERS\wd.sys
20:48:01.0072 0x1424 Wd - ok
20:48:01.0400 0x1424 [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
20:48:01.0446 0x1424 Wdf01000 - ok
20:48:01.0478 0x1424 [ C6F7473B55510F0B93961DA03D8E3B38, 4BAB9274DED8F7AC4A52B8739F501323FFFA0367CAA24BFAFDB5523812E0CE39 ] WdiServiceHost C:\Windows\system32\wdi.dll
20:48:01.0493 0x1424 WdiServiceHost - ok
20:48:01.0509 0x1424 [ C6F7473B55510F0B93961DA03D8E3B38, 4BAB9274DED8F7AC4A52B8739F501323FFFA0367CAA24BFAFDB5523812E0CE39 ] WdiSystemHost C:\Windows\system32\wdi.dll
20:48:01.0509 0x1424 WdiSystemHost - ok
20:48:01.0587 0x1424 [ 0EB0E5D22B1760F2DBCE632F2DD7A54D, B8A4CC62F88768947FB0A161CF9564DB28FD9C1C037B5475DF192982DE035C22 ] WebClient C:\Windows\System32\webclnt.dll
20:48:01.0618 0x1424 WebClient - ok
20:48:01.0680 0x1424 [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc C:\Windows\system32\wecsvc.dll
20:48:01.0712 0x1424 Wecsvc - ok
20:48:01.0743 0x1424 [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport C:\Windows\System32\wercplsupport.dll
20:48:01.0758 0x1424 wercplsupport - ok
20:48:01.0774 0x1424 [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc C:\Windows\System32\WerSvc.dll
20:48:01.0790 0x1424 WerSvc - ok
20:48:01.0883 0x1424 [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
20:48:01.0899 0x1424 WfpLwf - ok
20:48:01.0930 0x1424 [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount C:\Windows\system32\drivers\wimmount.sys
20:48:01.0930 0x1424 WIMMount - ok
20:48:01.0961 0x1424 WinDefend - ok
20:48:02.0102 0x1424 [ 4DE7D61CF51F4C8261D119CFBDB70243, A88BF58108AAF149FF30B93E3C58785AB1F414FD883FE87211F95AD4A91861DE ] WinDriver6 C:\Windows\system32\drivers\windrvr6.sys
20:48:02.0117 0x1424 WinDriver6 - ok
20:48:02.0133 0x1424 WinHttpAutoProxySvc - ok
20:48:02.0226 0x1424 [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
20:48:02.0242 0x1424 Winmgmt - ok
20:48:02.0570 0x1424 [ D929ABD465A2DED963DA8B30946A8D5C, DE8DBFB01C11D2AE903CBD6A974D6F995E9813CE2D6484B7DA06EAE4C545842A ] WinRM C:\Windows\system32\WsmSvc.dll
20:48:02.0710 0x1424 WinRM - ok
20:48:02.0772 0x1424 [ FE88B288356E7B47B74B13372ADD906D, A16B166F6BB32EF9D2A142F27B9EC54CBC7B3AC915799783CF4C40E525BC9E03 ] WinUsb C:\Windows\system32\drivers\WinUsb.sys
20:48:02.0772 0x1424 WinUsb - ok
20:48:02.0882 0x1424 [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc C:\Windows\System32\wlansvc.dll
20:48:02.0960 0x1424 Wlansvc - ok
20:48:03.0084 0x1424 [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
20:48:03.0084 0x1424 WmiAcpi - ok
20:48:03.0272 0x1424 [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
20:48:03.0287 0x1424 wmiApSrv - ok
20:48:03.0334 0x1424 WMPNetworkSvc - ok
20:48:03.0412 0x1424 [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc C:\Windows\System32\wpcsvc.dll
20:48:03.0428 0x1424 WPCSvc - ok
20:48:03.0474 0x1424 [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
20:48:03.0490 0x1424 WPDBusEnum - ok
20:48:03.0568 0x1424 [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
20:48:03.0568 0x1424 ws2ifsl - ok
20:48:03.0615 0x1424 [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc C:\Windows\system32\wscsvc.dll
20:48:03.0615 0x1424 wscsvc - ok
20:48:03.0693 0x1424 [ 8D918B1DB190A4D9B1753A66FA8C96E8, DB7D2714DC04D2D6999A207D7399A5647C8653E5A1AD80856A65C5B6065AEDFE ] WSDPrintDevice C:\Windows\system32\DRIVERS\WSDPrint.sys
20:48:03.0708 0x1424 WSDPrintDevice - ok
20:48:03.0708 0x1424 WSearch - ok
20:48:04.0098 0x1424 [ 0814A74C853F50B354F08F83DDA9F7FB, 0A63BAA8DE451B8C2C71FEF961718E769B9BAC305C76D24048C664CB27D0DF28 ] wuauserv C:\Windows\system32\wuaueng.dll
20:48:04.0223 0x1424 wuauserv - ok
20:48:04.0270 0x1424 [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
20:48:04.0286 0x1424 WudfPf - ok
20:48:04.0348 0x1424 [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd C:\Windows\system32\drivers\WUDFRd.sys
20:48:04.0348 0x1424 WUDFRd - ok
20:48:04.0395 0x1424 [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
20:48:04.0410 0x1424 wudfsvc - ok
20:48:04.0535 0x1424 [ 04F82965C09CBDF646B487E145060301, 2CD8533EDBE24C3E42EB7550E20F8A2EB9E5E345B165DEF543163A6BC1FDD18B ] WwanSvc C:\Windows\System32\wwansvc.dll
20:48:04.0582 0x1424 WwanSvc - ok
20:48:04.0598 0x1424 ================ Scan global ===============================
20:48:04.0676 0x1424 [ BA0CD8C393E8C9F83354106093832C7B, 18D8A4780A2BAA6CEF7FBBBDA0EF6BF2DADF146E1E578A618DD5859E8ADBF1A8 ] C:\Windows\system32\basesrv.dll
20:48:04.0816 0x1424 [ D17DD01601460F5899E5C154B3FD0BFA, B2FCFDE4B6F87634EA1F6D8AEA6D9B3C641D41D999C68B76F95491539B19D422 ] C:\Windows\system32\winsrv.dll
20:48:04.0847 0x1424 [ D17DD01601460F5899E5C154B3FD0BFA, B2FCFDE4B6F87634EA1F6D8AEA6D9B3C641D41D999C68B76F95491539B19D422 ] C:\Windows\system32\winsrv.dll
20:48:04.0925 0x1424 [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\Windows\system32\sxssrv.dll
20:48:05.0128 0x1424 [ 71C85477DF9347FE8E7BC55768473FCA, A86D6A6D1F5A0EFCD649792A06F3AE9B37158D48493D2ECA7F52DCC1CB9B6536 ] C:\Windows\system32\services.exe
20:48:05.0144 0x1424 [ Global ] - ok
20:48:05.0144 0x1424 ================ Scan MBR ==================================
20:48:05.0159 0x1424 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
20:48:05.0830 0x1424 \Device\Harddisk0\DR0 - ok
20:48:05.0830 0x1424 ================ Scan VBR ==================================
20:48:05.0924 0x1424 [ 9EEC3C9F2409F19238869A125208D582 ] \Device\Harddisk0\DR0\Partition1
20:48:05.0924 0x1424 \Device\Harddisk0\DR0\Partition1 - ok
20:48:05.0955 0x1424 [ 616B1288B1413FA795B27A3FC57A53AB ] \Device\Harddisk0\DR0\Partition2
20:48:06.0002 0x1424 \Device\Harddisk0\DR0\Partition2 - ok
20:48:06.0002 0x1424 ================ Scan generic autorun ======================
20:48:06.0111 0x1424 [ 220BC54C446F88CFAAD689CCBDE591E3, C86E1B9E407E7C29B9977EBDE6CFA2BCB1E22BB88A51B5FD723A013E807B593C ] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
20:48:06.0126 0x1424 AmIcoSinglun64 - ok
20:48:07.0172 0x1424 [ 798DF4955D7DE4552706B3ECB65B3C80, C0DD4999D8E5505EBC5ADB2B458339BA1444FE897C8568E872C9F8CCF7C5360B ] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
20:48:07.0827 0x1424 RtHDVCpl - ok
20:48:07.0998 0x1424 [ 147B96A5AEA8CEF3A34D8E378EAAA9B2, AC60E8184AC0DF277C26617AAD06F13A315B459AE47D9093161FB3DD652195B1 ] C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerTray.exe
20:48:08.0045 0x1424 Acer ePower Management - ok
20:48:08.0232 0x1424 [ 35BA4E6632BA690EA6421C1E03537D0E, 99D6B4DB12ABE3A7F44AB1B2D626978E85231185AE280D9516986027BC8385CB ] c:\Program Files\Microsoft Security Client\msseces.exe
20:48:08.0295 0x1424 MSC - ok
20:48:08.0544 0x1424 [ 77AC8322178FB8F3117CDD3B6DC6E126, 2786198EE920D7788FA0DE376231D4E42AB68F6D5A1E87FAC1F3D7424D1ED493 ] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
20:48:08.0544 0x1424 StartCCC - ok
20:48:08.0669 0x1424 [ 38218E47372B77DDB3C9DDD4390CB960, C665FCFE08A4C1F9C3FBA73A220AAB7344C2BF203B62FAB76EF1F659A78F007C ] C:\Program Files (x86)\Launch Manager\LManager.exe
20:48:08.0716 0x1424 LManager - ok
20:48:08.0825 0x1424 [ 846965AE55A2662B1576C0F392DD1D6E, 0ADE383991FDC5A49DD15A27CB52CF75ABF518F0335E92003C0FF75DB417BBDC ] C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe
20:48:08.0841 0x1424 SSBkgdUpdate - ok
20:48:08.0903 0x1424 [ 27249F2A900032F3C2DFAB8DE8F16399, 88F85055FC6A6C3872A9A3697F92E26EEB51655F5D53F49EE22768829839808A ] C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe
20:48:08.0903 0x1424 PaperPort PTD - ok
20:48:09.0028 0x1424 [ A4A66195EB0ECD574A32AAA92DC0A7BD, 4E30D565917158316A541BB29D73BF5F3A01DAB1240363276DE0C5D59B2BFFFE ] C:\Program Files (x86)\ScanSoft\PaperPort\Ereg\Ereg.exe
20:48:09.0044 0x1424 PPort11reminder - ok
20:48:09.0168 0x1424 [ 16D4D2AB28EDD90AEE06826B3ADF50AB, EE8E54702B22E7F1DB8DE7296132C3473DD9D18B9E9C47414F315173E0A26E16 ] C:\Program Files (x86)\PDF24\pdf24.exe
20:48:09.0168 0x1424 PDFPrint - ok
20:48:09.0278 0x1424 [ 271B0D188430670509CB9943D5229205, 74CB5A9D8B5988AE08C0F65C601FC54F8745BAB6825B6FEEFBA8F068D656D8D7 ] C:\Program Files (x86)\QuickTime\QTTask.exe
20:48:09.0293 0x1424 QuickTime Task - ok
20:48:09.0574 0x1424 [ 3E04F1E482357B1FC8B088197C3D9FF8, 85524ADDC27ADC831EBBD24E079B412CFDC69E5F594BD153319087665A28D546 ] C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
20:48:09.0621 0x1424 Adobe ARM - ok
20:48:10.0479 0x1424 [ 51747688BBB04853C3D03480244B4CBA, 7FDFE33E74D2E3408404F8466A872F582287C12DED294CE94EDB915E43CBF10A ] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
20:48:10.0916 0x1424 SUPERAntiSpyware - ok
20:48:11.0602 0x1424 [ 907E9C6F658C590BB58BFB45CFE10857, 0F4976ECE46DDCAC1235A65C9B50B05B166CC74E43B057DA6FF54C13DD27EB22 ] C:\Users\dermauel\AppData\Roaming\Spotify\SpotifyWebHelper.exe
20:48:11.0696 0x1424 Spotify Web Helper - ok
20:48:11.0711 0x1424 Waiting for KSN requests completion. In queue: 85
20:48:12.0725 0x1424 Waiting for KSN requests completion. In queue: 85
20:48:13.0739 0x1424 Waiting for KSN requests completion. In queue: 85
20:48:15.0174 0x1424 AV detected via SS2: Microsoft Security Essentials, C:\Program Files\Microsoft Security Client\msseces.exe ( 4.8.204.0 ), 0x61000 ( enabled : updated )
20:48:15.0393 0x1424 Win FW state via NFP2: enabled
20:48:17.0826 0x1424 ============================================================
20:48:17.0826 0x1424 Scan finished
20:48:17.0826 0x1424 ============================================================
20:48:17.0842 0x17b0 Detected object count: 0
20:48:17.0842 0x17b0 Actual detected object count: 0
21:05:34.0918 0x1198 ============================================================
21:05:34.0918 0x1198 Scan started
21:05:34.0918 0x1198 Mode: Manual;
21:05:34.0918 0x1198 ============================================================
21:05:34.0918 0x1198 KSN ping started
21:05:48.0615 0x1198 KSN ping finished: true
Danke für die Unterstützung und beste Grüße Ernst |
|
25.05.2015, 10:16
| #6 |
| | Laptop infiziert - Öffnet selbstständig Programme Hier der zweite Teil vom TDSSKLIIER: Code:
ATTFilter 21:05:49.0052 0x1198 ================ Scan system memory ======================== 21:05:49.0052 0x1198 System memory - ok 21:05:49.0052 0x1198 ================ Scan services ============================= 21:05:49.0130 0x1198 [ 970C70F6B2953ED43822D3797855D84C, CB22723678B514277BC6E6DDDD206F3B2377CD889C9D473A47A7056BE597BC6B ] !SASCORE C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE 21:05:49.0145 0x1198 !SASCORE - ok 21:05:49.0317 0x1198 [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys 21:05:49.0333 0x1198 1394ohci - ok 21:05:49.0379 0x1198 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI C:\Windows\system32\drivers\ACPI.sys 21:05:49.0395 0x1198 ACPI - ok 21:05:49.0411 0x1198 [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys 21:05:49.0411 0x1198 AcpiPmi - ok 21:05:49.0535 0x1198 [ 34400005DE52842C4D6D4EE978B4D7CE, E7C3121812284B9FE6A12910C67C98354BAF5DB74865A5B4E0C2E64852BDB50A ] AdobeActiveFileMonitor8.0 c:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe 21:05:49.0551 0x1198 AdobeActiveFileMonitor8.0 - ok 21:05:49.0676 0x1198 [ FC5B75CA6A1DA31EDD4F8D53F5540B98, CDC445F2790ADFC4C5568C40D4DA8BB95CD71991665B38AEC3D84571C99C3520 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe 21:05:49.0691 0x1198 AdobeARMservice - ok 21:05:49.0832 0x1198 [ B04A4810C6CC205F9DC72DC22E4AB236, 547321F5C28C80D4818372D65E2A33D4BAC593015DD6613B24586FE4B4A95D5D ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe 21:05:49.0832 0x1198 AdobeFlashPlayerUpdateSvc - ok 21:05:49.0894 0x1198 [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys 21:05:49.0925 0x1198 adp94xx - ok 21:05:49.0972 0x1198 [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys 21:05:49.0988 0x1198 adpahci - ok 21:05:50.0035 0x1198 [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys 21:05:50.0035 0x1198 adpu320 - ok 21:05:50.0066 0x1198 [ 83BFCCAC53795E8A5055A93672D0C46C, B2B03473D950A5BA9DE59D81E7B14C1FAFF17B2A4D8A5808588F5CC21D63B291 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll 21:05:50.0081 0x1198 AeLookupSvc - ok 21:05:50.0144 0x1198 [ FA886682CFC5D36718D3E436AACF10B9, F80AB4F91AA6B5C7ECCB000D8E1BC2CF776DC3D69B3D9EBC2558C19035A6B3AB ] AFD C:\Windows\system32\drivers\afd.sys 21:05:50.0175 0x1198 AFD - ok 21:05:50.0206 0x1198 [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440 C:\Windows\system32\drivers\agp440.sys 21:05:50.0222 0x1198 agp440 - ok 21:05:50.0253 0x1198 [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG C:\Windows\System32\alg.exe 21:05:50.0253 0x1198 ALG - ok 21:05:50.0300 0x1198 [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide C:\Windows\system32\drivers\aliide.sys 21:05:50.0300 0x1198 aliide - ok 21:05:50.0347 0x1198 [ 3D90CF67DB75823A8480E56BBCD2E028, 775D58B99ACA606D434713BC00132D43061C37CFEEAECD194FCFDF45792944A3 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe 21:05:50.0362 0x1198 AMD External Events Utility - ok 21:05:50.0393 0x1198 [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide C:\Windows\system32\drivers\amdide.sys 21:05:50.0409 0x1198 amdide - ok 21:05:50.0425 0x1198 [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys 21:05:50.0425 0x1198 AmdK8 - ok 21:05:50.0830 0x1198 [ 52679612D742BF74CA1BA6AB86DDF431, 9D7A8FA8952519AD83CD36038F85B958BC97D1A25596EDC01CA1F6DD45DB542A ] amdkmdag C:\Windows\system32\DRIVERS\atipmdag.sys 21:05:51.0080 0x1198 amdkmdag - ok 21:05:51.0158 0x1198 [ 414E0788920A8C856032BE2CBF29F984, 2DD027ADA24C871167C80A2F5C5ED5CB3AEA1E3A4E8C5FD352FA82C33B24479B ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys 21:05:51.0173 0x1198 amdkmdap - ok 21:05:51.0189 0x1198 [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys 21:05:51.0189 0x1198 AmdPPM - ok 21:05:51.0220 0x1198 [ D4121AE6D0C0E7E13AA221AA57EF2D49, 626F43C099BD197BE56648C367B711143C2BCCE96496BBDEF19F391D52FA01D0 ] amdsata C:\Windows\system32\drivers\amdsata.sys 21:05:51.0236 0x1198 amdsata - ok 21:05:51.0267 0x1198 [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys 21:05:51.0267 0x1198 amdsbs - ok 21:05:51.0298 0x1198 [ 540DAF1CEA6094886D72126FD7C33048, 296578572A93F5B74E1AD443E000B79DC99D1CBD25082E02704800F886A3065F ] amdxata C:\Windows\system32\drivers\amdxata.sys 21:05:51.0298 0x1198 amdxata - ok 21:05:51.0329 0x1198 [ 391887990CDAA83DE5C56C3FDE966DA1, BC55E21E03B3FE7BBDBB13D56AADB8FBA74F58521AC73B105AD9788E7AE18F0B ] AmUStor C:\Windows\system32\drivers\AmUStor.SYS 21:05:51.0329 0x1198 AmUStor - ok 21:05:51.0392 0x1198 [ FAB590E0FC28CB474B965F8267458E14, C1A8DFD5746B27373CA402246D404A33A69A9364C1D1EBE944559F69B5DFC98F ] ApfiltrService C:\Windows\system32\DRIVERS\Apfiltr.sys 21:05:51.0392 0x1198 ApfiltrService - ok 21:05:51.0439 0x1198 [ 90C53BD47979FB8814F465A08B885102, 5EDFC1909FC1FF9133A534DFCC5408CF3A777AC41FB21FAD375436E3D86C02EC ] AppID C:\Windows\system32\drivers\appid.sys 21:05:51.0439 0x1198 AppID - ok 21:05:51.0470 0x1198 [ 72D4757510FDA69D729169C00AFC211E, FB9686D0D94EE7C19A3994C29E8331A6EC3020B2980B2CC75F72F3AB25512C15 ] AppIDSvc C:\Windows\System32\appidsvc.dll 21:05:51.0470 0x1198 AppIDSvc - ok 21:05:51.0517 0x1198 [ 9D2A2369AB4B08A4905FE72DB104498F, D6FA1705018BABABFA2362E05691A0D6408D14DE7B76129B16D0A1DAD6378E58 ] Appinfo C:\Windows\System32\appinfo.dll 21:05:51.0517 0x1198 Appinfo - ok 21:05:51.0595 0x1198 [ 650D03E40F93FAE323CB841F80368E5C, F67B97CFDCE2EE9294977725268EFDB0DD724BD16E7ED5BFCA45375AA8EBA5BB ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe 21:05:51.0610 0x1198 Apple Mobile Device - ok 21:05:51.0641 0x1198 [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc C:\Windows\system32\DRIVERS\arc.sys 21:05:51.0641 0x1198 arc - ok 21:05:51.0673 0x1198 [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys 21:05:51.0673 0x1198 arcsas - ok 21:05:51.0782 0x1198 [ 9A262EDD17F8473B91B333D6B031A901, 05DFBD3A7D83FDE1D062EA719ACA9EC48CB7FD42D17DDD88B82E5D25469ADD23 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe 21:05:51.0782 0x1198 aspnet_state - ok 21:05:51.0797 0x1198 [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys 21:05:51.0813 0x1198 AsyncMac - ok 21:05:51.0829 0x1198 [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi C:\Windows\system32\drivers\atapi.sys 21:05:51.0829 0x1198 atapi - ok 21:05:51.0985 0x1198 [ E642491F64E58CD5BC8FB8B347DCF65F, D457175EF3A0552CEA3DA78E7116D54BC2BF157857A8B764597B51FB4E29C033 ] athr C:\Windows\system32\DRIVERS\athrx.sys 21:05:52.0094 0x1198 athr - ok 21:05:52.0141 0x1198 [ FB7602C5C508BE281368AAE0B61B51C6, 81FB4ABFA006974C20CA0E9FEB279A51CC4A9F0C1DA67075AA0EAD13F43B3782 ] AtiHdmiService C:\Windows\system32\drivers\AtiHdmi.sys 21:05:52.0156 0x1198 AtiHdmiService - ok 21:05:52.0234 0x1198 [ 6968D02DC38757C3FBE7ED7C2F9670AA, C8B3115DDB32EFBE8C56C5AA78EEA05BBB77DF3F75CC2A04532EB32327E4735A ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll 21:05:52.0265 0x1198 AudioEndpointBuilder - ok 21:05:52.0312 0x1198 [ 6968D02DC38757C3FBE7ED7C2F9670AA, C8B3115DDB32EFBE8C56C5AA78EEA05BBB77DF3F75CC2A04532EB32327E4735A ] AudioSrv C:\Windows\System32\Audiosrv.dll 21:05:52.0343 0x1198 AudioSrv - ok 21:05:52.0390 0x1198 [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV C:\Windows\System32\AxInstSV.dll 21:05:52.0406 0x1198 AxInstSV - ok 21:05:52.0453 0x1198 [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys 21:05:52.0484 0x1198 b06bdrv - ok 21:05:52.0515 0x1198 [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys 21:05:52.0531 0x1198 b57nd60a - ok 21:05:52.0624 0x1198 [ 9E84A931DBEE0292E38ED672F6293A99, 2945EAF0AC091709E0C5508B45EC343EDE507AC2B08A2D7D64F286D38424CBC4 ] BCM43XX C:\Windows\system32\DRIVERS\bcmwl664.sys 21:05:52.0687 0x1198 BCM43XX - ok 21:05:52.0733 0x1198 [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC C:\Windows\System32\bdesvc.dll 21:05:52.0749 0x1198 BDESVC - ok 21:05:52.0765 0x1198 [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep C:\Windows\system32\drivers\Beep.sys 21:05:52.0765 0x1198 Beep - ok 21:05:52.0827 0x1198 [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE C:\Windows\System32\bfe.dll 21:05:52.0858 0x1198 BFE - ok 21:05:52.0936 0x1198 [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS C:\Windows\system32\qmgr.dll 21:05:52.0983 0x1198 BITS - ok 21:05:52.0999 0x1198 [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys 21:05:53.0014 0x1198 blbdrive - ok 21:05:53.0045 0x1198 [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser C:\Windows\system32\DRIVERS\bowser.sys 21:05:53.0045 0x1198 bowser - ok 21:05:53.0061 0x1198 [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys 21:05:53.0077 0x1198 BrFiltLo - ok 21:05:53.0092 0x1198 [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys 21:05:53.0092 0x1198 BrFiltUp - ok 21:05:53.0123 0x1198 [ 5C2F352A4E961D72518261257AAE204B, 9EE1001E1D46A414A7A86FE1DBBE232203E26F54D9EF43ED31ED8EACD4D09853 ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys 21:05:53.0123 0x1198 BridgeMP - ok 21:05:53.0155 0x1198 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser C:\Windows\System32\browser.dll 21:05:53.0170 0x1198 Browser - ok 21:05:53.0201 0x1198 [ 63A00CDBEB300522C49EC7CA77324060, 99CB6D37C7D898982A192AAA8DE5CE255E6FA482E19FE9032BAA7069E652F6F5 ] BrSerIb C:\Windows\system32\DRIVERS\BrSerIb.sys 21:05:53.0201 0x1198 BrSerIb - ok 21:05:53.0264 0x1198 [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid C:\Windows\System32\Drivers\Brserid.sys 21:05:53.0279 0x1198 Brserid - ok 21:05:53.0295 0x1198 [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys 21:05:53.0295 0x1198 BrSerWdm - ok 21:05:53.0311 0x1198 [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys 21:05:53.0311 0x1198 BrUsbMdm - ok 21:05:53.0326 0x1198 [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys 21:05:53.0326 0x1198 BrUsbSer - ok 21:05:53.0342 0x1198 [ BBCFD6C6EF66449F55AF1BFDB08C9B12, D6D5D408FCFFF9ED69D095948E786C08EEECD5F55905A3D8FE2BB08944C5E1F2 ] BrUsbSIb C:\Windows\system32\DRIVERS\BrUsbSIb.sys 21:05:53.0342 0x1198 BrUsbSIb - ok 21:05:53.0357 0x1198 BTCFilterService - ok 21:05:53.0373 0x1198 [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys 21:05:53.0389 0x1198 BTHMODEM - ok 21:05:53.0420 0x1198 [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv C:\Windows\system32\bthserv.dll 21:05:53.0420 0x1198 bthserv - ok 21:05:53.0451 0x1198 catchme - ok 21:05:53.0482 0x1198 [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys 21:05:53.0498 0x1198 cdfs - ok 21:05:53.0545 0x1198 [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys 21:05:53.0545 0x1198 cdrom - ok 21:05:53.0591 0x1198 [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc C:\Windows\System32\certprop.dll 21:05:53.0591 0x1198 CertPropSvc - ok 21:05:53.0623 0x1198 [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass C:\Windows\system32\DRIVERS\circlass.sys 21:05:53.0623 0x1198 circlass - ok 21:05:53.0669 0x1198 [ 404B7DF9CA4D1CB675045AF220FF3285, 91FFADE2ABE5C48849E63134D5FFD20671FE0D1720F7D486F904391B3D142C96 ] CLFS C:\Windows\system32\CLFS.sys 21:05:53.0701 0x1198 CLFS - ok 21:05:53.0763 0x1198 [ F13EC8A783E0CB0D6DC26A3CA848B7B8, 0809E3B71709F1343086EEB6C820543C1A7119E74EEF8AC1AEE1F81093ABEC66 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 21:05:53.0779 0x1198 clr_optimization_v2.0.50727_32 - ok 21:05:53.0825 0x1198 [ B4D73F04E9BC076F7CDAC4327DF636BB, 1ADED20D5A0D0A76E2F85CB778FD06BAB814868D35F8532E17D67045FF4770C2 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe 21:05:53.0825 0x1198 clr_optimization_v2.0.50727_64 - ok 21:05:53.0919 0x1198 [ E87213F37A13E2B54391E40934F071D0, 7EB221127EFB5BF158FB03D18EFDA2C55FB6CE3D1A1FE69C01D70DBED02C87E5 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 21:05:53.0919 0x1198 clr_optimization_v4.0.30319_32 - ok 21:05:53.0966 0x1198 [ 4AEDAB50F83580D0B4D6CF78191F92AA, D113C47013B018B45161911B96E93AF96A2F3B34FA47061BF6E7A71FBA03194A ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe 21:05:53.0966 0x1198 clr_optimization_v4.0.30319_64 - ok 21:05:54.0013 0x1198 [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys 21:05:54.0013 0x1198 CmBatt - ok 21:05:54.0044 0x1198 [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide C:\Windows\system32\drivers\cmdide.sys 21:05:54.0044 0x1198 cmdide - ok 21:05:54.0106 0x1198 [ 27667A788130A7F7A5858DE27572E6D7, 5501D80BCCB7A811ECCED3828DFD0A5D948BBED8504E9BCC4A3BFB840DD41CBC ] CNG C:\Windows\system32\Drivers\cng.sys 21:05:54.0137 0x1198 CNG - ok 21:05:54.0169 0x1198 [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys 21:05:54.0169 0x1198 Compbatt - ok 21:05:54.0200 0x1198 [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys 21:05:54.0215 0x1198 CompositeBus - ok 21:05:54.0215 0x1198 COMSysApp - ok 21:05:54.0231 0x1198 [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys 21:05:54.0231 0x1198 crcdisk - ok 21:05:54.0293 0x1198 [ 1CD76A83B9E8E9A5A3519B39E28354D9, F9931743B99820FFBFB13136DFFD92F86802D543F9D8478648CDC554FB38899D ] CryptSvc C:\Windows\system32\cryptsvc.dll 21:05:54.0293 0x1198 CryptSvc - ok 21:05:54.0371 0x1198 [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] DcomLaunch C:\Windows\system32\rpcss.dll 21:05:54.0403 0x1198 DcomLaunch - ok 21:05:54.0449 0x1198 [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc C:\Windows\System32\defragsvc.dll 21:05:54.0465 0x1198 defragsvc - ok 21:05:54.0512 0x1198 [ 68E3DB0FCA63A04849331155A417EAD7, 00BC720BBE0D6C26B37D2B48892F1B51E84751B4794E641E7909114C4C345F11 ] DeviceMonitorService C:\Program Files (x86)\Motorola Media Link\NServiceEntry.exe 21:05:54.0512 0x1198 DeviceMonitorService - ok 21:05:54.0559 0x1198 [ 9BB2EF44EAA163B29C4A4587887A0FE4, 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F ] DfsC C:\Windows\system32\Drivers\dfsc.sys 21:05:54.0559 0x1198 DfsC - ok 21:05:54.0605 0x1198 [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp C:\Windows\system32\dhcpcore.dll 21:05:54.0621 0x1198 Dhcp - ok 21:05:54.0715 0x1198 [ EA8A3E8C674B03CB4AFA1D344DBD7BC1, 564D9370AE4D12973647997684B9637B2A5A7480F66B87018F789CE4E43C8191 ] DiagTrack C:\Windows\system32\diagtrack.dll 21:05:54.0777 0x1198 DiagTrack - ok 21:05:54.0808 0x1198 [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache C:\Windows\system32\drivers\discache.sys 21:05:54.0808 0x1198 discache - ok 21:05:54.0839 0x1198 [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk C:\Windows\system32\DRIVERS\disk.sys 21:05:54.0839 0x1198 Disk - ok 21:05:54.0871 0x1198 [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache C:\Windows\System32\dnsrslvr.dll 21:05:54.0886 0x1198 Dnscache - ok 21:05:54.0917 0x1198 [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc C:\Windows\System32\dot3svc.dll 21:05:54.0933 0x1198 dot3svc - ok 21:05:54.0980 0x1198 [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS C:\Windows\system32\dps.dll 21:05:54.0995 0x1198 DPS - ok 21:05:55.0027 0x1198 [ 9B19F34400D24DF84C858A421C205754, 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys 21:05:55.0027 0x1198 drmkaud - ok 21:05:55.0089 0x1198 [ 9CF46FDF163E06B83D03FF929EF2296C, 40BB0226361DEC2E6CBFE79CA092083986BD3D94564ED5F3E54CA2EE9A756837 ] DsiWMIService C:\Program Files (x86)\Launch Manager\dsiwmis.exe 21:05:55.0105 0x1198 DsiWMIService - ok 21:05:55.0198 0x1198 [ 87CE5C8965E101CCCED1F4675557E868, 077D98F0F130B2FC710208BA34016EF2B2506EE2BD71740B228145E34A3046F1 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys 21:05:55.0245 0x1198 DXGKrnl - ok 21:05:55.0276 0x1198 [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost C:\Windows\System32\eapsvc.dll 21:05:55.0276 0x1198 EapHost - ok 21:05:55.0510 0x1198 [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys 21:05:55.0651 0x1198 ebdrv - ok 21:05:55.0697 0x1198 [ 9262D6E2C239EDD6D87B080F2BCCEC9F, 4947F2C3DD9D2D08CBB03FCA822C78B24F841464FF52FDBFF7D34AC7EB484104 ] EFS C:\Windows\System32\lsass.exe 21:05:55.0713 0x1198 EFS - ok 21:05:55.0791 0x1198 [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr C:\Windows\ehome\ehRecvr.exe 21:05:55.0822 0x1198 ehRecvr - ok 21:05:55.0869 0x1198 [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched C:\Windows\ehome\ehsched.exe 21:05:55.0869 0x1198 ehSched - ok 21:05:55.0947 0x1198 [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys 21:05:55.0963 0x1198 elxstor - ok 21:05:56.0119 0x1198 [ 3EA2C4F68A782839D97B3C83595575B6, D4C3BFD0B6817B73BE9F2378FA946BD1C213A4FB9EB3F7D2C79E9B6D9F895106 ] ePowerSvc C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe 21:05:56.0150 0x1198 ePowerSvc - ok 21:05:56.0181 0x1198 [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev C:\Windows\system32\drivers\errdev.sys 21:05:56.0181 0x1198 ErrDev - ok 21:05:56.0228 0x1198 [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem C:\Windows\system32\es.dll 21:05:56.0259 0x1198 EventSystem - ok 21:05:56.0290 0x1198 [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat C:\Windows\system32\drivers\exfat.sys 21:05:56.0306 0x1198 exfat - ok 21:05:56.0321 0x1198 [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat C:\Windows\system32\drivers\fastfat.sys 21:05:56.0337 0x1198 fastfat - ok 21:05:56.0415 0x1198 [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax C:\Windows\system32\fxssvc.exe 21:05:56.0446 0x1198 Fax - ok 21:05:56.0477 0x1198 [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc C:\Windows\system32\DRIVERS\fdc.sys 21:05:56.0477 0x1198 fdc - ok 21:05:56.0509 0x1198 [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost C:\Windows\system32\fdPHost.dll 21:05:56.0509 0x1198 fdPHost - ok 21:05:56.0509 0x1198 [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub C:\Windows\system32\fdrespub.dll 21:05:56.0524 0x1198 FDResPub - ok 21:05:56.0524 0x1198 [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo C:\Windows\system32\drivers\fileinfo.sys 21:05:56.0540 0x1198 FileInfo - ok 21:05:56.0555 0x1198 [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace C:\Windows\system32\drivers\filetrace.sys 21:05:56.0555 0x1198 Filetrace - ok 21:05:56.0633 0x1198 [ ABEDFD48AC042C6AAAD32452E77217A1, BC45A1C36BDBC20EF4E7D3CFB5368912382D964CB34D050ED255F56307F4C910 ] FLEXnet Licensing Service C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe 21:05:56.0665 0x1198 FLEXnet Licensing Service - ok 21:05:56.0680 0x1198 [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys 21:05:56.0680 0x1198 flpydisk - ok 21:05:56.0743 0x1198 [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys 21:05:56.0758 0x1198 FltMgr - ok 21:05:56.0867 0x1198 [ E612E86FA15EA1EF9A52433A2743C447, 8A66164541D2EE2334B6DE3995C31138EA85E3A06BC7FD901E60D345E4E1E8A8 ] FontCache C:\Windows\system32\FntCache.dll 21:05:56.0930 0x1198 FontCache - ok 21:05:56.0977 0x1198 [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe 21:05:56.0977 0x1198 FontCache3.0.0.0 - ok 21:05:57.0023 0x1198 [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends C:\Windows\system32\drivers\FsDepends.sys 21:05:57.0023 0x1198 FsDepends - ok 21:05:57.0055 0x1198 [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys 21:05:57.0055 0x1198 Fs_Rec - ok 21:05:57.0101 0x1198 [ 8F6322049018354F45F05A2FD2D4E5E0, 73BF0FB4EBD7887E992DDEBB79E906958D6678F8D1107E8C368F5A0514D80359 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys 21:05:57.0117 0x1198 fvevol - ok 21:05:57.0133 0x1198 [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys 21:05:57.0148 0x1198 gagp30kx - ok 21:05:57.0211 0x1198 [ D289BA51801E162273A8385E3CCE0D0A, 461F3E85EAF33E553B047D5974D8542138E18EFB7EF905EE7E9CDC1A07CA41C7 ] GamesAppIntegrationService C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe 21:05:57.0226 0x1198 GamesAppIntegrationService - ok 21:05:57.0273 0x1198 [ C23410A44ADDF0E1A9B4BA42A5DD5EA7, 384382D16D09A17E29D8348E1CF8DD7E377607DB3472AB8888EF8E83671B772C ] GamesAppService C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe 21:05:57.0273 0x1198 GamesAppService - ok 21:05:57.0320 0x1198 [ 8E98D21EE06192492A5671A6144D092F, B8F656B34D361EA5AFB47F3A67AB2221580DADA59C8CD0CB83181E4AD8B562B4 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys 21:05:57.0320 0x1198 GEARAspiWDM - ok 21:05:57.0413 0x1198 [ 277BBC7E1AA1EE957F573A10ECA7EF3A, 2EE60B924E583E847CC24E78B401EF95C69DB777A5B74E1EC963E18D47B94D24 ] gpsvc C:\Windows\System32\gpsvc.dll 21:05:57.0445 0x1198 gpsvc - ok 21:05:57.0523 0x1198 [ 0191DEE9B9EB7902AF2CF4F67301095D, 9E2E263E84167E1AD3FFCEA84066AF07CD6A653F5D8266A619E4973BC4B25460 ] GREGService C:\Program Files (x86)\Packard Bell\Registration\GREGsvc.exe 21:05:57.0523 0x1198 GREGService - ok 21:05:57.0585 0x1198 [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe 21:05:57.0585 0x1198 gupdate - ok 21:05:57.0601 0x1198 [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe 21:05:57.0601 0x1198 gupdatem - ok 21:05:57.0632 0x1198 [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys 21:05:57.0632 0x1198 hcw85cir - ok 21:05:57.0694 0x1198 [ 975761C778E33CD22498059B91E7373A, 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys 21:05:57.0710 0x1198 HdAudAddService - ok 21:05:57.0741 0x1198 [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys 21:05:57.0741 0x1198 HDAudBus - ok 21:05:57.0772 0x1198 [ B6AC71AAA2B10848F57FC49D55A651AF, 4FAD833654E86F9FAF972AC8AF87FD4A9A765B26B96F096BBD63506B5D521A91 ] HECIx64 C:\Windows\system32\DRIVERS\HECIx64.sys 21:05:57.0772 0x1198 HECIx64 - ok 21:05:57.0803 0x1198 [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys 21:05:57.0803 0x1198 HidBatt - ok 21:05:57.0835 0x1198 [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys 21:05:57.0835 0x1198 HidBth - ok 21:05:57.0866 0x1198 [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr C:\Windows\system32\DRIVERS\hidir.sys 21:05:57.0866 0x1198 HidIr - ok 21:05:57.0897 0x1198 [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv C:\Windows\System32\hidserv.dll 21:05:57.0897 0x1198 hidserv - ok 21:05:57.0928 0x1198 [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys 21:05:57.0928 0x1198 HidUsb - ok 21:05:57.0975 0x1198 [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc C:\Windows\system32\kmsvc.dll 21:05:57.0975 0x1198 hkmsvc - ok 21:05:58.0053 0x1198 [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\Windows\system32\ListSvc.dll 21:05:58.0069 0x1198 HomeGroupListener - ok 21:05:58.0115 0x1198 [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\Windows\system32\provsvc.dll 21:05:58.0115 0x1198 HomeGroupProvider - ok 21:05:58.0147 0x1198 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys 21:05:58.0147 0x1198 HpSAMD - ok 21:05:58.0240 0x1198 [ F61634BEC53F73702A10DE69F6DCAF57, BBA7344CF3AB96A46D1A6F1D50F2758EA8D097FE558C38B4EF45C8C334AF96E1 ] HTTP C:\Windows\system32\drivers\HTTP.sys 21:05:58.0271 0x1198 HTTP - ok 21:05:58.0303 0x1198 [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys 21:05:58.0303 0x1198 hwpolicy - ok 21:05:58.0334 0x1198 [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt C:\Windows\system32\drivers\i8042prt.sys 21:05:58.0349 0x1198 i8042prt - ok 21:05:58.0412 0x1198 [ ABBF174CB394F5C437410A788B7E404A, 95554F675329E7062F0936E4E902FEFF2456CAD95D6C9B60DCC213EF6E4C62D8 ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys 21:05:58.0427 0x1198 iaStor - ok 21:05:58.0505 0x1198 [ AAAF44DB3BD0B9D1FB6969B23ECC8366, 805AA4A9464002D1AB3832E4106B2AAA1331F4281367E75956062AAE99699385 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys 21:05:58.0521 0x1198 iaStorV - ok 21:05:58.0615 0x1198 [ C98A5B9D932430AD8EEBD3EF73756EF7, DF7E1D391A0F3345AD61154363922C27BD557DEEACE395A6A8A8A16BFD1BB9A8 ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe 21:05:58.0661 0x1198 idsvc - ok 21:05:58.0677 0x1198 IEEtwCollectorService - ok 21:05:59.0083 0x1198 [ A87261EF1546325B559374F5689CF5BC, 8DE48A8A13A32AAAC54CDDF58F3F61BE3E2802C1D9CA1CA98E57EB0D65FB6002 ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys 21:05:59.0363 0x1198 igfx - ok 21:05:59.0426 0x1198 [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys 21:05:59.0426 0x1198 iirsp - ok 21:05:59.0504 0x1198 [ 344789398EC3EE5A4E00C52B31847946, 3DA5F08E4B46F4E63456AA588D49E39A6A09A97D0509880C00F327623DB6122D ] IKEEXT C:\Windows\System32\ikeext.dll 21:05:59.0535 0x1198 IKEEXT - ok 21:05:59.0707 0x1198 [ E8017F1662D9142F45CEAB694D013C00, 75EE9DF292C4D980B9461ABEB8810D22DD57EBBAD5A37FE7B046CBAD419EE9E0 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys 21:05:59.0831 0x1198 IntcAzAudAddService - ok 21:05:59.0925 0x1198 [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide C:\Windows\system32\drivers\intelide.sys 21:05:59.0925 0x1198 intelide - ok 21:05:59.0972 0x1198 [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys 21:05:59.0972 0x1198 intelppm - ok 21:06:00.0003 0x1198 [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum C:\Windows\system32\ipbusenum.dll 21:06:00.0003 0x1198 IPBusEnum - ok 21:06:00.0034 0x1198 [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys 21:06:00.0050 0x1198 IpFilterDriver - ok 21:06:00.0112 0x1198 [ 08C2957BB30058E663720C5606885653, E13EDF6701512E2A9977A531454932CA5023087CB50E1D2F416B8BCDD92B67BE ] iphlpsvc C:\Windows\System32\iphlpsvc.dll 21:06:00.0128 0x1198 iphlpsvc - ok 21:06:00.0175 0x1198 [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys 21:06:00.0175 0x1198 IPMIDRV - ok 21:06:00.0221 0x1198 [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT C:\Windows\system32\drivers\ipnat.sys 21:06:00.0237 0x1198 IPNAT - ok 21:06:00.0299 0x1198 [ 7FAE5B6CDB18B0B2E81F32869F595022, D873A7EE94749E1700E8F6B8BB7B485AE1B0B83388D63BE06335720498D4794F ] iPod Service C:\Program Files\iPod\bin\iPodService.exe 21:06:00.0331 0x1198 iPod Service - ok 21:06:00.0346 0x1198 [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM C:\Windows\system32\drivers\irenum.sys 21:06:00.0346 0x1198 IRENUM - ok 21:06:00.0362 0x1198 [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp C:\Windows\system32\drivers\isapnp.sys 21:06:00.0362 0x1198 isapnp - ok 21:06:00.0393 0x1198 [ 96BB922A0981BC7432C8CF52B5410FE6, 236C05509B1040059B15021CBBDBDAF3B9C0F00910142BE5887B2C7561BAAFBA ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys 21:06:00.0409 0x1198 iScsiPrt - ok 21:06:00.0471 0x1198 [ 12E27942DBB7C91880163634B0D8A776, DEE56DB8993A915E8FC32F9F50FAEED591799B0694655926C4F260EBFB99FC7E ] k57nd60a C:\Windows\system32\DRIVERS\k57nd60a.sys 21:06:00.0487 0x1198 k57nd60a - ok 21:06:00.0533 0x1198 [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys 21:06:00.0533 0x1198 kbdclass - ok 21:06:00.0565 0x1198 [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys 21:06:00.0565 0x1198 kbdhid - ok 21:06:00.0580 0x1198 [ 9262D6E2C239EDD6D87B080F2BCCEC9F, 4947F2C3DD9D2D08CBB03FCA822C78B24F841464FF52FDBFF7D34AC7EB484104 ] KeyIso C:\Windows\system32\lsass.exe 21:06:00.0580 0x1198 KeyIso - ok 21:06:00.0611 0x1198 [ F7DFAE6040AC910B7C64EE208A34157D, AEF1100F12391692D9DB78519D843A90C97E199A80DDC4D43E3AF1919A9E8E56 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys 21:06:00.0611 0x1198 KSecDD - ok 21:06:00.0643 0x1198 [ 8FE94F2EF9BF444E93E35D87E210D02F, 78E8F6FD7C1EA3556194947707BE6893538A9E25A550C22045866C5B30251D14 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys 21:06:00.0643 0x1198 KSecPkg - ok 21:06:00.0674 0x1198 [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk C:\Windows\system32\drivers\ksthunk.sys 21:06:00.0674 0x1198 ksthunk - ok 21:06:00.0736 0x1198 [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm C:\Windows\system32\msdtckrm.dll 21:06:00.0752 0x1198 KtmRm - ok 21:06:00.0767 0x1198 [ 2AC603C3188C704CFCE353659AA7AD71, 0DAC2E8858221145FA35883BAE0D6484E60EB624158DE9F063FF209951CD1CDF ] L1E C:\Windows\system32\DRIVERS\L1E62x64.sys 21:06:00.0783 0x1198 L1E - ok 21:06:00.0830 0x1198 [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer C:\Windows\System32\srvsvc.dll 21:06:00.0845 0x1198 LanmanServer - ok 21:06:00.0877 0x1198 [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll 21:06:00.0892 0x1198 LanmanWorkstation - ok 21:06:00.0908 0x1198 [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys 21:06:00.0908 0x1198 lltdio - ok 21:06:00.0970 0x1198 [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc C:\Windows\System32\lltdsvc.dll 21:06:00.0986 0x1198 lltdsvc - ok 21:06:01.0017 0x1198 [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts C:\Windows\System32\lmhsvc.dll 21:06:01.0017 0x1198 lmhosts - ok 21:06:01.0095 0x1198 [ 23DE5B62B0445A6F874BE633C95B483E, 39A8E5BD057F5EE049FA48848C5881DCD2CFB16CD9E2A03CC9DDF35F116FEE0B ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe 21:06:01.0111 0x1198 LMS - ok 21:06:01.0173 0x1198 [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys 21:06:01.0173 0x1198 LSI_FC - ok 21:06:01.0204 0x1198 [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys 21:06:01.0204 0x1198 LSI_SAS - ok 21:06:01.0235 0x1198 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys 21:06:01.0235 0x1198 LSI_SAS2 - ok 21:06:01.0251 0x1198 [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys 21:06:01.0251 0x1198 LSI_SCSI - ok 21:06:01.0282 0x1198 [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv C:\Windows\system32\drivers\luafv.sys 21:06:01.0298 0x1198 luafv - ok 21:06:01.0345 0x1198 [ 1E9E32AEC3E1EB1B31B8169F33168B56, 39114585E1FDBBA31E1F781C6A627281907183F94626EB347B08D1F78992ED2A ] MBAMProtector C:\Windows\system32\drivers\mbam.sys 21:06:01.0345 0x1198 MBAMProtector - ok 21:06:01.0516 0x1198 [ 516E29AD03BDF610CC36A95AE692FE42, 09F913B169AD775FF587AE59AEC5DD2A2D8646803F48BF616C74EEC0DE3BE7A2 ] MBAMScheduler C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe 21:06:01.0594 0x1198 MBAMScheduler - ok 21:06:01.0688 0x1198 [ 2B983F067AEE3F9EB4DF5E97F45D21D1, 0B9ED0E91FF01A5445927650113E320C3C0EA16F1401AA55A509DDBF704DF22F ] MBAMService C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe 21:06:01.0750 0x1198 MBAMService - ok 21:06:01.0797 0x1198 [ E9CD058C79EA15B4AA93E259FA713B07, 2B09F65188D8782F9C797545F2F791EC7EAB85D8914B2C0B30BD869C412E3980 ] MBAMSwissArmy C:\Windows\system32\drivers\MBAMSwissArmy.sys 21:06:01.0797 0x1198 MBAMSwissArmy - ok 21:06:01.0828 0x1198 [ F49FB3C88E263AE9A246593B0BB29294, FB53D6FA4A98B98334DCFF81E40712265256D31A9E9FF36022887BABD50F39EB ] MBAMWebAccessControl C:\Windows\system32\drivers\mwac.sys 21:06:01.0828 0x1198 MBAMWebAccessControl - ok 21:06:01.0875 0x1198 [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll 21:06:01.0875 0x1198 Mcx2Svc - ok 21:06:01.0906 0x1198 [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas C:\Windows\system32\DRIVERS\megasas.sys 21:06:01.0922 0x1198 megasas - ok 21:06:01.0953 0x1198 [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys 21:06:01.0969 0x1198 MegaSR - ok 21:06:02.0047 0x1198 [ 123271BD5237AB991DC5C21FDF8835EB, 004F8F9228EE291A0E36CE33078D572D61733516F9AA5CFC832AF204C6869E89 ] Microsoft Office Groove Audit Service C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe 21:06:02.0062 0x1198 Microsoft Office Groove Audit Service - ok 21:06:02.0078 0x1198 [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS C:\Windows\system32\mmcss.dll 21:06:02.0093 0x1198 MMCSS - ok 21:06:02.0109 0x1198 [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem C:\Windows\system32\drivers\modem.sys 21:06:02.0125 0x1198 Modem - ok 21:06:02.0140 0x1198 [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor C:\Windows\system32\DRIVERS\monitor.sys 21:06:02.0140 0x1198 monitor - ok 21:06:02.0140 0x1198 motccgp - ok 21:06:02.0156 0x1198 motccgpfl - ok 21:06:02.0156 0x1198 motmodem - ok 21:06:02.0218 0x1198 [ 7ED3A9C3763725BD700946971215EE77, 6150D52945E10B69CFA5E3E637DCEBA67158092C6350B4AFE456EA846CA90C18 ] Motorola Device Manager C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe 21:06:02.0234 0x1198 Motorola Device Manager - ok 21:06:02.0234 0x1198 MotoSwitchService - ok 21:06:02.0249 0x1198 Motousbnet - ok 21:06:02.0281 0x1198 [ 1D19770F88FA22DACB7F488EA8F8EE6B, AD100C774058CF878B6006518F3DCDBDEE475F3C9808FC5D844947D9C305FAE5 ] motusbdevice C:\Windows\system32\DRIVERS\motusbdevice.sys 21:06:02.0281 0x1198 motusbdevice - ok 21:06:02.0296 0x1198 [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys 21:06:02.0296 0x1198 mouclass - ok 21:06:02.0327 0x1198 [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys 21:06:02.0327 0x1198 mouhid - ok 21:06:02.0390 0x1198 [ 87BCD1034CBF33537D4D4C251D39BA26, CB9DD235B62B79383F99873D75E26EEA5EE7914CA89E4B75992207F83420437F ] mountmgr C:\Windows\system32\drivers\mountmgr.sys 21:06:02.0390 0x1198 mountmgr - ok 21:06:02.0437 0x1198 [ 73150F67D20270FF95A021A22E64F28A, A8878DEFBE437FB453F8E9243FB5C787D07AC7415A4475388D479C10417C524F ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys 21:06:02.0452 0x1198 MpFilter - ok 21:06:02.0483 0x1198 [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio C:\Windows\system32\drivers\mpio.sys 21:06:02.0483 0x1198 mpio - ok 21:06:02.0515 0x1198 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys 21:06:02.0530 0x1198 mpsdrv - ok 21:06:02.0624 0x1198 [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc C:\Windows\system32\mpssvc.dll 21:06:02.0655 0x1198 MpsSvc - ok 21:06:02.0702 0x1198 [ AE3334958D8F631FF14A0AEB3D7EFB3A, F5FD6B61F896104C20DFC43FEE2FCE6930B73F78DF876BD19A333EABB9139C6D ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys 21:06:02.0717 0x1198 MRxDAV - ok 21:06:02.0749 0x1198 [ A5D9106A73DC88564C825D317CAC68AC, 0457B2AEA4E05A91D0E43F317894A614434D8CEBE35020785387F307E231FBE4 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys 21:06:02.0749 0x1198 mrxsmb - ok 21:06:02.0795 0x1198 [ D711B3C1D5F42C0C2415687BE09FC163, 9B3013AC60BD2D0FF52086658BA5FF486ADE15954A552D7DD590580E8BAE3EFF ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys 21:06:02.0795 0x1198 mrxsmb10 - ok 21:06:02.0827 0x1198 [ 9423E9D355C8D303E76B8CFBD8A5C30C, 220B33F120C2DD937FE4D5664F4B581DC0ACF78D62EB56B7720888F67B9644CC ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys 21:06:02.0827 0x1198 mrxsmb20 - ok 21:06:02.0873 0x1198 [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci C:\Windows\system32\drivers\msahci.sys 21:06:02.0873 0x1198 msahci - ok 21:06:02.0905 0x1198 [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm C:\Windows\system32\drivers\msdsm.sys 21:06:02.0920 0x1198 msdsm - ok 21:06:02.0936 0x1198 [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC C:\Windows\System32\msdtc.exe 21:06:02.0951 0x1198 MSDTC - ok 21:06:02.0983 0x1198 [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs C:\Windows\system32\drivers\Msfs.sys 21:06:02.0998 0x1198 Msfs - ok 21:06:03.0014 0x1198 [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys 21:06:03.0014 0x1198 mshidkmdf - ok 21:06:03.0045 0x1198 [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys 21:06:03.0045 0x1198 msisadrv - ok 21:06:03.0092 0x1198 [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI C:\Windows\system32\iscsiexe.dll 21:06:03.0107 0x1198 MSiSCSI - ok 21:06:03.0107 0x1198 msiserver - ok 21:06:03.0139 0x1198 [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys 21:06:03.0139 0x1198 MSKSSRV - ok 21:06:03.0185 0x1198 [ CE996C1821021ADF8E28E80A54E846A8, 99042E895B6C2EA80F3BA65563A12C8EBA882E3AD6A21DD8E799B0112C75DDD2 ] MsMpSvc c:\Program Files\Microsoft Security Client\MsMpEng.exe 21:06:03.0185 0x1198 MsMpSvc - ok 21:06:03.0201 0x1198 [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys 21:06:03.0201 0x1198 MSPCLOCK - ok 21:06:03.0217 0x1198 [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM C:\Windows\system32\drivers\MSPQM.sys 21:06:03.0217 0x1198 MSPQM - ok 21:06:03.0279 0x1198 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys 21:06:03.0295 0x1198 MsRPC - ok 21:06:03.0341 0x1198 [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys 21:06:03.0341 0x1198 mssmbios - ok 21:06:03.0357 0x1198 [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE C:\Windows\system32\drivers\MSTEE.sys 21:06:03.0357 0x1198 MSTEE - ok 21:06:03.0373 0x1198 [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys 21:06:03.0373 0x1198 MTConfig - ok 21:06:03.0404 0x1198 [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup C:\Windows\system32\Drivers\mup.sys 21:06:03.0404 0x1198 Mup - ok 21:06:03.0466 0x1198 [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent C:\Windows\system32\qagentRT.dll 21:06:03.0497 0x1198 napagent - ok 21:06:03.0529 0x1198 [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys 21:06:03.0544 0x1198 NativeWifiP - ok 21:06:03.0622 0x1198 [ 760E38053BF56E501D562B70AD796B88, F856E81A975D44F8684A6F2466549CEEDFAEB3950191698555A93A1206E0A42D ] NDIS C:\Windows\system32\drivers\ndis.sys 21:06:03.0669 0x1198 NDIS - ok 21:06:03.0700 0x1198 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys 21:06:03.0700 0x1198 NdisCap - ok 21:06:03.0731 0x1198 [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys 21:06:03.0731 0x1198 NdisTapi - ok 21:06:03.0778 0x1198 [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys 21:06:03.0778 0x1198 Ndisuio - ok 21:06:03.0825 0x1198 [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys 21:06:03.0841 0x1198 NdisWan - ok 21:06:03.0872 0x1198 [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys 21:06:03.0872 0x1198 NDProxy - ok 21:06:03.0997 0x1198 [ 7D2633295EB6FF2B938185874884059D, B3A4E52ABCB2E2720D8ADB0B68C222D4AB98E838D40B6A731D15EB1D6C9DEA15 ] Nero BackItUp Scheduler 4.0 c:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe 21:06:04.0043 0x1198 Nero BackItUp Scheduler 4.0 - ok 21:06:04.0075 0x1198 [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys 21:06:04.0075 0x1198 NetBIOS - ok 21:06:04.0137 0x1198 [ 09594D1089C523423B32A4229263F068, 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys 21:06:04.0153 0x1198 NetBT - ok 21:06:04.0168 0x1198 [ 9262D6E2C239EDD6D87B080F2BCCEC9F, 4947F2C3DD9D2D08CBB03FCA822C78B24F841464FF52FDBFF7D34AC7EB484104 ] Netlogon C:\Windows\system32\lsass.exe 21:06:04.0168 0x1198 Netlogon - ok 21:06:04.0215 0x1198 [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman C:\Windows\System32\netman.dll 21:06:04.0231 0x1198 Netman - ok 21:06:04.0277 0x1198 [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 21:06:04.0293 0x1198 NetMsmqActivator - ok 21:06:04.0324 0x1198 [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 21:06:04.0324 0x1198 NetPipeActivator - ok 21:06:04.0371 0x1198 [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm C:\Windows\System32\netprofm.dll 21:06:04.0402 0x1198 netprofm - ok 21:06:04.0402 0x1198 [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 21:06:04.0418 0x1198 NetTcpActivator - ok 21:06:04.0433 0x1198 [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 21:06:04.0433 0x1198 NetTcpPortSharing - ok 21:06:04.0465 0x1198 [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys 21:06:04.0465 0x1198 nfrd960 - ok 21:06:04.0496 0x1198 [ 4774AD83C650001B337B92E5E5DA337B, 138ECC7F556D8A12AE58B78B68F6515BE4C00F9F062596B48B6CA6C010F13035 ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys 21:06:04.0511 0x1198 NisDrv - ok 21:06:04.0558 0x1198 [ 96B7D15161A778B359E707796CCEA646, 9E4A25D9848FAECC517474EAD548E7975CBE3F41AAA964E5245E78F2A723925E ] NisSrv c:\Program Files\Microsoft Security Client\NisSrv.exe 21:06:04.0574 0x1198 NisSrv - ok 21:06:04.0621 0x1198 [ 8B301D474B478E9A92823BAB50A7BC49, 8181816035F41B1DABEC05E65E4F67BCD785F56760A61F1049E91BA39D42F01D ] NlaSvc C:\Windows\System32\nlasvc.dll 21:06:04.0652 0x1198 NlaSvc - ok 21:06:04.0683 0x1198 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs C:\Windows\system32\drivers\Npfs.sys 21:06:04.0683 0x1198 Npfs - ok 21:06:04.0730 0x1198 [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi C:\Windows\system32\nsisvc.dll 21:06:04.0730 0x1198 nsi - ok 21:06:04.0730 0x1198 [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys 21:06:04.0745 0x1198 nsiproxy - ok 21:06:04.0870 0x1198 [ 1A29A59A4C5BA6F8C85062A613B7E2B2, CC137F499A12C724D4166C2D85E9F447413419A0683DAC6F1A802B7F210C77F1 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys 21:06:04.0948 0x1198 Ntfs - ok 21:06:05.0026 0x1198 [ 9A308FCDCCA98A15B6F62D36A272160E, 3991F70D42C1949067ED48CF4EB815E06360B077F6A2369AC76BF0892C3C33EE ] NTI IScheduleSvc C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe 21:06:05.0026 0x1198 NTI IScheduleSvc - ok 21:06:05.0057 0x1198 [ 64DDD0DEE976302F4BD93E5EFCC2F013, 19F54B4549999EF96FAE1B2B97973F281304843ADE0CF5823574453AB41E3E9C ] NTIDrvr C:\Windows\system32\drivers\NTIDrvr.sys 21:06:05.0057 0x1198 NTIDrvr - ok 21:06:05.0089 0x1198 [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null C:\Windows\system32\drivers\Null.sys 21:06:05.0089 0x1198 Null - ok 21:06:05.0120 0x1198 [ 0A92CB65770442ED0DC44834632F66AD, 581327F07A68DBD5CC749214BE5F1211FC2CE41C7A4F0656B680AFB51A35ACE7 ] nvraid C:\Windows\system32\drivers\nvraid.sys 21:06:05.0120 0x1198 nvraid - ok 21:06:05.0151 0x1198 [ DAB0E87525C10052BF65F06152F37E4A, AD9BFF0D5FD3FFB95C758B478E1F6A9FE45E7B37AEC71EB5070D292FEAAEDF37 ] nvstor C:\Windows\system32\drivers\nvstor.sys 21:06:05.0167 0x1198 nvstor - ok 21:06:05.0198 0x1198 [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp C:\Windows\system32\drivers\nv_agp.sys 21:06:05.0213 0x1198 nv_agp - ok 21:06:05.0291 0x1198 [ 785F487A64950F3CB8E9F16253BA3B7B, 02445344BD214370A6D48B1CA04921D8EFCB13E676B5648266DD0E076C0822B6 ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE 21:06:05.0323 0x1198 odserv - ok 21:06:05.0354 0x1198 [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys 21:06:05.0354 0x1198 ohci1394 - ok 21:06:05.0385 0x1198 [ 5A432A042DAE460ABE7199B758E8606C, 6E5D1F477D290905BE27CEBF9572BAC6B05FFEF2FAD901D3C8E11F665F8B9A71 ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE 21:06:05.0401 0x1198 ose - ok 21:06:05.0447 0x1198 [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc C:\Windows\system32\pnrpsvc.dll 21:06:05.0463 0x1198 p2pimsvc - ok 21:06:05.0510 0x1198 [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc C:\Windows\system32\p2psvc.dll 21:06:05.0525 0x1198 p2psvc - ok 21:06:05.0557 0x1198 [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport C:\Windows\system32\DRIVERS\parport.sys 21:06:05.0572 0x1198 Parport - ok 21:06:05.0588 0x1198 [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr C:\Windows\system32\drivers\partmgr.sys 21:06:05.0603 0x1198 partmgr - ok 21:06:05.0650 0x1198 [ DB2D62AA2DF6B1F3D690A9EC9701AA2C, BEAC55E1AA0494565F1547DF5E6FE20FCEA66461764C016FCB68D8BFF0F0C375 ] PcaSvc C:\Windows\System32\pcasvc.dll 21:06:05.0666 0x1198 PcaSvc - ok 21:06:05.0681 0x1198 [ 3FDE033DFB0D07F8B7D5C9A3044AA121, 2C23B4FA34BA3060884B0168A830DD395A3853855CD6DF4065FBB303DFB4A87E ] pccsmcfd C:\Windows\system32\DRIVERS\pccsmcfdx64.sys 21:06:05.0681 0x1198 pccsmcfd - ok 21:06:05.0713 0x1198 [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci C:\Windows\system32\drivers\pci.sys 21:06:05.0728 0x1198 pci - ok 21:06:05.0759 0x1198 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide C:\Windows\system32\drivers\pciide.sys 21:06:05.0759 0x1198 pciide - ok 21:06:05.0806 0x1198 [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys 21:06:05.0822 0x1198 pcmcia - ok 21:06:05.0837 0x1198 [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw C:\Windows\system32\drivers\pcw.sys 21:06:05.0837 0x1198 pcw - ok 21:06:05.0931 0x1198 [ ED6E75158D28D33A2E2A020AC5B2B59D, 0F364D9A88304C45F31318605C417A70A9D0E4CF087D73E949B42C12CC76CD6C ] PEAUTH C:\Windows\system32\drivers\peauth.sys 21:06:05.0962 0x1198 PEAUTH - ok 21:06:06.0056 0x1198 [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost C:\Windows\SysWow64\perfhost.exe 21:06:06.0071 0x1198 PerfHost - ok 21:06:06.0196 0x1198 [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla C:\Windows\system32\pla.dll 21:06:06.0259 0x1198 pla - ok 21:06:06.0305 0x1198 [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay C:\Windows\system32\umpnpmgr.dll 21:06:06.0337 0x1198 PlugPlay - ok 21:06:06.0352 0x1198 [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll 21:06:06.0352 0x1198 PNRPAutoReg - ok 21:06:06.0383 0x1198 [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc C:\Windows\system32\pnrpsvc.dll 21:06:06.0399 0x1198 PNRPsvc - ok 21:06:06.0446 0x1198 [ 4F15D75ADF6156BF56ECED6D4A55C389, 2ADA3EA69A5D7EC2A4D2DD89178DB94EAFDDF95F07B0070D654D9F7A5C12A044 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll 21:06:06.0461 0x1198 PolicyAgent - ok 21:06:06.0508 0x1198 [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power C:\Windows\system32\umpo.dll 21:06:06.0524 0x1198 Power - ok 21:06:06.0555 0x1198 [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys 21:06:06.0571 0x1198 PptpMiniport - ok 21:06:06.0602 0x1198 [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor C:\Windows\system32\DRIVERS\processr.sys 21:06:06.0602 0x1198 Processor - ok 21:06:06.0649 0x1198 [ B6A58491307B4CADA572583D863DC602, 5C44936605E52C9533E4CE22F18FAB8211475877F71EFD88DA4D02FD608C90A3 ] ProfSvc C:\Windows\system32\profsvc.dll 21:06:06.0664 0x1198 ProfSvc - ok 21:06:06.0680 0x1198 [ 9262D6E2C239EDD6D87B080F2BCCEC9F, 4947F2C3DD9D2D08CBB03FCA822C78B24F841464FF52FDBFF7D34AC7EB484104 ] ProtectedStorage C:\Windows\system32\lsass.exe 21:06:06.0680 0x1198 ProtectedStorage - ok 21:06:06.0727 0x1198 [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched C:\Windows\system32\DRIVERS\pacer.sys 21:06:06.0742 0x1198 Psched - ok 21:06:06.0805 0x1198 [ EA735BF6DF13A857A83C99BF27A422AD, 026A57155FB9E01CFAFD8613980CDF0F3D744ABBBC66EFDC6C20B89980FB45CF ] PST Service C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe 21:06:06.0820 0x1198 PST Service - ok 21:06:06.0851 0x1198 [ FBF4DB6D53585437E41A113300002A2B, A0145CE87A95DA3775B28A00E741660C26ADE34BBCC7FC502ED809931482C8F2 ] PxHlpa64 C:\Windows\system32\Drivers\PxHlpa64.sys 21:06:06.0851 0x1198 PxHlpa64 - ok 21:06:06.0961 0x1198 [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys 21:06:07.0039 0x1198 ql2300 - ok 21:06:07.0070 0x1198 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys 21:06:07.0085 0x1198 ql40xx - ok 21:06:07.0117 0x1198 [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE C:\Windows\system32\qwave.dll 21:06:07.0132 0x1198 QWAVE - ok 21:06:07.0148 0x1198 [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys 21:06:07.0163 0x1198 QWAVEdrv - ok 21:06:07.0179 0x1198 [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys 21:06:07.0179 0x1198 RasAcd - ok 21:06:07.0226 0x1198 [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys 21:06:07.0226 0x1198 RasAgileVpn - ok 21:06:07.0257 0x1198 [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto C:\Windows\System32\rasauto.dll 21:06:07.0273 0x1198 RasAuto - ok 21:06:07.0304 0x1198 [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys 21:06:07.0319 0x1198 Rasl2tp - ok 21:06:07.0366 0x1198 [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan C:\Windows\System32\rasmans.dll 21:06:07.0397 0x1198 RasMan - ok 21:06:07.0429 0x1198 [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys 21:06:07.0429 0x1198 RasPppoe - ok 21:06:07.0444 0x1198 [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys 21:06:07.0460 0x1198 RasSstp - ok 21:06:07.0507 0x1198 [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys 21:06:07.0522 0x1198 rdbss - ok 21:06:07.0538 0x1198 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys 21:06:07.0538 0x1198 rdpbus - ok 21:06:07.0553 0x1198 [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys 21:06:07.0553 0x1198 RDPCDD - ok 21:06:07.0585 0x1198 [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys 21:06:07.0585 0x1198 RDPENCDD - ok 21:06:07.0600 0x1198 [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys 21:06:07.0600 0x1198 RDPREFMP - ok 21:06:07.0647 0x1198 [ FE571E088C2D83619D2D48D4E961BF41, 88C5A2FCB1D0E528657842E39963471A6E42FCA3FCDF37955AEC8258AB4C48EA ] RDPWD C:\Windows\system32\drivers\RDPWD.sys 21:06:07.0663 0x1198 RDPWD - ok 21:06:07.0709 0x1198 [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost C:\Windows\system32\drivers\rdyboost.sys 21:06:07.0725 0x1198 rdyboost - ok 21:06:07.0756 0x1198 [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess C:\Windows\System32\mprdim.dll 21:06:07.0756 0x1198 RemoteAccess - ok 21:06:07.0803 0x1198 [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry C:\Windows\system32\regsvc.dll 21:06:07.0803 0x1198 RemoteRegistry - ok 21:06:07.0834 0x1198 [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll 21:06:07.0834 0x1198 RpcEptMapper - ok 21:06:07.0850 0x1198 [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator C:\Windows\system32\locator.exe 21:06:07.0865 0x1198 RpcLocator - ok 21:06:07.0928 0x1198 [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] RpcSs C:\Windows\system32\rpcss.dll 21:06:07.0959 0x1198 RpcSs - ok 21:06:08.0006 0x1198 [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys 21:06:08.0006 0x1198 rspndr - ok 21:06:08.0021 0x1198 [ 9262D6E2C239EDD6D87B080F2BCCEC9F, 4947F2C3DD9D2D08CBB03FCA822C78B24F841464FF52FDBFF7D34AC7EB484104 ] SamSs C:\Windows\system32\lsass.exe 21:06:08.0021 0x1198 SamSs - ok 21:06:08.0068 0x1198 [ 3289766038DB2CB14D07DC84392138D5, A7790B787690CC1A8B97E4532090C5295350A836A9474DEA74CEB3E81CF26124 ] SASDIFSV C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS 21:06:08.0068 0x1198 SASDIFSV - ok 21:06:08.0099 0x1198 [ 58A38E75F3316A83C23DF6173D41F2B5, B0A8CDA1D164B7534FB41AB80792861384709BF0F914F44553275CF20194F1A1 ] SASKUTIL C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS 21:06:08.0099 0x1198 SASKUTIL - ok 21:06:08.0131 0x1198 [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys 21:06:08.0131 0x1198 sbp2port - ok 21:06:08.0177 0x1198 [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr C:\Windows\System32\SCardSvr.dll 21:06:08.0193 0x1198 SCardSvr - ok 21:06:08.0224 0x1198 [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys 21:06:08.0224 0x1198 scfilter - ok 21:06:08.0318 0x1198 [ 262F6592C3299C005FD6BEC90FC4463A, 54095E37F0B6CC677A3E9BDD40F4647C713273D197DB341063AA7F342A60C4A7 ] Schedule C:\Windows\system32\schedsvc.dll 21:06:08.0380 0x1198 Schedule - ok 21:06:08.0411 0x1198 [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc C:\Windows\System32\certprop.dll 21:06:08.0427 0x1198 SCPolicySvc - ok 21:06:08.0474 0x1198 [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC C:\Windows\System32\SDRSVC.dll 21:06:08.0474 0x1198 SDRSVC - ok 21:06:08.0505 0x1198 [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv C:\Windows\system32\drivers\secdrv.sys 21:06:08.0521 0x1198 secdrv - ok 21:06:08.0552 0x1198 [ BC617A4E1B4FA8DF523A061739A0BD87, 10C4057F6B321EB5237FF619747B74F5401BC17D15A8C7060829E8204A2297F9 ] seclogon C:\Windows\system32\seclogon.dll 21:06:08.0552 0x1198 seclogon - ok 21:06:08.0599 0x1198 [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS C:\Windows\system32\sens.dll 21:06:08.0599 0x1198 SENS - ok 21:06:08.0614 0x1198 [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc C:\Windows\system32\sensrsvc.dll 21:06:08.0630 0x1198 SensrSvc - ok 21:06:08.0645 0x1198 [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys 21:06:08.0645 0x1198 Serenum - ok 21:06:08.0661 0x1198 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial C:\Windows\system32\DRIVERS\serial.sys 21:06:08.0661 0x1198 Serial - ok 21:06:08.0692 0x1198 [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys 21:06:08.0692 0x1198 sermouse - ok 21:06:08.0755 0x1198 [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv C:\Windows\system32\sessenv.dll 21:06:08.0770 0x1198 SessionEnv - ok 21:06:08.0786 0x1198 [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys 21:06:08.0786 0x1198 sffdisk - ok 21:06:08.0801 0x1198 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys 21:06:08.0817 0x1198 sffp_mmc - ok 21:06:08.0817 0x1198 [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys 21:06:08.0817 0x1198 sffp_sd - ok 21:06:08.0864 0x1198 [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys 21:06:08.0864 0x1198 sfloppy - ok 21:06:08.0942 0x1198 [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess C:\Windows\System32\ipnathlp.dll 21:06:08.0957 0x1198 SharedAccess - ok 21:06:09.0020 0x1198 [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\Windows\System32\shsvcs.dll 21:06:09.0035 0x1198 ShellHWDetection - ok 21:06:09.0067 0x1198 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys 21:06:09.0067 0x1198 SiSRaid2 - ok 21:06:09.0082 0x1198 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys 21:06:09.0098 0x1198 SiSRaid4 - ok 21:06:09.0160 0x1198 [ F6EF225A23D336CA30001E5007644C24, B0A4B1256C1074F1B4F73E3BBA16FD4683D6EEA583DEEF8E11EFD29BA7541F2A ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe 21:06:09.0176 0x1198 SkypeUpdate - ok 21:06:09.0207 0x1198 [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb C:\Windows\system32\DRIVERS\smb.sys 21:06:09.0207 0x1198 Smb - ok 21:06:09.0238 0x1198 [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP C:\Windows\System32\snmptrap.exe 21:06:09.0254 0x1198 SNMPTRAP - ok 21:06:09.0285 0x1198 [ 0FFE35F0B0CD5A324BBE22F02569AE3B, F4EE803EEFDB4EAEEDB3024C3516F1F9A202C77F4870D6B74356BBDE32B3B560 ] speedfan C:\Windows\syswow64\speedfan.sys 21:06:09.0301 0x1198 speedfan - ok 21:06:09.0316 0x1198 [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr C:\Windows\system32\drivers\spldr.sys 21:06:09.0316 0x1198 spldr - ok 21:06:09.0394 0x1198 [ 85DAA09A98C9286D4EA2BA8D0E644377, F9C324E2EF81193FE831C7EECC44A100CA06F82FA731BF555D9EA4D91DA13329 ] Spooler C:\Windows\System32\spoolsv.exe 21:06:09.0425 0x1198 Spooler - ok 21:06:09.0675 0x1198 [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc C:\Windows\system32\sppsvc.exe 21:06:09.0847 0x1198 sppsvc - ok 21:06:09.0893 0x1198 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify C:\Windows\system32\sppuinotify.dll 21:06:09.0909 0x1198 sppuinotify - ok 21:06:09.0956 0x1198 [ 441FBA48BFF01FDB9D5969EBC1838F0B, 306128F1AD489F87161A089D1BDC1542A4CB742D91A0C12A7CD1863FDB8932C0 ] srv C:\Windows\system32\DRIVERS\srv.sys 21:06:09.0987 0x1198 srv - ok 21:06:10.0034 0x1198 [ B4ADEBBF5E3677CCE9651E0F01F7CC28, 726DB2283113AB2A9681E8E9F61132303D6D86E9CD034C40EE4A8C9DB29E87F7 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys 21:06:10.0065 0x1198 srv2 - ok 21:06:10.0096 0x1198 [ 27E461F0BE5BFF5FC737328F749538C3, AFA4704ED8FFC1A0BAB40DFB81D3AE3F3D933A3C9BF54DDAF39FF9AF3646D9E6 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys 21:06:10.0096 0x1198 srvnet - ok 21:06:10.0127 0x1198 [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll 21:06:10.0143 0x1198 SSDPSRV - ok 21:06:10.0159 0x1198 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc C:\Windows\system32\sstpsvc.dll 21:06:10.0159 0x1198 SstpSvc - ok 21:06:10.0190 0x1198 [ 30D7CE5C0B812BAF4F2FB5F47820C76A, 5C9D67637485F67A720D8582D54D880D8364108C593A020682D4695397284989 ] stdriver C:\Windows\system32\DRIVERS\stdriverx64.sys 21:06:10.0190 0x1198 stdriver - ok 21:06:10.0221 0x1198 [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys 21:06:10.0221 0x1198 stexstor - ok 21:06:10.0299 0x1198 [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc C:\Windows\System32\wiaservc.dll 21:06:10.0330 0x1198 stisvc - ok 21:06:10.0361 0x1198 [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum C:\Windows\system32\drivers\swenum.sys 21:06:10.0361 0x1198 swenum - ok 21:06:10.0424 0x1198 [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv C:\Windows\System32\swprv.dll 21:06:10.0439 0x1198 swprv - ok 21:06:10.0595 0x1198 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D, 3C13217548BE61F2BDB8BD41F77345CDDA1F97BF0AE17241C335B9807EB3DBB8 ] SysMain C:\Windows\system32\sysmain.dll 21:06:10.0689 0x1198 SysMain - ok 21:06:10.0720 0x1198 [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\Windows\System32\TabSvc.dll 21:06:10.0736 0x1198 TabletInputService - ok 21:06:10.0783 0x1198 [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv C:\Windows\System32\tapisrv.dll 21:06:10.0798 0x1198 TapiSrv - ok 21:06:10.0814 0x1198 [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS C:\Windows\System32\tbssvc.dll 21:06:10.0829 0x1198 TBS - ok 21:06:10.0985 0x1198 [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] Tcpip C:\Windows\system32\drivers\tcpip.sys 21:06:11.0079 0x1198 Tcpip - ok 21:06:11.0204 0x1198 [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys 21:06:11.0313 0x1198 TCPIP6 - ok 21:06:11.0344 0x1198 [ 1B16D0BD9841794A6E0CDE0CEF744ABC, 7EB8BA97339199EEE7F2B09DA2DA6279DA64A510D4598D42CF86415D67CD674C ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys 21:06:11.0344 0x1198 tcpipreg - ok 21:06:11.0391 0x1198 [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys 21:06:11.0391 0x1198 TDPIPE - ok 21:06:11.0422 0x1198 [ 51C5ECEB1CDEE2468A1748BE550CFBC8, 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys 21:06:11.0422 0x1198 TDTCP - ok 21:06:11.0469 0x1198 [ 70988118145F5F10EF24720B97F35F65, F80C806417A68047FFB3D63214BC4AE5445315219AC594E043293006B704A63D ] tdx C:\Windows\system32\DRIVERS\tdx.sys 21:06:11.0469 0x1198 tdx - ok 21:06:11.0500 0x1198 [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD C:\Windows\system32\drivers\termdd.sys 21:06:11.0516 0x1198 TermDD - ok 21:06:11.0594 0x1198 [ 008CD4EBFABCF78D0F19B3778492648C, 9050490EEE0AD86E73F0A82D83E4FC29DF84F6B6FDB389AE135FD712B5F425BE ] TermService C:\Windows\System32\termsrv.dll 21:06:11.0625 0x1198 TermService - ok 21:06:11.0672 0x1198 [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes C:\Windows\system32\themeservice.dll 21:06:11.0672 0x1198 Themes - ok 21:06:11.0703 0x1198 [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER C:\Windows\system32\mmcss.dll 21:06:11.0719 0x1198 THREADORDER - ok 21:06:11.0734 0x1198 [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks C:\Windows\System32\trkwks.dll 21:06:11.0734 0x1198 TrkWks - ok 21:06:11.0812 0x1198 [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe 21:06:11.0812 0x1198 TrustedInstaller - ok 21:06:11.0859 0x1198 [ E232A3B43A894BB327FC161529BD9ED1, F2673DA8C920F21ACCECC25F7C59A05822E5E577D47F126EDF9C94FEB4B30C5F ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys 21:06:11.0875 0x1198 tssecsrv - ok 21:06:11.0906 0x1198 [ D11C783E3EF9A3C52C0EBE83CC5000E9, A136C355D4C8945729163D15801364A614E23217B15F9313C85BA45BB71A74EB ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys 21:06:11.0921 0x1198 TsUsbFlt - ok 21:06:11.0968 0x1198 [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys 21:06:11.0968 0x1198 tunnel - ok 21:06:11.0999 0x1198 [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys 21:06:12.0015 0x1198 uagp35 - ok 21:06:12.0031 0x1198 [ 2E22C1FD397A5A9FFEF55E9D1FC96C00, 4646712B3F3AF6188DBCE1A95D92261E8B15E9583FE5DD538EC884F48B51759D ] UBHelper C:\Windows\system32\drivers\UBHelper.sys 21:06:12.0031 0x1198 UBHelper - ok 21:06:12.0093 0x1198 [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs C:\Windows\system32\DRIVERS\udfs.sys 21:06:12.0109 0x1198 udfs - ok 21:06:12.0155 0x1198 [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect C:\Windows\system32\UI0Detect.exe 21:06:12.0155 0x1198 UI0Detect - ok 21:06:12.0171 0x1198 [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys 21:06:12.0171 0x1198 uliagpkx - ok 21:06:12.0218 0x1198 [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus C:\Windows\system32\DRIVERS\umbus.sys 21:06:12.0218 0x1198 umbus - ok 21:06:12.0233 0x1198 [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass C:\Windows\system32\DRIVERS\umpass.sys 21:06:12.0233 0x1198 UmPass - ok 21:06:12.0467 0x1198 [ CC3775100ABA633984F73DFAE1F55CAE, 845F129289BB73FD78A6C3B497F17BA973FD691BC9242200F81993417C803FE9 ] UNS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe 21:06:12.0592 0x1198 UNS - ok 21:06:12.0717 0x1198 [ F9EC9ACD504D823D9B9CA98A4F8D3CA2, 58DAD5111C598F14CB199FE6A61FA5918F29513B778A8664FD05EFAB3C665D4F ] Updater Service C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe 21:06:12.0733 0x1198 Updater Service - ok 21:06:12.0795 0x1198 [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost C:\Windows\System32\upnphost.dll 21:06:12.0811 0x1198 upnphost - ok 21:06:12.0857 0x1198 [ DCA68B0943D6FA415F0C56C92158A83A, BEE5A5B33B22D1DF50B884D46D89FC3B8286EB16E38AD5A20F0A49E5C6766C57 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys 21:06:12.0857 0x1198 usbccgp - ok 21:06:12.0889 0x1198 [ 80B0F7D5CCF86CEB5D402EAAF61FEC31, 140C62116A425DEAD25FE8D82DE283BC92C482A9F643658D512F9F67061F28AD ] usbcir C:\Windows\system32\drivers\usbcir.sys 21:06:12.0904 0x1198 usbcir - ok 21:06:12.0935 0x1198 [ 18A85013A3E0F7E1755365D287443965, 811C5EDF38C765BCF71BCE25CB6626FF6988C3699F5EF1846240EA0052F34C33 ] usbehci C:\Windows\system32\drivers\usbehci.sys 21:06:12.0935 0x1198 usbehci - ok 21:06:12.0967 0x1198 [ 8D1196CFBB223621F2C67D45710F25BA, B5D7AFE51833B24FC9576F3AED3D8A2B290E5846060E73F9FFFAC1890A8B6003 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys 21:06:12.0982 0x1198 usbhub - ok 21:06:13.0013 0x1198 [ 765A92D428A8DB88B960DA5A8D6089DC, 56DE8A2ED58E53B202C399CA7BACB1551136303C2EE0AB426BDBBF880E3C542C ] usbohci C:\Windows\system32\drivers\usbohci.sys 21:06:13.0013 0x1198 usbohci - ok 21:06:13.0045 0x1198 [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys 21:06:13.0045 0x1198 usbprint - ok 21:06:13.0076 0x1198 [ 9661DA76B4531B2DA272ECCE25A8AF24, FEA93254A21E71A7EB8AD35FCCAD2C1E41F7329EC33B1734F5B41307A34D8637 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys 21:06:13.0091 0x1198 usbscan - ok 21:06:13.0107 0x1198 [ B57B4F0BEC4270A281B9F8537EB2FA04, 554273482EE85F010DC62E412C9933E65BD63AA09911BD25D86F86D2618EF382 ] usbser C:\Windows\system32\drivers\usbser.sys 21:06:13.0107 0x1198 usbser - ok 21:06:13.0123 0x1198 [ FED648B01349A3C8395A5169DB5FB7D6, DC4D7594C24ADD076927B9347F1B50B91CF03A4ABDB284248D5711D9C19DEB96 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS 21:06:13.0138 0x1198 USBSTOR - ok 21:06:13.0154 0x1198 [ DD253AFC3BC6CBA412342DE60C3647F3, 146F8613F1057AC054DC3593E84BC52899DA27EA33B0E72ACFB78C3699ADCDE7 ] usbuhci C:\Windows\system32\drivers\usbuhci.sys 21:06:13.0169 0x1198 usbuhci - ok 21:06:13.0201 0x1198 [ 1F775DA4CF1A3A1834207E975A72E9D7, 6D3DE5BD3EF3A76E997E5BAF900C51D25308F5A9682D1F62017F577A24095B90 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys 21:06:13.0216 0x1198 usbvideo - ok 21:06:13.0232 0x1198 [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms C:\Windows\System32\uxsms.dll 21:06:13.0247 0x1198 UxSms - ok 21:06:13.0263 0x1198 [ 9262D6E2C239EDD6D87B080F2BCCEC9F, 4947F2C3DD9D2D08CBB03FCA822C78B24F841464FF52FDBFF7D34AC7EB484104 ] VaultSvc C:\Windows\system32\lsass.exe 21:06:13.0263 0x1198 VaultSvc - ok 21:06:13.0279 0x1198 [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys 21:06:13.0279 0x1198 vdrvroot - ok 21:06:13.0357 0x1198 [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds C:\Windows\System32\vds.exe 21:06:13.0388 0x1198 vds - ok 21:06:13.0419 0x1198 [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys 21:06:13.0419 0x1198 vga - ok 21:06:13.0450 0x1198 [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave C:\Windows\System32\drivers\vga.sys 21:06:13.0450 0x1198 VgaSave - ok 21:06:13.0497 0x1198 [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp C:\Windows\system32\drivers\vhdmp.sys 21:06:13.0513 0x1198 vhdmp - ok 21:06:13.0544 0x1198 [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide C:\Windows\system32\drivers\viaide.sys 21:06:13.0544 0x1198 viaide - ok 21:06:13.0559 0x1198 [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr C:\Windows\system32\drivers\volmgr.sys 21:06:13.0575 0x1198 volmgr - ok 21:06:13.0622 0x1198 [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx C:\Windows\system32\drivers\volmgrx.sys 21:06:13.0637 0x1198 volmgrx - ok 21:06:13.0684 0x1198 [ 0D08D2F3B3FF84E433346669B5E0F639, 3D6716CEC95B8861A7CC5778E91F310528DC6BEE0E57A3C8757FC675154EBDEC ] volsnap C:\Windows\system32\drivers\volsnap.sys 21:06:13.0700 0x1198 volsnap - ok 21:06:13.0747 0x1198 [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys 21:06:13.0747 0x1198 vsmraid - ok 21:06:13.0887 0x1198 [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS C:\Windows\system32\vssvc.exe 21:06:13.0949 0x1198 VSS - ok 21:06:13.0981 0x1198 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys 21:06:13.0981 0x1198 vwifibus - ok 21:06:13.0996 0x1198 [ 6A3D66263414FF0D6FA754C646612F3F, 30F6BA594B0D3B94113064015A16D97811CD989DF1715CCE21CEAB9894C1B4FB ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys 21:06:14.0012 0x1198 vwififlt - ok 21:06:14.0012 0x1198 [ 6A638FC4BFDDC4D9B186C28C91BD1A01, 5521F1DC515586777EC4837E0AEAA3E613CC178AF1074031C4D0D0C695A93168 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys 21:06:14.0012 0x1198 vwifimp - ok 21:06:14.0074 0x1198 [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time C:\Windows\system32\w32time.dll 21:06:14.0090 0x1198 W32Time - ok 21:06:14.0121 0x1198 [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys 21:06:14.0137 0x1198 WacomPen - ok 21:06:14.0168 0x1198 [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys 21:06:14.0168 0x1198 WANARP - ok 21:06:14.0183 0x1198 [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys 21:06:14.0183 0x1198 Wanarpv6 - ok 21:06:14.0308 0x1198 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C, 4150DAB33E8D61076F1D4767BCAFC9B4ECCCCBD58FD4FB3CFE5B8D27DCDCAB61 ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe 21:06:14.0371 0x1198 WatAdminSvc - ok 21:06:14.0495 0x1198 [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine C:\Windows\system32\wbengine.exe 21:06:14.0573 0x1198 wbengine - ok 21:06:14.0605 0x1198 [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc C:\Windows\System32\wbiosrvc.dll 21:06:14.0620 0x1198 WbioSrvc - ok 21:06:14.0683 0x1198 [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc C:\Windows\System32\wcncsvc.dll 21:06:14.0698 0x1198 wcncsvc - ok 21:06:14.0729 0x1198 [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll 21:06:14.0729 0x1198 WcsPlugInService - ok 21:06:14.0761 0x1198 [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd C:\Windows\system32\DRIVERS\wd.sys 21:06:14.0761 0x1198 Wd - ok 21:06:14.0839 0x1198 [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys 21:06:14.0885 0x1198 Wdf01000 - ok 21:06:14.0917 0x1198 [ C6F7473B55510F0B93961DA03D8E3B38, 4BAB9274DED8F7AC4A52B8739F501323FFFA0367CAA24BFAFDB5523812E0CE39 ] WdiServiceHost C:\Windows\system32\wdi.dll 21:06:14.0932 0x1198 WdiServiceHost - ok 21:06:14.0948 0x1198 [ C6F7473B55510F0B93961DA03D8E3B38, 4BAB9274DED8F7AC4A52B8739F501323FFFA0367CAA24BFAFDB5523812E0CE39 ] WdiSystemHost C:\Windows\system32\wdi.dll 21:06:14.0948 0x1198 WdiSystemHost - ok 21:06:15.0010 0x1198 [ 0EB0E5D22B1760F2DBCE632F2DD7A54D, B8A4CC62F88768947FB0A161CF9564DB28FD9C1C037B5475DF192982DE035C22 ] WebClient C:\Windows\System32\webclnt.dll 21:06:15.0026 0x1198 WebClient - ok 21:06:15.0073 0x1198 [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc C:\Windows\system32\wecsvc.dll 21:06:15.0088 0x1198 Wecsvc - ok 21:06:15.0104 0x1198 [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport C:\Windows\System32\wercplsupport.dll 21:06:15.0119 0x1198 wercplsupport - ok 21:06:15.0135 0x1198 [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc C:\Windows\System32\WerSvc.dll 21:06:15.0151 0x1198 WerSvc - ok 21:06:15.0166 0x1198 [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys 21:06:15.0166 0x1198 WfpLwf - ok 21:06:15.0213 0x1198 [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount C:\Windows\system32\drivers\wimmount.sys 21:06:15.0213 0x1198 WIMMount - ok 21:06:15.0229 0x1198 WinDefend - ok 21:06:15.0275 0x1198 [ 4DE7D61CF51F4C8261D119CFBDB70243, A88BF58108AAF149FF30B93E3C58785AB1F414FD883FE87211F95AD4A91861DE ] WinDriver6 C:\Windows\system32\drivers\windrvr6.sys 21:06:15.0291 0x1198 WinDriver6 - ok 21:06:15.0291 0x1198 WinHttpAutoProxySvc - ok 21:06:15.0369 0x1198 [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll 21:06:15.0385 0x1198 Winmgmt - ok 21:06:15.0541 0x1198 [ D929ABD465A2DED963DA8B30946A8D5C, DE8DBFB01C11D2AE903CBD6A974D6F995E9813CE2D6484B7DA06EAE4C545842A ] WinRM C:\Windows\system32\WsmSvc.dll 21:06:15.0650 0x1198 WinRM - ok 21:06:15.0775 0x1198 [ FE88B288356E7B47B74B13372ADD906D, A16B166F6BB32EF9D2A142F27B9EC54CBC7B3AC915799783CF4C40E525BC9E03 ] WinUsb C:\Windows\system32\drivers\WinUsb.sys 21:06:15.0775 0x1198 WinUsb - ok 21:06:15.0868 0x1198 [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc C:\Windows\System32\wlansvc.dll 21:06:15.0915 0x1198 Wlansvc - ok 21:06:15.0946 0x1198 [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys 21:06:15.0946 0x1198 WmiAcpi - ok 21:06:15.0993 0x1198 [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe 21:06:16.0009 0x1198 wmiApSrv - ok 21:06:16.0040 0x1198 WMPNetworkSvc - ok 21:06:16.0071 0x1198 [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc C:\Windows\System32\wpcsvc.dll 21:06:16.0087 0x1198 WPCSvc - ok 21:06:16.0133 0x1198 [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll 21:06:16.0133 0x1198 WPDBusEnum - ok 21:06:16.0165 0x1198 [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys 21:06:16.0165 0x1198 ws2ifsl - ok 21:06:16.0180 0x1198 [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc C:\Windows\system32\wscsvc.dll 21:06:16.0196 0x1198 wscsvc - ok 21:06:16.0211 0x1198 [ 8D918B1DB190A4D9B1753A66FA8C96E8, DB7D2714DC04D2D6999A207D7399A5647C8653E5A1AD80856A65C5B6065AEDFE ] WSDPrintDevice C:\Windows\system32\DRIVERS\WSDPrint.sys 21:06:16.0211 0x1198 WSDPrintDevice - ok 21:06:16.0227 0x1198 WSearch - ok 21:06:16.0430 0x1198 [ 0814A74C853F50B354F08F83DDA9F7FB, 0A63BAA8DE451B8C2C71FEF961718E769B9BAC305C76D24048C664CB27D0DF28 ] wuauserv C:\Windows\system32\wuaueng.dll 21:06:16.0555 0x1198 wuauserv - ok 21:06:16.0633 0x1198 [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys 21:06:16.0633 0x1198 WudfPf - ok 21:06:16.0664 0x1198 [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd C:\Windows\system32\drivers\WUDFRd.sys 21:06:16.0664 0x1198 WUDFRd - ok 21:06:16.0695 0x1198 [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc C:\Windows\System32\WUDFSvc.dll 21:06:16.0711 0x1198 wudfsvc - ok 21:06:16.0757 0x1198 [ 04F82965C09CBDF646B487E145060301, 2CD8533EDBE24C3E42EB7550E20F8A2EB9E5E345B165DEF543163A6BC1FDD18B ] WwanSvc C:\Windows\System32\wwansvc.dll 21:06:16.0773 0x1198 WwanSvc - ok 21:06:16.0789 0x1198 ================ Scan global =============================== 21:06:16.0820 0x1198 [ BA0CD8C393E8C9F83354106093832C7B, 18D8A4780A2BAA6CEF7FBBBDA0EF6BF2DADF146E1E578A618DD5859E8ADBF1A8 ] C:\Windows\system32\basesrv.dll 21:06:16.0867 0x1198 [ D17DD01601460F5899E5C154B3FD0BFA, B2FCFDE4B6F87634EA1F6D8AEA6D9B3C641D41D999C68B76F95491539B19D422 ] C:\Windows\system32\winsrv.dll 21:06:16.0898 0x1198 [ D17DD01601460F5899E5C154B3FD0BFA, B2FCFDE4B6F87634EA1F6D8AEA6D9B3C641D41D999C68B76F95491539B19D422 ] C:\Windows\system32\winsrv.dll 21:06:16.0929 0x1198 [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\Windows\system32\sxssrv.dll 21:06:16.0976 0x1198 [ 71C85477DF9347FE8E7BC55768473FCA, A86D6A6D1F5A0EFCD649792A06F3AE9B37158D48493D2ECA7F52DCC1CB9B6536 ] C:\Windows\system32\services.exe 21:06:17.0007 0x1198 [ Global ] - ok 21:06:17.0007 0x1198 ================ Scan MBR ================================== 21:06:17.0023 0x1198 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0 21:06:17.0366 0x1198 \Device\Harddisk0\DR0 - ok 21:06:17.0366 0x1198 ================ Scan VBR ================================== 21:06:17.0366 0x1198 [ 9EEC3C9F2409F19238869A125208D582 ] \Device\Harddisk0\DR0\Partition1 21:06:17.0366 0x1198 \Device\Harddisk0\DR0\Partition1 - ok 21:06:17.0381 0x1198 [ 616B1288B1413FA795B27A3FC57A53AB ] \Device\Harddisk0\DR0\Partition2 21:06:17.0381 0x1198 \Device\Harddisk0\DR0\Partition2 - ok 21:06:17.0381 0x1198 ================ Scan generic autorun ====================== 21:06:17.0459 0x1198 [ 220BC54C446F88CFAAD689CCBDE591E3, C86E1B9E407E7C29B9977EBDE6CFA2BCB1E22BB88A51B5FD723A013E807B593C ] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe 21:06:17.0475 0x1198 AmIcoSinglun64 - ok 21:06:18.0161 0x1198 [ 798DF4955D7DE4552706B3ECB65B3C80, C0DD4999D8E5505EBC5ADB2B458339BA1444FE897C8568E872C9F8CCF7C5360B ] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe 21:06:18.0614 0x1198 RtHDVCpl - ok 21:06:18.0754 0x1198 [ 147B96A5AEA8CEF3A34D8E378EAAA9B2, AC60E8184AC0DF277C26617AAD06F13A315B459AE47D9093161FB3DD652195B1 ] C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerTray.exe 21:06:18.0785 0x1198 Acer ePower Management - ok 21:06:18.0926 0x1198 [ 35BA4E6632BA690EA6421C1E03537D0E, 99D6B4DB12ABE3A7F44AB1B2D626978E85231185AE280D9516986027BC8385CB ] c:\Program Files\Microsoft Security Client\msseces.exe 21:06:18.0988 0x1198 MSC - ok 21:06:19.0051 0x1198 [ 77AC8322178FB8F3117CDD3B6DC6E126, 2786198EE920D7788FA0DE376231D4E42AB68F6D5A1E87FAC1F3D7424D1ED493 ] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe 21:06:19.0066 0x1198 StartCCC - ok 21:06:19.0160 0x1198 [ 38218E47372B77DDB3C9DDD4390CB960, C665FCFE08A4C1F9C3FBA73A220AAB7344C2BF203B62FAB76EF1F659A78F007C ] C:\Program Files (x86)\Launch Manager\LManager.exe 21:06:19.0207 0x1198 LManager - ok 21:06:19.0269 0x1198 [ 846965AE55A2662B1576C0F392DD1D6E, 0ADE383991FDC5A49DD15A27CB52CF75ABF518F0335E92003C0FF75DB417BBDC ] C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe 21:06:19.0269 0x1198 SSBkgdUpdate - ok 21:06:19.0347 0x1198 [ 27249F2A900032F3C2DFAB8DE8F16399, 88F85055FC6A6C3872A9A3697F92E26EEB51655F5D53F49EE22768829839808A ] C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe 21:06:19.0347 0x1198 PaperPort PTD - ok 21:06:19.0378 0x1198 [ A4A66195EB0ECD574A32AAA92DC0A7BD, 4E30D565917158316A541BB29D73BF5F3A01DAB1240363276DE0C5D59B2BFFFE ] C:\Program Files (x86)\ScanSoft\PaperPort\Ereg\Ereg.exe 21:06:19.0394 0x1198 PPort11reminder - ok 21:06:19.0472 0x1198 [ 16D4D2AB28EDD90AEE06826B3ADF50AB, EE8E54702B22E7F1DB8DE7296132C3473DD9D18B9E9C47414F315173E0A26E16 ] C:\Program Files (x86)\PDF24\pdf24.exe 21:06:19.0472 0x1198 PDFPrint - ok 21:06:19.0565 0x1198 [ 271B0D188430670509CB9943D5229205, 74CB5A9D8B5988AE08C0F65C601FC54F8745BAB6825B6FEEFBA8F068D656D8D7 ] C:\Program Files (x86)\QuickTime\QTTask.exe 21:06:19.0581 0x1198 QuickTime Task - ok 21:06:19.0706 0x1198 [ 3E04F1E482357B1FC8B088197C3D9FF8, 85524ADDC27ADC831EBBD24E079B412CFDC69E5F594BD153319087665A28D546 ] C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe 21:06:19.0753 0x1198 Adobe ARM - ok 21:06:20.0267 0x1198 [ 51747688BBB04853C3D03480244B4CBA, 7FDFE33E74D2E3408404F8466A872F582287C12DED294CE94EDB915E43CBF10A ] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe 21:06:20.0642 0x1198 SUPERAntiSpyware - ok 21:06:20.0907 0x1198 [ 907E9C6F658C590BB58BFB45CFE10857, 0F4976ECE46DDCAC1235A65C9B50B05B166CC74E43B057DA6FF54C13DD27EB22 ] C:\Users\dermauel\AppData\Roaming\Spotify\SpotifyWebHelper.exe 21:06:21.0001 0x1198 Spotify Web Helper - ok 21:06:21.0016 0x1198 AV detected via SS2: Microsoft Security Essentials, C:\Program Files\Microsoft Security Client\msseces.exe ( 4.8.204.0 ), 0x61000 ( enabled : updated ) 21:06:21.0016 0x1198 Win FW state via NFP2: enabled 21:06:23.0434 0x1198 ============================================================ 21:06:23.0434 0x1198 Scan finished 21:06:23.0434 0x1198 ============================================================ 21:06:23.0434 0x0428 Detected object count: 0 21:06:23.0434 0x0428 Actual detected object count: 0 21:10:14.0892 0x160c Deinitialize success |
|
25.05.2015, 16:17
| #7 |
| /// the machine /// TB-Ausbilder | Laptop infiziert - Öffnet selbstständig Programme hi, Scan mit Combofix
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
25.05.2015, 17:48
| #8 |
| | Laptop infiziert - Öffnet selbstständig Programme Hier der Report von ComboFix: Code:
ATTFilter Combofix Logfile: Ernst |
|
26.05.2015, 17:27
| #9 |
| /// the machine /// TB-Ausbilder | Laptop infiziert - Öffnet selbstständig Programme Downloade Dir bitte  Malwarebytes Anti-Malware
Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
29.05.2015, 18:11
| #10 |
| | Laptop infiziert - Öffnet selbstständig Programme So Schrauber, alles wie gewünscht gescannt. Das habe ich im Akkubetrieb gemacht, da meine Maus im Netzbetrieb wieder ohne mein Zutun über den Monitor flitzte. Hier nun die Reports: 1. mbam.txt Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Protection, 29.05.2015 15:55:19, SYSTEM, DERMAUEL-PC, Protection, Malware Protection, Starting, Protection, 29.05.2015 15:55:19, SYSTEM, DERMAUEL-PC, Protection, Malware Protection, Started, Protection, 29.05.2015 15:55:19, SYSTEM, DERMAUEL-PC, Protection, Malicious Website Protection, Starting, Protection, 29.05.2015 15:55:20, SYSTEM, DERMAUEL-PC, Protection, Malicious Website Protection, Started, Update, 29.05.2015 16:15:01, SYSTEM, DERMAUEL-PC, Manual, Malware Database, 2015.5.28.7, 2015.5.29.3, Protection, 29.05.2015 16:15:01, SYSTEM, DERMAUEL-PC, Protection, Refresh, Starting, Protection, 29.05.2015 16:15:01, SYSTEM, DERMAUEL-PC, Protection, Malicious Website Protection, Stopping, Protection, 29.05.2015 16:15:02, SYSTEM, DERMAUEL-PC, Protection, Malicious Website Protection, Stopped, Protection, 29.05.2015 16:15:46, SYSTEM, DERMAUEL-PC, Protection, Refresh, Success, Protection, 29.05.2015 16:15:46, SYSTEM, DERMAUEL-PC, Protection, Malicious Website Protection, Starting, Protection, 29.05.2015 16:15:47, SYSTEM, DERMAUEL-PC, Protection, Malicious Website Protection, Started, Update, 29.05.2015 16:46:40, SYSTEM, DERMAUEL-PC, Scheduler, Malware Database, 2015.5.29.3, 2015.5.29.4, Protection, 29.05.2015 16:46:40, SYSTEM, DERMAUEL-PC, Protection, Refresh, Starting, Protection, 29.05.2015 16:46:40, SYSTEM, DERMAUEL-PC, Protection, Malicious Website Protection, Stopping, Protection, 29.05.2015 16:46:41, SYSTEM, DERMAUEL-PC, Protection, Malicious Website Protection, Stopped, Protection, 29.05.2015 16:48:24, SYSTEM, DERMAUEL-PC, Protection, Refresh, Success, Protection, 29.05.2015 16:48:24, SYSTEM, DERMAUEL-PC, Protection, Malicious Website Protection, Starting, Protection, 29.05.2015 16:48:25, SYSTEM, DERMAUEL-PC, Protection, Malicious Website Protection, Started, Scan, 29.05.2015 16:52:39, SYSTEM, DERMAUEL-PC, Manual, Start: 29.05.2015 16:15:32, Dauer: 37 Minuten 7 Sekunden, Bedrohungs-Suchlauf, Abgeschlossen, 0 Malwareerkennung, "0" nicht-Malwareerkennung, Protection, 29.05.2015 18:46:15, SYSTEM, DERMAUEL-PC, Protection, Malware Protection, Starting, Protection, 29.05.2015 18:46:15, SYSTEM, DERMAUEL-PC, Protection, Malware Protection, Started, Protection, 29.05.2015 18:46:15, SYSTEM, DERMAUEL-PC, Protection, Malicious Website Protection, Starting, Protection, 29.05.2015 18:46:18, SYSTEM, DERMAUEL-PC, Protection, Malicious Website Protection, Started, (end) 2. Report AdwCleaner AdwCleaner Logfile: Code:
ATTFilter # AdwCleaner v4.205 - Bericht erstellt 29/05/2015 um 18:53:50
# Aktualisiert 21/05/2015 von Xplode
# Datenbank : 2015-05-25.3 [Server]
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (x64)
# Benutzername : dermauel - DERMAUEL-PC
# Gestarted von : C:\Users\dermauel\Documents\Steuer-Sparbuch\2014\Downloads\AdwCleaner_4.205.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PepperZip
Ordner Gelöscht : C:\Program Files (x86)\globalUpdate
Ordner Gelöscht : C:\Program Files (x86)\predm
Ordner Gelöscht : C:\Program Files (x86)\XTRM Group
Ordner Gelöscht : C:\Windows\SysWOW64\config\systemprofile\AppData\Local\XTRM Group Ltd
Ordner Gelöscht : C:\Users\dermauel\music\qtrax media library
Ordner Gelöscht : C:\Users\dermauel\AppData\Local\globalUpdate
Datei Gelöscht : C:\Users\dermauel\AppData\Roaming\KATMK
Datei Gelöscht : C:\Users\dermauel\AppData\Roaming\WHNKTVR
Datei Gelöscht : C:\Users\dermauel\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_de.reimageplus.com_0.localstorage
Datei Gelöscht : C:\Users\dermauel\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_de.reimageplus.com_0.localstorage-journal
***** [ Geplante Tasks ] *****
Task Gelöscht : Go for FilesUpdate
Task Gelöscht : LaunchSignup
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\www.superfish.com
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\speedupmypc
Schlüssel Gelöscht : HKCU\Software\Classes\MF
Schlüssel Gelöscht : HKCU\Software\Classes\PepperZip
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\SDP
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{459DD0F7-0D55-D3DC-67BC-E6BE37E9D762}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{457EF9F0-0A7C-4302-B47B-C207A8DE8598}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{457EF9F0-0A7C-4302-B47B-C207A8DE8598}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{2FF49ED5-A3EF-410B-918E-97DECEB5996D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{BB27DF2F-6F05-4A42-9FFD-14696D795750}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CC865B26-C31D-4D23-B17B-96548EEF03F6}
Schlüssel Gelöscht : HKCU\Software\GlobalUpdate
Schlüssel Gelöscht : HKCU\Software\InetStat
Schlüssel Gelöscht : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Schlüssel Gelöscht : HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}
Schlüssel Gelöscht : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Schlüssel Gelöscht : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Schlüssel Gelöscht : HKLM\SOFTWARE\GlobalUpdate
Schlüssel Gelöscht : HKLM\SOFTWARE\Uniblue
Schlüssel Gelöscht : HKLM\SOFTWARE\XTRM Group Ltd.
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{EE171732-BEB4-4576-887D-CB62727F01CA}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\AllDaySavings
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467
***** [ Internetbrowser ] *****
-\\ Internet Explorer v11.0.9600.17801
-\\ Google Chrome v43.0.2357.81
[C:\Users\dermauel\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://groovorio.com/results.php?f=4&q={searchTerms}&a=grv_adk4_14_29&cd=2XzuyEtN2Y1L1QzuyB0A0FtC0AtC0Fzy0BtByDyD0C0D0BzztN0D0Tzu0SzyyCyDtN1L2XzutAtFtDtFtCyDtFtCtN1L1Czu1N1C2X1V1T1Q1JyE1VtCyE1VtBzytN1L1G1B1V1N2Y1L1Qzu2StCtCzztD0AyE0C0AtGyDyD0AyBtG0EyC0DyDtGyCzy0FtBtGyEyD0BtDyC0F0EzztA0A0D0C2QtN1M1F1B2Z1V1N2Y1L1Qzu2StB0AyCyEyEyE0DtCtGtAyCyD0DtGyEyB0E0FtG0A0DyCyDtGyByC0FtB0A0FyDyEyB0ByC0F2Q&cr=1951159974&ir=
[C:\Users\dermauel\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://www.mystartsearch.com/web/?type=ds&ts=1413021909&from=tugs&uid=WDCXWD5000BEVT-22A0RT0_WD-WXV1E40WJW38WJW38&q={searchTerms}
*************************
AdwCleaner[R0].txt - [16392 Bytes] - [26/08/2014 17:43:22]
AdwCleaner[R1].txt - [17776 Bytes] - [26/08/2014 17:50:09]
AdwCleaner[R2].txt - [5603 Bytes] - [29/05/2015 18:51:55]
AdwCleaner[S0].txt - [372 Bytes] - [26/08/2014 17:49:13]
AdwCleaner[S1].txt - [14431 Bytes] - [26/08/2014 17:50:43]
AdwCleaner[S2].txt - [5393 Bytes] - [29/05/2015 18:53:50]
########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [5452 Bytes] ##########
3. JRT.txt Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.8.4 (05.29.2015:1)
OS: Windows 7 Home Premium x64
Ran by dermauel on 29.05.2015 at 18:58:36,46
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Tasks
~~~ Registry Values
Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{DFEFCDEE-CF1A-4FC8-88AD-48514E463B27}
Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{DFEFCDEE-CF1A-4FC8-88AD-48514E463B27}
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search\\SearchAssistant
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011501160}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Eventlog\Application\Update App Bud
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Eventlog\Application\Update SunriseBrowse
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Eventlog\Application\Util SunriseBrowse
~~~ Files
Successfully deleted: [File] C:\Users\dermauel\appdata\locallow\microsoft\silverlight\outofbrowser\index\portal.qtrax.com
Successfully deleted: [File] C:\Windows\wininit.ini
Successfully deleted: [File] C:\Users\dermauel\appdata\local\google\chrome\user data\default\local storage\http_static.audienceinsights.net_0.localstorage
Successfully deleted: [File] C:\Users\dermauel\appdata\local\google\chrome\user data\default\local storage\http_static.audienceinsights.net_0.localstorage-journal
Successfully deleted: [File] C:\Users\dermauel\appdata\local\google\chrome\user data\default\local storage\http_www.superfish.com_0.localstorage
Successfully deleted: [File] C:\Users\dermauel\appdata\local\google\chrome\user data\default\local storage\http_www.superfish.com_0.localstorage-journal
Successfully deleted: [File] C:\Users\dermauel\appdata\local\google\chrome\user data\default\local storage\https_www.superfish.com_0.localstorage
Successfully deleted: [File] C:\Users\dermauel\appdata\local\google\chrome\user data\default\local storage\https_www.superfish.com_0.localstorage-journal
~~~ Folders
Successfully deleted: [Folder] C:\Users\dermauel\appdata\local\com
~~~ Chrome
[C:\Users\dermauel\appdata\local\Google\Chrome\User Data\Default\Preferences] - default search provider reset
[C:\Users\dermauel\appdata\local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:
[C:\Users\dermauel\appdata\local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset
[C:\Users\dermauel\appdata\local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:
[]
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 29.05.2015 at 19:03:53,02
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
4. Das frische FRST.log Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 27-05-2015 01
Ran by dermauel (administrator) on DERMAUEL-PC on 29-05-2015 19:04:59
Running from C:\Users\dermauel\Documents\Steuer-Sparbuch\2014\Downloads
Loaded Profiles: dermauel (Available Profiles: dermauel)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Motorola Mobility LLC) C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe
(Motorola Mobility LLC) C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe
(Motorola) C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [AmIcoSinglun64] => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [324608 2010-06-10] (Alcor Micro Corp.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11101800 2010-07-29] (Realtek Semiconductor)
HKLM\...\Run: [Acer ePower Management] => C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerTray.exe [861216 2010-06-11] (Acer Incorporated)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-01-22] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [975952 2010-08-11] (Dritek System Inc.)
HKLM-x32\...\Run: [SSBkgdUpdate] => C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [210472 2006-10-25] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PaperPort PTD] => C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe [29984 2008-07-09] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PPort11reminder] => C:\Program Files (x86)\ScanSoft\PaperPort\Ereg\Ereg.exe [328992 2007-08-31] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [191528 2014-07-04] (Geek Software GmbH)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKU\S-1-5-21-1760913815-1977244394-2032619341-1000\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7799576 2015-05-16] (SUPERAntiSpyware)
HKU\S-1-5-21-1760913815-1977244394-2032619341-1000\...\Run: [Spotify Web Helper] => C:\Users\dermauel\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2022968 2015-05-15] (Spotify Ltd)
Startup: C:\Users\dermauel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2015-03-29]
ShortcutTarget: Dropbox.lnk -> C:\Users\dermauel\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\dermauel\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\dermauel\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\dermauel\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\dermauel\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\dermauel\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\dermauel\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\dermauel\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\dermauel\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\S-1-5-21-1760913815-1977244394-2032619341-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1760913815-1977244394-2032619341-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1760913815-1977244394-2032619341-1000 -> {3A61CA71-E5DB-4CFB-990F-BB9C6913C26A} URL = https://www.google.com/search?q={searchTerms}
BHO: No Name -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> No File
BHO-x32: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> No File
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-02-07] (Oracle Corporation)
BHO-x32: Windows Live Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-02-07] (Oracle Corporation)
Toolbar: HKU\S-1-5-21-1760913815-1977244394-2032619341-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll [2010-04-16] (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll [2010-04-16] (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-04-16] ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-16] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1167637.dll [2012-08-08] (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-18] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-02-07] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-02-07] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8117.0416 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-04-16] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-21] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-21] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2014-11-15] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1760913815-1977244394-2032619341-1000: @lightspark.github.com/Lightspark;version=1 -> C:\Program Files (x86)\Lightspark 0.5.3-git\nplightsparkplugin.dll No File
FF Plugin HKU\S-1-5-21-1760913815-1977244394-2032619341-1000: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\dermauel\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [2014-07-24] (Skype Limited)
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2013-07-15]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0034-ABCDEFFEDCBA} [2013-07-15]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2013-07-15]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2013-07-15]
FF HKU\S-1-5-21-1760913815-1977244394-2032619341-1000\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff
FF Extension: Download videos and MP3s from YouTube - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff [2014-11-15]
Chrome:
=======
CHR Profile: C:\Users\dermauel\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Bookmark Manager) - C:\Users\dermauel\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-04-22]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\dermauel\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-12]
CHR Extension: (Google Wallet) - C:\Users\dermauel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]
CHR HKLM-x32\...\Chrome\Extension: [ildldcbkkbkhnjghnbidklpepakbepnd] - C:\Users\dermauel\AppData\LocalLow\Flagfox\CHROME\Flagfox.crx [Not Found]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2015-05-16] (SUPERAntiSpyware.com)
S2 DeviceMonitorService; C:\Program Files (x86)\Motorola Media Link\NServiceEntry.exe [87336 2010-08-06] (Nero AG)
R2 DiagTrack; C:\Windows\system32\diagtrack.dll [1254400 2015-04-27] (Microsoft Corporation)
S2 ePowerSvc; C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe [868896 2010-06-11] (Acer Incorporated)
S3 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [347200 2014-12-17] (WildTangent)
S2 GREGService; C:\Program Files (x86)\Packard Bell\Registration\GREGsvc.exe [23584 2010-01-08] (Acer Incorporated)
S2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2015-04-14] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
R2 Motorola Device Manager; C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [137528 2013-11-15] (Motorola Mobility LLC)
S2 NTI IScheduleSvc; C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe [255744 2010-06-29] (NewTech Infosystems, Inc.)
R2 PST Service; C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe [65657 2011-09-02] (Motorola) [File not signed]
S2 Updater Service; C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe [243232 2010-01-29] (Acer Group)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [136408 2015-05-29] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-04-14] (Malwarebytes Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R3 stdriver; C:\Windows\System32\DRIVERS\stdriverx64.sys [33488 2014-01-28] ()
R3 WinDriver6; C:\Windows\System32\drivers\windrvr6.sys [254464 2011-03-24] (Jungo)
S3 BTCFilterService; system32\DRIVERS\motfilt.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 motccgp; system32\DRIVERS\motccgp.sys [X]
S3 motccgpfl; system32\DRIVERS\motccgpfl.sys [X]
S3 motmodem; system32\DRIVERS\motmodem.sys [X]
S3 MotoSwitchService; system32\DRIVERS\motswch.sys [X]
S3 Motousbnet; system32\DRIVERS\Motousbnet.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-05-29 19:03 - 2015-05-29 19:03 - 00003222 _____ () C:\Users\dermauel\Desktop\JRT.txt
2015-05-29 18:58 - 2015-05-29 18:58 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-DERMAUEL-PC-Windows-7-Home-Premium-(64-bit).dat
2015-05-29 18:58 - 2015-05-29 18:58 - 00000000 ____D () C:\RegBackup
2015-05-29 18:56 - 2015-05-29 18:56 - 00002497 _____ () C:\Users\dermauel\Desktop\mbam.txt
2015-05-29 18:55 - 2015-05-29 18:55 - 00005556 _____ () C:\Users\dermauel\Desktop\AdwCleaner[S2].txt
2015-05-29 18:49 - 2015-05-29 18:49 - 00002497 _____ () C:\mbam.txt
2015-05-25 18:46 - 2015-05-25 18:46 - 00029102 _____ () C:\ComboFix.txt
2015-05-22 16:50 - 2015-05-25 13:23 - 00000000 ____D () C:\Users\dermauel\Desktop\mbar
2015-05-22 16:50 - 2015-05-25 13:23 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-05-21 14:52 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-05-21 14:52 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-05-21 14:52 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-05-21 14:52 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-05-21 14:51 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-05-21 14:51 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2015-05-21 14:51 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2015-05-21 14:51 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2015-05-21 14:45 - 2015-05-25 18:46 - 00000000 ____D () C:\Qoobox
2015-05-21 14:44 - 2015-05-21 15:43 - 00000000 ____D () C:\Windows\erdnt
2015-05-21 13:47 - 2015-05-21 13:47 - 00000000 ____D () C:\Users\dermauel\Documents\Fax
2015-05-18 19:40 - 2015-05-29 18:55 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-05-18 19:40 - 2015-05-25 11:25 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-05-18 19:40 - 2015-05-18 19:40 - 00001078 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-05-18 19:40 - 2015-05-18 19:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2015-05-18 19:40 - 2015-05-18 19:40 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2015-05-18 19:40 - 2015-04-14 09:37 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-05-18 19:40 - 2015-04-14 09:37 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-05-15 17:40 - 2015-05-01 15:17 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-15 17:40 - 2015-05-01 15:16 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-05-15 16:54 - 2015-05-05 03:29 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-05-15 16:54 - 2015-05-05 03:12 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-05-15 16:54 - 2015-04-18 05:10 - 00460800 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2015-05-15 16:54 - 2015-04-18 04:56 - 00342016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2015-05-15 16:54 - 2015-02-18 09:06 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2015-05-15 16:54 - 2015-02-18 09:04 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2015-05-15 16:53 - 2015-04-22 04:28 - 00389840 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-05-15 16:53 - 2015-04-22 03:48 - 00342736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-05-15 16:53 - 2015-04-21 19:08 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-05-15 16:53 - 2015-04-21 19:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-05-15 16:53 - 2015-04-21 18:51 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-05-15 16:53 - 2015-04-21 18:50 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-05-15 16:53 - 2015-04-21 18:50 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-05-15 16:53 - 2015-04-21 18:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-05-15 16:53 - 2015-04-21 18:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-05-15 16:53 - 2015-04-21 18:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-05-15 16:53 - 2015-04-21 18:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-05-15 16:53 - 2015-04-21 18:35 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-05-15 16:53 - 2015-04-21 18:35 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-05-15 16:53 - 2015-04-21 18:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-05-15 16:53 - 2015-04-21 18:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-05-15 16:53 - 2015-04-21 18:31 - 06025728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-05-15 16:53 - 2015-04-21 18:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-05-15 16:53 - 2015-04-21 18:25 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-05-15 16:53 - 2015-04-21 18:24 - 19691008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-05-15 16:53 - 2015-04-21 18:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-05-15 16:53 - 2015-04-21 18:14 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-05-15 16:53 - 2015-04-21 18:11 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-05-15 16:53 - 2015-04-21 18:11 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-05-15 16:53 - 2015-04-21 18:10 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-05-15 16:53 - 2015-04-21 18:09 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-05-15 16:53 - 2015-04-21 18:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-05-15 16:53 - 2015-04-21 18:08 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-05-15 16:53 - 2015-04-21 18:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-05-15 16:53 - 2015-04-21 18:04 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-05-15 16:53 - 2015-04-21 18:03 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-05-15 16:53 - 2015-04-21 18:02 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-05-15 16:53 - 2015-04-21 18:00 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-05-15 16:53 - 2015-04-21 17:58 - 00664576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-05-15 16:53 - 2015-04-21 17:58 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-05-15 16:53 - 2015-04-21 17:57 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-05-15 16:53 - 2015-04-21 17:49 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-05-15 16:53 - 2015-04-21 17:49 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-05-15 16:53 - 2015-04-21 17:48 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-05-15 16:53 - 2015-04-21 17:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-05-15 16:53 - 2015-04-21 17:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-05-15 16:53 - 2015-04-21 17:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-05-15 16:53 - 2015-04-21 17:40 - 14401536 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-05-15 16:53 - 2015-04-21 17:39 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-05-15 16:53 - 2015-04-21 17:38 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-05-15 16:53 - 2015-04-21 17:36 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-05-15 16:53 - 2015-04-21 17:31 - 04305920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-05-15 16:53 - 2015-04-21 17:27 - 02352128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-05-15 16:53 - 2015-04-21 17:26 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-05-15 16:53 - 2015-04-21 17:25 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-05-15 16:53 - 2015-04-21 17:24 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-05-15 16:53 - 2015-04-21 17:17 - 12828672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-05-15 16:53 - 2015-04-21 17:15 - 01547264 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-05-15 16:53 - 2015-04-21 17:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-05-15 16:53 - 2015-04-21 17:02 - 01882112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-05-15 16:53 - 2015-04-21 16:58 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-05-15 16:53 - 2015-04-21 16:56 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-05-15 16:52 - 2015-04-21 19:14 - 24971776 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-05-15 16:52 - 2015-04-21 18:50 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-05-15 16:52 - 2015-04-21 18:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-05-15 16:52 - 2015-04-21 18:09 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-05-15 16:50 - 2015-04-13 05:28 - 00328704 _____ (Microsoft Corporation) C:\Windows\system32\services.exe
2015-05-15 16:49 - 2015-04-27 21:28 - 05569984 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-05-15 16:49 - 2015-04-27 21:28 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-05-15 16:49 - 2015-04-27 21:28 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-05-15 16:49 - 2015-04-27 21:26 - 01728960 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-05-15 16:49 - 2015-04-27 21:23 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-05-15 16:49 - 2015-04-27 21:23 - 01254400 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2015-05-15 16:49 - 2015-04-27 21:23 - 01162752 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-05-15 16:49 - 2015-04-27 21:23 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2015-05-15 16:49 - 2015-04-27 21:23 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2015-05-15 16:49 - 2015-04-27 21:23 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-05-15 16:49 - 2015-04-27 21:23 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-05-15 16:49 - 2015-04-27 21:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-05-15 16:49 - 2015-04-27 21:23 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-05-15 16:49 - 2015-04-27 21:23 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-05-15 16:49 - 2015-04-27 21:23 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-05-15 16:49 - 2015-04-27 21:23 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-05-15 16:49 - 2015-04-27 21:23 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-05-15 16:49 - 2015-04-27 21:23 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-05-15 16:49 - 2015-04-27 21:23 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-05-15 16:49 - 2015-04-27 21:23 - 00113664 _____ (Microsoft Corporation) C:\Windows\system32\sechost.dll
2015-05-15 16:49 - 2015-04-27 21:23 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-05-15 16:49 - 2015-04-27 21:23 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-05-15 16:49 - 2015-04-27 21:23 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-05-15 16:49 - 2015-04-27 21:23 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-05-15 16:49 - 2015-04-27 21:23 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-05-15 16:49 - 2015-04-27 21:23 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-05-15 16:49 - 2015-04-27 21:23 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-05-15 16:49 - 2015-04-27 21:23 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-05-15 16:49 - 2015-04-27 21:22 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\tracerpt.exe
2015-05-15 16:49 - 2015-04-27 21:22 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-05-15 16:49 - 2015-04-27 21:22 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-05-15 16:49 - 2015-04-27 21:22 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-05-15 16:49 - 2015-04-27 21:22 - 00104448 _____ (Microsoft Corporation) C:\Windows\system32\logman.exe
2015-05-15 16:49 - 2015-04-27 21:22 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\typeperf.exe
2015-05-15 16:49 - 2015-04-27 21:22 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\relog.exe
2015-05-15 16:49 - 2015-04-27 21:22 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-05-15 16:49 - 2015-04-27 21:22 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\diskperf.exe
2015-05-15 16:49 - 2015-04-27 21:21 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-05-15 16:49 - 2015-04-27 21:18 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-05-15 16:49 - 2015-04-27 21:18 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-05-15 16:49 - 2015-04-27 21:16 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-05-15 16:49 - 2015-04-27 21:16 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-05-15 16:49 - 2015-04-27 21:16 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-05-15 16:49 - 2015-04-27 21:16 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-05-15 16:49 - 2015-04-27 21:16 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-05-15 16:49 - 2015-04-27 21:16 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-05-15 16:49 - 2015-04-27 21:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-05-15 16:49 - 2015-04-27 21:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-05-15 16:49 - 2015-04-27 21:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-05-15 16:49 - 2015-04-27 21:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-05-15 16:49 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-05-15 16:49 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-05-15 16:49 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-05-15 16:49 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-05-15 16:49 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-05-15 16:49 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-05-15 16:49 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-05-15 16:49 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-05-15 16:49 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-05-15 16:49 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-05-15 16:49 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-05-15 16:49 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-05-15 16:49 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-05-15 16:49 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-05-15 16:49 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-05-15 16:49 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-05-15 16:49 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-05-15 16:49 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-05-15 16:49 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-05-15 16:49 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-05-15 16:49 - 2015-04-27 21:11 - 03989440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-05-15 16:49 - 2015-04-27 21:11 - 03934144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-05-15 16:49 - 2015-04-27 21:08 - 01310744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-05-15 16:49 - 2015-04-27 21:05 - 00635392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2015-05-15 16:49 - 2015-04-27 21:05 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-05-15 16:49 - 2015-04-27 21:05 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-05-15 16:49 - 2015-04-27 21:05 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-05-15 16:49 - 2015-04-27 21:05 - 00092160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sechost.dll
2015-05-15 16:49 - 2015-04-27 21:05 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-05-15 16:49 - 2015-04-27 21:05 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-05-15 16:49 - 2015-04-27 21:05 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-05-15 16:49 - 2015-04-27 21:05 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-05-15 16:49 - 2015-04-27 21:04 - 00641536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2015-05-15 16:49 - 2015-04-27 21:04 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-05-15 16:49 - 2015-04-27 21:04 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tracerpt.exe
2015-05-15 16:49 - 2015-04-27 21:04 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\logman.exe
2015-05-15 16:49 - 2015-04-27 21:04 - 00040448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\typeperf.exe
2015-05-15 16:49 - 2015-04-27 21:04 - 00037888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\relog.exe
2015-05-15 16:49 - 2015-04-27 21:04 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-05-15 16:49 - 2015-04-27 21:04 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-05-15 16:49 - 2015-04-27 21:03 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-05-15 16:49 - 2015-04-27 21:03 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-05-15 16:49 - 2015-04-27 21:03 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-05-15 16:49 - 2015-04-27 21:03 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-05-15 16:49 - 2015-04-27 21:03 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\diskperf.exe
2015-05-15 16:49 - 2015-04-27 21:03 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-05-15 16:49 - 2015-04-27 21:01 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-05-15 16:49 - 2015-04-27 21:01 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-05-15 16:49 - 2015-04-27 20:59 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-05-15 16:49 - 2015-04-27 20:59 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-05-15 16:49 - 2015-04-27 20:59 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-05-15 16:49 - 2015-04-27 20:59 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-05-15 16:49 - 2015-04-27 20:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-05-15 16:49 - 2015-04-27 20:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-05-15 16:49 - 2015-04-27 20:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-05-15 16:49 - 2015-04-27 20:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-05-15 16:49 - 2015-04-27 20:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-05-15 16:49 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-05-15 16:49 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-05-15 16:49 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-05-15 16:49 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-05-15 16:49 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-05-15 16:49 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-05-15 16:49 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-05-15 16:49 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-05-15 16:49 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-05-15 16:49 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-05-15 16:49 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-05-15 16:49 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-05-15 16:49 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-05-15 16:49 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-05-15 16:49 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-05-15 16:49 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-05-15 16:49 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-05-15 16:49 - 2015-04-27 20:06 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2015-05-15 16:49 - 2015-04-27 19:57 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-05-15 16:49 - 2015-04-27 19:57 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-05-15 16:49 - 2015-04-27 19:55 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-05-15 16:49 - 2015-04-27 19:55 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-05-15 16:49 - 2015-04-27 19:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-05-15 16:49 - 2015-04-27 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-05-15 16:47 - 2015-04-20 05:17 - 01647104 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-05-15 16:47 - 2015-04-20 05:17 - 01179136 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-05-15 16:47 - 2015-04-20 04:56 - 01250816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-05-15 16:47 - 2015-04-20 04:11 - 03204608 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-05-15 16:47 - 2015-04-08 05:29 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2015-05-15 16:47 - 2015-04-08 05:29 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll
2015-05-15 16:47 - 2015-04-08 05:14 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
2015-05-15 16:47 - 2015-01-29 05:19 - 02543104 _____ (Microsoft Corporation) C:\Windows\system32\wpdshext.dll
2015-05-15 16:47 - 2015-01-29 05:02 - 02311168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wpdshext.dll
2015-05-15 16:46 - 2015-03-04 06:41 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\apphelp.dll
2015-05-15 16:46 - 2015-03-04 06:41 - 00072192 _____ (Microsoft Corporation) C:\Windows\system32\aelupsvc.dll
2015-05-15 16:46 - 2015-03-04 06:41 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\sdbinst.exe
2015-05-15 16:46 - 2015-03-04 06:41 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\shimeng.dll
2015-05-15 16:46 - 2015-03-04 06:11 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shimeng.dll
2015-05-15 16:46 - 2015-03-04 06:10 - 00295936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apphelp.dll
2015-05-15 16:46 - 2015-03-04 06:10 - 00020992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sdbinst.exe
2015-05-06 18:16 - 2015-05-06 18:16 - 00002071 _____ () C:\Users\Public\Desktop\WISO Steuer-Sparbuch 2015.lnk
2015-05-06 18:15 - 2015-05-06 18:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WISO Steuer-Sparbuch 2015
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-05-29 19:05 - 2014-05-14 16:50 - 00000000 ____D () C:\FRST
2015-05-29 18:59 - 2014-03-04 15:38 - 00000000 ____D () C:\Temp
2015-05-29 18:59 - 2009-07-14 06:45 - 00025840 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-05-29 18:59 - 2009-07-14 06:45 - 00025840 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-05-29 18:55 - 2014-08-22 16:29 - 00000000 ___RD () C:\Users\dermauel\Dropbox
2015-05-29 18:55 - 2014-08-22 16:26 - 00000000 ____D () C:\Users\dermauel\AppData\Roaming\Dropbox
2015-05-29 18:55 - 2014-05-23 21:04 - 00000374 _____ () C:\Windows\system32\Drivers\etc\hosts.ics
2015-05-29 18:55 - 2013-06-11 18:26 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-05-29 18:55 - 2012-03-30 10:03 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2015-05-29 18:54 - 2014-08-18 18:34 - 00021667 _____ () C:\Windows\setupact.log
2015-05-29 18:54 - 2014-01-03 15:31 - 00000000 ____D () C:\Program Files (x86)\Motorola Media Link
2015-05-29 18:54 - 2010-10-19 18:11 - 01371407 _____ () C:\Windows\WindowsUpdate.log
2015-05-29 18:54 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-05-29 18:53 - 2014-08-26 17:43 - 00000000 ____D () C:\AdwCleaner
2015-05-29 16:30 - 2013-06-11 18:26 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-05-29 16:25 - 2012-01-01 13:34 - 00001150 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1760913815-1977244394-2032619341-1000UA.job
2015-05-29 16:25 - 2012-01-01 13:34 - 00001128 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1760913815-1977244394-2032619341-1000Core.job
2015-05-29 16:19 - 2012-04-06 10:05 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-05-29 15:56 - 2013-12-04 19:58 - 00001007 _____ () C:\Windows\wiso.ini
2015-05-29 15:56 - 2012-02-24 20:47 - 00000836 _____ () C:\Windows\MyHeritage.INI
2015-05-28 22:05 - 2012-05-20 15:12 - 00000000 ____D () C:\Users\dermauel\AppData\Roaming\Spotify
2015-05-28 21:36 - 2012-05-08 12:19 - 00000000 ____D () C:\Users\dermauel\Documents\Kompanie
2015-05-28 20:07 - 2012-05-20 15:12 - 00000000 ____D () C:\Users\dermauel\AppData\Local\Spotify
2015-05-26 22:00 - 2010-10-20 04:00 - 00703230 _____ () C:\Windows\system32\perfh007.dat
2015-05-26 22:00 - 2010-10-20 04:00 - 00150838 _____ () C:\Windows\system32\perfc007.dat
2015-05-26 22:00 - 2009-07-14 07:13 - 01629508 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-05-25 18:50 - 2014-08-18 18:33 - 00169132 _____ () C:\Windows\PFRO.log
2015-05-25 18:41 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini
2015-05-25 18:26 - 2014-11-22 21:58 - 00000000 ____D () C:\Program Files (x86)\SpeedFan
2015-05-25 18:25 - 2011-02-22 20:27 - 00001912 _____ () C:\Windows\epplauncher.mif
2015-05-21 16:08 - 2012-03-28 16:34 - 00000000 ____D () C:\ProgramData\Lexware
2015-05-21 15:47 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Default
2015-05-21 15:01 - 2012-06-21 11:33 - 00000071 _____ () C:\Windows\iltwain.ini
2015-05-21 15:01 - 2011-03-13 22:35 - 00000000 ____D () C:\Users\dermauel\AppData\Local\CrashDumps
2015-05-21 15:01 - 2011-01-03 17:48 - 00000000 ____D () C:\Users\dermauel
2015-05-21 13:47 - 2013-03-14 18:05 - 00000000 ____D () C:\Users\dermauel\AppData\Roaming\Audacity
2015-05-21 13:28 - 2015-04-04 23:43 - 00000000 ___SD () C:\Windows\SysWOW64\GWX
2015-05-21 13:28 - 2015-04-04 23:43 - 00000000 ___SD () C:\Windows\system32\GWX
2015-05-21 13:25 - 2013-06-11 18:26 - 00004106 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-05-21 13:25 - 2013-06-11 18:26 - 00003854 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-05-18 19:21 - 2014-08-16 15:39 - 00000000 ____D () C:\Program Files (x86)\F10DE075-EE9C-4182-AE10-C6767F4F23FB
2015-05-18 19:21 - 2012-06-14 10:37 - 00000000 ____D () C:\Program Files (x86)\PDFCreator
2015-05-18 19:00 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2015-05-16 12:26 - 2014-02-17 20:00 - 00000000 ____D () C:\Users\dermauel\AppData\Roaming\Skype
2015-05-16 12:22 - 2012-04-13 14:55 - 00000000 ____D () C:\CareLink Data
2015-05-15 18:19 - 2009-07-14 06:45 - 00431120 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-05-15 18:15 - 2010-09-08 05:25 - 00000000 ____D () C:\Program Files\Windows Journal
2015-05-15 18:15 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\AdvancedInstallers
2015-05-15 18:14 - 2013-03-14 11:35 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2015-05-15 18:04 - 2011-02-22 20:36 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-05-15 18:02 - 2013-08-14 19:08 - 00000000 ____D () C:\Windows\system32\MRT
2015-05-15 17:49 - 2011-01-04 22:34 - 140425016 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-05-15 17:40 - 2013-03-14 11:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-05-15 17:38 - 2013-03-14 11:35 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2015-05-15 16:55 - 2013-11-30 21:08 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-05-12 19:44 - 2012-04-24 12:20 - 00000000 ____D () C:\RSM Fire Protection
2015-05-09 11:52 - 2013-12-09 17:36 - 00000000 ____D () C:\Users\dermauel\Documents\Steuer-Sparbuch
2015-05-09 10:21 - 2014-08-22 16:29 - 00001041 _____ () C:\Users\dermauel\Desktop\Dropbox.lnk
2015-05-09 10:21 - 2014-08-22 16:28 - 00000000 ____D () C:\Users\dermauel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-05-06 18:53 - 2013-02-28 21:46 - 00000000 ____D () C:\Users\dermauel\Documents\Nagelstudio
2015-05-06 18:16 - 2013-12-04 19:58 - 00000000 ____D () C:\Users\dermauel\AppData\Local\Buhl
2015-05-06 18:11 - 2014-05-22 18:36 - 00000000 ____D () C:\Program Files (x86)\WISO
2015-05-06 18:11 - 2010-09-08 05:01 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-04-29 21:06 - 2012-06-14 15:13 - 00000144 _____ () C:\Windows\Pcfk32.INI
==================== Files in the root of some directories =======
2011-03-24 10:08 - 2011-03-24 10:08 - 0458752 ____R (Macromedia) C:\Program Files (x86)\Common Files\HHActiveX.dll
1997-09-04 01:00 - 1997-09-04 01:00 - 0311296 _____ (Microsoft Corporation) C:\Program Files (x86)\Common Files\msacc8.olb
2013-04-15 20:35 - 2013-04-15 20:35 - 0001181 _____ () C:\Users\dermauel\AppData\Roaming\trace_FilterInstaller.1.txt
2013-04-15 20:35 - 2014-01-28 18:44 - 0001181 _____ () C:\Users\dermauel\AppData\Roaming\trace_FilterInstaller.txt
2013-04-15 20:35 - 2014-01-28 18:44 - 0000000 _____ () C:\Users\dermauel\AppData\Roaming\trace_FilterInstaller.txt-CRT.txt
2014-08-23 14:22 - 2014-08-23 14:22 - 0000042 _____ () C:\Users\dermauel\AppData\Roaming\WB.CFG
2013-07-27 15:50 - 2013-07-27 15:50 - 0081582 _____ () C:\Users\dermauel\AppData\Roaming\zulagames.ico
2011-08-22 14:47 - 2012-01-18 18:50 - 0008192 _____ () C:\Users\dermauel\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2011-07-21 16:44 - 2013-05-04 19:04 - 0004096 ____H () C:\Users\dermauel\AppData\Local\keyfile3.drm
2012-11-25 16:34 - 2013-04-23 19:03 - 0007608 _____ () C:\Users\dermauel\AppData\Local\Resmon.ResmonCfg
Some files in TEMP:
====================
C:\Users\dermauel\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp6puxry.dll
C:\Users\dermauel\AppData\Local\Temp\Quarantine.exe
C:\Users\dermauel\AppData\Local\Temp\sqlite3.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-05-18 18:49
==================== End of log ============================
Viele Grüße Ernst |
|
30.05.2015, 13:29
| #11 |
| /// the machine /// TB-Ausbilder | Laptop infiziert - Öffnet selbstständig Programme Und im Akkubetrieb macht sie das nicht? ESET Online Scanner
Downloade Dir bitte  SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme? 
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
03.06.2015, 07:52
| #12 |
| | Laptop infiziert - Öffnet selbstständig Programme Hallo schrauber, in den letzten Tagen lief der Rechner problemlos, im Netz- als auch im Akkubetrieb. Hier die Reports der durchgeführten Scans: 1. ESET Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=a00ace0f790dc1409451e89ebb4b752c
# engine=24128
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-06-02 10:30:36
# local_time=2015-06-02 12:30:36 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 8998 184870886 0 0
# scanned=331240
# found=41
# cleaned=41
# scan_time=8222
sh=96A5AEBAF5A2C96B869168D409FAF54BC52F4BFB ft=1 fh=95a04965e73ede3e vn="Variante von Win64/Adware.Adpeak.C Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files\005\cyycfhtzro64.exe.vir"
sh=96A5AEBAF5A2C96B869168D409FAF54BC52F4BFB ft=1 fh=95a04965e73ede3e vn="Variante von Win64/Adware.Adpeak.C Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files\005\mtgaotushb64.exe.vir"
sh=15ED5B6C5946E85E7A5C77F4A7689E4E76CCBAFB ft=1 fh=c71c0011fe889422 vn="Win32/Thinknice.E evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\DpInterface32.dll.vir"
sh=8FF07C7F0E7320A1EB53CADD4D30D3154FF33BBA ft=1 fh=f622fe8cae001c0b vn="Win64/Thinknice.F evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\DpInterface64.dll.vir"
sh=532A232C336AB1E5D65E829DFA191A71B96E2CC6 ft=1 fh=c71c001152b88659 vn="Win32/Thinknice.E evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\HpUI.exe.vir"
sh=12EBF6FC8AD543662053CA101C2D5DA175137EB2 ft=1 fh=c71c00119e5c1a87 vn="Win32/Thinknice.E evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\Loader32.exe.vir"
sh=8F0ABE23DDA3F9DC04497B1A4F455AF8CE9D45B8 ft=1 fh=787e176d56997de7 vn="Win64/Thinknice.E evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\Loader64.exe.vir"
sh=9E99BBE4E9F6026A66DB442D589FF049D44E43E9 ft=1 fh=c71c001149569c6f vn="Win32/ELEX.AV evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\RSHP.exe.vir"
sh=55B49E6175EC153F5F6D595F7E36CF04D61C70AC ft=1 fh=c71c0011122aac36 vn="Win32/Thinknice.E evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\SearchProtect32.dll.vir"
sh=B1740CE6528491D6914E0015C836A3A8E31A28E9 ft=1 fh=667e6cf17acea18e vn="Win64/Thinknice.F evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\SearchProtect64.dll.vir"
sh=6148DAB05D76E4FCEF4B394B0F60D9ADB2E2AB1E ft=1 fh=c71c0011346812ac vn="Win32/ELEX.AV evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\SupIePluginServiceUpdate.exe.vir"
sh=03DBFA1572019E6B0A7745CA443E74CCA8FEEFFD ft=1 fh=c71c0011e74d8dee vn="Win32/Thinknice.B evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\SupTab.dll.vir"
sh=E9BEAFD5EF09360852ECDCC4312188064742E51A ft=1 fh=c71c0011421e8e27 vn="Win32/Thinknice.E evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\uninstall.exe.vir"
sh=E3C659B9CAA4B5CFF2906CA02EB3F178906A2416 ft=1 fh=c71c00117f5fd915 vn="Win32/Thinknice.E evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\WindowsSupportDll32.dll.vir"
sh=8B488C388E304F78CA88312A651D07494469D292 ft=1 fh=8013085d4e45f122 vn="Win64/Thinknice.D evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\WindowsSupportDll64.dll.vir"
sh=6148DAB05D76E4FCEF4B394B0F60D9ADB2E2AB1E ft=1 fh=c71c0011346812ac vn="Win32/ELEX.AV evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\ProgramData\IePluginServices\PluginService.exe.vir"
sh=77918B0878255FC1383E41084977C8CF7CD463D9 ft=1 fh=c71c00119ea191b0 vn="Variante von Win32/ELEX.BH evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe.vir"
sh=9D7F0A380FCBE50B89341D7A5D26315E9ACB8635 ft=1 fh=a9b27e445319a2b2 vn="Variante von Win32/DealPly.U evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\dermauel\AppData\Roaming\GroovorioUpdater\UpdateProc\UpdateTask.exe.vir"
sh=C3E2EEA43263CC610AA91F562ECE2B1562012BCA ft=1 fh=e62d3c9cdf00b1a7 vn="Variante von Win32/Toolbar.Linkury.E evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\dermauel\AppData\Roaming\OpenCandy\8B75E0139B9A423E9315288E0B8B12A0\Installer.exe.vir"
sh=C4420C6E94B8CAACCB3811384280D8A93CB0A37D ft=1 fh=25f111c507a31a21 vn="Win32/Toolbar.Conduit.R evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\dermauel\AppData\Roaming\OpenCandy\D225034159C34D869001CD591370440C\sp-downloader.exe.vir"
sh=1A278C9611A807BB4319B4DBC0CC28D5B61139E2 ft=1 fh=dc9029d19ecf454f vn="Win32/Systweak.G evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\dermauel\AppData\Roaming\Systweak\ssd\SSDPTstub.exe.vir"
sh=6A0A9783FFE1EE10D850173AA652325188FF37FF ft=1 fh=c71c0011414b9536 vn="Variante von Win32/ELEX.CP evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\dermauel\AppData\Roaming\webssearches\UninstallManager.exe.vir"
sh=99414731D83EBD1177112CFE7E3D849C4DC156F5 ft=1 fh=fbdf85939d27573c vn="Variante von Win64/Systweak.A evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Windows\System32\roboot64.exe.vir"
sh=8B67C4946B050285FE89EFE36AB6DC2F7B3E2D2F ft=1 fh=d91722da20002316 vn="Variante von Win64/Riskware.NetFilter.F Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Windows\System32\drivers\netfilter64.sys.vir"
sh=0391D271C2C3AF46D507993CC39131582E6E4B79 ft=1 fh=c4af14683ef12df4 vn="Win32/VOPackage.BC evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Qoobox\Quarantine\C\Users\dermauel\AppData\Local\nsrBA8B.tmp.vir"
sh=D5D9758C54E41B424159647B7CA089A187107E4A ft=1 fh=9e0b256b1be5b88e vn="Win32/VOPackage.BC evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Qoobox\Quarantine\C\Users\dermauel\AppData\Local\nsxBA51.tmp.vir"
sh=CB72EEB701FC64CC55FEB3C3D0B7E6845B9AA277 ft=1 fh=e835e30ffd8f9fcd vn="Variante von Win32/SoftPulse.O evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\dermauel\AppData\Local\Apps\2.0\ANE7T020.EMB\V06AAN5P.JAN\setu...app_a8b431e3b5fb2f30_0001.0000_6912c1bc5b4a55c3\SetupWizard.exe"
sh=CB72EEB701FC64CC55FEB3C3D0B7E6845B9AA277 ft=1 fh=e835e30ffd8f9fcd vn="Variante von Win32/SoftPulse.O evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\dermauel\AppData\Local\Apps\2.0\ANE7T020.EMB\V06AAN5P.JAN\setup.exe_a8b431e3b5fb2f30_0001.0000_none_e5b986ec793d7650\SetupWizard.exe"
sh=C4A032CA940C5E677177684539B7E1ADEF782A05 ft=1 fh=dc16f5cc5e1db2c8 vn="Variante von Win32/SoftPulse.O evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\dermauel\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MSMX2QSM\New_Player[1].exe"
sh=CA02BC53C7A632F2A4126FE81BB8E69427ECD2AC ft=1 fh=d9acd49da1a7e3bd vn="Win32/Adware.RK.AO.Gen Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Users\dermauel\Documents\Steuer-Sparbuch\2014\Downloads\audiocutter.exe"
sh=37B8BADA7B8FD73D49D8C3A22D076DE8848D5AA4 ft=1 fh=a95c522b9518fb51 vn="Win32/DownloadAdmin.G evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\dermauel\Documents\Steuer-Sparbuch\2014\Downloads\flashplayerpro-setup (1).exe"
sh=F51EB5B65B4152D54643A75DC3BCC6F84BB38133 ft=1 fh=1a5913409518fb51 vn="Win32/DownloadAdmin.G evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\dermauel\Documents\Steuer-Sparbuch\2014\Downloads\flashplayerpro-setup (2).exe"
sh=F51EB5B65B4152D54643A75DC3BCC6F84BB38133 ft=1 fh=1a5913409518fb51 vn="Win32/DownloadAdmin.G evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\dermauel\Documents\Steuer-Sparbuch\2014\Downloads\flashplayerpro-setup.exe"
sh=CC1C8AC0F4CE59ACF47A476FCEE4B0C319DE855B ft=1 fh=eb42f37c4ada50a6 vn="Win32/DownWare.W evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\dermauel\Documents\Steuer-Sparbuch\2014\Downloads\FMPDFJPG2.32.exe"
sh=99B92ACE7C1970AF5AD60D1E74B60B5C011F6BEB ft=1 fh=ed69c0f9a7faed74 vn="Win32/DownWare.W evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\dermauel\Documents\Steuer-Sparbuch\2014\Downloads\FotoMorphV13Setup.exe"
sh=D9D3631285035EE95840031A931969A8EEE900E9 ft=1 fh=dac6f1d6fc5ff2d0 vn="Win32/Somoto.E evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\dermauel\Documents\Steuer-Sparbuch\2014\Downloads\m4a-to-mp3-converter_CB-DL-Manager [1].exe"
sh=CD2BC89E85CD7520A0B507D44BB1CD8CD7566B5F ft=1 fh=9db60c75e0f28fb0 vn="Variante von Win32/InstallCore.UE evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\dermauel\Documents\Steuer-Sparbuch\2014\Downloads\m4a-to-mp3-converter_CB-DL-Manager.exe"
sh=EAE2784C9115FE9CFA44A116B74E72C1BCCFA7F6 ft=1 fh=2e79e77116fe19c4 vn="Win32/DownWare.L evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\dermauel\Documents\Steuer-Sparbuch\2014\Downloads\MyPhoneExplorer_1.8.5 (1).exe"
sh=EAE2784C9115FE9CFA44A116B74E72C1BCCFA7F6 ft=1 fh=2e79e77116fe19c4 vn="Win32/DownWare.L evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\dermauel\Documents\Steuer-Sparbuch\2014\Downloads\MyPhoneExplorer_1.8.5.exe"
sh=6D8BF1383B7A86DC05F45BB6AAEE19930A644816 ft=1 fh=d94f8b816325e7b0 vn="Win32/InstallCore.K evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\dermauel\Documents\Steuer-Sparbuch\2014\Downloads\PDFConverterSetup.exe"
sh=5F1AC74B3D6627825DB2BA58EE185BD36BA326C9 ft=1 fh=63070db64e8e88e4 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\dermauel\Documents\Steuer-Sparbuch\2014\Downloads\strippokerforfree.exe"
Code:
ATTFilter Results of screen317's Security Check version 1.002 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 11 ``````````````Antivirus/Firewall Check:`````````````` Windows Security Center service is not running! This report may not be accurate! WMI entry may not exist for antivirus; attempting automatic update. `````````Anti-malware/Other Utilities Check:````````` Java 8 Update 31 Java version 32-bit out of Date! Adobe Flash Player 17.0.0.169 Adobe Reader XI Google Chrome (43.0.2357.65) Google Chrome (43.0.2357.81) ````````Process Check: objlist.exe by Laurent```````` Malwarebytes Anti-Malware mbamscheduler.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: ````````````````````End of Log`````````````````````` Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 29-05-2015 Ran by dermauel (administrator) on DERMAUEL-PC on 03-06-2015 08:45:52 Running from C:\Users\dermauel\Documents\Steuer-Sparbuch\2014\Downloads Loaded Profiles: dermauel (Available Profiles: dermauel) Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AMD) C:\Windows\System32\atiesrxx.exe (AMD) C:\Windows\System32\atieclxx.exe (SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE (Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Nero AG) C:\Program Files (x86)\Motorola Media Link\NServiceEntry.exe (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe (Acer Incorporated) C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Acer Incorporated) C:\Program Files (x86)\Packard Bell\Registration\GREGsvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe (Motorola Mobility LLC) C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe (NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe (Motorola) C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe (Acer Group) C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe (Motorola Mobility LLC) C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe (Alcor Micro Corp.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Acer Incorporated) C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerTray.exe (SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (Spotify Ltd) C:\Users\dermauel\AppData\Roaming\Spotify\SpotifyWebHelper.exe (Dropbox, Inc.) C:\Users\dermauel\AppData\Roaming\Dropbox\bin\Dropbox.exe (Microsoft Corporation) C:\Windows\System32\alg.exe (Acer Incorporated) C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerEvent.exe (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe (Nuance Communications, Inc.) C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe (Geek Software GmbH) C:\Program Files (x86)\PDF24\pdf24.exe (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe (Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe (Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Farbar) C:\Users\dermauel\Documents\Steuer-Sparbuch\2014\Downloads\FRST64 (1).exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [AmIcoSinglun64] => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [324608 2010-06-10] (Alcor Micro Corp.) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11101800 2010-07-29] (Realtek Semiconductor) HKLM\...\Run: [Acer ePower Management] => C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerTray.exe [861216 2010-06-11] (Acer Incorporated) HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-01-22] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [975952 2010-08-11] (Dritek System Inc.) HKLM-x32\...\Run: [SSBkgdUpdate] => C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [210472 2006-10-25] (Nuance Communications, Inc.) HKLM-x32\...\Run: [PaperPort PTD] => C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe [29984 2008-07-09] (Nuance Communications, Inc.) HKLM-x32\...\Run: [PPort11reminder] => C:\Program Files (x86)\ScanSoft\PaperPort\Ereg\Ereg.exe [328992 2007-08-31] (Nuance Communications, Inc.) HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [191528 2014-07-04] (Geek Software GmbH) HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated) HKU\S-1-5-21-1760913815-1977244394-2032619341-1000\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7799576 2015-05-16] (SUPERAntiSpyware) HKU\S-1-5-21-1760913815-1977244394-2032619341-1000\...\Run: [Spotify Web Helper] => C:\Users\dermauel\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2022968 2015-05-15] (Spotify Ltd) Startup: C:\Users\dermauel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2015-03-29] ShortcutTarget: Dropbox.lnk -> C:\Users\dermauel\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\dermauel\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\dermauel\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\dermauel\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\dermauel\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\dermauel\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\dermauel\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\dermauel\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\dermauel\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.) GroupPolicy: Group Policy on Chrome detected <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKU\S-1-5-21-1760913815-1977244394-2032619341-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome HKU\S-1-5-21-1760913815-1977244394-2032619341-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-1760913815-1977244394-2032619341-1000 -> {3A61CA71-E5DB-4CFB-990F-BB9C6913C26A} URL = https://www.google.com/search?q={searchTerms} BHO: No Name -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> No File BHO-x32: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> No File BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-02-07] (Oracle Corporation) BHO-x32: Windows Live Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22] (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-02-07] (Oracle Corporation) Toolbar: HKU\S-1-5-21-1760913815-1977244394-2032619341-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll [2010-04-16] (Microsoft Corporation) Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll [2010-04-16] (Microsoft Corporation) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 FireFox: ======== FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-04-16] () FF Plugin: @microsoft.com/GENUINE -> disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-16] () FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1167637.dll [2012-08-08] (Adobe Systems, Inc.) FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-18] () FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-02-07] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-02-07] (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.) FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8117.0416 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-04-16] (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-21] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-21] (Google Inc.) FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2014-11-15] () FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-05-01] (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-1760913815-1977244394-2032619341-1000: @lightspark.github.com/Lightspark;version=1 -> C:\Program Files (x86)\Lightspark 0.5.3-git\nplightsparkplugin.dll No File FF Plugin HKU\S-1-5-21-1760913815-1977244394-2032619341-1000: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\dermauel\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [2014-07-24] (Skype Limited) FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2013-07-15] FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0034-ABCDEFFEDCBA} [2013-07-15] FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2013-07-15] FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2013-07-15] FF HKU\S-1-5-21-1760913815-1977244394-2032619341-1000\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff FF Extension: Download videos and MP3s from YouTube - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff [2014-11-15] Chrome: ======= CHR Profile: C:\Users\dermauel\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Bookmark Manager) - C:\Users\dermauel\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-04-22] CHR Extension: (Chrome Hotword Shared Module) - C:\Users\dermauel\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-12] CHR Extension: (Google Wallet) - C:\Users\dermauel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22] CHR HKLM-x32\...\Chrome\Extension: [ildldcbkkbkhnjghnbidklpepakbepnd] - C:\Users\dermauel\AppData\LocalLow\Flagfox\CHROME\Flagfox.crx [Not Found] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2015-05-16] (SUPERAntiSpyware.com) R2 DeviceMonitorService; C:\Program Files (x86)\Motorola Media Link\NServiceEntry.exe [87336 2010-08-06] (Nero AG) R2 ePowerSvc; C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe [868896 2010-06-11] (Acer Incorporated) S3 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [347200 2014-12-17] (WildTangent) R2 GREGService; C:\Program Files (x86)\Packard Bell\Registration\GREGsvc.exe [23584 2010-01-08] (Acer Incorporated) R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2015-04-14] (Malwarebytes Corporation) S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation) R2 Motorola Device Manager; C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [137528 2013-11-15] (Motorola Mobility LLC) R2 NTI IScheduleSvc; C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe [255744 2010-06-29] (NewTech Infosystems, Inc.) R2 PST Service; C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe [65657 2011-09-02] (Motorola) [File not signed] R2 Updater Service; C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe [243232 2010-01-29] (Acer Group) R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation) S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [136408 2015-06-02] (Malwarebytes Corporation) S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-04-14] (Malwarebytes Corporation) R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com) R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com) R3 stdriver; C:\Windows\System32\DRIVERS\stdriverx64.sys [33488 2014-01-28] () R3 WinDriver6; C:\Windows\System32\drivers\windrvr6.sys [254464 2011-03-24] (Jungo) S3 BTCFilterService; system32\DRIVERS\motfilt.sys [X] S3 catchme; \??\C:\ComboFix\catchme.sys [X] S3 motccgp; system32\DRIVERS\motccgp.sys [X] S3 motccgpfl; system32\DRIVERS\motccgpfl.sys [X] S3 motmodem; system32\DRIVERS\motmodem.sys [X] S3 MotoSwitchService; system32\DRIVERS\motswch.sys [X] S3 Motousbnet; system32\DRIVERS\Motousbnet.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-06-03 08:42 - 2015-06-03 08:42 - 00000963 _____ () C:\Users\dermauel\Desktop\checkup.txt 2015-05-29 18:58 - 2015-05-29 18:58 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-DERMAUEL-PC-Windows-7-Home-Premium-(64-bit).dat 2015-05-29 18:58 - 2015-05-29 18:58 - 00000000 ____D () C:\RegBackup 2015-05-29 18:49 - 2015-05-29 18:49 - 00002497 _____ () C:\mbam.txt 2015-05-25 18:46 - 2015-05-25 18:46 - 00029102 _____ () C:\ComboFix.txt 2015-05-22 16:50 - 2015-05-25 13:23 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable) 2015-05-21 14:52 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe 2015-05-21 14:52 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe 2015-05-21 14:52 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe 2015-05-21 14:52 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe 2015-05-21 14:51 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe 2015-05-21 14:51 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe 2015-05-21 14:51 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe 2015-05-21 14:51 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe 2015-05-21 14:45 - 2015-05-25 18:46 - 00000000 ____D () C:\Qoobox 2015-05-21 14:44 - 2015-05-21 15:43 - 00000000 ____D () C:\Windows\erdnt 2015-05-21 13:47 - 2015-05-21 13:47 - 00000000 ____D () C:\Users\dermauel\Documents\Fax 2015-05-18 19:40 - 2015-06-03 08:46 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-05-18 19:40 - 2015-05-25 11:25 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2015-05-18 19:40 - 2015-05-18 19:40 - 00001078 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2015-05-18 19:40 - 2015-05-18 19:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2015-05-18 19:40 - 2015-05-18 19:40 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2015-05-18 19:40 - 2015-04-14 09:37 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2015-05-18 19:40 - 2015-04-14 09:37 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2015-05-15 17:40 - 2015-05-01 15:17 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll 2015-05-15 17:40 - 2015-05-01 15:16 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll 2015-05-15 16:54 - 2015-05-05 03:29 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2015-05-15 16:54 - 2015-05-05 03:12 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2015-05-15 16:54 - 2015-04-18 05:10 - 00460800 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll 2015-05-15 16:54 - 2015-04-18 04:56 - 00342016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll 2015-05-15 16:54 - 2015-02-18 09:06 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe 2015-05-15 16:54 - 2015-02-18 09:04 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe 2015-05-15 16:53 - 2015-04-22 04:28 - 00389840 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2015-05-15 16:53 - 2015-04-22 03:48 - 00342736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2015-05-15 16:53 - 2015-04-21 19:08 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2015-05-15 16:53 - 2015-04-21 19:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2015-05-15 16:53 - 2015-04-21 18:51 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2015-05-15 16:53 - 2015-04-21 18:50 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2015-05-15 16:53 - 2015-04-21 18:50 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2015-05-15 16:53 - 2015-04-21 18:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2015-05-15 16:53 - 2015-04-21 18:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2015-05-15 16:53 - 2015-04-21 18:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2015-05-15 16:53 - 2015-04-21 18:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2015-05-15 16:53 - 2015-04-21 18:35 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2015-05-15 16:53 - 2015-04-21 18:35 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2015-05-15 16:53 - 2015-04-21 18:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2015-05-15 16:53 - 2015-04-21 18:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2015-05-15 16:53 - 2015-04-21 18:31 - 06025728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2015-05-15 16:53 - 2015-04-21 18:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2015-05-15 16:53 - 2015-04-21 18:25 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2015-05-15 16:53 - 2015-04-21 18:24 - 19691008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2015-05-15 16:53 - 2015-04-21 18:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2015-05-15 16:53 - 2015-04-21 18:14 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2015-05-15 16:53 - 2015-04-21 18:11 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2015-05-15 16:53 - 2015-04-21 18:11 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2015-05-15 16:53 - 2015-04-21 18:10 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2015-05-15 16:53 - 2015-04-21 18:09 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec 2015-05-15 16:53 - 2015-04-21 18:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2015-05-15 16:53 - 2015-04-21 18:08 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2015-05-15 16:53 - 2015-04-21 18:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2015-05-15 16:53 - 2015-04-21 18:04 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2015-05-15 16:53 - 2015-04-21 18:03 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2015-05-15 16:53 - 2015-04-21 18:02 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2015-05-15 16:53 - 2015-04-21 18:00 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2015-05-15 16:53 - 2015-04-21 17:58 - 00664576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2015-05-15 16:53 - 2015-04-21 17:58 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2015-05-15 16:53 - 2015-04-21 17:57 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2015-05-15 16:53 - 2015-04-21 17:49 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2015-05-15 16:53 - 2015-04-21 17:49 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2015-05-15 16:53 - 2015-04-21 17:48 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2015-05-15 16:53 - 2015-04-21 17:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2015-05-15 16:53 - 2015-04-21 17:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2015-05-15 16:53 - 2015-04-21 17:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2015-05-15 16:53 - 2015-04-21 17:40 - 14401536 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2015-05-15 16:53 - 2015-04-21 17:39 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2015-05-15 16:53 - 2015-04-21 17:38 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2015-05-15 16:53 - 2015-04-21 17:36 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2015-05-15 16:53 - 2015-04-21 17:31 - 04305920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2015-05-15 16:53 - 2015-04-21 17:27 - 02352128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2015-05-15 16:53 - 2015-04-21 17:26 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2015-05-15 16:53 - 2015-04-21 17:25 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2015-05-15 16:53 - 2015-04-21 17:24 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2015-05-15 16:53 - 2015-04-21 17:17 - 12828672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2015-05-15 16:53 - 2015-04-21 17:15 - 01547264 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2015-05-15 16:53 - 2015-04-21 17:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2015-05-15 16:53 - 2015-04-21 17:02 - 01882112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2015-05-15 16:53 - 2015-04-21 16:58 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2015-05-15 16:53 - 2015-04-21 16:56 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2015-05-15 16:52 - 2015-04-21 19:14 - 24971776 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2015-05-15 16:52 - 2015-04-21 18:50 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec 2015-05-15 16:52 - 2015-04-21 18:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2015-05-15 16:52 - 2015-04-21 18:09 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2015-05-15 16:50 - 2015-04-13 05:28 - 00328704 _____ (Microsoft Corporation) C:\Windows\system32\services.exe 2015-05-15 16:49 - 2015-04-27 21:28 - 05569984 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2015-05-15 16:49 - 2015-04-27 21:28 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys 2015-05-15 16:49 - 2015-04-27 21:28 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys 2015-05-15 16:49 - 2015-04-27 21:26 - 01728960 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll 2015-05-15 16:49 - 2015-04-27 21:23 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2015-05-15 16:49 - 2015-04-27 21:23 - 01254400 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll 2015-05-15 16:49 - 2015-04-27 21:23 - 01162752 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll 2015-05-15 16:49 - 2015-04-27 21:23 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll 2015-05-15 16:49 - 2015-04-27 21:23 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll 2015-05-15 16:49 - 2015-04-27 21:23 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2015-05-15 16:49 - 2015-04-27 21:23 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll 2015-05-15 16:49 - 2015-04-27 21:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll 2015-05-15 16:49 - 2015-04-27 21:23 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll 2015-05-15 16:49 - 2015-04-27 21:23 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll 2015-05-15 16:49 - 2015-04-27 21:23 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll 2015-05-15 16:49 - 2015-04-27 21:23 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll 2015-05-15 16:49 - 2015-04-27 21:23 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll 2015-05-15 16:49 - 2015-04-27 21:23 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll 2015-05-15 16:49 - 2015-04-27 21:23 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll 2015-05-15 16:49 - 2015-04-27 21:23 - 00113664 _____ (Microsoft Corporation) C:\Windows\system32\sechost.dll 2015-05-15 16:49 - 2015-04-27 21:23 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll 2015-05-15 16:49 - 2015-04-27 21:23 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll 2015-05-15 16:49 - 2015-04-27 21:23 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll 2015-05-15 16:49 - 2015-04-27 21:23 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll 2015-05-15 16:49 - 2015-04-27 21:23 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll 2015-05-15 16:49 - 2015-04-27 21:23 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll 2015-05-15 16:49 - 2015-04-27 21:23 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll 2015-05-15 16:49 - 2015-04-27 21:23 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll 2015-05-15 16:49 - 2015-04-27 21:22 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\tracerpt.exe 2015-05-15 16:49 - 2015-04-27 21:22 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe 2015-05-15 16:49 - 2015-04-27 21:22 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe 2015-05-15 16:49 - 2015-04-27 21:22 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe 2015-05-15 16:49 - 2015-04-27 21:22 - 00104448 _____ (Microsoft Corporation) C:\Windows\system32\logman.exe 2015-05-15 16:49 - 2015-04-27 21:22 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\typeperf.exe 2015-05-15 16:49 - 2015-04-27 21:22 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\relog.exe 2015-05-15 16:49 - 2015-04-27 21:22 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe 2015-05-15 16:49 - 2015-04-27 21:22 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\diskperf.exe 2015-05-15 16:49 - 2015-04-27 21:21 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe 2015-05-15 16:49 - 2015-04-27 21:18 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll 2015-05-15 16:49 - 2015-04-27 21:18 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll 2015-05-15 16:49 - 2015-04-27 21:16 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll 2015-05-15 16:49 - 2015-04-27 21:16 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll 2015-05-15 16:49 - 2015-04-27 21:16 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll 2015-05-15 16:49 - 2015-04-27 21:16 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll 2015-05-15 16:49 - 2015-04-27 21:16 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll 2015-05-15 16:49 - 2015-04-27 21:16 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll 2015-05-15 16:49 - 2015-04-27 21:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll 2015-05-15 16:49 - 2015-04-27 21:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll 2015-05-15 16:49 - 2015-04-27 21:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll 2015-05-15 16:49 - 2015-04-27 21:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll 2015-05-15 16:49 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll 2015-05-15 16:49 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll 2015-05-15 16:49 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll 2015-05-15 16:49 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll 2015-05-15 16:49 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll 2015-05-15 16:49 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll 2015-05-15 16:49 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll 2015-05-15 16:49 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll 2015-05-15 16:49 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll 2015-05-15 16:49 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll 2015-05-15 16:49 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll 2015-05-15 16:49 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll 2015-05-15 16:49 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll 2015-05-15 16:49 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll 2015-05-15 16:49 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll 2015-05-15 16:49 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll 2015-05-15 16:49 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll 2015-05-15 16:49 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll 2015-05-15 16:49 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll 2015-05-15 16:49 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll 2015-05-15 16:49 - 2015-04-27 21:11 - 03989440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe 2015-05-15 16:49 - 2015-04-27 21:11 - 03934144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe 2015-05-15 16:49 - 2015-04-27 21:08 - 01310744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll 2015-05-15 16:49 - 2015-04-27 21:05 - 00635392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll 2015-05-15 16:49 - 2015-04-27 21:05 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll 2015-05-15 16:49 - 2015-04-27 21:05 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll 2015-05-15 16:49 - 2015-04-27 21:05 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll 2015-05-15 16:49 - 2015-04-27 21:05 - 00092160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sechost.dll 2015-05-15 16:49 - 2015-04-27 21:05 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll 2015-05-15 16:49 - 2015-04-27 21:05 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll 2015-05-15 16:49 - 2015-04-27 21:05 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2015-05-15 16:49 - 2015-04-27 21:05 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll 2015-05-15 16:49 - 2015-04-27 21:04 - 00641536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll 2015-05-15 16:49 - 2015-04-27 21:04 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll 2015-05-15 16:49 - 2015-04-27 21:04 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tracerpt.exe 2015-05-15 16:49 - 2015-04-27 21:04 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\logman.exe 2015-05-15 16:49 - 2015-04-27 21:04 - 00040448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\typeperf.exe 2015-05-15 16:49 - 2015-04-27 21:04 - 00037888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\relog.exe 2015-05-15 16:49 - 2015-04-27 21:04 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe 2015-05-15 16:49 - 2015-04-27 21:04 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll 2015-05-15 16:49 - 2015-04-27 21:03 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll 2015-05-15 16:49 - 2015-04-27 21:03 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll 2015-05-15 16:49 - 2015-04-27 21:03 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll 2015-05-15 16:49 - 2015-04-27 21:03 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe 2015-05-15 16:49 - 2015-04-27 21:03 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\diskperf.exe 2015-05-15 16:49 - 2015-04-27 21:03 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll 2015-05-15 16:49 - 2015-04-27 21:01 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll 2015-05-15 16:49 - 2015-04-27 21:01 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll 2015-05-15 16:49 - 2015-04-27 20:59 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll 2015-05-15 16:49 - 2015-04-27 20:59 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll 2015-05-15 16:49 - 2015-04-27 20:59 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll 2015-05-15 16:49 - 2015-04-27 20:59 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll 2015-05-15 16:49 - 2015-04-27 20:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll 2015-05-15 16:49 - 2015-04-27 20:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll 2015-05-15 16:49 - 2015-04-27 20:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll 2015-05-15 16:49 - 2015-04-27 20:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll 2015-05-15 16:49 - 2015-04-27 20:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll 2015-05-15 16:49 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll 2015-05-15 16:49 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll 2015-05-15 16:49 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll 2015-05-15 16:49 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll 2015-05-15 16:49 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll 2015-05-15 16:49 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll 2015-05-15 16:49 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll 2015-05-15 16:49 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll 2015-05-15 16:49 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll 2015-05-15 16:49 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll 2015-05-15 16:49 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll 2015-05-15 16:49 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll 2015-05-15 16:49 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll 2015-05-15 16:49 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll 2015-05-15 16:49 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll 2015-05-15 16:49 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll 2015-05-15 16:49 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll 2015-05-15 16:49 - 2015-04-27 20:06 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll 2015-05-15 16:49 - 2015-04-27 19:57 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe 2015-05-15 16:49 - 2015-04-27 19:57 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe 2015-05-15 16:49 - 2015-04-27 19:55 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll 2015-05-15 16:49 - 2015-04-27 19:55 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll 2015-05-15 16:49 - 2015-04-27 19:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll 2015-05-15 16:49 - 2015-04-27 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll 2015-05-15 16:47 - 2015-04-20 05:17 - 01647104 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll 2015-05-15 16:47 - 2015-04-20 05:17 - 01179136 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll 2015-05-15 16:47 - 2015-04-20 04:56 - 01250816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll 2015-05-15 16:47 - 2015-04-20 04:11 - 03204608 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2015-05-15 16:47 - 2015-04-08 05:29 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll 2015-05-15 16:47 - 2015-04-08 05:29 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll 2015-05-15 16:47 - 2015-04-08 05:14 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll 2015-05-15 16:47 - 2015-01-29 05:19 - 02543104 _____ (Microsoft Corporation) C:\Windows\system32\wpdshext.dll 2015-05-15 16:47 - 2015-01-29 05:02 - 02311168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wpdshext.dll 2015-05-15 16:46 - 2015-03-04 06:41 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\apphelp.dll 2015-05-15 16:46 - 2015-03-04 06:41 - 00072192 _____ (Microsoft Corporation) C:\Windows\system32\aelupsvc.dll 2015-05-15 16:46 - 2015-03-04 06:41 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\sdbinst.exe 2015-05-15 16:46 - 2015-03-04 06:41 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\shimeng.dll 2015-05-15 16:46 - 2015-03-04 06:11 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shimeng.dll 2015-05-15 16:46 - 2015-03-04 06:10 - 00295936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apphelp.dll 2015-05-15 16:46 - 2015-03-04 06:10 - 00020992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sdbinst.exe 2015-05-06 18:16 - 2015-05-06 18:16 - 00002071 _____ () C:\Users\Public\Desktop\WISO Steuer-Sparbuch 2015.lnk 2015-05-06 18:15 - 2015-05-06 18:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WISO Steuer-Sparbuch 2015 ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-06-03 08:45 - 2014-05-14 16:50 - 00000000 ____D () C:\FRST 2015-06-03 08:40 - 2009-07-14 06:45 - 00025840 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-06-03 08:40 - 2009-07-14 06:45 - 00025840 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-06-03 08:32 - 2014-08-22 16:29 - 00000000 ___RD () C:\Users\dermauel\Dropbox 2015-06-03 08:32 - 2014-08-22 16:26 - 00000000 ____D () C:\Users\dermauel\AppData\Roaming\Dropbox 2015-06-03 08:32 - 2014-08-18 18:34 - 00021835 _____ () C:\Windows\setupact.log 2015-06-03 08:32 - 2014-05-23 21:04 - 00000374 _____ () C:\Windows\system32\Drivers\etc\hosts.ics 2015-06-03 08:32 - 2014-03-04 15:38 - 00000000 ____D () C:\Temp 2015-06-03 08:32 - 2014-01-03 15:31 - 00000000 ____D () C:\Program Files (x86)\Motorola Media Link 2015-06-03 08:32 - 2013-06-11 18:26 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-06-03 08:32 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2015-06-03 08:31 - 2014-08-18 18:33 - 00169950 _____ () C:\Windows\PFRO.log 2015-06-02 14:06 - 2010-10-19 18:11 - 01481544 _____ () C:\Windows\WindowsUpdate.log 2015-06-02 13:30 - 2013-06-11 18:26 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-06-02 13:25 - 2012-01-01 13:34 - 00001150 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1760913815-1977244394-2032619341-1000UA.job 2015-06-02 13:19 - 2012-04-06 10:05 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-06-02 10:11 - 2010-10-20 04:00 - 00703230 _____ () C:\Windows\system32\perfh007.dat 2015-06-02 10:11 - 2010-10-20 04:00 - 00150838 _____ () C:\Windows\system32\perfc007.dat 2015-06-02 10:11 - 2009-07-14 07:13 - 01629508 _____ () C:\Windows\system32\PerfStringBackup.INI 2015-06-02 09:50 - 2012-03-30 10:03 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware 2015-05-31 16:25 - 2012-01-01 13:34 - 00001128 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1760913815-1977244394-2032619341-1000Core.job 2015-05-29 18:53 - 2014-08-26 17:43 - 00000000 ____D () C:\AdwCleaner 2015-05-29 15:56 - 2013-12-04 19:58 - 00001007 _____ () C:\Windows\wiso.ini 2015-05-29 15:56 - 2012-02-24 20:47 - 00000836 _____ () C:\Windows\MyHeritage.INI 2015-05-28 22:05 - 2012-05-20 15:12 - 00000000 ____D () C:\Users\dermauel\AppData\Roaming\Spotify 2015-05-28 21:36 - 2012-05-08 12:19 - 00000000 ____D () C:\Users\dermauel\Documents\Kompanie 2015-05-28 20:07 - 2012-05-20 15:12 - 00000000 ____D () C:\Users\dermauel\AppData\Local\Spotify 2015-05-25 18:41 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini 2015-05-25 18:26 - 2014-11-22 21:58 - 00000000 ____D () C:\Program Files (x86)\SpeedFan 2015-05-25 18:25 - 2011-02-22 20:27 - 00001912 _____ () C:\Windows\epplauncher.mif 2015-05-21 16:08 - 2012-03-28 16:34 - 00000000 ____D () C:\ProgramData\Lexware 2015-05-21 15:47 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Default 2015-05-21 15:01 - 2012-06-21 11:33 - 00000071 _____ () C:\Windows\iltwain.ini 2015-05-21 15:01 - 2011-03-13 22:35 - 00000000 ____D () C:\Users\dermauel\AppData\Local\CrashDumps 2015-05-21 15:01 - 2011-01-03 17:48 - 00000000 ____D () C:\Users\dermauel 2015-05-21 13:47 - 2013-03-14 18:05 - 00000000 ____D () C:\Users\dermauel\AppData\Roaming\Audacity 2015-05-21 13:28 - 2015-04-04 23:43 - 00000000 ___SD () C:\Windows\SysWOW64\GWX 2015-05-21 13:28 - 2015-04-04 23:43 - 00000000 ___SD () C:\Windows\system32\GWX 2015-05-21 13:25 - 2013-06-11 18:26 - 00004106 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2015-05-21 13:25 - 2013-06-11 18:26 - 00003854 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2015-05-18 19:21 - 2014-08-16 15:39 - 00000000 ____D () C:\Program Files (x86)\F10DE075-EE9C-4182-AE10-C6767F4F23FB 2015-05-18 19:21 - 2012-06-14 10:37 - 00000000 ____D () C:\Program Files (x86)\PDFCreator 2015-05-18 19:00 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache 2015-05-16 12:26 - 2014-02-17 20:00 - 00000000 ____D () C:\Users\dermauel\AppData\Roaming\Skype 2015-05-16 12:22 - 2012-04-13 14:55 - 00000000 ____D () C:\CareLink Data 2015-05-15 18:19 - 2009-07-14 06:45 - 00431120 _____ () C:\Windows\system32\FNTCACHE.DAT 2015-05-15 18:15 - 2010-09-08 05:25 - 00000000 ____D () C:\Program Files\Windows Journal 2015-05-15 18:15 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\AdvancedInstallers 2015-05-15 18:14 - 2013-03-14 11:35 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight 2015-05-15 18:04 - 2011-02-22 20:36 - 00000000 ____D () C:\ProgramData\Microsoft Help 2015-05-15 18:02 - 2013-08-14 19:08 - 00000000 ____D () C:\Windows\system32\MRT 2015-05-15 17:49 - 2011-01-04 22:34 - 140425016 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2015-05-15 17:40 - 2013-03-14 11:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight 2015-05-15 17:38 - 2013-03-14 11:35 - 00000000 ____D () C:\Program Files\Microsoft Silverlight 2015-05-15 16:55 - 2013-11-30 21:08 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk 2015-05-12 19:44 - 2012-04-24 12:20 - 00000000 ____D () C:\RSM Fire Protection 2015-05-09 11:52 - 2013-12-09 17:36 - 00000000 ____D () C:\Users\dermauel\Documents\Steuer-Sparbuch 2015-05-09 10:21 - 2014-08-22 16:29 - 00001041 _____ () C:\Users\dermauel\Desktop\Dropbox.lnk 2015-05-09 10:21 - 2014-08-22 16:28 - 00000000 ____D () C:\Users\dermauel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox 2015-05-06 18:53 - 2013-02-28 21:46 - 00000000 ____D () C:\Users\dermauel\Documents\Nagelstudio 2015-05-06 18:16 - 2013-12-04 19:58 - 00000000 ____D () C:\Users\dermauel\AppData\Local\Buhl 2015-05-06 18:11 - 2014-05-22 18:36 - 00000000 ____D () C:\Program Files (x86)\WISO 2015-05-06 18:11 - 2010-09-08 05:01 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information ==================== Files in the root of some directories ======= 2011-03-24 10:08 - 2011-03-24 10:08 - 0458752 ____R (Macromedia) C:\Program Files (x86)\Common Files\HHActiveX.dll 1997-09-04 01:00 - 1997-09-04 01:00 - 0311296 _____ (Microsoft Corporation) C:\Program Files (x86)\Common Files\msacc8.olb 2013-04-15 20:35 - 2013-04-15 20:35 - 0001181 _____ () C:\Users\dermauel\AppData\Roaming\trace_FilterInstaller.1.txt 2013-04-15 20:35 - 2014-01-28 18:44 - 0001181 _____ () C:\Users\dermauel\AppData\Roaming\trace_FilterInstaller.txt 2013-04-15 20:35 - 2014-01-28 18:44 - 0000000 _____ () C:\Users\dermauel\AppData\Roaming\trace_FilterInstaller.txt-CRT.txt 2014-08-23 14:22 - 2014-08-23 14:22 - 0000042 _____ () C:\Users\dermauel\AppData\Roaming\WB.CFG 2013-07-27 15:50 - 2013-07-27 15:50 - 0081582 _____ () C:\Users\dermauel\AppData\Roaming\zulagames.ico 2011-08-22 14:47 - 2012-01-18 18:50 - 0008192 _____ () C:\Users\dermauel\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2011-07-21 16:44 - 2013-05-04 19:04 - 0004096 ____H () C:\Users\dermauel\AppData\Local\keyfile3.drm 2012-11-25 16:34 - 2013-04-23 19:03 - 0007608 _____ () C:\Users\dermauel\AppData\Local\Resmon.ResmonCfg Some files in TEMP: ==================== C:\Users\dermauel\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpegz2zg.dll C:\Users\dermauel\AppData\Local\Temp\Quarantine.exe C:\Users\dermauel\AppData\Local\Temp\sqlite3.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-05-31 19:01 ==================== End of log ============================ Viele Grüße Ernst |
|
03.06.2015, 19:46
| #13 |
| /// the machine /// TB-Ausbilder | Laptop infiziert - Öffnet selbstständig Programme Java updaten. Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter C:\Users\dermauel\AppData\Local\Apps\2.0\ANE7T020.EMB\V06AAN5P.JAN\setu...app_a8b431e3b5fb2f30_0001.0000_6912c1bc5b4a55c3\SetupWizard.exe
C:\Users\dermauel\AppData\Local\Apps\2.0\ANE7T020.EMB\V06AAN5P.JAN\setup.exe_a8b431e3b5fb2f30_0001.0000_none_e5b986ec793d7650\SetupWizard.exe
C:\Users\dermauel\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MSMX2QSM\New_Player[1].exe
C:\Users\dermauel\Documents\Steuer-Sparbuch\2014\Downloads\audiocutter.exe
C:\Users\dermauel\Documents\Steuer-Sparbuch\2014\Downloads\flashplayerpro-setup (1).exe
C:\Users\dermauel\Documents\Steuer-Sparbuch\2014\Downloads\flashplayerpro-setup (2).exe
C:\Users\dermauel\Documents\Steuer-Sparbuch\2014\Downloads\flashplayerpro-setup.exe
C:\Users\dermauel\Documents\Steuer-Sparbuch\2014\Downloads\FMPDFJPG2.32.exe
C:\Users\dermauel\Documents\Steuer-Sparbuch\2014\Downloads\FotoMorphV13Setup.exe
C:\Users\dermauel\Documents\Steuer-Sparbuch\2014\Downloads\m4a-to-mp3-converter_CB-DL-Manager [1].exe
C:\Users\dermauel\Documents\Steuer-Sparbuch\2014\Downloads\m4a-to-mp3-converter_CB-DL-Manager.exe
C:\Users\dermauel\Documents\Steuer-Sparbuch\2014\Downloads\MyPhoneExplorer_1.8.5 (1).exe
C:\Users\dermauel\Documents\Steuer-Sparbuch\2014\Downloads\MyPhoneExplorer_1.8.5.exe
C:\Users\dermauel\Documents\Steuer-Sparbuch\2014\Downloads\PDFConverterSetup.exe
C:\Users\dermauel\Documents\Steuer-Sparbuch\2014\Downloads\strippokerforfree.exe
Emptytemp:
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Downloade dir bitte  Farbar Service Scanner
Poste bitte den Inhalt hier.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
| Themen zu Laptop infiziert - Öffnet selbstständig Programme |
| arten, bereinige, bereinigen, besucher, einiger, ferngesteuert, hartnäckige, hartnäckigen, infiziert, laptop, maus, problem, programm, programme, selbstständig, sofort, start, starte, starten, öffnet |
Linear-Darstellung
