| |
| |||||||
Log-Analyse und Auswertung: Telekom Brief Zeus/ZbotWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
24.05.2015, 09:45
| #1 |
 |  Telekom Brief Zeus/Zbot Schönen guten Morgen, Ich habe folgendes Problem: Vor kurzem lag ein Brief der Telekom im Briefkasten, in dem stand, dass ein PC in meinem Netzwerk vom Trojaner Zeus/Zbot befallen sei. Weiter wurde erwähnt dass mit dem EUcleaner (HitmanPro) von botfrei.de/telekom dieser Trojaner ausfindig gemacht und entfernt werden kann. Ich lebe in einer WG mit 2 weiteren Personen, die Rechner die in Frage kommen wären somit : Mein Laptop (win7, avira& mbam & Lubuntu 14.10) Mein Desktop (Win8.1 , avast & mbam& Lubuntu 14.10) 2 Laptops meiner Mitbewohner (beide win 7 mit avira) + Smartphones & Tablets Das von der Telekom empohlene Tool Hitmanpro hat leider außer ein paar tracking cookies nichts gefunden, auf keinem Laptop/PC. Mein Laptop zeigt in win7 mittlerweile auch ein merkwürdiges verhalten. Ich habe noch avira antivir free, das laut kontrollzentrum angeblich aktiv ist, jedoch kann ich keine scans durchführen, es erscheint die fehlermeldung, dass ich nicht die benötigten Berechtigungen hätte um auf avscan.exe zuzugreifen. weiter wird im Telekomschreiben empfohlen, dass ich alle Passwörter zu email konten und sogar das Internetpasswort das zum einwählen verwendet wird ändern soll. Wie soll ich weiter vorgehen? Meine Mitbewohner und ich haben natürlich jegliche sensiblen Aktionen (onlineBanking, online Einkäufe,...) eingestellt. Ich freue mich auf eure Hilfe Beste Grüße Michael |
|
24.05.2015, 09:47
| #2 |
| /// TB-Ausbilder   |  Telekom Brief Zeus/Zbot Mein Name ist Matthias und ich werde dir bei der Bereinigung deines Computers helfen. Bitte beachte folgende Hinweise:
Bitte arbeite alle Schritte in der vorgegebenen Reihefolge nacheinander ab und poste alle Logdateien in CODE-Tags:  So funktioniert es:Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert deinem Helfer massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu groß für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
Danke für deine Mitarbeit! Wir beginnen mal mit einem deiner Rechner. Zur ersten Analyse bitte FRST und TDSS-Killer ausführen: Schritt 1 Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:  FRST 32-Bit | FRST 64-Bit(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
Schritt 2 Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
Bitte poste mit deiner nächsten Antwort
|
|
24.05.2015, 09:48
| #3 |
| | Telekom Brief Zeus/Zbot Hier noch ein paar logs:
__________________defogger: Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 17:18 on 23/05/2015 (Michael)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
HKCU:DAEMON Tools Lite -> Removed
Checking for services/drivers...
-=E.O.F=-
Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 22-05-2015 01 Ran by Michael (administrator) on MICHAEL-LAPTOP on 23-05-2015 17:20:40 Running from C:\Users\Michael\Desktop Loaded Profiles: Michael & Classic .NET AppPool & DefaultAppPool & ASP.NET v4.0 & (Available Profiles: Michael & Classic .NET AppPool & DefaultAppPool & ASP.NET v4.0) Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe (Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe (Juniper Networks, Inc.) C:\Program Files (x86)\Juniper Networks\Common Files\dsNcService.exe (Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Microsoft Corporation) C:\Windows\System32\inetsrv\inetinfo.exe (Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe (VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe (VMware, Inc.) C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe (Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (hxxp://tortoisesvn.net) C:\Program Files\TortoiseSVN\bin\TSVNCache.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (Dropbox, Inc.) C:\Users\Michael\AppData\Roaming\Dropbox\bin\Dropbox.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe (Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe (Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe (Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\btplayerctrl.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (hxxp://tortoisesvn.net) C:\Program Files\TortoiseSVN\bin\TSVNCache.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM-x32\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6611048 2011-02-18] (Realtek Semiconductor) HKLM-x32\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2188904 2011-01-18] (Realtek Semiconductor) HKLM-x32\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2531624 2010-12-17] (Synaptics Incorporated) HKLM-x32\...\Run: [QuickSet] => C:\Program Files\Dell\QuickSet\QuickSet.exe [4479648 2011-01-25] (Dell Inc.) HKLM-x32\...\Run: [BLEServicesCtrl] => C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe [184632 2013-10-18] (Motorola Solutions, Inc.) HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp HKLM-x32\...\Run: [IgfxTray] => C:\Windows\system32\igfxtray.exe [172016 2014-04-09] (Intel Corporation) HKLM-x32\...\Run: [HotKeysCmds] => C:\Windows\system32\hkcmd.exe [399856 2014-04-09] (Intel Corporation) HKLM-x32\...\Run: [Persistence] => C:\Windows\system32\igfxpers.exe [442352 2014-04-09] (Intel Corporation) HKLM-x32\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2403104 2014-07-24] (NVIDIA Corporation) HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [728312 2015-05-05] (Avira Operations GmbH & Co. KG) HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.) HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [129272 2015-03-16] (Avira Operations GmbH & Co. KG) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKU\S-1-5-21-1041102655-3613075563-312560558-1000\...\Run: [AdobeBridge] => [X] HKU\S-1-5-21-1041102655-3613075563-312560558-1000\...\MountPoints2: E - E:\wubi.exe HKU\S-1-5-21-1041102655-3613075563-312560558-1000\...\MountPoints2: {233f92e5-4f25-11e3-a1ba-4ceb424e2b21} - F:\LaunchU3.exe -a HKU\S-1-5-21-1041102655-3613075563-312560558-1000\...\MountPoints2: {58fdc2f7-67d4-11e3-a298-4ceb424e2b21} - E:\wubi.exe HKU\S-1-5-21-1041102655-3613075563-312560558-1000\...\MountPoints2: {5cd36e32-34d7-11e3-897d-806e6f6e6963} - D:\autoRcd.exe HKU\S-1-5-21-1041102655-3613075563-312560558-1000\...\MountPoints2: {5f7174cc-34db-11e3-885c-806e6f6e6963} - D:\wubi.exe HKU\S-1-5-21-1041102655-3613075563-312560558-1000\...\MountPoints2: {bd8fa51f-a0d6-11e3-9f05-4ceb424e2b21} - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\start.exe HKU\S-1-5-21-1041102655-3613075563-312560558-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3675352 2013-10-28] (Disc Soft Ltd) HKU\S-1-5-21-1041102655-3613075563-312560558-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [AdobeBridge] => [X] HKU\S-1-5-21-1041102655-3613075563-312560558-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: E - E:\wubi.exe HKU\S-1-5-21-1041102655-3613075563-312560558-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {233f92e5-4f25-11e3-a1ba-4ceb424e2b21} - F:\LaunchU3.exe -a HKU\S-1-5-21-1041102655-3613075563-312560558-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {58fdc2f7-67d4-11e3-a298-4ceb424e2b21} - E:\wubi.exe HKU\S-1-5-21-1041102655-3613075563-312560558-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {5cd36e32-34d7-11e3-897d-806e6f6e6963} - D:\autoRcd.exe HKU\S-1-5-21-1041102655-3613075563-312560558-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {5f7174cc-34db-11e3-885c-806e6f6e6963} - D:\wubi.exe HKU\S-1-5-21-1041102655-3613075563-312560558-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {bd8fa51f-a0d6-11e3-9f05-4ceb424e2b21} - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\start.exe AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [166616 2014-09-10] (NVIDIA Corporation) AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [146528 2014-09-10] (NVIDIA Corporation) Startup: C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2014-08-18] ShortcutTarget: Dropbox.lnk -> C:\Users\Michael\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) ShellIconOverlayIdentifiers: [1TortoiseNormal] -> {C5994560-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net) ShellIconOverlayIdentifiers: [2TortoiseModified] -> {C5994561-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net) ShellIconOverlayIdentifiers: [3TortoiseConflict] -> {C5994562-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net) ShellIconOverlayIdentifiers: [4TortoiseLocked] -> {C5994563-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net) ShellIconOverlayIdentifiers: [5TortoiseReadOnly] -> {C5994564-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net) ShellIconOverlayIdentifiers: [6TortoiseDeleted] -> {C5994565-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net) ShellIconOverlayIdentifiers: [7TortoiseAdded] -> {C5994566-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net) ShellIconOverlayIdentifiers: [8TortoiseIgnored] -> {C5994567-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net) ShellIconOverlayIdentifiers: [9TortoiseUnversioned] -> {C5994568-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net) ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Michael\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Michael\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Michael\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Michael\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [1TortoiseNormal] -> {C5994560-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net) ShellIconOverlayIdentifiers-x32: [2TortoiseModified] -> {C5994561-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net) ShellIconOverlayIdentifiers-x32: [3TortoiseConflict] -> {C5994562-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net) ShellIconOverlayIdentifiers-x32: [4TortoiseLocked] -> {C5994563-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net) ShellIconOverlayIdentifiers-x32: [5TortoiseReadOnly] -> {C5994564-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net) ShellIconOverlayIdentifiers-x32: [6TortoiseDeleted] -> {C5994565-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net) ShellIconOverlayIdentifiers-x32: [7TortoiseAdded] -> {C5994566-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net) ShellIconOverlayIdentifiers-x32: [8TortoiseIgnored] -> {C5994567-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net) ShellIconOverlayIdentifiers-x32: [9TortoiseUnversioned] -> {C5994568-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net) ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Michael\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Michael\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Michael\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.) CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION CHR HKU\S-1-5-21-1041102655-3613075563-312560558-1000\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION CHR HKU\S-1-5-21-1041102655-3613075563-312560558-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKU\S-1-5-21-1041102655-3613075563-312560558-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp HKU\S-1-5-21-1041102655-3613075563-312560558-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp BHO: No Name -> {41564952-412D-5637-00A7-7A786E7484D7} -> No File BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll [2015-02-18] (Oracle Corporation) BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2014-05-08] (Adobe Systems Incorporated) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-02-18] (Oracle Corporation) BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2014-05-08] (Adobe Systems Incorporated) BHO-x32: Microsoft Web Test Recorder 12.0 Helper -> {432dd630-7e03-4c97-9d62-b99f52df4fc2} -> C:\Program Files (x86)\Microsoft Visual Studio 12.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll [2013-10-05] (Microsoft Corporation) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-02-18] (Oracle Corporation) BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2014-05-08] (Adobe Systems Incorporated) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-02-18] (Oracle Corporation) BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2014-05-08] (Adobe Systems Incorporated) Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2014-05-08] (Adobe Systems Incorporated) Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2014-05-08] (Adobe Systems Incorporated) Toolbar: HKU\S-1-5-21-1041102655-3613075563-312560558-1000 -> No Name - {41564952-412D-5637-00A7-7A786E7484D7} - No File Toolbar: HKU\S-1-5-21-1041102655-3613075563-312560558-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> No Name - {41564952-412D-5637-00A7-7A786E7484D7} - No File DPF: HKLM {AA570693-00E2-4907-B6F1-60A1199B030C} https://juniper.net/dana-cached/sc/JuniperSetupClient64.cab DPF: HKLM-x32 {6C269571-C6D7-4818-BCA4-32A035E8C884} hxxp://ccfiles.creative.com/Web/softwareupdate/su/ocx/15102/CTSUEng.cab DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab DPF: HKLM-x32 {D4B68B83-8710-488B-A692-D74B50BA558E} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab DPF: HKLM-x32 {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/dana-cached/sc/JuniperSetupClient.cab DPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/130321/CTPID.cab Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies) Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 192.168.2.1 FireFox: ======== FF ProfilePath: C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\9wr46jyi.default FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_134.dll [2015-04-06] () FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-02-18] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-02-18] (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation) FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2014-04-28] (Adobe Systems) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_134.dll [2015-04-06] () FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google) FF Plugin-x32: @IPCWebComponents -> C:\Program Files (x86)\IPCWebComponents\npIPCReg.dll [2015-01-14] () FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-02-18] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-02-18] (Oracle Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.) FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2014-09-10] (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2014-09-10] (NVIDIA Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-18] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-18] (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.1.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN) FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll [2014-09-12] (Adobe Systems Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-09-12] (Adobe Systems Inc.) FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2014-04-28] (Adobe Systems) FF Extension: Avira Browser Safety - C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\9wr46jyi.default\Extensions\abs@avira.com [2015-04-29] FF Extension: Selenium IDE: C# Formatters - C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\9wr46jyi.default\Extensions\csharpformatters@seleniumhq.org.xpi [2014-02-18] FF Extension: Firebug - C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\9wr46jyi.default\Extensions\firebug@software.joehewitt.com.xpi [2013-12-11] FF Extension: Selenium IDE: Java Formatters - C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\9wr46jyi.default\Extensions\javaformatters@seleniumhq.org.xpi [2014-02-18] FF Extension: Selenium IDE: Python Formatters - C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\9wr46jyi.default\Extensions\pythonformatters@seleniumhq.org.xpi [2014-02-18] FF Extension: Selenium IDE: Ruby Formatters - C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\9wr46jyi.default\Extensions\rubyformatters@seleniumhq.org.xpi [2014-02-18] FF Extension: ProxTube - C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\9wr46jyi.default\Extensions\{2541D29A-DB9E-4c1e-949A-31EFB4AEF4E7}.xpi [2014-07-29] FF Extension: Selenium IDE - C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\9wr46jyi.default\Extensions\{a6fd85ed-e919-4a43-a5af-8da18bda539f}.xpi [2014-02-18] FF Extension: Adblock Plus - C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\9wr46jyi.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-10-14] FF Extension: Fox!Box - C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\9wr46jyi.default\Extensions\{df4e4df5-5cb7-46b0-9aef-6c784c3249f8}.xpi [2013-10-27] FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2014-07-17] Chrome: ======= CHR Profile: C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Docs) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-01-24] CHR Extension: (Google Drive) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-01-24] CHR Extension: (YouTube) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-01-24] CHR Extension: (Adblock Plus) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-10-08] CHR Extension: (Google Search) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-01-24] CHR Extension: (Adobe Acrobat - Create PDF) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2014-07-19] CHR Extension: (Avira Browser Safety) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2015-01-20] CHR Extension: (Bookmark Manager) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-04-22] CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-16] CHR Extension: (Google Wallet) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-24] CHR Extension: (Gmail) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-01-24] CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2014-09-12] CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S4 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2013-10-15] (Adobe Systems) [] S2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [827640 2015-05-05] (Avira Operations GmbH & Co. KG) R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [434424 2015-05-05] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [434424 2015-05-05] (Avira Operations GmbH & Co. KG) S2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1185584 2015-05-05] (Avira Operations GmbH & Co. KG) S2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [201008 2015-03-16] (Avira Operations GmbH & Co. KG) S3 c2wts; C:\Program Files\Windows Identity Foundation\v3.5\c2wtshost.exe [15768 2010-02-03] (Microsoft Corporation) R2 DiagTrack; C:\Windows\system32\diagtrack.dll [1254400 2015-04-27] (Microsoft Corporation) S3 fussvc; C:\Program Files (x86)\Windows Kits\8.1\App Certification Kit\fussvc.exe [142336 2014-02-20] (Microsoft Corporation) [] S2 HitmanPro37CrusaderBoot; F:\HitmanPro_x64 (1).exe [11024496 2015-05-23] (SurfRight B.V.) R2 IISADMIN; C:\Windows\system32\inetsrv\inetinfo.exe [15872 2010-11-21] (Microsoft Corporation) R2 IpOverUsbSvc; C:\Program Files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe [22744 2014-10-15] (Microsoft Corporation) S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation) S2 MSSQL$SQLEXPRESS; c:\Program Files\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [62379184 2014-07-10] (Microsoft Corporation) S4 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-09-15] () R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1720608 2014-07-24] (NVIDIA Corporation) R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [18955552 2014-07-24] (NVIDIA Corporation) S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-03-01] (Riverbed Technology, Inc.) S4 SQLAgent$SQLEXPRESS; c:\Program Files\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [442536 2014-07-10] (Microsoft Corporation) S4 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [] S3 Te.Service; C:\Program Files (x86)\Windows Kits\8.1\Testing\Runtimes\TAEF\Wex.Services.exe [119808 2013-08-22] (Microsoft Corporation) [] S3 VsEtwService120; C:\Program Files\Microsoft Visual Studio 12.0\Common7\Packages\Debugger\Services\VsEtwService.exe [89232 2014-07-22] (Microsoft Corporation) R2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [453120 2010-11-21] (Microsoft Corporation) R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) S3 WMSVC; C:\Windows\system32\inetsrv\wmsvc.exe [10752 2009-07-14] (Microsoft Corporation) S4 ZcfgSvc7; C:\Program Files\Intel\WiFi\bin\ZCfgSvc7.exe [994064 2011-09-15] (Intel(R) Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [152744 2015-05-05] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132120 2015-05-05] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-09-30] (Avira Operations GmbH & Co. KG) R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [44088 2015-03-10] (Avira Operations GmbH & Co. KG) R3 btmaudio; C:\Windows\System32\drivers\btmaud.sys [88376 2013-03-18] (Motorola Solutions, Inc.) R3 btmaux; C:\Windows\System32\DRIVERS\btmaux.sys [140600 2013-07-22] (Motorola Solutions, Inc.) R3 btmhsf; C:\Windows\System32\DRIVERS\btmhsf.sys [1408824 2013-10-18] (Motorola Solutions, Inc.) R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2013-12-18] (Disc Soft Ltd) S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [136408 2015-05-23] (Malwarebytes Corporation) S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-04-14] (Malwarebytes Corporation) R2 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-03-01] (Riverbed Technology, Inc.) R1 nvkflt; C:\Windows\System32\DRIVERS\nvkflt.sys [300352 2014-09-10] (NVIDIA Corporation) R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [20256 2014-07-24] (NVIDIA Corporation) R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [40392 2014-03-31] (NVIDIA Corporation) S4 RsFx0153; C:\Windows\System32\DRIVERS\RsFx0153.sys [322736 2014-07-10] (Microsoft Corporation) S3 US800_01; C:\Windows\System32\DRIVERS\US800Wdm.sys [36440 2011-01-08] () S3 US800_AA; C:\Windows\System32\DRIVERS\US800Drv.sys [90200 2011-01-08] () R0 vsock; C:\Windows\System32\drivers\vsock.sys [73296 2013-10-08] (VMware, Inc.) ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-06-07 15:59 - 2015-05-10 22:16 - 00000600 _____ () C:\Users\Michael\AppData\Local\PUTTY.RND 2015-06-07 09:38 - 2015-06-07 09:39 - 00524288 _____ (Simon Tatham) C:\Users\Michael\Desktop\putty.exe 2015-06-06 17:11 - 2015-06-06 17:11 - 00689051 _____ () C:\Users\Michael\Documents\VisualBoyAdvance-1.8.0-beta3.zip 2015-06-06 17:11 - 2015-06-06 17:11 - 00000000 ____D () C:\Users\Michael\Desktop\gbx 2015-06-06 17:09 - 2015-06-06 17:09 - 00303558 _____ () C:\Users\Michael\Documents\Zelda - Links Awakening (D).zip 2015-05-23 17:20 - 2015-05-23 17:20 - 00032626 _____ () C:\Users\Michael\Desktop\FRST.txt 2015-05-23 17:20 - 2015-05-23 17:20 - 00000000 ____D () C:\FRST 2015-05-23 17:19 - 2015-05-23 17:19 - 02108416 _____ (Farbar) C:\Users\Michael\Desktop\FRST64.exe 2015-05-23 17:18 - 2015-05-23 17:18 - 00050477 _____ () C:\Users\Michael\Documents\Defogger.exe 2015-05-23 17:18 - 2015-05-23 17:18 - 00000546 _____ () C:\Users\Michael\Documents\defogger_disable.log 2015-05-23 17:18 - 2015-05-23 17:18 - 00000168 _____ () C:\Users\Michael\defogger_reenable 2015-05-23 16:46 - 2015-05-23 16:46 - 00012872 _____ (SurfRight B.V.) C:\Windows\system32\bootdelete.exe 2015-05-23 16:46 - 2015-05-23 16:46 - 00004908 _____ () C:\Windows\system32\.crusader 2015-05-23 16:37 - 2015-05-23 16:46 - 00000000 ____D () C:\ProgramData\HitmanPro 2015-05-19 00:43 - 2015-05-01 15:17 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll 2015-05-19 00:43 - 2015-05-01 15:16 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll 2015-05-18 23:41 - 2015-05-18 23:42 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2015-05-18 23:01 - 2015-05-05 03:29 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2015-05-18 23:01 - 2015-05-05 03:12 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2015-05-18 23:01 - 2015-04-22 04:28 - 00389840 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2015-05-18 23:01 - 2015-04-22 03:48 - 00342736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2015-05-18 23:01 - 2015-04-21 19:14 - 24971776 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2015-05-18 23:01 - 2015-04-21 19:08 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2015-05-18 23:01 - 2015-04-21 19:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2015-05-18 23:01 - 2015-04-21 18:51 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2015-05-18 23:01 - 2015-04-21 18:50 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2015-05-18 23:01 - 2015-04-21 18:50 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec 2015-05-18 23:01 - 2015-04-21 18:50 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2015-05-18 23:01 - 2015-04-21 18:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2015-05-18 23:01 - 2015-04-21 18:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2015-05-18 23:01 - 2015-04-21 18:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2015-05-18 23:01 - 2015-04-21 18:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2015-05-18 23:01 - 2015-04-21 18:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2015-05-18 23:01 - 2015-04-21 18:35 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2015-05-18 23:01 - 2015-04-21 18:35 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2015-05-18 23:01 - 2015-04-21 18:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2015-05-18 23:01 - 2015-04-21 18:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2015-05-18 23:01 - 2015-04-21 18:31 - 06025728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2015-05-18 23:01 - 2015-04-21 18:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2015-05-18 23:01 - 2015-04-21 18:25 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2015-05-18 23:01 - 2015-04-21 18:24 - 19691008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2015-05-18 23:01 - 2015-04-21 18:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2015-05-18 23:01 - 2015-04-21 18:14 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2015-05-18 23:01 - 2015-04-21 18:11 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2015-05-18 23:01 - 2015-04-21 18:11 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2015-05-18 23:01 - 2015-04-21 18:10 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2015-05-18 23:01 - 2015-04-21 18:09 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec 2015-05-18 23:01 - 2015-04-21 18:09 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2015-05-18 23:01 - 2015-04-21 18:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2015-05-18 23:01 - 2015-04-21 18:08 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2015-05-18 23:01 - 2015-04-21 18:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2015-05-18 23:01 - 2015-04-21 18:04 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2015-05-18 23:01 - 2015-04-21 18:03 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2015-05-18 23:01 - 2015-04-21 18:02 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2015-05-18 23:01 - 2015-04-21 18:00 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2015-05-18 23:01 - 2015-04-21 17:58 - 00664576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2015-05-18 23:01 - 2015-04-21 17:58 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2015-05-18 23:01 - 2015-04-21 17:57 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2015-05-18 23:01 - 2015-04-21 17:49 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2015-05-18 23:01 - 2015-04-21 17:49 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2015-05-18 23:01 - 2015-04-21 17:48 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2015-05-18 23:01 - 2015-04-21 17:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2015-05-18 23:01 - 2015-04-21 17:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2015-05-18 23:01 - 2015-04-21 17:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2015-05-18 23:01 - 2015-04-21 17:40 - 14401536 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2015-05-18 23:01 - 2015-04-21 17:39 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2015-05-18 23:01 - 2015-04-21 17:38 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2015-05-18 23:01 - 2015-04-21 17:36 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2015-05-18 23:01 - 2015-04-21 17:31 - 04305920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2015-05-18 23:01 - 2015-04-21 17:27 - 02352128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2015-05-18 23:01 - 2015-04-21 17:26 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2015-05-18 23:01 - 2015-04-21 17:25 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2015-05-18 23:01 - 2015-04-21 17:24 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2015-05-18 23:01 - 2015-04-21 17:17 - 12828672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2015-05-18 23:01 - 2015-04-21 17:15 - 01547264 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2015-05-18 23:01 - 2015-04-21 17:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2015-05-18 23:01 - 2015-04-21 17:02 - 01882112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2015-05-18 23:01 - 2015-04-21 16:58 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2015-05-18 23:01 - 2015-04-21 16:56 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2015-05-18 23:01 - 2015-04-18 05:10 - 00460800 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll 2015-05-18 23:01 - 2015-04-18 04:56 - 00342016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll 2015-05-18 23:00 - 2015-04-13 05:28 - 00328704 _____ (Microsoft Corporation) C:\Windows\system32\services.exe 2015-05-18 22:59 - 2015-04-27 21:28 - 05569984 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2015-05-18 22:59 - 2015-04-27 21:28 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys 2015-05-18 22:59 - 2015-04-27 21:28 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys 2015-05-18 22:59 - 2015-04-27 21:26 - 01728960 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll 2015-05-18 22:59 - 2015-04-27 21:23 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2015-05-18 22:59 - 2015-04-27 21:23 - 01254400 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll 2015-05-18 22:59 - 2015-04-27 21:23 - 01162752 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll 2015-05-18 22:59 - 2015-04-27 21:23 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll 2015-05-18 22:59 - 2015-04-27 21:23 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll 2015-05-18 22:59 - 2015-04-27 21:23 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2015-05-18 22:59 - 2015-04-27 21:23 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll 2015-05-18 22:59 - 2015-04-27 21:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll 2015-05-18 22:59 - 2015-04-27 21:23 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll 2015-05-18 22:59 - 2015-04-27 21:23 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll 2015-05-18 22:59 - 2015-04-27 21:23 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll 2015-05-18 22:59 - 2015-04-27 21:23 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll 2015-05-18 22:59 - 2015-04-27 21:23 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll 2015-05-18 22:59 - 2015-04-27 21:23 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll 2015-05-18 22:59 - 2015-04-27 21:23 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll 2015-05-18 22:59 - 2015-04-27 21:23 - 00113664 _____ (Microsoft Corporation) C:\Windows\system32\sechost.dll 2015-05-18 22:59 - 2015-04-27 21:23 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll 2015-05-18 22:59 - 2015-04-27 21:23 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll 2015-05-18 22:59 - 2015-04-27 21:23 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll 2015-05-18 22:59 - 2015-04-27 21:23 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll 2015-05-18 22:59 - 2015-04-27 21:23 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll 2015-05-18 22:59 - 2015-04-27 21:23 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll 2015-05-18 22:59 - 2015-04-27 21:23 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll 2015-05-18 22:59 - 2015-04-27 21:23 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll 2015-05-18 22:59 - 2015-04-27 21:22 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\tracerpt.exe 2015-05-18 22:59 - 2015-04-27 21:22 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe 2015-05-18 22:59 - 2015-04-27 21:22 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe 2015-05-18 22:59 - 2015-04-27 21:22 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe 2015-05-18 22:59 - 2015-04-27 21:22 - 00104448 _____ (Microsoft Corporation) C:\Windows\system32\logman.exe 2015-05-18 22:59 - 2015-04-27 21:22 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\typeperf.exe 2015-05-18 22:59 - 2015-04-27 21:22 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\relog.exe 2015-05-18 22:59 - 2015-04-27 21:22 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe 2015-05-18 22:59 - 2015-04-27 21:22 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\diskperf.exe 2015-05-18 22:59 - 2015-04-27 21:21 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe 2015-05-18 22:59 - 2015-04-27 21:18 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll 2015-05-18 22:59 - 2015-04-27 21:18 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll 2015-05-18 22:59 - 2015-04-27 21:16 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll 2015-05-18 22:59 - 2015-04-27 21:16 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll 2015-05-18 22:59 - 2015-04-27 21:16 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll 2015-05-18 22:59 - 2015-04-27 21:16 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll 2015-05-18 22:59 - 2015-04-27 21:16 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll 2015-05-18 22:59 - 2015-04-27 21:16 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll 2015-05-18 22:59 - 2015-04-27 21:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll 2015-05-18 22:59 - 2015-04-27 21:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll 2015-05-18 22:59 - 2015-04-27 21:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll 2015-05-18 22:59 - 2015-04-27 21:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll 2015-05-18 22:59 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll 2015-05-18 22:59 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll 2015-05-18 22:59 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll 2015-05-18 22:59 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll 2015-05-18 22:59 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll 2015-05-18 22:59 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll 2015-05-18 22:59 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll 2015-05-18 22:59 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll 2015-05-18 22:59 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll 2015-05-18 22:59 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll 2015-05-18 22:59 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll 2015-05-18 22:59 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll 2015-05-18 22:59 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll 2015-05-18 22:59 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll 2015-05-18 22:59 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll 2015-05-18 22:59 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll 2015-05-18 22:59 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll 2015-05-18 22:59 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll 2015-05-18 22:59 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll 2015-05-18 22:59 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll 2015-05-18 22:59 - 2015-04-27 21:11 - 03989440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe 2015-05-18 22:59 - 2015-04-27 21:11 - 03934144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe 2015-05-18 22:59 - 2015-04-27 21:08 - 01310744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll 2015-05-18 22:59 - 2015-04-27 21:05 - 00635392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll 2015-05-18 22:59 - 2015-04-27 21:05 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll 2015-05-18 22:59 - 2015-04-27 21:05 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll 2015-05-18 22:59 - 2015-04-27 21:05 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll 2015-05-18 22:59 - 2015-04-27 21:05 - 00092160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sechost.dll 2015-05-18 22:59 - 2015-04-27 21:05 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll 2015-05-18 22:59 - 2015-04-27 21:05 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll 2015-05-18 22:59 - 2015-04-27 21:05 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2015-05-18 22:59 - 2015-04-27 21:05 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll 2015-05-18 22:59 - 2015-04-27 21:04 - 00641536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll 2015-05-18 22:59 - 2015-04-27 21:04 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll 2015-05-18 22:59 - 2015-04-27 21:04 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tracerpt.exe 2015-05-18 22:59 - 2015-04-27 21:04 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\logman.exe 2015-05-18 22:59 - 2015-04-27 21:04 - 00040448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\typeperf.exe 2015-05-18 22:59 - 2015-04-27 21:04 - 00037888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\relog.exe 2015-05-18 22:59 - 2015-04-27 21:04 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe 2015-05-18 22:59 - 2015-04-27 21:04 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll 2015-05-18 22:59 - 2015-04-27 21:03 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll 2015-05-18 22:59 - 2015-04-27 21:03 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll 2015-05-18 22:59 - 2015-04-27 21:03 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll 2015-05-18 22:59 - 2015-04-27 21:03 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe 2015-05-18 22:59 - 2015-04-27 21:03 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\diskperf.exe 2015-05-18 22:59 - 2015-04-27 21:03 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll 2015-05-18 22:59 - 2015-04-27 21:01 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll 2015-05-18 22:59 - 2015-04-27 21:01 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll 2015-05-18 22:59 - 2015-04-27 20:59 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll 2015-05-18 22:59 - 2015-04-27 20:59 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll 2015-05-18 22:59 - 2015-04-27 20:59 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll 2015-05-18 22:59 - 2015-04-27 20:59 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll 2015-05-18 22:59 - 2015-04-27 20:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll 2015-05-18 22:59 - 2015-04-27 20:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll 2015-05-18 22:59 - 2015-04-27 20:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll 2015-05-18 22:59 - 2015-04-27 20:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll 2015-05-18 22:59 - 2015-04-27 20:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll 2015-05-18 22:59 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll 2015-05-18 22:59 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll 2015-05-18 22:59 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll 2015-05-18 22:59 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll 2015-05-18 22:59 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll 2015-05-18 22:59 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll 2015-05-18 22:59 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll 2015-05-18 22:59 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll 2015-05-18 22:59 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll 2015-05-18 22:59 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll 2015-05-18 22:59 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll 2015-05-18 22:59 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll 2015-05-18 22:59 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll 2015-05-18 22:59 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll 2015-05-18 22:59 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll 2015-05-18 22:59 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll 2015-05-18 22:59 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll 2015-05-18 22:59 - 2015-04-27 20:06 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll 2015-05-18 22:59 - 2015-04-27 19:57 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe 2015-05-18 22:59 - 2015-04-27 19:57 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe 2015-05-18 22:59 - 2015-04-27 19:55 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll 2015-05-18 22:59 - 2015-04-27 19:55 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll 2015-05-18 22:59 - 2015-04-27 19:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll 2015-05-18 22:59 - 2015-04-27 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll 2015-05-18 22:59 - 2015-04-20 05:17 - 01647104 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll 2015-05-18 22:59 - 2015-04-20 05:17 - 01179136 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll 2015-05-18 22:59 - 2015-04-20 04:56 - 01250816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll 2015-05-18 22:59 - 2015-04-20 04:11 - 03204608 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2015-05-18 22:59 - 2015-04-08 05:29 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll 2015-05-18 22:59 - 2015-04-08 05:29 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll 2015-05-18 22:59 - 2015-04-08 05:14 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll 2015-05-18 22:59 - 2015-03-04 06:41 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\apphelp.dll 2015-05-18 22:59 - 2015-03-04 06:41 - 00072192 _____ (Microsoft Corporation) C:\Windows\system32\aelupsvc.dll 2015-05-18 22:59 - 2015-03-04 06:41 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\sdbinst.exe 2015-05-18 22:59 - 2015-03-04 06:41 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\shimeng.dll 2015-05-18 22:59 - 2015-03-04 06:11 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shimeng.dll 2015-05-18 22:59 - 2015-03-04 06:10 - 00295936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apphelp.dll 2015-05-18 22:59 - 2015-03-04 06:10 - 00020992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sdbinst.exe 2015-05-18 22:59 - 2015-02-18 09:06 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe 2015-05-18 22:59 - 2015-02-18 09:04 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe 2015-05-18 22:59 - 2015-01-29 05:19 - 02543104 _____ (Microsoft Corporation) C:\Windows\system32\wpdshext.dll 2015-05-18 22:59 - 2015-01-29 05:02 - 02311168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wpdshext.dll 2015-05-10 19:58 - 2015-05-10 19:58 - 00088064 _____ () C:\Users\Michael\Documents\KIT_Bericht_farbig.dot 2015-05-03 13:50 - 2015-05-03 13:50 - 00000000 __SHD () C:\found.000 2015-04-29 21:46 - 2015-04-29 21:52 - 136308332 _____ () C:\Users\Michael\Documents\ClappLend_MicrosoftAvi_720x480.avi 2015-04-29 21:43 - 2015-04-29 21:44 - 102627328 _____ () C:\Users\Michael\Documents\ClappLend720p25.mpg 2015-04-29 20:59 - 2015-04-29 21:02 - 438235520 _____ () C:\Users\Michael\Documents\ClappLendH264_1080i25.m2t 2015-04-29 20:59 - 2015-04-29 21:02 - 00106196 _____ () C:\Users\Michael\Documents\ClappLendH264_1080i25.m2t.xmpses 2015-04-29 19:30 - 2015-04-29 19:33 - 438235520 _____ () C:\Users\Michael\Documents\Unbenannt.m2t 2015-04-29 19:30 - 2015-04-29 19:33 - 00106196 _____ () C:\Users\Michael\Documents\Unbenannt.m2t.xmpses 2015-04-29 19:18 - 2015-04-29 19:18 - 00285487 _____ () C:\Users\Michael\Downloads\H264_presets.zip 2015-04-29 19:18 - 2015-04-29 19:18 - 00000000 ____D () C:\Users\Michael\Downloads\H264_presets 2015-04-29 19:11 - 2015-04-29 19:13 - 42096984 _____ (Apple Inc.) C:\Users\Michael\Downloads\QuickTimeInstaller(1).exe 2015-04-29 18:53 - 2015-04-29 18:56 - 00000000 _____ () C:\Users\Michael\Documents\Unbenannt.avi 2015-04-29 18:05 - 2015-04-29 18:06 - 608648700 _____ () C:\Users\Michael\Documents\ClappLend720x576DVPAL25.avi 2015-04-29 17:42 - 2015-04-29 17:48 - 136554112 _____ () C:\Users\Michael\Documents\ClappLend720x480MicrosoftAvi.avi 2015-04-29 11:47 - 2015-04-29 11:48 - 42096984 _____ (Apple Inc.) C:\Users\Michael\Downloads\QuickTimeInstaller.exe 2015-04-29 11:43 - 2015-04-29 11:45 - 25716682 _____ () C:\Users\Michael\Documents\ClappLend720x480avi2997.avi 2015-04-28 22:42 - 2015-04-28 22:43 - 103688192 _____ () C:\Users\Michael\Documents\Preview.mpg 2015-04-28 22:07 - 2015-04-28 22:08 - 103694336 _____ () C:\Users\Michael\Documents\OhneLogoTausch.mpg 2015-04-28 18:40 - 2015-04-28 18:40 - 00000000 ____D () C:\Users\Michael\Documents\Promovideo 2015-04-28 18:29 - 2015-04-28 18:30 - 101259264 _____ () C:\Users\Michael\Documents\Unbenannt.mpg 2015-04-23 23:34 - 2015-04-23 23:34 - 00000000 ____D () C:\IPCamRecord 2015-04-23 23:26 - 2015-04-23 23:27 - 01154728 _____ ( ) C:\Users\Michael\Documents\IPCWebComponents.exe ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-06-07 12:14 - 2014-03-10 17:55 - 00001029 _____ () C:\Users\Michael\Desktop\Dropbox.lnk 2015-06-07 12:14 - 2014-03-10 17:53 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox 2015-05-23 17:18 - 2013-10-14 15:51 - 00000000 ____D () C:\Users\Michael 2015-05-23 17:09 - 2013-10-14 18:40 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-05-23 17:07 - 2014-01-24 14:10 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-05-23 17:05 - 2014-06-10 10:45 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-05-23 17:04 - 2015-01-20 08:08 - 00001102 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2015-05-23 17:04 - 2014-06-10 10:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2015-05-23 17:04 - 2014-06-10 10:45 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2015-05-23 16:56 - 2009-07-14 06:45 - 00031680 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-05-23 16:56 - 2009-07-14 06:45 - 00031680 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-05-23 16:52 - 2013-10-14 15:51 - 01707079 _____ () C:\Windows\WindowsUpdate.log 2015-05-23 16:51 - 2014-01-06 12:32 - 00000550 _____ () C:\Windows\Tasks\MATLAB R2013b Startup Accelerator.job 2015-05-23 16:49 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\inetsrv 2015-05-23 16:47 - 2014-04-29 21:51 - 00000000 ____D () C:\ProgramData\VMware 2015-05-23 16:47 - 2014-03-10 17:55 - 00000000 ___RD () C:\Users\Michael\Dropbox 2015-05-23 16:47 - 2014-03-10 17:53 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\Dropbox 2015-05-23 16:47 - 2014-01-24 14:10 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-05-23 16:47 - 2013-11-05 17:20 - 00000000 ____D () C:\Users\Michael\AppData\Local\TSVNCache 2015-05-23 16:47 - 2013-10-14 16:08 - 00000000 ____D () C:\ProgramData\NVIDIA 2015-05-23 16:47 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2015-05-23 16:47 - 2009-07-14 06:51 - 00029070 _____ () C:\Windows\setupact.log 2015-05-23 16:12 - 2013-10-14 17:55 - 00000000 ____D () C:\Users\Michael\AppData\Local\Adobe 2015-05-23 15:47 - 2013-10-14 18:05 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2015-05-22 11:12 - 2013-10-14 23:40 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\Skype 2015-05-22 10:09 - 2014-01-24 14:10 - 00002175 _____ () C:\Users\Public\Desktop\Google Chrome.lnk 2015-05-21 19:50 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache 2015-05-21 18:30 - 2013-10-14 23:40 - 00000000 ____D () C:\ProgramData\Skype 2015-05-21 09:49 - 2015-04-06 23:08 - 00000000 ___SD () C:\Windows\SysWOW64\GWX 2015-05-21 09:49 - 2015-04-06 23:08 - 00000000 ___SD () C:\Windows\system32\GWX 2015-05-19 07:38 - 2009-07-14 06:45 - 04892952 _____ () C:\Windows\system32\FNTCACHE.DAT 2015-05-19 07:37 - 2011-04-12 09:55 - 00000000 ____D () C:\Program Files\Windows Journal 2015-05-19 07:37 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\AdvancedInstallers 2015-05-19 00:51 - 2013-10-29 02:26 - 00000000 ____D () C:\Windows\system32\MRT 2015-05-19 00:51 - 2013-10-15 11:10 - 00000000 ____D () C:\ProgramData\Microsoft Help 2015-05-19 00:44 - 2013-10-29 02:26 - 140425016 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2015-05-19 00:43 - 2013-11-10 04:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight 2015-05-19 00:42 - 2013-11-10 04:03 - 00000000 ____D () C:\Program Files\Microsoft Silverlight 2015-05-19 00:42 - 2013-11-10 04:03 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight 2015-05-18 23:02 - 2014-01-24 14:10 - 00004106 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2015-05-18 23:02 - 2014-01-24 14:10 - 00003854 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2015-05-10 22:55 - 2015-04-02 18:48 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\aacs 2015-05-05 11:16 - 2013-10-14 16:49 - 00152744 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys 2015-05-05 11:16 - 2013-10-14 16:49 - 00132120 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys 2015-05-05 11:16 - 2013-10-14 16:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira 2015-04-29 21:21 - 2013-10-15 10:49 - 00035997 _____ () C:\Windows\system32\DICoInst64.log 2015-04-28 19:35 - 2013-10-14 17:55 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\Adobe 2015-04-28 18:36 - 2013-10-14 18:15 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\vlc 2015-04-23 23:39 - 2014-04-30 00:16 - 00000000 ____D () C:\Users\Michael\Desktop\temp ==================== Files in the root of some directories ======= 2013-11-22 14:02 - 2013-11-22 14:02 - 0000132 _____ () C:\Users\Michael\AppData\Roaming\Adobe BMP Format CS5 Prefs 2014-06-20 11:31 - 2014-08-19 12:16 - 0000132 _____ () C:\Users\Michael\AppData\Roaming\Adobe PNG Format CS5 Prefs 2013-12-03 09:52 - 2013-12-03 09:52 - 0000009 _____ () C:\Users\Michael\AppData\Roaming\pref.ga 2014-03-05 13:42 - 2014-05-28 12:06 - 0005120 _____ () C:\Users\Michael\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2015-06-07 15:59 - 2015-05-10 22:16 - 0000600 _____ () C:\Users\Michael\AppData\Local\PUTTY.RND 2015-04-02 18:36 - 2015-04-02 18:36 - 0001829 _____ () C:\Users\Michael\AppData\Local\recently-used.xbel 2013-10-14 18:27 - 2014-11-09 20:20 - 0007660 _____ () C:\Users\Michael\AppData\Local\Resmon.ResmonCfg Some files in TEMP: ==================== C:\Users\Michael\AppData\Local\Temp\avgnt.exe C:\Users\Michael\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpxp4rrq.dll C:\Users\Michael\AppData\Local\Temp\GLF10B5.tmp.exe C:\Users\Michael\AppData\Local\Temp\GLFA99D.tmp.exe C:\Users\Michael\AppData\Local\Temp\GLFCA05.tmp.exe C:\Users\Michael\AppData\Local\Temp\GLFD702.tmp.exe C:\Users\Michael\AppData\Local\Temp\GLFDA0F.tmp.exe C:\Users\Michael\AppData\Local\Temp\GLFF107.tmp.exe C:\Users\Michael\AppData\Local\Temp\JavaRa.exe C:\Users\Michael\AppData\Local\Temp\jli.dll C:\Users\Michael\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe C:\Users\Michael\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe C:\Users\Michael\AppData\Local\Temp\jre-7u65-windows-i586-iftw.exe C:\Users\Michael\AppData\Local\Temp\jre-8u31-windows-i586.exe C:\Users\Michael\AppData\Local\Temp\jre-8u31-windows-x64.exe C:\Users\Michael\AppData\Local\Temp\JuniperSetupClientInstaller.exe C:\Users\Michael\AppData\Local\Temp\keytool.exe C:\Users\Michael\AppData\Local\Temp\msvcr100.dll C:\Users\Michael\AppData\Local\Temp\neoNCSetup64.exe C:\Users\Michael\AppData\Local\Temp\node.exe C:\Users\Michael\AppData\Local\Temp\npp.6.5.5.Installer.exe C:\Users\Michael\AppData\Local\Temp\npp.6.6.9.Installer.exe C:\Users\Michael\AppData\Local\Temp\ose00000.exe C:\Users\Michael\AppData\Local\Temp\SIntf16.dll C:\Users\Michael\AppData\Local\Temp\SIntf32.dll C:\Users\Michael\AppData\Local\Temp\SIntfNT.dll C:\Users\Michael\AppData\Local\Temp\SkypeSetup.exe C:\Users\Michael\AppData\Local\Temp\sqlite3.exe C:\Users\Michael\AppData\Local\Temp\vlc-2.1.5-win32.exe C:\Users\Michael\AppData\Local\Temp\war3_Install.exe C:\Users\Michael\AppData\Local\Temp\xmlUpdater.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-06-06 01:54 ==================== End of log ============================ |
|
24.05.2015, 09:49
| #4 |
| | Telekom Brief Zeus/Zbot Addition.txt Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 22-05-2015 01
Ran by Michael at 2015-05-23 17:21:10
Running from C:\Users\Michael\Desktop
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-1041102655-3613075563-312560558-500 - Administrator - Disabled)
Gast (S-1-5-21-1041102655-3613075563-312560558-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1041102655-3613075563-312560558-1003 - Limited - Enabled)
Michael (S-1-5-21-1041102655-3613075563-312560558-1000 - Administrator - Enabled) => C:\Users\Michael
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Avira Antivirus (Disabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Antivirus (Disabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version: - )
AACS Updater (HKLM-x32\...\AACS Updater) (Version: 1.0 - labDV)
Adobe Acrobat XI Pro (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-000000000006}) (Version: 11.0.09 - Adobe Systems)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 14.0.0.110 - Adobe Systems Incorporated)
Adobe Audition 3.0 (HKLM-x32\...\Adobe Audition 3.0) (Version: 3.0 - Adobe Systems Incorporated)
Adobe Audition 3.0 Vista Compatibility (HKLM\...\{75d2897c-87aa-4a06-8710-3ebda9f02de0}.sdb) (Version: - )
Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.2.1.650 - Adobe Systems Incorporated)
Adobe Download Assistant (HKLM-x32\...\com.adobe.downloadassistant.AdobeDownloadAssistant) (Version: 1.2.8 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.134 - Adobe Systems Incorporated)
Adobe Media Player (HKLM-x32\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.8 - Adobe Systems Incorporated)
Adobe Photoshop CS5 (HKLM-x32\...\{15FEDA5F-141C-4127-8D7E-B962D1742728}) (Version: 12.0 - Adobe Systems Incorporated)
Adobe Premiere Elements 9 (HKLM-x32\...\PremElem90) (Version: 9.0 - Adobe Systems Incorporated)
Adobe Premiere Elements 9 Content (HKLM-x32\...\Adobe Premiere Elements 9 Content) (Version: 9.0 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.09) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
Advanced Audio FX Engine (HKLM-x32\...\Advanced Audio FX Engine) (Version: 1.12.05 - Creative Technology Ltd)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Application Insights Tools for Visual Studio 2013 (x32 Version: 2.4 - Microsoft Corporation) Hidden
Avira (HKLM-x32\...\{b5675cc4-ab8b-4945-8c1d-4c5479556d6a}) (Version: 1.1.34.19732 - Avira Operations GmbH & Co. KG)
Avira (x32 Version: 1.1.34.19732 - Avira Operations GmbH & Co. KG) Hidden
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.10.434 - Avira Operations GmbH & Co. KG)
AzureTools.Notifications (x32 Version: 2.1.10731.1602 - Microsoft Corporation) Hidden
Behaviors SDK (Windows Phone) for Visual Studio 2013 (x32 Version: 12.0.50716.0 - Microsoft Corporation) Hidden
Behaviors SDK (Windows) for Visual Studio 2013 (x32 Version: 12.0.50429.0 - Microsoft Corporation) Hidden
Blend for Visual Studio 2013 (x32 Version: 12.0.41002.1 - Microsoft Corporation) Hidden
Blend for Visual Studio 2013 DEU resources (x32 Version: 12.0.41002.1 - Microsoft Corporation) Hidden
Blend for Visual Studio SDK for .NET 4.5 (x32 Version: 3.0.40218.0 - Microsoft Corporation) Hidden
Blend for Visual Studio SDK for Silverlight 5 (x32 Version: 3.0.40218.0 - Microsoft Corporation) Hidden
Build Tools - amd64 (Version: 12.0.31101 - Microsoft Corporation) Hidden
Build Tools - x86 (x32 Version: 12.0.31101 - Microsoft Corporation) Hidden
Build Tools Language Resources - amd64 (Version: 12.0.31101 - Microsoft Corporation) Hidden
Build Tools Language Resources - x86 (x32 Version: 12.0.31101 - Microsoft Corporation) Hidden
Canon MP560 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP560_series) (Version: - Canon Inc.)
CMake 3.0.2, a cross-platform, open-source build system (HKLM-x32\...\CMake 3.0.2) (Version: 3.0.2 - Kitware)
Compona Controls v 1.0 (HKLM-x32\...\Compona Controls_is1) (Version: - Compona)
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.48.1.0347 - Disc Soft Ltd)
Dell Webcam Central (HKLM-x32\...\Dell Webcam Central) (Version: 2.00.44 - Creative Technology Ltd)
Devenv-Ressourcen für Microsoft Visual Studio 2013 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Dia (nur entfernen) (HKLM-x32\...\Dia) (Version: - )
Dotfuscator and Analytics Community Edition (x32 Version: 5.5.4954.46574 - PreEmptive Solutions) Hidden
Dotfuscator and Analytics Community Edition Language Pack (x32 Version: 5.5.4954.46574 - PreEmptive Solutions) Hidden
Dropbox (HKU\S-1-5-21-1041102655-3613075563-312560558-1000\...\Dropbox) (Version: 3.4.6 - Dropbox, Inc.)
Dropbox (HKU\S-1-5-21-1041102655-3613075563-312560558-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Dropbox) (Version: 3.4.6 - Dropbox, Inc.)
Elements 9 Organizer (x32 Version: 9.0 - Ihr Firmenname) Hidden
Elements STI Installer (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
eLicenser Control (HKLM-x32\...\eLicenser Control) (Version: - Steinberg Media Technologies GmbH)
Entity Framework 6.1.1 Tools for Visual Studio 2013 (HKLM-x32\...\{85253F13-EE42-4850-A3A5-79B90E92D7AC}) (Version: 12.0.30610.0 - Microsoft Corporation)
Entity Framework Designer für Visual Studio 2012 - DEU (HKLM-x32\...\{B2BDC072-BE01-432D-B281-30891D597FBB}) (Version: 11.1.30729.00 - Microsoft Corporation)
Erforderliche Komponenten für SSDT (HKLM-x32\...\{2466E484-9D86-416B-9C88-AA533F15AF1C}) (Version: 12.0.2000.8 - Microsoft Corporation)
Erforderliche Komponenten für SSDT (HKLM-x32\...\{3FF082A7-A5DE-4BDA-B56A-1D2BEFD617A3}) (Version: 11.1.3000.0 - Microsoft Corporation)
Fantom-X Editor (HKU\S-1-5-21-1041102655-3613075563-312560558-1000\...\InstallShield_{D7833BB9-9F94-462E-89ED-EDD1B12CA40A}) (Version: 2.10.0032 - Roland Corporation)
Fantom-X Editor (HKU\S-1-5-21-1041102655-3613075563-312560558-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\InstallShield_{D7833BB9-9F94-462E-89ED-EDD1B12CA40A}) (Version: 2.10.0032 - Roland Corporation)
Fantom-X Editor (x32 Version: 2.10.0032 - Roland Corporation) Hidden
GDR 4033 für SQL Server 2008 R2 (KB2977320) (64-bit) (HKLM\...\KB2977320) (Version: 10.52.4033.0 - Microsoft Corporation)
Gemeinsam genutzte Microsoft Azure-Komponenten für Visual Studio 2013 Sprachpaket (DEU) - v1.3 (x32 Version: 1.3.21014.1603 - Microsoft Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 43.0.2357.65 - Google Inc.)
Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden
Guitar Pro 5.2 (HKLM-x32\...\Guitar Pro 5_is1) (Version: - Arobas Music)
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
Intel PROSet Wireless (x32 Version: - ) Hidden
Intel(R) Driver Update Utility 2.0 (x32 Version: 2.0.0.29 - Intel) Hidden
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.3517 - Intel Corporation)
Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology(patch version 3.0.1342.2) (HKLM\...\{302600C1-6BDF-4FD1-1311-148929CC1385}) (Version: 3.1.1311.0402 - Intel Corporation)
Intel(R) PROSet/Wireless WiFi-Software (HKLM\...\{295AEB79-B53A-4F1B-860F-7800BB7E3681}) (Version: 14.2.1000 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.2.1004 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Intel® Chipsatz-Gerätesoftware (x32 Version: 10.0.13 - Intel(R) Corporation) Hidden
Intel® Driver Update Utility (HKLM-x32\...\{8409c4f7-2340-4933-a304-5d37db4fb48b}) (Version: 2.0.0.29 - Intel)
IPCWebComponents 3.0.0.2 (HKLM-x32\...\{4740E1B2-51CF-4083-8976-D6B3B5A5064F}_is1) (Version: 3.0.0.2 - )
Java 7 Update 65 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.650 - Oracle)
Java 8 Update 31 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418031F0}) (Version: 8.0.310 - Oracle Corporation)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
Java SE Development Kit 7 Update 40 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0170400}) (Version: 1.7.0.400 - Oracle)
Juniper Networks Network Connect 7.0.0 (HKLM-x32\...\Juniper Network Connect 7.0.0) (Version: 7.0.0.18809 - Juniper Networks)
Juniper Networks Network Connect 7.4.0 (HKLM-x32\...\Juniper Network Connect 7.4.0) (Version: 7.4.0.28485 - Juniper Networks)
Juniper Networks Network Connect 8.0 (HKLM-x32\...\Juniper Network Connect 8.0) (Version: 8.0.7.32691 - Juniper Networks)
Juniper Networks Setup Client (HKU\S-1-5-21-1041102655-3613075563-312560558-1000\...\Juniper_Setup_Client) (Version: 8.0.7.50111 - Juniper Networks)
Juniper Networks Setup Client (HKU\S-1-5-21-1041102655-3613075563-312560558-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Juniper_Setup_Client) (Version: 8.0.7.50111 - Juniper Networks)
Juniper Networks Setup Client Activex Control (HKLM-x32\...\Juniper_Setup_Client Activex Control) (Version: 2.1.1.1 - Juniper Networks)
Juniper Networks, Inc. Setup Client 64-bit Activex Control (HKLM\...\Juniper_Setup_Client Activex Control) (Version: 2.1.1.1 - Juniper Networks, Inc.)
Kit SDK de vérification de Visual Studio*2012 - fra (x32 Version: 12.0.30501 - Microsoft Corporation) Hidden
LocalESPC (x32 Version: 8.59.29989 - Microsoft Corporation) Hidden
LocalESPC Dev12 (x32 Version: 8.100.25984 - Microsoft Corporation) Hidden
LocalESPCui for de-de Dev12 (x32 Version: 8.100.25984 - Microsoft) Hidden
Malwarebytes Anti-Malware Version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
MATLAB R2013b (HKLM\...\Matlab R2013b) (Version: 8.2 - The MathWorks, Inc.)
Memory Profiler (x32 Version: 12.0.31101 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5 Multi-Targeting Pack (HKLM-x32\...\{56E962F0-4FB0-3C67-88DB-9EAA6EEFC493}) (Version: 4.5.50710 - Microsoft Corporation)
Microsoft .NET Framework 4.5 SDK - DEU Lang Pack (HKLM-x32\...\{21B0F482-5EF9-45DA-8840-340AFE705A6C}) (Version: 4.5.50710 - Microsoft Corporation)
Microsoft .NET Framework 4.5 SDK (HKLM-x32\...\{4AE57014-05C4-4864-A13D-86517A7E1BA4}) (Version: 4.5.50710 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (HKLM-x32\...\{6A0C6700-EA93-372C-8871-DCCF13D160A4}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 SDK (Deutsch) (HKLM-x32\...\{CBD7095F-7211-43FD-9FE7-FB08D753AF79}) (Version: 4.5.51641 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 SDK (HKLM-x32\...\{19A5926D-66E1-46FC-854D-163AA10A52D3}) (Version: 4.5.51641 - Microsoft Corporation)
Microsoft ASP.NET MVC 3 - DEU (HKLM-x32\...\{07AC2D83-E795-4AD5-970D-B9BD14A1E411}) (Version: 3.0.20105.0 - Microsoft Corporation)
Microsoft ASP.NET MVC 3 (HKLM-x32\...\{D32EF103-4016-4C15-BCB0-700C0A7A2309}) (Version: 3.0.50813.0 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft ASP.NET Web Pages - DEU (HKLM-x32\...\{93EEC4E9-EEFE-4027-ACD3-6E8C1D085975}) (Version: 1.0.20105.0 - Microsoft Corporation)
Microsoft ASP.NET Web Pages (HKLM-x32\...\{631471BE-DEAB-454B-A9AC-CE3EB42C28B3}) (Version: 1.0.20105.0 - Microsoft Corporation)
Microsoft Expression Blend 3 SDK (HKLM-x32\...\{B006B9E9-41DD-4479-9177-3743A53B7735}) (Version: 1.0.1343.0 - Microsoft Corporation)
Microsoft Expression Blend 4 (HKLM-x32\...\Blend_4.0.20621.0) (Version: 4.0.20621.0 - Microsoft Corporation)
Microsoft Expression Blend SDK for .NET 4 (HKLM-x32\...\{0536BCDF-7EF6-48F6-8765-A3C065A065A5}) (Version: 2.0.20621.0 - Microsoft Corporation)
Microsoft Expression Blend SDK for Silverlight 4 (HKLM-x32\...\{B0682940-6FFB-4850-80BA-B2FEF0D64BA8}) (Version: 2.0.20621.0 - Microsoft Corporation)
Microsoft Expression Design 4 (HKLM-x32\...\Design_7.0.20516.0) (Version: 7.0.20516.0 - Microsoft Corporation)
Microsoft Expression Encoder 4 (HKLM-x32\...\Encoder_4.0.1651.0) (Version: 4.0.1651.0 - Microsoft Corporation)
Microsoft Expression Encoder 4 Screen Capture Codec (HKLM-x32\...\{F21D2032-60FE-4729-9C87-46F1615FB965}) (Version: 4.0.1651.0 - Microsoft Corporation)
Microsoft Expression Studio 4 (HKLM-x32\...\ExpressionStudio_4.0.20705.0) (Version: 4.0.20705.0 - Microsoft Corporation)
Microsoft Expression Web 4 (HKLM-x32\...\Web_4.0.1303.0) (Version: 4.0.1303.0 - Microsoft Corporation)
Microsoft Expression Web 4 Service Pack 2 (HKLM-x32\...\{F5993FCC-DF5D-4879-B70D-AA1F379C5C6B}) (Version: - Microsoft Corporation)
Microsoft Help Viewer 2.0 (HKLM-x32\...\Microsoft Help Viewer 2.0) (Version: 2.0.50727 - Microsoft Corporation)
Microsoft Help Viewer 2.0 Language Pack - DEU (HKLM-x32\...\Microsoft Help Viewer 2.0 Language Pack - DEU) (Version: 2.0.50727 - Microsoft Corporation)
Microsoft Help Viewer 2.1 (HKLM-x32\...\Microsoft Help Viewer 2.1) (Version: 2.1.21005 - Microsoft Corporation)
Microsoft Help Viewer 2.1 Sprachpaket - DEU (HKLM-x32\...\Microsoft Help Viewer 2.1 Sprachpaket - DEU) (Version: 2.1.21005 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft Silverlight 3 SDK (HKLM-x32\...\{2012098D-EEE9-4769-8DD3-B038050854D4}) (Version: 3.0.40818.0 - Microsoft Corporation)
Microsoft Silverlight 4 SDK - Deutsch (HKLM-x32\...\{8EA792A5-38AA-4F0E-8DFE-D1BAF1145431}) (Version: 4.0.60310.0 - Microsoft Corporation)
Microsoft Silverlight 5 SDK - DEU (HKLM-x32\...\{F351AA2C-723C-4CFE-A7CB-8E43AB164F7F}) (Version: 5.0.61118.0 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 (64-bit) (HKLM\...\Microsoft SQL Server 2008 R2) (Version: - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Native Client (HKLM\...\{E8F7904A-4780-4F3F-B153-21BE32857120}) (Version: 10.52.4033.0 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Setup (English) (HKLM\...\{1D4A3734-9328-440F-960C-42B4CE481EB4}) (Version: 10.52.4033.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Command Line Utilities (HKLM\...\{F09DEB00-9F41-4BC9-BA81-9F131B12B3D5}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Data-Tier App Framework (HKLM-x32\...\{D4E30517-FE6F-491E-942F-AE10E1B18F38}) (Version: 11.1.2902.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Data-Tier App Framework (x64) (HKLM\...\{B4EDAE03-DB34-4DD0-BA7E-2ED80DEA50B1}) (Version: 11.1.2902.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Express LocalDB (HKLM\...\{269A8DF6-BBDA-441F-932B-233F9B746D72}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Management Objects (HKLM-x32\...\{EC75BD20-F9CA-4E77-825F-ABD77E95BE91}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Management Objects (x64) (HKLM\...\{0BF65908-D137-4A9E-B7C9-78F32F74F6FD}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Native Client (HKLM\...\{93945D16-4C3D-433E-B7E4-3D0D86B284C8}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Transact-SQL Compiler Service (HKLM\...\{55FABD1D-8BE6-4A1A-958D-52B15F1DFEF0}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Transact-SQL ScriptDom (HKLM\...\{6F173435-3F19-4043-BA3D-A46AA8472859}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 T-SQL-Sprachdienst (HKLM-x32\...\{1D812D86-D8EF-41AC-A518-BA12E1913747}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 SP1 x64 DEU (HKLM\...\{98225B15-ECF5-4645-B5AC-F8C5E869A5D5}) (Version: 4.0.8876.1 - Microsoft Corporation)
Microsoft SQL Server Data Tools - DEU (11.1.20627.00) (HKLM-x32\...\{F6F1EE45-97E9-48A3-94B2-044B0A3C08D3}) (Version: 11.1.20627.00 - Microsoft Corporation)
Microsoft SQL Server Data Tools - DEU (12.0.41012.0) (HKLM-x32\...\{79AB8378-D661-4021-9941-FE5F4AEB57BB}) (Version: 12.0.41012.0 - Microsoft Corporation)
Microsoft SQL Server Data Tools Build Utilities - DEU (11.1.20627.00) (HKLM-x32\...\{CEEDB2C4-46BE-4340-BAB9-F30110D9BBB8}) (Version: 11.1.20627.00 - Microsoft Corporation)
Microsoft SQL Server Data Tools Build Utilities - DEU (12.0.30919.1) (HKLM-x32\...\{BCB8A870-2B3D-4CC0-87D6-F931E065AC0C}) (Version: 12.0.30919.1 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (HKLM-x32\...\{D434E072-F482-4F52-AB97-7B19DD5DAEB5}) (Version: 10.50.1600.1 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (x64) (HKLM\...\{485F4AC6-F79E-4482-A0D2-EDF0CCE1E124}) (Version: 10.50.1600.1 - Microsoft Corporation)
Microsoft SQL Server*2014 Express LocalDB (HKLM\...\{CA191120-4CB1-4E3D-89B8-79FDB9017A2E}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server*2014 Management Objects (HKLM-x32\...\{4F4CB3E2-9D2F-465A-854B-8276B02F4E7D}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server*2014 Management Objects (x64) (HKLM\...\{03CB711D-679E-46ED-851B-C568418CF914}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server*2014 Transact-SQL ScriptDom (HKLM\...\{F2A2DB39-2C5A-4764-AA0F-5AB112663FFA}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server*2014 T-SQL Language Service (HKLM-x32\...\{06BE8B71-46C6-434B-869E-85C58EF3120A}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{9634d50a-0c4d-4f52-8a9f-894a2baae370}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{307a22b8-8353-4c5e-b67b-2404c5734558}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio Ultimate 2013 (HKLM-x32\...\{af15e1e3-cd81-4fbb-a41c-c1deef9f1691}) (Version: 12.0.21005.13 - Microsoft Corporation)
Microsoft Web Deploy 3.5 (HKLM\...\{69A998C5-00A9-42CA-AB4E-C31CFFCD9251}) (Version: 3.1237.1763 - Microsoft Corporation)
Microsoft Web Deploy dbSqlPackage Provider - DEU (HKLM-x32\...\{86756584-C41A-4CA3-B42D-4768C7720F56}) (Version: 10.3.20225.0 - Microsoft Corporation)
Microsoft Web Platform Installer 4.6 (HKLM\...\{16C7D2AD-20CA-491E-80BC-8607A9AACED9}) (Version: 4.0.40719.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 3.0 (HKLM-x32\...\{3898934B-05AE-41CD-96BE-70DA9BFBCE1F}) (Version: 3.0.11010.0 - Microsoft Corporation)
Microsoft-System-CLR-Typen für SQL Server 2012 (HKLM-x32\...\{43341417-7882-4F34-8390-53DFD00F6C0F}) (Version: 11.1.3366.16 - Microsoft Corporation)
Microsoft-System-CLR-Typen für SQL Server 2012 (x64) (HKLM\...\{24440413-490E-41CA-BD33-0B30FD3EBE3A}) (Version: 11.1.3366.16 - Microsoft Corporation)
Microsoft-System-CLR-Typen für SQL Server 2014 (HKLM\...\{9408684F-E1CC-4D2E-AE15-886023557682}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft-System-CLR-Typen für SQL Server 2014 (HKLM-x32\...\{B9A7B46F-0120-406B-9A12-3AD1DCC94D97}) (Version: 12.0.2000.8 - Microsoft Corporation)
Mozilla Firefox 38.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 38.0.1 (x86 de)) (Version: 38.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
Mozilla Thunderbird 31.6.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 31.6.0 (x86 de)) (Version: 31.6.0 - Mozilla)
MyFreeCodec (HKU\S-1-5-21-1041102655-3613075563-312560558-1000\...\MyFreeCodec) (Version: - )
MyFreeCodec (HKU\S-1-5-21-1041102655-3613075563-312560558-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MyFreeCodec) (Version: - )
Native Instruments DrumMicA (HKLM-x32\...\Native Instruments DrumMicA) (Version: - Native Instruments)
Native Instruments Kontakt 5 (HKLM-x32\...\Native Instruments Kontakt 5) (Version: 5.2.0.6361 - Native Instruments)
Native Instruments Service Center (HKLM-x32\...\Native Instruments Service Center) (Version: 2.4.1.1158 - Native Instruments)
NEC Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{D7BF9739-8A68-4335-BBEE-37752AD9E86B}) (Version: 1.0.17.0 - NEC Electronics Corporation)
NEC Electronics USB 3.0 Host Controller Driver (x32 Version: 1.0.17.0 - NEC Electronics Corporation) Hidden
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.6.9 - Notepad++ Team)
NVIDIA 3D Vision Treiber 340.82 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 340.82 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.1.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.1 - NVIDIA Corporation)
NVIDIA Grafiktreiber 340.82 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 340.82 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
Open XML SDK 2.5 for Microsoft Office (x32 Version: 2.5.5631 - Microsoft Corporation) Hidden
OpenGL Extensions Viewer 4.1 (HKLM-x32\...\GLVIEW3) (Version: 428 - )
Oracle VM VirtualBox 4.3.18 (HKLM\...\{74B7E6F9-DCAC-4ADB-B2D0-EEFDD1B5AC25}) (Version: 4.3.18 - Oracle Corporation)
Paket zur Festlegung von Zielversionen für Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM-x32\...\{D5409B11-EF28-37A1-AE7A-6051A5BAD923}) (Version: 4.5.50932 - Microsoft Corporation)
Paket zur Festlegung von Zielversionen für Microsoft .NET Framework 4.5.1 RC für Windows Store-Apps (Deutsch) (x32 Version: 4.5.21005 - Microsoft Corporation) Hidden
PDF Settings CS5 (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
PDF Split And Merge Basic (HKLM\...\{9A40D2F8-9458-458B-95E3-B57797C574E1}) (Version: 2.2.3 - Andrea Vacondio)
PowreShellIntegration.Notifications (x32 Version: 2.5.21003.1603 - Microsoft Corporation) Hidden
PreEmptive Analytics Client German Language Pack (x32 Version: 1.2.3197.1 - PreEmptive Solutions) Hidden
PreEmptive Analytics Visual Studio Components (x32 Version: 1.2.3197.1 - PreEmptive Solutions) Hidden
Python 2.7.8 (Anaconda 2.1.0 64-bit) (HKLM\...\Python 2.7.8 (Anaconda 2.1.0 64-bit)) (Version: 2.1.0 - Continuum Analytics, Inc.)
Python Tools - Umleitungsvorlage (x32 Version: 1.3 - Microsoft Corporation) Hidden
Qt (HKU\S-1-5-21-1041102655-3613075563-312560558-1000\...\Qt) (Version: 1.0.1 - Digia Plc)
Qt (HKU\S-1-5-21-1041102655-3613075563-312560558-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Qt) (Version: 1.0.1 - Digia Plc)
Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 11.0.10 - Dell Inc.)
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.48.823.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6312 - Realtek Semiconductor Corp.)
Release Management for Visual Studio 2013 (x32 Version: 1.0 - Microsoft Corporation) Hidden
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.1.27.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.1.27.0 - Renesas Electronics Corporation) Hidden
Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.6.2.14014_7 - Samsung Electronics Co., Ltd.)
Samsung Kies (x32 Version: 2.6.2.14014_7 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.33.0 - SAMSUNG Electronics Co., Ltd.)
SDK de comprobación de Visual Studio 2012 - esn (x32 Version: 12.0.30501 - Microsoft Corporation) Hidden
Secure Download Manager (HKLM-x32\...\{C58626D6-7EBD-460D-8B6C-75B3C3464879}) (Version: 3.1.60 - Kivuto Solutions Inc.)
Service Pack 2 für SQL Server 2008 R2 (KB2630458) (64-bit) (HKLM\...\KB2630458) (Version: 10.52.4000.0 - Microsoft Corporation)
SharePoint Client Components (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
SharePoint Client Components (Version: 16.0.2617.1200 - Microsoft Corporation) Hidden
SHIELD Streaming (Version: 3.1.100 - NVIDIA Corporation) Hidden
Skype™ 7.4 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.4.102 - Skype Technologies S.A.)
SmartSound Quicktracks for Premiere Elements 9.0 (HKLM-x32\...\InstallShield_{6748E773-5DA0-4D19-8AA5-273B4133A09B}) (Version: 3.12.3090 - SmartSound Software Inc)
SmartSound Quicktracks for Premiere Elements 9.0 (x32 Version: 3.12.3090 - SmartSound Software Inc) Hidden
SQL Server 2008 R2 SP2 Common Files (Version: 10.52.4000.0 - Microsoft Corporation) Hidden
SQL Server 2008 R2 SP2 Database Engine Services (Version: 10.52.4000.0 - Microsoft Corporation) Hidden
SQL Server 2008 R2 SP2 Database Engine Shared (Version: 10.52.4000.0 - Microsoft Corporation) Hidden
Sql Server Customer Experience Improvement Program (Version: 10.50.1600.1 - Microsoft Corporation) Hidden
Steinberg Cubase LE 5 (HKLM-x32\...\{50C78780-1A54-4A5C-B3A7-FF828C62C5C2}) (Version: 5.1.2 - Steinberg Media Technologies GmbH)
Steinberg HALionOne (HKLM-x32\...\{E70E7159-93B1-470D-9FBD-D8E9EF34B538}) (Version: 1.1.0.457 - Steinberg Media Technologies GmbH)
Steinberg HALionOne Essential Set (HKLM-x32\...\{C04D5974-F528-4347-A494-EAF56124CC1A}) (Version: 1.0.1.457 - Steinberg Media Technologies GmbH)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.2.6.0 - Synaptics Incorporated)
Synfig Studio (HKLM-x32\...\synfigstudio) (Version: 0.64.3 - )
Team Explorer for Microsoft Visual Studio 2013 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
TortoiseSVN 1.8.3.24901 (64 bit) (HKLM\...\{85C48946-A8C6-400C-91A8-DCB06AB36032}) (Version: 1.8.24901 - TortoiseSVN)
Touchpad Server (HKLM-x32\...\Touchpad Server_is1) (Version: 1.3 - Things & Stuff)
TypeScript Power Tool (x32 Version: 1.0.5.0 - Microsoft Corporation) Hidden
TypeScript Tools for Microsoft Visual Studio 2013 (x32 Version: 1.0.5.0 - Microsoft Corporation) Hidden
Update for (KB2504637) (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}.KB2504637) (Version: 1 - Microsoft Corporation)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version: - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version: - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version: - Microsoft)
US800 Audio Driver (HKLM-x32\...\US800 Audio Driver Setup) (Version: - )
Visual Analyser 2011 (HKLM-x32\...\{BE2F9F39-9512-4DFD-A412-0355A2FE66D3}) (Version: 14.0.0.19 - Alfredo Accattatis)
Visual Studio 2013 Update 4 (KB2829760) (HKLM-x32\...\{53d408db-eb91-43fb-9d8f-167681c19763}) (Version: 12.0.31101 - Microsoft Corporation)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
VMware Player (HKLM-x32\...\VMware_Player) (Version: 6.0.2 - VMware, Inc)
VMware Player (Version: 6.0.2 - VMware, Inc.) Hidden
VS Update core components (x32 Version: 12.0.31101 - Microsoft Corporation) Hidden
Warcraft III (HKLM-x32\...\Warcraft III) (Version: - )
WCF Data Services 5.6.0 DEU Language Pack (x32 Version: 5.6.61587.0 - Microsoft Corporation) Hidden
WCF Data Services 5.6.0 Runtime (x32 Version: 5.6.61587.0 - Microsoft Corporation) Hidden
WCF Data Services Tools for Microsoft Visual Studio 2013 (x32 Version: 5.6.61587.0 - Microsoft Corporation) Hidden
WCF Data Services Tools for Microsoft Visual Studio 2013 DEU Language Pack (x32 Version: 5.6.61587.0 - Microsoft Corporation) Hidden
WCF RIA Services V1.0 SP2 (HKLM-x32\...\{5D8DD6A8-C4D7-4554-93F9-F1CC28C72600}) (Version: 4.1.62812.0 - Microsoft Corporation)
Windows 7 USB/DVD Download Tool (HKLM-x32\...\{CCF298AF-9CE1-4B26-B251-486E98A34789}) (Version: 1.0.30 - Microsoft Corporation)
WinPcap 4.1.3 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2980 - Riverbed Technology, Inc.)
WinRAR 5.00 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.00.0 - win.rar GmbH)
Wireshark 1.10.2 (64-bit) (HKLM-x32\...\Wireshark) (Version: 1.10.2 - The Wireshark developer community, hxxp://www.wireshark.org)
Workflow Manager Client 1.0 (Version: 2.0.40131.0 - Microsoft Corporation) Hidden
Workflow Manager Tools 1.0 for Visual Studio (Version: 2.0.40326.0 - Microsoft Corporation) Hidden
WPF Toolkit February 2010 (Version 3.5.50211.1) (HKLM-x32\...\{5EE6E987-1B79-4A93-832B-27472C7D1579}) (Version: 3.5.50211.1 - Microsoft Corporation)
Пакет Visual Studio 2012 Verification SDK - rus (x32 Version: 12.0.30501 - Microsoft Corporation) Hidden
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-1041102655-3613075563-312560558-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Michael\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1041102655-3613075563-312560558-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Michael\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1041102655-3613075563-312560558-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Michael\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1041102655-3613075563-312560558-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Michael\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1041102655-3613075563-312560558-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Michael\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1041102655-3613075563-312560558-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Michael\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1041102655-3613075563-312560558-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Michael\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1041102655-3613075563-312560558-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Michael\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1041102655-3613075563-312560558-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Michael\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1041102655-3613075563-312560558-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Michael\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
==================== Restore Points =========================
03-05-2015 13:59:14 Windows Update
12-05-2015 08:58:52 Windows Update
18-05-2015 22:56:36 Windows Update
19-05-2015 00:41:44 Windows Update
21-05-2015 09:49:43 Windows Update
23-05-2015 16:45:07 Prüfpunkt von HitmanPro
23-05-2015 16:45:59 Prüfpunkt von HitmanPro
06-06-2015 02:01:04 Geplanter Prüfpunkt
07-06-2015 10:31:15 Windows Update
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 04:34 - 2015-01-26 20:12 - 00001312 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 activate.adobe.com
127.0.0.1 practivate.adobe.com
127.0.0.1 ereg.adobe.com
127.0.0.1 activate.wip3.adobe.com
127.0.0.1 wip3.adobe.com
127.0.0.1 3dns-3.adobe.com
127.0.0.1 3dns-2.adobe.com
127.0.0.1 adobe-dns.adobe.com
127.0.0.1 adobe-dns2.adobe.com
127.0.0.1 adobe-dns3.adobe.com
127.0.0.1 ereg.wip3.adobe.com
127.0.0.1 activate-sea.adobe.com
127.0.0.1 wwis-dubc1-vip60.adobe.com
127.0.0.1 acitvate-sjc0.adobe.com
127.0.0.1 wwis-dubc1-vip60.adobe.com
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {29B8A84A-75FF-4E94-B260-E77CE0426E19} - System32\Tasks\MATLAB R2013b Startup Accelerator => C:\Program Files\MATLAB\R2013b\bin\win64\MATLABStartupAccelerator.exe [2013-08-05] ()
Task: {2AB2CD9E-D0F0-46D0-B909-3492209D4D8D} - System32\Tasks\{5060034A-33C0-4FD5-B84F-408F0824F5A4} => C:\Users\Michael\AppData\Roaming\Juniper Networks\setup\JuniperSetupClient.exe
Task: {2DDE5368-5758-4094-AA95-657132FBD62B} - System32\Tasks\{D7DAA49D-944F-44A7-8785-E8B81E172C14} => Firefox.exe hxxp://ui.skype.com/ui/0/6.9.60.106/de/abandoninstall?page=tsBing
Task: {313A417E-784A-4AE2-AD11-371243900BF0} - System32\Tasks\{8D75A411-5F20-461A-86B0-8BC95CCCF7E0} => D:\S3\AUTORUN.EXE
Task: {3D74DCE3-87B5-4950-A96F-8A6269D50369} - System32\Tasks\{E9B1F063-BD20-4A62-9F3E-130B4D724D47} => pcalua.exe -a "C:\Program Files (x86)\Steinberg\Asio\dxfdsetup.exe" -d "C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steinberg Cubase LE 5"
Task: {4927BC09-D5C3-4FA9-813E-B55C7440156E} - System32\Tasks\{414B9851-FB51-49A8-8E29-0E3F0EB8CC33} => pcalua.exe -a C:\Users\Michael\Downloads\FantomXEditor210.EXE -d C:\Users\Michael\Downloads
Task: {57404627-EB67-4FAF-8BC8-65B3027EF1F2} - System32\Tasks\{839CDC3D-C238-4700-9B4F-324CBF11D602} => pcalua.exe -a D:\Guitar.Pro.v5.2\RSE\RSE_BASSES.exe -d D:\Guitar.Pro.v5.2\RSE
Task: {5921D166-076C-4A53-BCFB-A29FAF5C696E} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-05-07] (Microsoft Corporation)
Task: {621357C1-7661-410E-BAF9-39708138D2B3} - System32\Tasks\{447C2350-ABEC-45B3-8AD7-77F91FFFA74F} => pcalua.exe -a "C:\Users\Michael\AppData\Roaming\Juniper Networks\setup\JuniperSetupClient.exe" -d "C:\Users\Michael\AppData\Roaming\Juniper Networks\setup"
Task: {6BC1A939-7A5C-4FC9-95FF-B097E4562B45} - System32\Tasks\{829FED17-2B99-4C6B-BFAF-8E7FCDFC2EF0} => pcalua.exe -a "C:\Users\Michael\AppData\Roaming\Juniper Networks\setup\JuniperSetupApp.exe" -d "C:\Users\Michael\AppData\Roaming\Juniper Networks\setup"
Task: {7121B4A6-61BC-4491-B07C-637AE6B5ACD4} - System32\Tasks\{A03B3539-0243-4827-A6A2-4C3156E7A2E2} => pcalua.exe -a C:\Users\Michael\Documents\chromeinstall-8u31.exe -d C:\Users\Michael\Documents
Task: {7FEF8DE6-3364-42CB-B4AB-21017CBED048} - System32\Tasks\{997291DA-B0A3-4D22-9707-23D9A3A91165} => pcalua.exe -a D:\Guitar.Pro.v5.2\RSE\RSE_DRUMS.exe -d D:\Guitar.Pro.v5.2\RSE
Task: {93B5ED0D-8843-4172-BFFE-00533A133824} - System32\Tasks\AdobeAAMUpdater-1.0-Michael-PC-Michael => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2014-02-27] (Adobe Systems Incorporated)
Task: {994229F1-55FF-4874-91DE-CF55449C0E09} - System32\Tasks\{FC9D55D0-7405-4480-A372-ABD3ECA90994} => pcalua.exe -a D:\Guitar.Pro.v5.2\RSE\RSE_GUITARS.exe -d D:\Guitar.Pro.v5.2\RSE
Task: {9CCE880D-9BE7-47A8-BA64-BB0910F3DBEB} - System32\Tasks\{77D4F9AE-CDC4-4AC7-8232-07648122682E} => pcalua.exe -a H:\Data\Games\UT2004\System\UDebugger.exe -d H:\Data\Games\UT2004\System
Task: {9E110222-B2BE-4EF6-8E77-D0993B1AA2FF} - System32\Tasks\{F2CD9ED7-C213-4F86-94FA-CEC860E84DE7} => pcalua.exe -a C:\BlueByte\Siedler3\SETUPS3.EXE -d C:\BlueByte\Siedler3
Task: {B7BD85E6-7A03-458F-931B-D3CACE97DDAC} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-05-07] (Microsoft Corporation)
Task: {C8494936-A12F-471B-9B63-648AF71C8598} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-04-06] (Adobe Systems Incorporated)
Task: {CF867DCE-8235-4F46-A0AC-CD35C26DA9B3} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-01-24] (Google Inc.)
Task: {D6947A8C-76F9-4E36-8923-DB18BEB339AA} - System32\Tasks\Microsoft\Windows\TabletPC\InputPersonalization => C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe [2009-07-14] (Microsoft Corporation)
Task: {DAD1002E-8281-442A-935C-627100630B38} - System32\Tasks\{54C4E012-294B-420E-86A5-FF475D8749DE} => pcalua.exe -a C:\BlueByte\Siedler3\s3new160.exe -d C:\BlueByte\Siedler3
Task: {E9795E0D-436B-44B9-B776-038D09357D1A} - System32\Tasks\{24CE67B7-ED80-4078-9BB9-E23104654ABF} => D:\S3\AUTORUN.EXE
Task: {F1501C6E-003B-4E38-9AA4-9AD12D3C99A3} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {F1659734-457C-4C37-B5F3-CDC0406E6244} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-01-24] (Google Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\MATLAB R2013b Startup Accelerator.job => C:\Program Files\MATLAB\R2013b\bin\win64\MATLABStartupAccelerator.exe
==================== Loaded Modules (Whitelisted) ==============
2015-01-20 19:10 - 2014-09-10 23:08 - 00010952 _____ () C:\Program Files\NVIDIA Corporation\CoProcManager\detoured.dll
2013-10-14 16:08 - 2014-09-10 21:34 - 00116552 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2011-09-15 17:46 - 2011-09-15 17:46 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\Libeay32.dll
2013-10-27 19:52 - 2013-10-27 19:52 - 00075504 _____ () C:\Program Files\TortoiseSVN\bin\TortoiseStub.dll
2013-10-27 19:52 - 2013-10-27 19:52 - 00088304 _____ () C:\Program Files\TortoiseSVN\bin\libsasl.dll
2010-01-02 16:42 - 2010-01-02 16:42 - 00098304 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2014-05-12 11:49 - 2014-05-12 11:49 - 00222720 _____ () C:\Program Files (x86)\Notepad++\NppShell_06.dll
2013-10-14 16:03 - 2011-07-19 21:04 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2014-04-14 16:41 - 2014-04-14 16:41 - 01261272 _____ () C:\Program Files (x86)\VMware\VMware Player\libxml2.dll
2015-01-20 19:10 - 2014-09-10 23:08 - 00012104 _____ () C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll
2015-05-23 16:47 - 2015-05-23 16:47 - 00043008 _____ () c:\users\michael\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpxp4rrq.dll
2015-03-04 23:45 - 2015-03-04 23:45 - 00750080 _____ () C:\Users\Michael\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2015-03-04 23:45 - 2015-03-04 23:45 - 00047616 _____ () C:\Users\Michael\AppData\Roaming\Dropbox\bin\libEGL.dll
2015-03-04 23:45 - 2015-03-04 23:45 - 00865280 _____ () C:\Users\Michael\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll
2015-03-04 23:45 - 2015-03-04 23:45 - 00200704 _____ () C:\Users\Michael\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll
2014-10-27 21:07 - 2014-10-27 21:07 - 00169472 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\67e9010a82d780d45c4fd2d359927737\IsdiInterop.ni.dll
2013-10-14 16:17 - 2011-01-12 17:56 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
2013-10-27 19:07 - 2013-10-27 19:07 - 00065264 _____ () C:\Program Files\TortoiseSVN\bin\TortoiseStub32.dll
2013-10-27 19:06 - 2013-10-27 19:06 - 00071408 _____ () C:\Program Files\TortoiseSVN\bin\libsasl32.dll
2014-02-11 21:29 - 2014-02-11 21:29 - 00093696 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll
2015-05-22 10:09 - 2015-05-13 18:48 - 01281864 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.65\libglesv2.dll
2015-05-22 10:09 - 2015-05-13 18:48 - 00080712 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.65\libegl.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
==================== Safe Mode (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-1041102655-3613075563-312560558-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-1041102655-3613075563-312560558-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.2.1
==================== MSCONFIG/TASK MANAGER Error getting ==
(Currently there is no automatic fix for this section.)
MSCONFIG\Services: Adobe LM Service => 3
MSCONFIG\Services: AdobeActiveFileMonitor9.0 => 2
MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: APNMCP => 2
MSCONFIG\Services: Bluetooth Device Monitor => 2
MSCONFIG\Services: Bluetooth Media Service => 3
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: MBAMScheduler => 2
MSCONFIG\Services: MyWiFiDHCPDNS => 3
MSCONFIG\Services: SwitchBoard => 3
MSCONFIG\Services: ZcfgSvc7 => 2
MSCONFIG\startupfolder: C:^Users^Michael^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\Windows\pss\Dropbox.lnk.Startup
MSCONFIG\startupreg: Acrobat Assistant 8.0 => "C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe"
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: AdobeCS5ServiceManager => "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
MSCONFIG\startupreg: ApnTBMon => "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe"
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: Dell Webcam Central => "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
MSCONFIG\startupreg: IAStorIcon => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
MSCONFIG\startupreg: IJNetworkScanUtility => C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
MSCONFIG\startupreg: IntelPAN => "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel PAN Tray
MSCONFIG\startupreg: IntelPROSet => "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel PROSet/Wireless
MSCONFIG\startupreg: KiesAirMessage => C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup
MSCONFIG\startupreg: KiesTrayAgent => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
MSCONFIG\startupreg: NUSB3MON => "C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: SwitchBoard => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
MSCONFIG\startupreg: US800Pane => US800Pan.exe
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{FA5E5F0D-D9F6-4B77-A66B-34D51AD41541}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [TCP Query User{97D86E3B-C4DB-4180-BB32-4F21B6ECBAB9}C:\program files\java\jdk1.7.0_40\bin\javaw.exe] => (Allow) C:\program files\java\jdk1.7.0_40\bin\javaw.exe
FirewallRules: [UDP Query User{82A92059-0934-4275-AA8E-5694639A742C}C:\program files\java\jdk1.7.0_40\bin\javaw.exe] => (Allow) C:\program files\java\jdk1.7.0_40\bin\javaw.exe
FirewallRules: [{DB69A71C-B59C-49B4-A77A-27AED12D7C6A}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [TCP Query User{513FE120-9D78-46B5-999D-984F539F9628}E:\data\games\generals\game.dat] => (Allow) E:\data\games\generals\game.dat
FirewallRules: [UDP Query User{8F6F0426-4BF0-4FA1-8DB4-F8863B51C454}E:\data\games\generals\game.dat] => (Allow) E:\data\games\generals\game.dat
FirewallRules: [TCP Query User{B97F4CE7-3BD0-47C3-ADFE-D530698F83AF}C:\program files (x86)\steinberg\cubase le 5\cubase le 5.exe] => (Allow) C:\program files (x86)\steinberg\cubase le 5\cubase le 5.exe
FirewallRules: [UDP Query User{1968BBFB-A49D-4A4A-A92D-88A43A904726}C:\program files (x86)\steinberg\cubase le 5\cubase le 5.exe] => (Allow) C:\program files (x86)\steinberg\cubase le 5\cubase le 5.exe
FirewallRules: [TCP Query User{500BA5A7-A7F5-46CF-B05D-CB1B91972C16}E:\data\games\generals\game.dat] => (Allow) E:\data\games\generals\game.dat
FirewallRules: [UDP Query User{92CCCB09-9E0E-4E79-ABE6-B806EE0C2AE4}E:\data\games\generals\game.dat] => (Allow) E:\data\games\generals\game.dat
FirewallRules: [TCP Query User{BC3FC516-904E-4DBB-84A5-D3491D3304C9}C:\windows\system32\javaw.exe] => (Allow) C:\windows\system32\javaw.exe
FirewallRules: [UDP Query User{F3C128E5-7D75-4282-A386-AD5E7B7945F6}C:\windows\system32\javaw.exe] => (Allow) C:\windows\system32\javaw.exe
FirewallRules: [TCP Query User{01CF21E4-542E-4B3F-976D-D6BA18D3E82D}G:\data\games\generals\game.dat] => (Allow) G:\data\games\generals\game.dat
FirewallRules: [UDP Query User{84A0B252-8C5A-4FCC-A77F-712FBB1F6555}G:\data\games\generals\game.dat] => (Allow) G:\data\games\generals\game.dat
FirewallRules: [TCP Query User{F20D9D65-5C0D-4200-9D6B-724BEE012D06}C:\windows\system32\javaw.exe] => (Allow) C:\windows\system32\javaw.exe
FirewallRules: [UDP Query User{10F429CF-DB0C-4154-BC64-D5F4E193ED3D}C:\windows\system32\javaw.exe] => (Allow) C:\windows\system32\javaw.exe
FirewallRules: [TCP Query User{835373F8-42A0-4581-9538-9666F53FC164}H:\data\games\generals\game.dat] => (Allow) H:\data\games\generals\game.dat
FirewallRules: [UDP Query User{9737ECCD-BADF-45B9-93D6-4A520CBAEC52}H:\data\games\generals\game.dat] => (Allow) H:\data\games\generals\game.dat
FirewallRules: [{E2CBB12F-BADB-43DC-9929-587F81213AD7}] => (Allow) C:\Program Files (x86)\Microsoft Visual Studio 11.0\Common7\IDE\devenv.exe
FirewallRules: [{682ADC4B-8687-4577-8C7E-CF7047BAC67A}] => (Allow) C:\Program Files (x86)\Microsoft Visual Studio 11.0\Common7\IDE\devenv.exe
FirewallRules: [{213199F5-F43F-4AE4-AEE2-E031F690270A}] => (Allow) C:\Program Files (x86)\Microsoft Visual Studio 11.0\Common7\IDE\devenv.exe
FirewallRules: [{B79C59E7-9260-4511-AA62-11E39570954B}] => (Allow) C:\Program Files (x86)\Microsoft Visual Studio 11.0\Common7\IDE\devenv.exe
FirewallRules: [{E1E2DE8A-E742-416C-A053-8FFC4DAACE55}] => (Allow) C:\Program Files (x86)\Microsoft Visual Studio 11.0\Common7\IDE\devenv.exe
FirewallRules: [{8C47AB55-1C77-4956-A12E-ECFC80A99210}] => (Allow) C:\Program Files (x86)\Microsoft Visual Studio 11.0\Common7\IDE\devenv.exe
FirewallRules: [{60E314F5-F8C4-4243-8C2C-A84B30B88E0C}] => (Allow) C:\Users\Michael\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{BC4BEE05-91AB-496C-946B-118ED2D2BDDB}] => (Allow) C:\Users\Michael\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [TCP Query User{9802540E-0402-4F39-BF10-1D046BC7012D}C:\users\michael\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\michael\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{403238B9-055A-41E3-BFCD-F81A2B501D52}C:\users\michael\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\michael\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [TCP Query User{92AA8E47-B1A4-4B79-91ED-C76C35BF8BCF}C:\slmev\tools.exe] => (Allow) C:\slmev\tools.exe
FirewallRules: [UDP Query User{163D8D58-1D1C-44B0-8AF2-EECBD97A9375}C:\slmev\tools.exe] => (Allow) C:\slmev\tools.exe
FirewallRules: [TCP Query User{6EBF6C69-EA19-4049-838D-3F7E7A74A2B1}C:\slmev\easyview.exe] => (Allow) C:\slmev\easyview.exe
FirewallRules: [UDP Query User{19F3EB68-55EC-4D7D-A20E-4C2410B97A4A}C:\slmev\easyview.exe] => (Allow) C:\slmev\easyview.exe
FirewallRules: [TCP Query User{8140151E-F4BD-4819-A5EE-2DD9348AB172}H:\data\games\generals\game.dat] => (Allow) H:\data\games\generals\game.dat
FirewallRules: [UDP Query User{3BFB8502-8CE5-4D36-B2BE-66FECFA24962}H:\data\games\generals\game.dat] => (Allow) H:\data\games\generals\game.dat
FirewallRules: [{923C9FC1-16ED-4245-AF73-0D58A365B0EC}] => (Allow) C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
FirewallRules: [{F6BD4490-75B0-44E3-ACDA-21351A907E17}] => (Allow) C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
FirewallRules: [TCP Query User{F17A530A-B5CF-40C9-AB78-2BE812E0F695}C:\users\michael\desktop\beamer\beamertool\beamertool.exe] => (Allow) C:\users\michael\desktop\beamer\beamertool\beamertool.exe
FirewallRules: [UDP Query User{3B8D8953-BF83-4020-AB09-4BD96DD2F387}C:\users\michael\desktop\beamer\beamertool\beamertool.exe] => (Allow) C:\users\michael\desktop\beamer\beamertool\beamertool.exe
FirewallRules: [TCP Query User{C2F2F70F-0625-4956-96FE-497E5A6D05C4}C:\program files (x86)\dmxcontrol\dmxcontrol.exe] => (Allow) C:\program files (x86)\dmxcontrol\dmxcontrol.exe
FirewallRules: [UDP Query User{E307CC03-6432-4551-8B00-84DC0A85F8D4}C:\program files (x86)\dmxcontrol\dmxcontrol.exe] => (Allow) C:\program files (x86)\dmxcontrol\dmxcontrol.exe
FirewallRules: [TCP Query User{850F3090-9618-4B56-B90A-CD6D7AD293E4}C:\program files (x86)\things & stuff\touchpad server\touchpadserver.exe] => (Allow) C:\program files (x86)\things & stuff\touchpad server\touchpadserver.exe
FirewallRules: [UDP Query User{DCE3B05B-56E5-44EC-B3D7-7F255BDDCD98}C:\program files (x86)\things & stuff\touchpad server\touchpadserver.exe] => (Allow) C:\program files (x86)\things & stuff\touchpad server\touchpadserver.exe
FirewallRules: [{D0815CA6-9347-4AEC-A441-79AFD3689831}] => (Allow) C:\Program Files (x86)\Microsoft Visual Studio 12.0\Common7\IDE\devenv.exe
FirewallRules: [{7C8396C4-80A3-4415-9D18-3E10660C2FC1}] => (Allow) C:\Program Files (x86)\Microsoft Visual Studio 12.0\Common7\IDE\devenv.exe
FirewallRules: [{E1C332CC-17BF-4152-915C-3D6EC19E0CCF}] => (Allow) C:\Program Files (x86)\Microsoft Visual Studio 12.0\Common7\IDE\devenv.exe
FirewallRules: [{4873C62A-ECD5-4298-AF57-A0AA6C1CDD1D}] => (Allow) C:\Program Files (x86)\Microsoft Visual Studio 12.0\Common7\IDE\devenv.exe
FirewallRules: [{97F14B20-A34F-4107-A744-7A2383E450AE}] => (Allow) C:\Program Files (x86)\Microsoft Visual Studio 12.0\Common7\IDE\devenv.exe
FirewallRules: [{57A0EA4C-C42C-4FFF-B421-4D7A64A6F3B3}] => (Allow) C:\Program Files (x86)\Microsoft Visual Studio 12.0\Common7\IDE\devenv.exe
FirewallRules: [{5B694E98-70DA-4501-AF1B-89A28DDAA7CE}] => (Allow) C:\Program Files (x86)\Microsoft Visual Studio 12.0\Common7\IDE\devenv.exe
FirewallRules: [TCP Query User{6FEDDAD3-EFB5-4657-8F33-BB0E8E0EAF1D}C:\program files (x86)\things & stuff\touchpad server\touchpadserver.exe] => (Allow) C:\program files (x86)\things & stuff\touchpad server\touchpadserver.exe
FirewallRules: [UDP Query User{251E44CF-B2CE-4438-B4D8-B0AB76E52325}C:\program files (x86)\things & stuff\touchpad server\touchpadserver.exe] => (Allow) C:\program files (x86)\things & stuff\touchpad server\touchpadserver.exe
FirewallRules: [{53F74649-63C9-4439-B432-F2AD331000A6}] => (Allow) LPort=12292
FirewallRules: [{C2DD0EA6-C4D8-4539-BB63-89FE5E276884}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{6659FD9A-B882-4FB7-B5F1-6DEF952A2BFC}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{06BEBF8F-01A8-4B4D-ABBB-64B9E1048CDB}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{1F27EB37-2968-4AAC-9F96-58B61F8570A5}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{ACC25D52-4A3B-4422-B4FF-CD658268BB4E}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{A1D2FC9A-8DBC-478E-A362-FCE798510597}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{04D2525F-BDE0-4BDA-8B03-6C496CA6C24F}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{F4A8637B-6579-44A5-A796-1DA843F50A5F}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{27CAB8B0-0A88-45DB-AF64-147FA01F714A}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{F5E648EF-03FA-47FA-B1DD-61DF3E0E627D}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [TCP Query User{61D7D473-7983-4060-BF58-214D002FFEFD}C:\windows\explorer.exe] => (Allow) C:\windows\explorer.exe
FirewallRules: [UDP Query User{0E0DBD7D-23BE-48B6-A1B3-418BF9F789DF}C:\windows\explorer.exe] => (Allow) C:\windows\explorer.exe
FirewallRules: [{7FC74CA0-7D82-4CB2-B74F-DD28D832AA50}] => (Block) C:\windows\explorer.exe
FirewallRules: [{F47355B3-BFDD-4688-AEA7-EF9B19AC3D12}] => (Block) C:\windows\explorer.exe
FirewallRules: [{FFD2D604-58AC-46BF-A71C-73164D2B3E89}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Faulty Device Manager Devices =============
Name: Microsoft-Adapter für Miniports virtueller WiFis
Description: Microsoft-Adapter für Miniports virtueller WiFis
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: vwifimp
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
Name: Realtek PCIe GBE Family Controller
Description: Realtek PCIe GBE Family Controller
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Realtek
Service: RTL8167
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
Name: Microsoft Virtual WiFi Miniport Adapter #2
Description: Microsoft-Adapter für Miniports virtueller WiFis
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: vwifimp
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
Name: VMware Virtual Ethernet Adapter for VMnet1
Description: VMware Virtual Ethernet Adapter for VMnet1
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: VMware, Inc.
Service: VMnetAdapter
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
Name: VMware Virtual Ethernet Adapter for VMnet8
Description: VMware Virtual Ethernet Adapter for VMnet8
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: VMware, Inc.
Service: VMnetAdapter
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
==================== Event log errors: =========================
Application errors:
==================
Error: (05/23/2015 04:48:07 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: Avira.OE.ServiceHost.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund eines Ausnahmefehlers beendet.
Ausnahmeinformationen: System.Xml.XmlException
Stapel:
bei System.Xml.XmlTextReaderImpl.Throw(System.Exception)
bei System.Xml.XmlTextReaderImpl.ParseDocumentContent()
bei System.Xml.XmlTextReaderImpl.Read()
bei System.Xml.XmlLoader.Load(System.Xml.XmlDocument, System.Xml.XmlReader, Boolean)
bei System.Xml.XmlDocument.Load(System.Xml.XmlReader)
bei System.Xml.XmlDocument.Load(System.String)
bei Avira.OE.WinCore.OeSharedSettingsAccessor.TryLoadXmlDocumentFromFile(Int32, System.TimeSpan)
bei Avira.OE.WinCore.OeSharedSettingsAccessor.LoadXmlDocumentFromFile()
bei Avira.OE.WinCore.OeSharedSettingsAccessor.Get(System.String)
bei Avira.OE.WinCore.OeProductInfo.get_Culture()
bei Avira.OE.WinCore.Utility.CultureSetter.SetDefaultCultureDefinedInAppsettings()
bei Avira.OE.ServiceHost.ServiceHost.SetDefaultCulture()
bei Avira.OE.ServiceHost.ServiceHost.Initialize(System.Object)
bei System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object)
bei System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
bei System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
bei System.Threading.ThreadPoolWorkQueue.Dispatch()
bei System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()
Error: (05/23/2015 04:47:56 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: Avira.OE.ServiceHost.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund eines Ausnahmefehlers beendet.
Ausnahmeinformationen: System.Xml.XmlException
Stapel:
bei System.Xml.XmlTextReaderImpl.Throw(System.Exception)
bei System.Xml.XmlTextReaderImpl.ParseDocumentContent()
bei System.Xml.XmlTextReaderImpl.Read()
bei System.Xml.XmlLoader.Load(System.Xml.XmlDocument, System.Xml.XmlReader, Boolean)
bei System.Xml.XmlDocument.Load(System.Xml.XmlReader)
bei System.Xml.XmlDocument.Load(System.String)
bei Avira.OE.WinCore.OeSharedSettingsAccessor.TryLoadXmlDocumentFromFile(Int32, System.TimeSpan)
bei Avira.OE.WinCore.OeSharedSettingsAccessor.LoadXmlDocumentFromFile()
bei Avira.OE.WinCore.OeSharedSettingsAccessor.Get(System.String)
bei Avira.OE.WinCore.OeProductInfo.get_Culture()
bei Avira.OE.WinCore.Utility.CultureSetter.SetDefaultCultureDefinedInAppsettings()
bei Avira.OE.ServiceHost.ServiceHost.SetDefaultCulture()
bei Avira.OE.ServiceHost.ServiceHost.Initialize(System.Object)
bei System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object)
bei System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
bei System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
bei System.Threading.ThreadPoolWorkQueue.Dispatch()
bei System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()
Error: (05/23/2015 04:47:45 PM) (Source: vmauthd) (EventID: 1000) (User: )
Description: 2015-05-23T16:47:45.659+02:00| vthread-5| E105: Cannot find perfmon object in array returned by perfDLL, index=0
Error: (05/23/2015 04:47:36 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: Avira.OE.ServiceHost.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund eines Ausnahmefehlers beendet.
Ausnahmeinformationen: System.Xml.XmlException
Stapel:
bei System.Xml.XmlTextReaderImpl.Throw(System.Exception)
bei System.Xml.XmlTextReaderImpl.ParseDocumentContent()
bei System.Xml.XmlTextReaderImpl.Read()
bei System.Xml.XmlLoader.Load(System.Xml.XmlDocument, System.Xml.XmlReader, Boolean)
bei System.Xml.XmlDocument.Load(System.Xml.XmlReader)
bei System.Xml.XmlDocument.Load(System.String)
bei Avira.OE.WinCore.OeSharedSettingsAccessor.TryLoadXmlDocumentFromFile(Int32, System.TimeSpan)
bei Avira.OE.WinCore.OeSharedSettingsAccessor.LoadXmlDocumentFromFile()
bei Avira.OE.WinCore.OeSharedSettingsAccessor.Get(System.String)
bei Avira.OE.WinCore.OeProductInfo.get_Culture()
bei Avira.OE.WinCore.Utility.CultureSetter.SetDefaultCultureDefinedInAppsettings()
bei Avira.OE.ServiceHost.ServiceHost.SetDefaultCulture()
bei Avira.OE.ServiceHost.ServiceHost.Initialize(System.Object)
bei System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object)
bei System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
bei System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
bei System.Threading.ThreadPoolWorkQueue.Dispatch()
bei System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()
Error: (05/23/2015 04:47:36 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (05/23/2015 04:47:35 PM) (Source: MSSQL$SQLEXPRESS) (EventID: 17113) (User: )
Description: Fehler 2(Das System kann die angegebene Datei nicht finden.) beim Öffnen der Datei 'c:\Program Files\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\DATA\master.mdf' zum Abrufen von Konfigurationsinformationen beim Start. Der Fehler wurde möglicherweise durch eine ungültige Startoption verursacht. Überprüfen Sie die Startoptionen, und korrigieren oder entfernen Sie sie bei Bedarf.
Error: (05/23/2015 04:46:34 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "RegSetValueExW(0x000002e0,SYSTEM\CurrentControlSet\Services\VSS\Diag\VssvcPublisher,0,REG_BINARY,0000000003EDED90.72)" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert
.
Error: (05/23/2015 04:46:34 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "RegSetValueExW(0x00000208,SYSTEM\CurrentControlSet\Services\VSS\Diag\Shadow Copy Optimization Writer,0,REG_BINARY,00000000031BE8D0.72)" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert
.
Vorgang:
BackupShutdown-Ereignis
Kontext:
Ausführungskontext: Writer
Generatorklassen-ID: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
Generatorname: Shadow Copy Optimization Writer
Generatorinstanz-ID: {4da505fc-68e6-4c11-9835-1f2e848d99b8}
Error: (05/23/2015 04:46:34 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "RegSetValueExW(0x000009f0,(null),0,REG_BINARY,000000000978E110.72)" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert
.
Vorgang:
BackupShutdown-Ereignis
Kontext:
Ausführungskontext: Writer
Generatorklassen-ID: {cd3f2362-8bef-46c7-9181-d62844cdc0b2}
Generatorname: MSSearch Service Writer
Generatorinstanz-ID: {57acdb02-9601-4331-b1f1-d006817a300d}
Error: (05/23/2015 04:46:34 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "RegSetValueExW(0x000001f0,(null),0,REG_BINARY,00000000070CE210.72)" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert
.
Vorgang:
BackupShutdown-Ereignis
Kontext:
Ausführungskontext: Writer
Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
Generatorname: System Writer
Generatorinstanz-ID: {da384a5c-31b9-486a-b6ea-7970115cdee2}
System errors:
=============
Error: (05/23/2015 04:48:07 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Avira Service Host" wurde unerwartet beendet. Dies ist bereits 3 Mal passiert.
Error: (05/23/2015 04:48:00 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%-2140995069
Error: (05/23/2015 04:48:00 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Peer Name Resolution-Protokoll" wurde mit folgendem Fehler beendet:
%%-2140995069
Error: (05/23/2015 04:47:58 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%-2140995069
Error: (05/23/2015 04:47:58 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Peer Name Resolution-Protokoll" wurde mit folgendem Fehler beendet:
%%-2140995069
Error: (05/23/2015 04:47:58 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%-2140995069
Error: (05/23/2015 04:47:58 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Peer Name Resolution-Protokoll" wurde mit folgendem Fehler beendet:
%%-2140995069
Error: (05/23/2015 04:48:00 PM) (Source: PNRPSvc) (EventID: 102) (User: )
Description: 0x80630203
Error: (05/23/2015 04:47:58 PM) (Source: PNRPSvc) (EventID: 102) (User: )
Description: 0x80630203
Error: (05/23/2015 04:47:58 PM) (Source: PNRPSvc) (EventID: 102) (User: )
Description: 0x80630203
Microsoft Office:
=========================
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i7-2670QM CPU @ 2.20GHz
Percentage of memory in use: 48%
Total physical RAM: 6038.17 MB
Available physical RAM: 3092.08 MB
Total Pagefile: 12074.54 MB
Available Pagefile: 8731.01 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:185.55 GB) (Free:31.87 GB) NTFS
Drive e: (Lubuntu 14.10 am) (CDROM) (Total:0.69 GB) (Free:0 GB) CDFS
Drive f: (USB DISK) (Removable) (Total:3.73 GB) (Free:3.72 GB) FAT32
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 232.9 GB) (Disk ID: C9A0D27B)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=185.5 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=976 MB) - (Type=82)
Partition 4: (Not Active) - (Size=46.3 GB) - (Type=83)
========================================================
Disk: 1 (Size: 3.7 GB) (Disk ID: 00000000)
Partition: GPT Partition Type.
==================== End of log ============================
|
|
24.05.2015, 09:52
| #5 |
| | Telekom Brief Zeus/Zbot Gmer: Code:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2015-05-23 17:47:18
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 Samsung_ rev.DXT0 232,89GB
Running: oxqoiqu8.exe; Driver: C:\Users\Michael\AppData\Local\Temp\kwliqkog.sys
---- User code sections - GMER 2.1 ----
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1448] C:\Windows\system32\kernel32.dll!RegSetValueExW 000000007737a3e0 7 bytes JMP 000000016fff0228
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1448] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000077383f00 5 bytes JMP 000000016fff0180
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1448] C:\Windows\system32\kernel32.dll!RegDeleteValueW 000000007739ffd0 5 bytes JMP 000000016fff01b8
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1448] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 00000000773af350 5 bytes JMP 000000016fff0110
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1448] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 00000000773d9aa0 7 bytes JMP 000000016fff00d8
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1448] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000773e9530 5 bytes JMP 000000016fff0148
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1448] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000077408850 7 bytes JMP 000000016fff01f0
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1448] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd633460 7 bytes JMP 000007fffd5e00d8
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1448] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd64a590 6 bytes JMP 000007fffd5e0148
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1448] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd64ac00 5 bytes JMP 000007fffd5e0180
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1448] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd64ada0 5 bytes JMP 000007fffd5e0110
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1448] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefdea89e0 8 bytes JMP 000007fffd5e01f0
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1448] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefdeabe40 8 bytes JMP 000007fffd5e01b8
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1448] C:\Windows\system32\ole32.dll!CoCreateInstance 000007feff4a7490 11 bytes JMP 000007fffd5e0228
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1448] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007feff4bbf00 7 bytes JMP 000007fffd5e0260
.text C:\Windows\SysWOW64\vmnat.exe[2720] C:\Windows\SysWOW64\SHFOLDER.dll!SHGetFolderPathW + 4 000000006edc13b0 2 bytes JMP 764a5660 C:\Windows\syswow64\SHELL32.dll
.text C:\Windows\SysWOW64\vmnat.exe[2720] C:\Windows\SysWOW64\SHFOLDER.dll!SHGetFolderPathW + 20 000000006edc13c0 2 bytes CALL 75ff9cee C:\Windows\syswow64\msvcrt.dll
.text ... * 20
.text C:\Windows\SysWOW64\vmnat.exe[2720] C:\Windows\SysWOW64\SHFOLDER.dll!SHGetFolderPathA + 22 000000006edc153e 2 bytes CALL 76537794 C:\Windows\syswow64\SHELL32.dll
.text C:\Windows\SysWOW64\vmnat.exe[2720] C:\Windows\SysWOW64\SHFOLDER.dll!SHGetFolderPathA + 43 000000006edc1553 2 bytes CALL 762f10ff C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe[2300] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077311401 2 bytes JMP 7631b21b C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe[2300] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077311419 2 bytes JMP 7631b346 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe[2300] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077311431 2 bytes JMP 76398f29 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe[2300] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007731144a 2 bytes CALL 762f489d C:\Windows\syswow64\kernel32.dll
.text ... * 9
.text C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe[2300] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000773114dd 2 bytes JMP 76398822 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe[2300] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000773114f5 2 bytes JMP 763989f8 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe[2300] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007731150d 2 bytes JMP 76398718 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe[2300] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077311525 2 bytes JMP 76398ae2 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe[2300] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007731153d 2 bytes JMP 7630fca8 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe[2300] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077311555 2 bytes JMP 763168ef C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe[2300] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007731156d 2 bytes JMP 76398fe3 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe[2300] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077311585 2 bytes JMP 76398b42 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe[2300] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007731159d 2 bytes JMP 763986dc C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe[2300] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000773115b5 2 bytes JMP 7630fd41 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe[2300] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000773115cd 2 bytes JMP 7631b2dc C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe[2300] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000773116b2 2 bytes JMP 76398ea4 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe[2300] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000773116bd 2 bytes JMP 76398671 C:\Windows\syswow64\kernel32.dll
.text C:\Windows\system32\Dwm.exe[3620] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd633460 7 bytes JMP 000007fffd5e00d8
.text C:\Windows\system32\Dwm.exe[3620] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd64a590 6 bytes JMP 000007fffd5e0148
.text C:\Windows\system32\Dwm.exe[3620] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd64ac00 5 bytes JMP 000007fffd5e0180
.text C:\Windows\system32\Dwm.exe[3620] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd64ada0 5 bytes JMP 000007fffd5e0110
.text C:\Windows\system32\Dwm.exe[3620] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefdea89e0 8 bytes JMP 000007fffd5e01f0
.text C:\Windows\system32\Dwm.exe[3620] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefdeabe40 8 bytes JMP 000007fffd5e01b8
.text C:\Windows\system32\Dwm.exe[3620] C:\Windows\system32\dxgi.dll!CreateDXGIFactory 000007fef68adc88 5 bytes JMP 000007fff68800d8
.text C:\Windows\system32\Dwm.exe[3620] C:\Windows\system32\dxgi.dll!CreateDXGIFactory1 000007fef68ade10 5 bytes JMP 000007fff6880110
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[3864] C:\Windows\system32\kernel32.dll!RegSetValueExW 000000007737a3e0 7 bytes JMP 000000016fff0228
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[3864] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000077383f00 5 bytes JMP 000000016fff0180
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[3864] C:\Windows\system32\kernel32.dll!RegDeleteValueW 000000007739ffd0 5 bytes JMP 000000016fff01b8
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[3864] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 00000000773af350 5 bytes JMP 000000016fff0110
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[3864] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 00000000773d9aa0 7 bytes JMP 000000016fff00d8
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[3864] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000773e9530 5 bytes JMP 000000016fff0148
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[3864] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000077408850 7 bytes JMP 000000016fff01f0
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[3864] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd633460 7 bytes JMP 000007fffd5e00d8
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[3864] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd64a590 6 bytes JMP 000007fffd5e0148
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[3864] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd64ac00 5 bytes JMP 000007fffd5e0180
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[3864] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd64ada0 5 bytes JMP 000007fffd5e0110
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[3864] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefdea89e0 8 bytes JMP 000007fffd5e01f0
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[3864] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefdeabe40 8 bytes JMP 000007fffd5e01b8
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[3864] C:\Windows\system32\ole32.dll!CoCreateInstance 000007feff4a7490 11 bytes JMP 000007fffd5e0228
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[3864] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007feff4bbf00 7 bytes JMP 000007fffd5e0260
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3876] C:\Windows\system32\kernel32.dll!RegSetValueExW 000000007737a3e0 7 bytes JMP 000000016fff0228
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3876] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000077383f00 5 bytes JMP 000000016fff0180
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3876] C:\Windows\system32\kernel32.dll!RegDeleteValueW 000000007739ffd0 5 bytes JMP 000000016fff01b8
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3876] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 00000000773af350 5 bytes JMP 000000016fff0110
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3876] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 00000000773d9aa0 7 bytes JMP 000000016fff00d8
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3876] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000773e9530 5 bytes JMP 000000016fff0148
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3876] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000077408850 7 bytes JMP 000000016fff01f0
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3876] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd633460 7 bytes JMP 000007fffd5e00d8
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3876] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd64a590 6 bytes JMP 000007fffd5e0148
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3876] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd64ac00 5 bytes JMP 000007fffd5e0180
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3876] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd64ada0 5 bytes JMP 000007fffd5e0110
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3876] C:\Windows\system32\ole32.dll!CoCreateInstance 000007feff4a7490 11 bytes JMP 000007fffd5e0228
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3876] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007feff4bbf00 7 bytes JMP 000007fffd5e0260
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3876] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefdea89e0 8 bytes JMP 000007fffd5e01f0
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3876] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefdeabe40 8 bytes JMP 000007fffd5e01b8
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3884] C:\Windows\system32\kernel32.dll!RegSetValueExW 000000007737a3e0 7 bytes JMP 000000016fff0228
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3884] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000077383f00 5 bytes JMP 000000016fff0180
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3884] C:\Windows\system32\kernel32.dll!RegDeleteValueW 000000007739ffd0 5 bytes JMP 000000016fff01b8
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3884] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 00000000773af350 5 bytes JMP 000000016fff0110
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3884] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 00000000773d9aa0 7 bytes JMP 000000016fff00d8
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3884] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000773e9530 5 bytes JMP 000000016fff0148
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3884] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000077408850 7 bytes JMP 000000016fff01f0
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3884] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd633460 7 bytes JMP 000007fffd5e00d8
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3884] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd64a590 6 bytes JMP 000007fffd5e0148
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3884] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd64ac00 5 bytes JMP 000007fffd5e0180
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3884] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd64ada0 5 bytes JMP 000007fffd5e0110
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3884] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefdea89e0 8 bytes JMP 000007fffd5e01f0
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3884] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefdeabe40 8 bytes JMP 000007fffd5e01b8
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3884] C:\Windows\system32\ole32.dll!CoCreateInstance 000007feff4a7490 11 bytes JMP 000007fffd5e0228
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3884] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007feff4bbf00 7 bytes JMP 000007fffd5e0260
.text C:\Program Files\Dell\QuickSet\quickset.exe[3892] C:\Windows\system32\kernel32.dll!RegSetValueExW 000000007737a3e0 7 bytes JMP 000000016fff0228
.text C:\Program Files\Dell\QuickSet\quickset.exe[3892] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000077383f00 5 bytes JMP 000000016fff0180
.text C:\Program Files\Dell\QuickSet\quickset.exe[3892] C:\Windows\system32\kernel32.dll!RegDeleteValueW 000000007739ffd0 5 bytes JMP 000000016fff01b8
.text C:\Program Files\Dell\QuickSet\quickset.exe[3892] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 00000000773af350 5 bytes JMP 000000016fff0110
.text C:\Program Files\Dell\QuickSet\quickset.exe[3892] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 00000000773d9aa0 7 bytes JMP 000000016fff00d8
.text C:\Program Files\Dell\QuickSet\quickset.exe[3892] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000773e9530 5 bytes JMP 000000016fff0148
.text C:\Program Files\Dell\QuickSet\quickset.exe[3892] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000077408850 7 bytes JMP 000000016fff01f0
.text C:\Program Files\Dell\QuickSet\quickset.exe[3892] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd633460 7 bytes JMP 000007fffd5e00d8
.text C:\Program Files\Dell\QuickSet\quickset.exe[3892] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd64a590 6 bytes JMP 000007fffd5e0148
.text C:\Program Files\Dell\QuickSet\quickset.exe[3892] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd64ac00 5 bytes JMP 000007fffd5e0180
.text C:\Program Files\Dell\QuickSet\quickset.exe[3892] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd64ada0 5 bytes JMP 000007fffd5e0110
.text C:\Program Files\Dell\QuickSet\quickset.exe[3892] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefdea89e0 8 bytes JMP 000007fffd5e01f0
.text C:\Program Files\Dell\QuickSet\quickset.exe[3892] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefdeabe40 8 bytes JMP 000007fffd5e01b8
.text C:\Program Files\Dell\QuickSet\quickset.exe[3892] C:\Windows\system32\ole32.dll!CoCreateInstance 000007feff4a7490 11 bytes JMP 000007fffd5e0228
.text C:\Program Files\Dell\QuickSet\quickset.exe[3892] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007feff4bbf00 7 bytes JMP 000007fffd5e0260
.text C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe[3932] C:\Windows\system32\kernel32.dll!RegSetValueExW 000000007737a3e0 7 bytes JMP 000000016fff0228
.text C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe[3932] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000077383f00 5 bytes JMP 000000016fff0180
.text C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe[3932] C:\Windows\system32\kernel32.dll!RegDeleteValueW 000000007739ffd0 5 bytes JMP 000000016fff01b8
.text C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe[3932] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 00000000773af350 5 bytes JMP 000000016fff0110
.text C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe[3932] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 00000000773d9aa0 7 bytes JMP 000000016fff00d8
.text C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe[3932] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000773e9530 5 bytes JMP 000000016fff0148
.text C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe[3932] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000077408850 7 bytes JMP 000000016fff01f0
.text C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe[3932] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd633460 7 bytes JMP 000007fffd5e00d8
.text C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe[3932] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd64a590 6 bytes JMP 000007fffd5e0148
.text C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe[3932] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd64ac00 5 bytes JMP 000007fffd5e0180
.text C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe[3932] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd64ada0 5 bytes JMP 000007fffd5e0110
.text C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe[3932] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefdea89e0 8 bytes JMP 000007fffd5e01f0
.text C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe[3932] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefdeabe40 8 bytes JMP 000007fffd5e01b8
.text C:\Windows\System32\igfxpers.exe[3424] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd633460 7 bytes JMP 000007fffd5e00d8
.text C:\Windows\System32\igfxpers.exe[3424] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd64a590 6 bytes JMP 000007fffd5e0148
.text C:\Windows\System32\igfxpers.exe[3424] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd64ac00 5 bytes JMP 000007fffd5e0180
.text C:\Windows\System32\igfxpers.exe[3424] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd64ada0 5 bytes JMP 000007fffd5e0110
.text C:\Windows\System32\igfxpers.exe[3424] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefdea89e0 8 bytes JMP 000007fffd5e01f0
.text C:\Windows\System32\igfxpers.exe[3424] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefdeabe40 8 bytes JMP 000007fffd5e01b8
.text C:\Windows\System32\igfxpers.exe[3424] C:\Windows\system32\ole32.dll!CoCreateInstance 000007feff4a7490 11 bytes JMP 000007fffd5e0228
.text C:\Windows\System32\igfxpers.exe[3424] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007feff4bbf00 7 bytes JMP 000007fffd5e0260
.text C:\Program Files\TortoiseSVN\bin\TSVNCache.exe[3528] C:\Windows\system32\kernel32.dll!RegSetValueExW 000000007737a3e0 7 bytes JMP 000000016fff0228
.text C:\Program Files\TortoiseSVN\bin\TSVNCache.exe[3528] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000077383f00 5 bytes JMP 000000016fff0180
.text C:\Program Files\TortoiseSVN\bin\TSVNCache.exe[3528] C:\Windows\system32\kernel32.dll!RegDeleteValueW 000000007739ffd0 5 bytes JMP 000000016fff01b8
.text C:\Program Files\TortoiseSVN\bin\TSVNCache.exe[3528] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 00000000773af350 5 bytes JMP 000000016fff0110
.text C:\Program Files\TortoiseSVN\bin\TSVNCache.exe[3528] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 00000000773d9aa0 7 bytes JMP 000000016fff00d8
.text C:\Program Files\TortoiseSVN\bin\TSVNCache.exe[3528] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000773e9530 5 bytes JMP 000000016fff0148
.text C:\Program Files\TortoiseSVN\bin\TSVNCache.exe[3528] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000077408850 7 bytes JMP 000000016fff01f0
.text C:\Program Files\TortoiseSVN\bin\TSVNCache.exe[3528] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd633460 7 bytes JMP 000007fffd4700d8
.text C:\Program Files\TortoiseSVN\bin\TSVNCache.exe[3528] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd64a590 6 bytes JMP 000007fffd470148
.text C:\Program Files\TortoiseSVN\bin\TSVNCache.exe[3528] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd64ac00 5 bytes JMP 000007fffd470180
.text C:\Program Files\TortoiseSVN\bin\TSVNCache.exe[3528] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd64ada0 5 bytes JMP 000007fffd470110
.text C:\Program Files\TortoiseSVN\bin\TSVNCache.exe[3528] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefdea89e0 8 bytes JMP 000007fffd4701f0
.text C:\Program Files\TortoiseSVN\bin\TSVNCache.exe[3528] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefdeabe40 8 bytes JMP 000007fffd4701b8
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4052] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 00000000762f1efe 7 bytes JMP 0000000167a73dd0
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4052] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 00000000762f5b9d 7 bytes JMP 0000000167a740e0
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4052] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000763013f9 7 bytes JMP 0000000167a73f10
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4052] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 000000007630ea45 7 bytes JMP 0000000167a73dc0
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4052] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000076398ea4 7 bytes JMP 0000000167a73b50
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4052] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000076398f29 5 bytes JMP 0000000167a73c00
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4052] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000076399281 5 bytes JMP 0000000167a73b60
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4052] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 00000000771a1d29 5 bytes JMP 0000000167a73b00
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4052] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 00000000771a1dd7 5 bytes JMP 0000000167a73ab0
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4052] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 00000000771a2ab1 5 bytes JMP 0000000167a73c10
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4052] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 00000000771a2d17 5 bytes JMP 0000000167a73890
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4052] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075368a29 5 bytes JMP 0000000167a73370
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4052] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000075374572 5 bytes JMP 0000000167a73810
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4052] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 000000007538e567 5 bytes JMP 0000000167a73880
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4052] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 00000000753b07d7 5 bytes JMP 0000000167a73280
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4052] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 00000000753c7a5c 5 bytes JMP 0000000167a73800
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4052] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 00000000760ce96b 5 bytes JMP 0000000167a733e0
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4052] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 00000000760ceba5 5 bytes JMP 0000000167a733f0
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4052] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000076185ea5 5 bytes JMP 0000000167a73320
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4052] C:\Windows\syswow64\ole32.dll!CoCreateInstance 00000000761b9d0b 3 bytes JMP 0000000167a732b0
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4052] C:\Windows\syswow64\ole32.dll!CoCreateInstance + 4 00000000761b9d0f 1 byte [F1]
.text C:\Users\Michael\AppData\Roaming\Dropbox\bin\Dropbox.exe[4372] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 00000000762f1efe 7 bytes JMP 0000000167a73dd0
.text C:\Users\Michael\AppData\Roaming\Dropbox\bin\Dropbox.exe[4372] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 00000000762f5b9d 7 bytes JMP 0000000167a740e0
.text C:\Users\Michael\AppData\Roaming\Dropbox\bin\Dropbox.exe[4372] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000763013f9 7 bytes JMP 0000000167a73f10
.text C:\Users\Michael\AppData\Roaming\Dropbox\bin\Dropbox.exe[4372] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 000000007630ea45 7 bytes JMP 0000000167a73dc0
.text C:\Users\Michael\AppData\Roaming\Dropbox\bin\Dropbox.exe[4372] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000076398ea4 7 bytes JMP 0000000167a73b50
.text C:\Users\Michael\AppData\Roaming\Dropbox\bin\Dropbox.exe[4372] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000076398f29 5 bytes JMP 0000000167a73c00
.text C:\Users\Michael\AppData\Roaming\Dropbox\bin\Dropbox.exe[4372] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000076399281 5 bytes JMP 0000000167a73b60
.text C:\Users\Michael\AppData\Roaming\Dropbox\bin\Dropbox.exe[4372] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 00000000771a1d29 5 bytes JMP 0000000167a73b00
.text C:\Users\Michael\AppData\Roaming\Dropbox\bin\Dropbox.exe[4372] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 00000000771a1dd7 5 bytes JMP 0000000167a73ab0
.text C:\Users\Michael\AppData\Roaming\Dropbox\bin\Dropbox.exe[4372] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 00000000771a2ab1 5 bytes JMP 0000000167a73c10
.text C:\Users\Michael\AppData\Roaming\Dropbox\bin\Dropbox.exe[4372] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 00000000771a2d17 5 bytes JMP 0000000167a73890
.text C:\Users\Michael\AppData\Roaming\Dropbox\bin\Dropbox.exe[4372] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075368a29 5 bytes JMP 0000000167a73370
.text C:\Users\Michael\AppData\Roaming\Dropbox\bin\Dropbox.exe[4372] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000075374572 5 bytes JMP 0000000167a73810
.text C:\Users\Michael\AppData\Roaming\Dropbox\bin\Dropbox.exe[4372] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 000000007538e567 5 bytes JMP 0000000167a73880
.text C:\Users\Michael\AppData\Roaming\Dropbox\bin\Dropbox.exe[4372] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 00000000753b07d7 5 bytes JMP 0000000167a73280
.text C:\Users\Michael\AppData\Roaming\Dropbox\bin\Dropbox.exe[4372] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 00000000753c7a5c 5 bytes JMP 0000000167a73800
.text C:\Users\Michael\AppData\Roaming\Dropbox\bin\Dropbox.exe[4372] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 00000000760ce96b 5 bytes JMP 0000000167a733e0
.text C:\Users\Michael\AppData\Roaming\Dropbox\bin\Dropbox.exe[4372] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 00000000760ceba5 5 bytes JMP 0000000167a733f0
.text C:\Users\Michael\AppData\Roaming\Dropbox\bin\Dropbox.exe[4372] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000076185ea5 5 bytes JMP 0000000167a73320
.text C:\Users\Michael\AppData\Roaming\Dropbox\bin\Dropbox.exe[4372] C:\Windows\syswow64\ole32.dll!CoCreateInstance 00000000761b9d0b 3 bytes JMP 0000000167a732b0
.text C:\Users\Michael\AppData\Roaming\Dropbox\bin\Dropbox.exe[4372] C:\Windows\syswow64\ole32.dll!CoCreateInstance + 4 00000000761b9d0f 1 byte [F1]
.text C:\Users\Michael\AppData\Roaming\Dropbox\bin\Dropbox.exe[4372] C:\Windows\syswow64\Psapi.dll!GetModuleFileNameExW + 17 0000000077311401 2 bytes JMP 7631b21b C:\Windows\syswow64\kernel32.dll
.text C:\Users\Michael\AppData\Roaming\Dropbox\bin\Dropbox.exe[4372] C:\Windows\syswow64\Psapi.dll!EnumProcessModules + 17 0000000077311419 2 bytes JMP 7631b346 C:\Windows\syswow64\kernel32.dll
.text C:\Users\Michael\AppData\Roaming\Dropbox\bin\Dropbox.exe[4372] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 17 0000000077311431 2 bytes JMP 76398f29 C:\Windows\syswow64\kernel32.dll
.text C:\Users\Michael\AppData\Roaming\Dropbox\bin\Dropbox.exe[4372] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 42 000000007731144a 2 bytes CALL 762f489d C:\Windows\syswow64\kernel32.dll
.text ... * 9
.text C:\Users\Michael\AppData\Roaming\Dropbox\bin\Dropbox.exe[4372] C:\Windows\syswow64\Psapi.dll!EnumDeviceDrivers + 17 00000000773114dd 2 bytes JMP 76398822 C:\Windows\syswow64\kernel32.dll
.text C:\Users\Michael\AppData\Roaming\Dropbox\bin\Dropbox.exe[4372] C:\Windows\syswow64\Psapi.dll!GetDeviceDriverBaseNameA + 17 00000000773114f5 2 bytes JMP 763989f8 C:\Windows\syswow64\kernel32.dll
.text C:\Users\Michael\AppData\Roaming\Dropbox\bin\Dropbox.exe[4372] C:\Windows\syswow64\Psapi.dll!QueryWorkingSetEx + 17 000000007731150d 2 bytes JMP 76398718 C:\Windows\syswow64\kernel32.dll
.text C:\Users\Michael\AppData\Roaming\Dropbox\bin\Dropbox.exe[4372] C:\Windows\syswow64\Psapi.dll!GetDeviceDriverBaseNameW + 17 0000000077311525 2 bytes JMP 76398ae2 C:\Windows\syswow64\kernel32.dll
.text C:\Users\Michael\AppData\Roaming\Dropbox\bin\Dropbox.exe[4372] C:\Windows\syswow64\Psapi.dll!GetModuleBaseNameW + 17 000000007731153d 2 bytes JMP 7630fca8 C:\Windows\syswow64\kernel32.dll
.text C:\Users\Michael\AppData\Roaming\Dropbox\bin\Dropbox.exe[4372] C:\Windows\syswow64\Psapi.dll!EnumProcesses + 17 0000000077311555 2 bytes JMP 763168ef C:\Windows\syswow64\kernel32.dll
.text C:\Users\Michael\AppData\Roaming\Dropbox\bin\Dropbox.exe[4372] C:\Windows\syswow64\Psapi.dll!GetProcessMemoryInfo + 17 000000007731156d 2 bytes JMP 76398fe3 C:\Windows\syswow64\kernel32.dll
.text C:\Users\Michael\AppData\Roaming\Dropbox\bin\Dropbox.exe[4372] C:\Windows\syswow64\Psapi.dll!GetPerformanceInfo + 17 0000000077311585 2 bytes JMP 76398b42 C:\Windows\syswow64\kernel32.dll
.text C:\Users\Michael\AppData\Roaming\Dropbox\bin\Dropbox.exe[4372] C:\Windows\syswow64\Psapi.dll!QueryWorkingSet + 17 000000007731159d 2 bytes JMP 763986dc C:\Windows\syswow64\kernel32.dll
.text C:\Users\Michael\AppData\Roaming\Dropbox\bin\Dropbox.exe[4372] C:\Windows\syswow64\Psapi.dll!GetModuleBaseNameA + 17 00000000773115b5 2 bytes JMP 7630fd41 C:\Windows\syswow64\kernel32.dll
.text C:\Users\Michael\AppData\Roaming\Dropbox\bin\Dropbox.exe[4372] C:\Windows\syswow64\Psapi.dll!GetModuleFileNameExA + 17 00000000773115cd 2 bytes JMP 7631b2dc C:\Windows\syswow64\kernel32.dll
.text C:\Users\Michael\AppData\Roaming\Dropbox\bin\Dropbox.exe[4372] C:\Windows\syswow64\Psapi.dll!GetProcessImageFileNameW + 20 00000000773116b2 2 bytes JMP 76398ea4 C:\Windows\syswow64\kernel32.dll
.text C:\Users\Michael\AppData\Roaming\Dropbox\bin\Dropbox.exe[4372] C:\Windows\syswow64\Psapi.dll!GetProcessImageFileNameW + 31 00000000773116bd 2 bytes JMP 76398671 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe[4520] C:\Windows\syswow64\KERNEL32.dll!RegQueryValueExW 00000000762f1efe 7 bytes JMP 0000000167a73dd0
.text C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe[4520] C:\Windows\syswow64\KERNEL32.dll!RegSetValueExW 00000000762f5b9d 7 bytes JMP 0000000167a740e0
.text C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe[4520] C:\Windows\syswow64\KERNEL32.dll!RegSetValueExA 00000000763013f9 7 bytes JMP 0000000167a73f10
.text C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe[4520] C:\Windows\syswow64\KERNEL32.dll!RegDeleteValueW 000000007630ea45 7 bytes JMP 0000000167a73dc0
.text C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe[4520] C:\Windows\syswow64\KERNEL32.dll!K32EnumProcessModulesEx 0000000076398ea4 7 bytes JMP 0000000167a73b50
.text C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe[4520] C:\Windows\syswow64\KERNEL32.dll!K32GetModuleInformation 0000000076398f29 5 bytes JMP 0000000167a73c00
.text C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe[4520] C:\Windows\syswow64\KERNEL32.dll!K32GetMappedFileNameW 0000000076399281 5 bytes JMP 0000000167a73b60
.text C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe[4520] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 00000000771a1d29 5 bytes JMP 0000000167a73b00
.text C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe[4520] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 00000000771a1dd7 5 bytes JMP 0000000167a73ab0
.text C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe[4520] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 00000000771a2ab1 5 bytes JMP 0000000167a73c10
.text C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe[4520] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 00000000771a2d17 5 bytes JMP 0000000167a73890
.text C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe[4520] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 00000000760ce96b 5 bytes JMP 0000000167a733e0
.text C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe[4520] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 00000000760ceba5 5 bytes JMP 0000000167a733f0
.text C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe[4520] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075368a29 5 bytes JMP 0000000167a73370
.text C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe[4520] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000075374572 5 bytes JMP 0000000167a73810
.text C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe[4520] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 000000007538e567 5 bytes JMP 0000000167a73880
.text C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe[4520] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 00000000753b07d7 5 bytes JMP 0000000167a73280
.text C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe[4520] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 00000000753c7a5c 5 bytes JMP 0000000167a73800
.text C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe[4520] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000076185ea5 5 bytes JMP 0000000167a73320
.text C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe[4520] C:\Windows\syswow64\ole32.dll!CoCreateInstance 00000000761b9d0b 3 bytes JMP 0000000167a732b0
.text C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe[4520] C:\Windows\syswow64\ole32.dll!CoCreateInstance + 4 00000000761b9d0f 1 byte [F1]
.text C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe[4520] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExW + 17 0000000077311401 2 bytes JMP 7631b21b C:\Windows\syswow64\KERNEL32.dll
.text C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe[4520] C:\Windows\syswow64\psapi.dll!EnumProcessModules + 17 0000000077311419 2 bytes JMP 7631b346 C:\Windows\syswow64\KERNEL32.dll
.text C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe[4520] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 17 0000000077311431 2 bytes JMP 76398f29 C:\Windows\syswow64\KERNEL32.dll
.text C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe[4520] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 42 000000007731144a 2 bytes CALL 762f489d C:\Windows\syswow64\KERNEL32.dll
.text ... * 9
.text C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe[4520] C:\Windows\syswow64\psapi.dll!EnumDeviceDrivers + 17 00000000773114dd 2 bytes JMP 76398822 C:\Windows\syswow64\KERNEL32.dll
.text C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe[4520] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameA + 17 00000000773114f5 2 bytes JMP 763989f8 C:\Windows\syswow64\KERNEL32.dll
.text C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe[4520] C:\Windows\syswow64\psapi.dll!QueryWorkingSetEx + 17 000000007731150d 2 bytes JMP 76398718 C:\Windows\syswow64\KERNEL32.dll
.text C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe[4520] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameW + 17 0000000077311525 2 bytes JMP 76398ae2 C:\Windows\syswow64\KERNEL32.dll
.text C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe[4520] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameW + 17 000000007731153d 2 bytes JMP 7630fca8 C:\Windows\syswow64\KERNEL32.dll
.text C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe[4520] C:\Windows\syswow64\psapi.dll!EnumProcesses + 17 0000000077311555 2 bytes JMP 763168ef C:\Windows\syswow64\KERNEL32.dll
.text C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe[4520] C:\Windows\syswow64\psapi.dll!GetProcessMemoryInfo + 17 000000007731156d 2 bytes JMP 76398fe3 C:\Windows\syswow64\KERNEL32.dll
.text C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe[4520] C:\Windows\syswow64\psapi.dll!GetPerformanceInfo + 17 0000000077311585 2 bytes JMP 76398b42 C:\Windows\syswow64\KERNEL32.dll
.text C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe[4520] C:\Windows\syswow64\psapi.dll!QueryWorkingSet + 17 000000007731159d 2 bytes JMP 763986dc C:\Windows\syswow64\KERNEL32.dll
.text C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe[4520] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameA + 17 00000000773115b5 2 bytes JMP 7630fd41 C:\Windows\syswow64\KERNEL32.dll
.text C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe[4520] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExA + 17 00000000773115cd 2 bytes JMP 7631b2dc C:\Windows\syswow64\KERNEL32.dll
.text C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe[4520] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 20 00000000773116b2 2 bytes JMP 76398ea4 C:\Windows\syswow64\KERNEL32.dll
.text C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe[4520] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 31 00000000773116bd 2 bytes JMP 76398671 C:\Windows\syswow64\KERNEL32.dll
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4856] C:\Windows\system32\kernel32.dll!RegSetValueExW 000000007737a3e0 7 bytes JMP 000000016fff0228
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4856] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000077383f00 5 bytes JMP 000000016fff0180
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4856] C:\Windows\system32\kernel32.dll!RegDeleteValueW 000000007739ffd0 5 bytes JMP 000000016fff01b8
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4856] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 00000000773af350 5 bytes JMP 000000016fff0110
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4856] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 00000000773d9aa0 7 bytes JMP 000000016fff00d8
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4856] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000773e9530 5 bytes JMP 000000016fff0148
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4856] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000077408850 7 bytes JMP 000000016fff01f0
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4856] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd633460 7 bytes JMP 000007fffd5e00d8
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4856] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd64a590 6 bytes JMP 000007fffd5e0148
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4856] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd64ac00 5 bytes JMP 000007fffd5e0180
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4856] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd64ada0 5 bytes JMP 000007fffd5e0110
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4856] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefdea89e0 8 bytes JMP 000007fffd5e01f0
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4856] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefdeabe40 8 bytes JMP 000007fffd5e01b8
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4732] C:\Windows\system32\kernel32.dll!RegSetValueExW 000000007737a3e0 7 bytes JMP 000000016fff0228
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4732] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000077383f00 5 bytes JMP 000000016fff0180
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4732] C:\Windows\system32\kernel32.dll!RegDeleteValueW 000000007739ffd0 5 bytes JMP 000000016fff01b8
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4732] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 00000000773af350 5 bytes JMP 000000016fff0110
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4732] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 00000000773d9aa0 7 bytes JMP 000000016fff00d8
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4732] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000773e9530 5 bytes JMP 000000016fff0148
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4732] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000077408850 7 bytes JMP 000000016fff01f0
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4732] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd633460 7 bytes JMP 000007fffd4700d8
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4732] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd64a590 6 bytes JMP 000007fffd470148
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4732] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd64ac00 5 bytes JMP 000007fffd470180
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4732] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd64ada0 5 bytes JMP 000007fffd470110
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4732] C:\Windows\system32\ole32.dll!CoCreateInstance 000007feff4a7490 11 bytes JMP 000007fffd470228
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4732] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007feff4bbf00 7 bytes JMP 000007fffd470260
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4732] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefdea89e0 8 bytes JMP 000007fffd4701f0
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4732] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefdeabe40 8 bytes JMP 000007fffd4701b8
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4732] C:\Windows\system32\d3d9.dll!Direct3DCreate9Ex 000007fef79d2460 5 bytes JMP 000007fefd4702d0
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4732] C:\Windows\system32\d3d9.dll!Direct3DCreate9 000007fef7a096b0 6 bytes JMP 000007fefd470298
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[5560] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd633460 7 bytes JMP 000007fffd5e00d8
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[5560] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd64a590 6 bytes JMP 000007fffd5e0148
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[5560] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd64ac00 5 bytes JMP 000007fffd5e0180
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[5560] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd64ada0 5 bytes JMP 000007fffd5e0110
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[5560] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefdea89e0 8 bytes JMP 000007fffd5e01f0
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[5560] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefdeabe40 8 bytes JMP 000007fffd5e01b8
.text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[5176] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077311401 2 bytes JMP 7631b21b C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[5176] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077311419 2 bytes JMP 7631b346 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[5176] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077311431 2 bytes JMP 76398f29 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[5176] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007731144a 2 bytes CALL 762f489d C:\Windows\syswow64\kernel32.dll
.text ... * 9
.text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[5176] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000773114dd 2 bytes JMP 76398822 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[5176] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000773114f5 2 bytes JMP 763989f8 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[5176] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007731150d 2 bytes JMP 76398718 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[5176] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077311525 2 bytes JMP 76398ae2 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[5176] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007731153d 2 bytes JMP 7630fca8 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[5176] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077311555 2 bytes JMP 763168ef C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[5176] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007731156d 2 bytes JMP 76398fe3 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[5176] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077311585 2 bytes JMP 76398b42 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[5176] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007731159d 2 bytes JMP 763986dc C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[5176] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000773115b5 2 bytes JMP 7630fd41 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[5176] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000773115cd 2 bytes JMP 7631b2dc C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[5176] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000773116b2 2 bytes JMP 76398ea4 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[5176] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000773116bd 2 bytes JMP 76398671 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[5640] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 00000000762f1efe 7 bytes JMP 0000000167a73dd0
.text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[5640] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 00000000762f5b9d 7 bytes JMP 0000000167a740e0
.text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[5640] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000763013f9 7 bytes JMP 0000000167a73f10
.text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[5640] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 000000007630ea45 7 bytes JMP 0000000167a73dc0
.text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[5640] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000076398ea4 7 bytes JMP 0000000167a73b50
.text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[5640] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000076398f29 5 bytes JMP 0000000167a73c00
.text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[5640] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000076399281 5 bytes JMP 0000000167a73b60
.text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[5640] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 00000000771a1d29 5 bytes JMP 0000000167a73b00
.text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[5640] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 00000000771a1dd7 5 bytes JMP 0000000167a73ab0
.text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[5640] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 00000000771a2ab1 5 bytes JMP 0000000167a73c10
.text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[5640] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 00000000771a2d17 5 bytes JMP 0000000167a73890
.text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[5640] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 00000000760ce96b 5 bytes JMP 0000000167a733e0
.text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[5640] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 00000000760ceba5 5 bytes JMP 0000000167a733f0
.text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[5640] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075368a29 5 bytes JMP 0000000167a73370
.text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[5640] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000075374572 5 bytes JMP 0000000167a73810
.text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[5640] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 000000007538e567 5 bytes JMP 0000000167a73880
.text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[5640] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 00000000753b07d7 5 bytes JMP 0000000167a73280
.text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[5640] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 00000000753c7a5c 5 bytes JMP 0000000167a73800
.text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[5640] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000076185ea5 5 bytes JMP 0000000167a73320
.text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[5640] C:\Windows\syswow64\ole32.dll!CoCreateInstance 00000000761b9d0b 3 bytes JMP 0000000167a732b0
.text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[5640] C:\Windows\syswow64\ole32.dll!CoCreateInstance + 4 00000000761b9d0f 1 byte [F1]
.text C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe[1636] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd633460 7 bytes JMP 000007fffd5e00d8
.text C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe[1636] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd64a590 6 bytes JMP 000007fffd5e0148
.text C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe[1636] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd64ac00 5 bytes JMP 000007fffd5e0180
.text C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe[1636] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd64ada0 5 bytes JMP 000007fffd5e0110
.text C:\Program Files\TortoiseSVN\bin\TSVNCache.exe[6080] C:\Windows\system32\kernel32.dll!RegSetValueExW 000000007737a3e0 7 bytes JMP 000000016fff0228
.text C:\Program Files\TortoiseSVN\bin\TSVNCache.exe[6080] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000077383f00 5 bytes JMP 000000016fff0180
.text C:\Program Files\TortoiseSVN\bin\TSVNCache.exe[6080] C:\Windows\system32\kernel32.dll!RegDeleteValueW 000000007739ffd0 5 bytes JMP 000000016fff01b8
.text C:\Program Files\TortoiseSVN\bin\TSVNCache.exe[6080] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 00000000773af350 5 bytes JMP 000000016fff0110
.text C:\Program Files\TortoiseSVN\bin\TSVNCache.exe[6080] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 00000000773d9aa0 7 bytes JMP 000000016fff00d8
.text C:\Program Files\TortoiseSVN\bin\TSVNCache.exe[6080] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000773e9530 5 bytes JMP 000000016fff0148
.text C:\Program Files\TortoiseSVN\bin\TSVNCache.exe[6080] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000077408850 7 bytes JMP 000000016fff01f0
.text C:\Program Files\TortoiseSVN\bin\TSVNCache.exe[6080] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd633460 7 bytes JMP 000007fffd4700d8
.text C:\Program Files\TortoiseSVN\bin\TSVNCache.exe[6080] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd64a590 6 bytes JMP 000007fffd470148
.text C:\Program Files\TortoiseSVN\bin\TSVNCache.exe[6080] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd64ac00 5 bytes JMP 000007fffd470180
.text C:\Program Files\TortoiseSVN\bin\TSVNCache.exe[6080] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd64ada0 5 bytes JMP 000007fffd470110
.text C:\Program Files\TortoiseSVN\bin\TSVNCache.exe[6080] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefdea89e0 8 bytes JMP 000007fffd4701f0
.text C:\Program Files\TortoiseSVN\bin\TSVNCache.exe[6080] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefdeabe40 8 bytes JMP 000007fffd4701b8
.text C:\Users\Michael\Desktop\oxqoiqu8.exe[7948] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 00000000762f1efe 7 bytes JMP 0000000167a73dd0
.text C:\Users\Michael\Desktop\oxqoiqu8.exe[7948] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 00000000762f5b9d 7 bytes JMP 0000000167a740e0
.text C:\Users\Michael\Desktop\oxqoiqu8.exe[7948] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000763013f9 7 bytes JMP 0000000167a73f10
.text C:\Users\Michael\Desktop\oxqoiqu8.exe[7948] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 000000007630ea45 7 bytes JMP 0000000167a73dc0
.text C:\Users\Michael\Desktop\oxqoiqu8.exe[7948] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000076398ea4 7 bytes JMP 0000000167a73b50
.text C:\Users\Michael\Desktop\oxqoiqu8.exe[7948] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000076398f29 5 bytes JMP 0000000167a73c00
.text C:\Users\Michael\Desktop\oxqoiqu8.exe[7948] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000076399281 5 bytes JMP 0000000167a73b60
.text C:\Users\Michael\Desktop\oxqoiqu8.exe[7948] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 00000000771a1d29 5 bytes JMP 0000000167a73b00
.text C:\Users\Michael\Desktop\oxqoiqu8.exe[7948] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 00000000771a1dd7 5 bytes JMP 0000000167a73ab0
.text C:\Users\Michael\Desktop\oxqoiqu8.exe[7948] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 00000000771a2ab1 5 bytes JMP 0000000167a73c10
.text C:\Users\Michael\Desktop\oxqoiqu8.exe[7948] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 00000000771a2d17 5 bytes JMP 0000000167a73890
.text C:\Users\Michael\Desktop\oxqoiqu8.exe[7948] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 00000000760ce96b 5 bytes JMP 0000000167a733e0
.text C:\Users\Michael\Desktop\oxqoiqu8.exe[7948] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 00000000760ceba5 5 bytes JMP 0000000167a733f0
.text C:\Users\Michael\Desktop\oxqoiqu8.exe[7948] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075368a29 5 bytes JMP 0000000167a73370
.text C:\Users\Michael\Desktop\oxqoiqu8.exe[7948] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000075374572 5 bytes JMP 0000000167a73810
.text C:\Users\Michael\Desktop\oxqoiqu8.exe[7948] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 000000007538e567 5 bytes JMP 0000000167a73880
.text C:\Users\Michael\Desktop\oxqoiqu8.exe[7948] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 00000000753b07d7 5 bytes JMP 0000000167a73280
.text C:\Users\Michael\Desktop\oxqoiqu8.exe[7948] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 00000000753c7a5c 5 bytes JMP 0000000167a73800
---- Threads - GMER 2.1 ----
Thread C:\Windows\System32\svchost.exe [3788:6668] 000007fef0499688
---- Processes - GMER 2.1 ----
Library c:\users\michael\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpxp4rrq.dll (*** suspicious ***) @ C:\Users\Michael\AppData\Roaming\Dropbox\bin\Dropbox.exe [4372](2015-05-23 14:47:39) 0000000003230000
Library C:\Users\Michael\AppData\Roaming\Dropbox\bin\Qt5Core.dll (*** suspicious ***) @ C:\Users\Michael\AppData\Roaming\Dropbox\bin\Dropbox.exe [4372] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-03-04 21:45:24) 0000000072590000
Library C:\Users\Michael\AppData\Roaming\Dropbox\bin\icuin52.dll (*** suspicious ***) @ C:\Users\Michael\AppData\Roaming\Dropbox\bin\Dropbox.exe [4372] (ICU I18N DLL/The ICU Project)(2015-03-04 21:45:30) 000000004a900000
Library C:\Users\Michael\AppData\Roaming\Dropbox\bin\icuuc52.dll (*** suspicious ***) @ C:\Users\Michael\AppData\Roaming\Dropbox\bin\Dropbox.exe [4372] (ICU Common DLL/The ICU Project)(2015-03-04 21:45:30) 0000000005dd0000
Library C:\Users\Michael\AppData\Roaming\Dropbox\bin\icudt52.dll (*** suspicious ***) @ C:\Users\Michael\AppData\Roaming\Dropbox\bin\Dropbox.exe [4372] (ICU Data DLL/The ICU Project)(2015-03-04 21:45:30) 000000004ad00000
Library C:\Users\Michael\AppData\Roaming\Dropbox\bin\Qt5Widgets.dll (*** suspicious ***) @ C:\Users\Michael\AppData\Roaming\Dropbox\bin\Dropbox.exe [4372] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-03-04 21:45:28) 000000006e640000
Library C:\Users\Michael\AppData\Roaming\Dropbox\bin\Qt5Gui.dll (*** suspicious ***) @ C:\Users\Michael\AppData\Roaming\Dropbox\bin\Dropbox.exe [4372] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-03-04 21:45:26) 000000006e350000
Library C:\Users\Michael\AppData\Roaming\Dropbox\bin\libGLESv2.dll (*** suspicious ***) @ C:\Users\Michael\AppData\Roaming\Dropbox\bin\Dropbox.exe [4372](2015-03-04 21:45:30) 0000000072fe0000
Library C:\Users\Michael\AppData\Roaming\Dropbox\bin\Qt5Network.dll (*** suspicious ***) @ C:\Users\Michael\AppData\Roaming\Dropbox\bin\Dropbox.exe [4372] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-03-04 21:45:26) 0000000067c30000
Library C:\Users\Michael\AppData\Roaming\Dropbox\bin\Qt5WebKit.dll (*** suspicious ***) @ C:\Users\Michael\AppData\Roaming\Dropbox\bin\Dropbox.exe [4372] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-03-04 21:45:26) 0000000064550000
Library C:\Users\Michael\AppData\Roaming\Dropbox\bin\Qt5Quick.dll (*** suspicious ***) @ C:\Users\Michael\AppData\Roaming\Dropbox\bin\Dropbox.exe [4372] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-03-04 21:45:26) 0000000064330000
Library C:\Users\Michael\AppData\Roaming\Dropbox\bin\Qt5Qml.dll (*** suspicious ***) @ C:\Users\Michael\AppData\Roaming\Dropbox\bin\Dropbox.exe [4372] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-03-04 21:45:26) 00000000640d0000
Library C:\Users\Michael\AppData\Roaming\Dropbox\bin\Qt5Sql.dll (*** suspicious ***) @ C:\Users\Michael\AppData\Roaming\Dropbox\bin\Dropbox.exe [4372] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-03-04 21:45:26) 0000000072fb0000
Library C:\Users\Michael\AppData\Roaming\Dropbox\bin\libEGL.dll (*** suspicious ***) @ C:\Users\Michael\AppData\Roaming\Dropbox\bin\Dropbox.exe [4372](2015-03-04 21:45:30) 0000000072fa0000
Library C:\Users\Michael\AppData\Roaming\Dropbox\bin\Qt5WebKitWidgets.dll (*** suspicious ***) @ C:\Users\Michael\AppData\Roaming\Dropbox\bin\Dropbox.exe [4372] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-03-04 21:45:28) 0000000072f70000
Library C:\Users\Michael\AppData\Roaming\Dropbox\bin\Qt5OpenGL.dll (*** suspicious ***) @ C:\Users\Michael\AppData\Roaming\Dropbox\bin\Dropbox.exe [4372] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-03-04 21:45:26) 0000000072f30000
Library C:\Users\Michael\AppData\Roaming\Dropbox\bin\Qt5PrintSupport.dll (*** suspicious ***) @ C:\Users\Michael\AppData\Roaming\Dropbox\bin\Dropbox.exe [4372] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-03-04 21:45:26) 0000000072ee0000
Library C:\Users\Michael\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll (*** suspicious ***) @ C:\Users\Michael\AppData\Roaming\Dropbox\bin\Dropbox.exe [4372](2015-03-04 21:45:30) 00000000724b0000
Library C:\Users\Michael\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll (*** suspicious ***) @ C:\Users\Michael\AppData\Roaming\Dropbox\bin\Dropbox.exe [4372](2015-03-04 21:45:30) 0000000072ea0000
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\4ceb424e2b21
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\4ceb424e2b21@20d3906a6a4c 0xDC 0x7F 0x09 0x92 ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\4ceb424e2b21 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\4ceb424e2b21@20d3906a6a4c 0xDC 0x7F 0x09 0x92 ...
---- Disk sectors - GMER 2.1 ----
Disk \Device\Harddisk0\DR0 unknown MBR code
---- EOF - GMER 2.1 ----
Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: 23.05.2015 Suchlauf-Zeit: 17:05:57 Logdatei: mbam.txt Administrator: Ja Version: 2.01.6.1022 Malware Datenbank: v2015.05.23.01 Rootkit Datenbank: v2015.05.16.01 Lizenz: Kostenlos Malware Schutz: Deaktiviert Bösartiger Webseiten Schutz: Deaktiviert Selbstschutz: Deaktiviert Betriebssystem: Windows 7 Service Pack 1 CPU: x64 Dateisystem: NTFS Benutzer: Michael Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 588178 Verstrichene Zeit: 27 Min, 9 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Deaktiviert Heuristik: Aktiviert PUP: Warnen PUM: Aktiviert Prozesse: 0 (Keine schädliche Elemente gefunden) Module: 0 (Keine schädliche Elemente gefunden) Registrierungsschlüssel: 0 (Keine schädliche Elemente gefunden) Registrierungswerte: 0 (Keine schädliche Elemente gefunden) Registrierungsdaten: 0 (Keine schädliche Elemente gefunden) Ordner: 0 (Keine schädliche Elemente gefunden) Dateien: 0 (Keine schädliche Elemente gefunden) Physische Sektoren: 0 (Keine schädliche Elemente gefunden) (end) |
|
24.05.2015, 09:52
| #6 |
| /// TB-Ausbilder | Telekom Brief Zeus/Zbot Servus, meinen 1. Post gelesen? also wir bleiben bei deinem Rechner, Win 7. TDSS-Killer dort bitte noch ausführen. |
|
24.05.2015, 09:57
| #7 |
| | Telekom Brief Zeus/Zbot TDSSkiller: Code:
ATTFilter 10:52:00.0810 0x15b0 TDSS rootkit removing tool 3.0.0.44 Jan 22 2015 08:27:04
10:53:32.0818 0x15b0 ============================================================
10:53:32.0818 0x15b0 Current date / time: 2015/05/24 10:53:32.0818
10:53:32.0818 0x15b0 SystemInfo:
10:53:32.0818 0x15b0
10:53:32.0818 0x15b0 OS Version: 6.1.7601 ServicePack: 1.0
10:53:32.0818 0x15b0 Product type: Workstation
10:53:32.0818 0x15b0 ComputerName: MICHAEL-LAPTOP
10:53:32.0818 0x15b0 UserName: Michael
10:53:32.0818 0x15b0 Windows directory: C:\Windows
10:53:32.0818 0x15b0 System windows directory: C:\Windows
10:53:32.0818 0x15b0 Running under WOW64
10:53:32.0818 0x15b0 Processor architecture: Intel x64
10:53:32.0818 0x15b0 Number of processors: 8
10:53:32.0818 0x15b0 Page size: 0x1000
10:53:32.0818 0x15b0 Boot type: Normal boot
10:53:32.0818 0x15b0 ============================================================
10:53:33.0304 0x15b0 KLMD registered as C:\Windows\system32\drivers\69270610.sys
10:53:33.0632 0x15b0 System UUID: {85853974-A20C-3024-BF9C-CDDCA9912C17}
10:53:34.0630 0x15b0 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 ( 232.89 Gb ), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
10:53:34.0646 0x15b0 ============================================================
10:53:34.0646 0x15b0 \Device\Harddisk0\DR0:
10:53:34.0646 0x15b0 MBR partitions:
10:53:34.0646 0x15b0 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
10:53:34.0646 0x15b0 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x17318000
10:53:34.0646 0x15b0 ============================================================
10:53:34.0646 0x15b0 C: <-> \Device\Harddisk0\DR0\Partition2
10:53:34.0646 0x15b0 ============================================================
10:53:34.0646 0x15b0 Initialize success
10:53:34.0646 0x15b0 ============================================================
10:54:12.0741 0x140c ============================================================
10:54:12.0741 0x140c Scan started
10:54:12.0741 0x140c Mode: Manual; SigCheck; TDLFS;
10:54:12.0741 0x140c ============================================================
10:54:12.0741 0x140c KSN ping started
10:54:15.0591 0x140c KSN ping finished: true
10:54:15.0747 0x140c ================ Scan system memory ========================
10:54:15.0747 0x140c System memory - ok
10:54:15.0747 0x140c ================ Scan services =============================
10:54:15.0778 0x140c [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
10:54:15.0840 0x140c 1394ohci - ok
10:54:15.0856 0x140c [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI C:\Windows\system32\drivers\ACPI.sys
10:54:15.0871 0x140c ACPI - ok
10:54:15.0887 0x140c [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
10:54:15.0903 0x140c AcpiPmi - ok
10:54:15.0918 0x140c [ 4AE327C9C375D985FF2A2AAB92765218, 0BE842E0682413222F5432891749B5C754CF6B3BDCED3CB3F39FFD245BE66F26 ] Adobe LM Service C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
10:54:15.0934 0x140c Adobe LM Service - detected UnsignedFile.Multi.Generic ( 1 )
10:54:18.0820 0x140c Detect skipped due to KSN trusted
10:54:18.0820 0x140c Adobe LM Service - ok
10:54:18.0835 0x140c [ 1474F121C3DF1232D3E7239C03691EE6, 26D0F55010CB7C51269D94ECB5C5AA94802607685B9E9791A78B643C6227214F ] AdobeActiveFileMonitor9.0 C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe
10:54:18.0851 0x140c AdobeActiveFileMonitor9.0 - ok
10:54:18.0851 0x140c [ C5679E5186B2FC95BC76A8A9870D5456, 70AC61850B811A0A902532F098AE1D5DF4622455E56C78B89D4ABDBE4A061A48 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
10:54:18.0867 0x140c AdobeARMservice - ok
10:54:18.0898 0x140c [ B0FE8D243A4EC6727D7EC5019C4B26B1, 6A319A77E19937208237BDBD2A545367EEC7B4B7ED732E0BAF616070C2FD88A3 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
10:54:18.0929 0x140c AdobeFlashPlayerUpdateSvc - ok
10:54:18.0945 0x140c [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
10:54:18.0960 0x140c adp94xx - ok
10:54:18.0976 0x140c [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci C:\Windows\system32\drivers\adpahci.sys
10:54:18.0991 0x140c adpahci - ok
10:54:19.0007 0x140c [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
10:54:19.0023 0x140c adpu320 - ok
10:54:19.0038 0x140c [ 83BFCCAC53795E8A5055A93672D0C46C, B2B03473D950A5BA9DE59D81E7B14C1FAFF17B2A4D8A5808588F5CC21D63B291 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
10:54:19.0038 0x140c AeLookupSvc - ok
10:54:19.0054 0x140c [ D1E343BC00136CE03C4D403194D06A80, 94F2543164A2CEA179EDE53E1294EE24391A59CAEFF83BA5CE9385E8E686E89C ] AERTFilters C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
10:54:19.0054 0x140c AERTFilters - ok
10:54:19.0069 0x140c [ FA886682CFC5D36718D3E436AACF10B9, F80AB4F91AA6B5C7ECCB000D8E1BC2CF776DC3D69B3D9EBC2558C19035A6B3AB ] AFD C:\Windows\system32\drivers\afd.sys
10:54:19.0101 0x140c AFD - ok
10:54:19.0101 0x140c [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440 C:\Windows\system32\drivers\agp440.sys
10:54:19.0116 0x140c agp440 - ok
10:54:19.0116 0x140c [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG C:\Windows\System32\alg.exe
10:54:19.0147 0x140c ALG - ok
10:54:19.0147 0x140c [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide C:\Windows\system32\drivers\aliide.sys
10:54:19.0163 0x140c aliide - ok
10:54:19.0163 0x140c [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide C:\Windows\system32\drivers\amdide.sys
10:54:19.0179 0x140c amdide - ok
10:54:19.0179 0x140c [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
10:54:19.0194 0x140c AmdK8 - ok
10:54:19.0194 0x140c [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys
10:54:19.0210 0x140c AmdPPM - ok
10:54:19.0225 0x140c [ D4121AE6D0C0E7E13AA221AA57EF2D49, 626F43C099BD197BE56648C367B711143C2BCCE96496BBDEF19F391D52FA01D0 ] amdsata C:\Windows\system32\drivers\amdsata.sys
10:54:19.0241 0x140c amdsata - ok
10:54:19.0241 0x140c [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
10:54:19.0257 0x140c amdsbs - ok
10:54:19.0272 0x140c [ 540DAF1CEA6094886D72126FD7C33048, 296578572A93F5B74E1AD443E000B79DC99D1CBD25082E02704800F886A3065F ] amdxata C:\Windows\system32\drivers\amdxata.sys
10:54:19.0288 0x140c amdxata - ok
10:54:19.0288 0x140c [ 3BC90482A834F998C3B7A9C934A20342, D49765D1DCDE0D7FB2478D33BD28A3733ADA951C5AE7628A5E316F039A3AA0B1 ] AMPPAL C:\Windows\system32\DRIVERS\AMPPAL.sys
10:54:19.0319 0x140c AMPPAL - ok
10:54:19.0319 0x140c [ 3BC90482A834F998C3B7A9C934A20342, D49765D1DCDE0D7FB2478D33BD28A3733ADA951C5AE7628A5E316F039A3AA0B1 ] AMPPALP C:\Windows\system32\DRIVERS\amppal.sys
10:54:19.0335 0x140c AMPPALP - ok
10:54:19.0366 0x140c [ A47D7FEBD9381D34DDB4FF38B15A67FE, 2935E312C0BEDC2B8CABAA9B20C653B87373BE72F9AEEE0980E329CC30FCF678 ] AMPPALR3 C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
10:54:19.0413 0x140c AMPPALR3 - ok
10:54:19.0444 0x140c [ D908096B873B940BB438CE63BA35BD1E, F1C79C907E6CDBC2770C16AFFAE0D6F9B9B7DA21F5074D602AC5FE1597975748 ] AntiVirMailService C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe
10:54:19.0475 0x140c AntiVirMailService - ok
10:54:19.0491 0x140c [ EC705D6ED3A7F3D9AE42F6239707D9FE, B50F6BB0FC308E7403B1807DF2AAF87BEDE0B044128C580970A26801CCABC43F ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
10:54:19.0506 0x140c AntiVirSchedulerService - ok
10:54:19.0522 0x140c [ EC705D6ED3A7F3D9AE42F6239707D9FE, B50F6BB0FC308E7403B1807DF2AAF87BEDE0B044128C580970A26801CCABC43F ] AntiVirService C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
10:54:19.0537 0x140c AntiVirService - ok
10:54:19.0569 0x140c [ 0F3D12E5FAE0082DB3F306095CA6B027, 726D054357031F45B43C87D798E84FA93439ECA6C691EB8C76FE524B50C25B32 ] AntiVirWebService C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe
10:54:19.0600 0x140c AntiVirWebService - ok
10:54:19.0600 0x140c [ 59D01FA91962C9C1E9B4022B2D3B46DB, 3A111588538B77F010B5C900FB8425DDE55A08DBAC308CA7FB7BD9FCCCDEC69F ] AppHostSvc C:\Windows\system32\inetsrv\apphostsvc.dll
10:54:19.0615 0x140c AppHostSvc - ok
10:54:19.0631 0x140c [ 90C53BD47979FB8814F465A08B885102, 5EDFC1909FC1FF9133A534DFCC5408CF3A777AC41FB21FAD375436E3D86C02EC ] AppID C:\Windows\system32\drivers\appid.sys
10:54:19.0647 0x140c AppID - ok
10:54:19.0647 0x140c [ 72D4757510FDA69D729169C00AFC211E, FB9686D0D94EE7C19A3994C29E8331A6EC3020B2980B2CC75F72F3AB25512C15 ] AppIDSvc C:\Windows\System32\appidsvc.dll
10:54:19.0662 0x140c AppIDSvc - ok
10:54:19.0662 0x140c [ 9D2A2369AB4B08A4905FE72DB104498F, D6FA1705018BABABFA2362E05691A0D6408D14DE7B76129B16D0A1DAD6378E58 ] Appinfo C:\Windows\System32\appinfo.dll
10:54:19.0678 0x140c Appinfo - ok
10:54:19.0693 0x140c [ 4ABA3E75A76195A3E38ED2766C962899, E2001ACD44DA270B8289DA362D26416676301773AB22616C211F31CF2E7869AA ] AppMgmt C:\Windows\System32\appmgmts.dll
10:54:19.0709 0x140c AppMgmt - ok
10:54:19.0709 0x140c [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc C:\Windows\system32\drivers\arc.sys
10:54:19.0725 0x140c arc - ok
10:54:19.0740 0x140c [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas C:\Windows\system32\drivers\arcsas.sys
10:54:19.0756 0x140c arcsas - ok
10:54:19.0771 0x140c [ 9A262EDD17F8473B91B333D6B031A901, 05DFBD3A7D83FDE1D062EA719ACA9EC48CB7FD42D17DDD88B82E5D25469ADD23 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
10:54:19.0787 0x140c aspnet_state - ok
10:54:19.0787 0x140c [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
10:54:19.0849 0x140c AsyncMac - ok
10:54:19.0849 0x140c [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi C:\Windows\system32\drivers\atapi.sys
10:54:19.0865 0x140c atapi - ok
10:54:19.0881 0x140c [ 6968D02DC38757C3FBE7ED7C2F9670AA, C8B3115DDB32EFBE8C56C5AA78EEA05BBB77DF3F75CC2A04532EB32327E4735A ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
10:54:19.0912 0x140c AudioEndpointBuilder - ok
10:54:19.0927 0x140c [ 6968D02DC38757C3FBE7ED7C2F9670AA, C8B3115DDB32EFBE8C56C5AA78EEA05BBB77DF3F75CC2A04532EB32327E4735A ] AudioSrv C:\Windows\System32\Audiosrv.dll
10:54:19.0943 0x140c AudioSrv - ok
10:54:19.0959 0x140c [ 43B6D229C7DBA9F0FC0FC0C318DB5350, F5A525DBD71FC4A323E92839C6D27F323FB304B7E9FFA35E89E9B419570AA4C8 ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
10:54:19.0974 0x140c avgntflt - ok
10:54:19.0974 0x140c [ 626D1BAD7A1975A8FEE8876A8AD0EEA7, 59772746A2DF3B7E8D021756B8A64569AC8468CA1C802EB594494224354F1E60 ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
10:54:19.0990 0x140c avipbb - ok
10:54:20.0005 0x140c [ 0D32033DCB359FD98B4C3513EF849FE6, 5870D67526BC29D888DAF8DBAB04B1E97ED5C7C51484ED400A5E65D0EB61576A ] Avira.OE.ServiceHost C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
10:54:20.0021 0x140c Avira.OE.ServiceHost - ok
10:54:20.0021 0x140c [ 390184FAD8FCC1B6DA25AEBAE928C3B6, 537B0E0FAE080B55D70E990BBA0F7F22903CA340F6A42039BAD617A8ECF59119 ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys
10:54:20.0037 0x140c avkmgr - ok
10:54:20.0037 0x140c [ 13253E5E3B6BDF945B63B336A8C9489B, 671C716E43F89D4BDDAA2BE045CDEBBB569C85BC2BA334E1F550187B79A7740D ] avnetflt C:\Windows\system32\DRIVERS\avnetflt.sys
10:54:20.0052 0x140c avnetflt - ok
10:54:20.0052 0x140c [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV C:\Windows\System32\AxInstSV.dll
10:54:20.0083 0x140c AxInstSV - ok
10:54:20.0099 0x140c [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
10:54:20.0130 0x140c b06bdrv - ok
10:54:20.0146 0x140c [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
10:54:20.0161 0x140c b57nd60a - ok
10:54:20.0863 0x140c [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC C:\Windows\System32\bdesvc.dll
10:54:20.0895 0x140c BDESVC - ok
10:54:20.0895 0x140c [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep C:\Windows\system32\drivers\Beep.sys
10:54:20.0926 0x140c Beep - ok
10:54:20.0941 0x140c [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE C:\Windows\System32\bfe.dll
10:54:20.0973 0x140c BFE - ok
10:54:20.0988 0x140c [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS C:\Windows\System32\qmgr.dll
10:54:21.0082 0x140c BITS - ok
10:54:21.0082 0x140c [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
10:54:21.0097 0x140c blbdrive - ok
10:54:21.0129 0x140c [ 98CCFB0907C90B795E06A41A79372DB7, DAE51DE54C5FE7E50C5FCE6D348B988FBE2CAAFCCD4620D4D1118352985D081B ] Bluetooth Device Monitor C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
10:54:21.0160 0x140c Bluetooth Device Monitor - ok
10:54:21.0191 0x140c [ 247EA1CD1EC0176672967BE27A95D46B, 56691773D684FD2069396EA38E01E70526C1CDA96EFF92C30B01E13990C4D88B ] Bluetooth Media Service C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
10:54:21.0238 0x140c Bluetooth Media Service - ok
10:54:21.0269 0x140c [ A24B01133179979911F8E499FAFFC7EE, 3B361C9551EACB6F9B681E4DE0C8833D24796D3968CEB0EDE0E5F122CC0D7F63 ] Bluetooth OBEX Service C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
10:54:21.0285 0x140c Bluetooth OBEX Service - ok
10:54:21.0300 0x140c [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
10:54:21.0316 0x140c bowser - ok
10:54:21.0316 0x140c [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
10:54:21.0331 0x140c BrFiltLo - ok
10:54:21.0331 0x140c [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
10:54:21.0347 0x140c BrFiltUp - ok
10:54:21.0347 0x140c [ 5C2F352A4E961D72518261257AAE204B, 9EE1001E1D46A414A7A86FE1DBBE232203E26F54D9EF43ED31ED8EACD4D09853 ] Bridge C:\Windows\system32\DRIVERS\bridge.sys
10:54:21.0378 0x140c Bridge - ok
10:54:21.0378 0x140c [ 5C2F352A4E961D72518261257AAE204B, 9EE1001E1D46A414A7A86FE1DBBE232203E26F54D9EF43ED31ED8EACD4D09853 ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
10:54:21.0409 0x140c BridgeMP - ok
10:54:21.0409 0x140c [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser C:\Windows\System32\browser.dll
10:54:21.0441 0x140c Browser - ok
10:54:21.0441 0x140c [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid C:\Windows\System32\Drivers\Brserid.sys
10:54:21.0472 0x140c Brserid - ok
10:54:21.0472 0x140c [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
10:54:21.0487 0x140c BrSerWdm - ok
10:54:21.0487 0x140c [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
10:54:21.0503 0x140c BrUsbMdm - ok
10:54:21.0503 0x140c [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
10:54:21.0519 0x140c BrUsbSer - ok
10:54:21.0519 0x140c [ CF98190A94F62E405C8CB255018B2315, E1B2540023C4FE9FD588E4B6AE6347DFA565EB3898F21E5360882BF3E8B5E781 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys
10:54:21.0534 0x140c BthEnum - ok
10:54:21.0550 0x140c [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
10:54:21.0565 0x140c BTHMODEM - ok
10:54:21.0565 0x140c [ 02DD601B708DD0667E1331FA8518E9FF, 7DE6CC4DBB621CD03B01D9CE6CF66EAFE31D39030A391562CD0E278E1D70ADE1 ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
10:54:21.0581 0x140c BthPan - ok
10:54:21.0597 0x140c [ 738D0E9272F59EB7A1449C3EC118E6C4, FE3D32C2A5E4DC21376A0F89C0B2EE024ECF1A3FB99213CC9BBC986ADF7AF080 ] BTHPORT C:\Windows\system32\Drivers\BTHport.sys
10:54:21.0628 0x140c BTHPORT - ok
10:54:21.0628 0x140c [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv C:\Windows\system32\bthserv.dll
10:54:21.0659 0x140c bthserv - ok
10:54:21.0675 0x140c [ 9E2AF97302B9F4BF97E952A865EB31AE, 2DE38CF8A24CC1E31604EF870704DE342D800762A2ECCF3E4AF0B183C1408456 ] BTHSSecurityMgr C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
10:54:21.0675 0x140c BTHSSecurityMgr - ok
10:54:21.0675 0x140c [ F188B7394D81010767B6DF3178519A37, 576304E92FD94908F093A6AB5F4D328F25829BE32EC3CA0D29EBFDF5DE83539B ] BTHUSB C:\Windows\system32\Drivers\BTHUSB.sys
10:54:21.0706 0x140c BTHUSB - ok
10:54:21.0706 0x140c [ BD64048EE0186D7988943327D677AC84, 436910AEDDBAED02A8E71BA0A96EBDE1906B20AA29F02BE2B20946898B4B0C27 ] btmaudio C:\Windows\system32\drivers\btmaud.sys
10:54:21.0721 0x140c btmaudio - ok
10:54:21.0721 0x140c [ 4428C299BE7B9841ECFA82044B69FA6A, F8AB607D6CACBF2DDE3C392F9756B9F32CB99664A75F3140365CB916450660EC ] btmaux C:\Windows\system32\DRIVERS\btmaux.sys
10:54:21.0737 0x140c btmaux - ok
10:54:21.0768 0x140c [ F15D822936DC4D9F3E374C73E9AA6D3F, 04C2A0416D051AC56D4FD6C58FEBC48238830B17B7D6CCF23D3F1B7B0F3C37A9 ] btmhsf C:\Windows\system32\DRIVERS\btmhsf.sys
10:54:21.0815 0x140c btmhsf - ok
10:54:21.0815 0x140c c2wts - ok
10:54:21.0831 0x140c [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
10:54:21.0862 0x140c cdfs - ok
10:54:21.0862 0x140c [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
10:54:21.0877 0x140c cdrom - ok
10:54:21.0893 0x140c [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc C:\Windows\System32\certprop.dll
10:54:21.0924 0x140c CertPropSvc - ok
10:54:21.0924 0x140c [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass C:\Windows\system32\drivers\circlass.sys
10:54:21.0940 0x140c circlass - ok
10:54:21.0955 0x140c [ 404B7DF9CA4D1CB675045AF220FF3285, 91FFADE2ABE5C48849E63134D5FFD20671FE0D1720F7D486F904391B3D142C96 ] CLFS C:\Windows\system32\CLFS.sys
10:54:21.0971 0x140c CLFS - ok
10:54:21.0971 0x140c [ F13EC8A783E0CB0D6DC26A3CA848B7B8, 0809E3B71709F1343086EEB6C820543C1A7119E74EEF8AC1AEE1F81093ABEC66 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
10:54:21.0987 0x140c clr_optimization_v2.0.50727_32 - ok
10:54:21.0987 0x140c [ B4D73F04E9BC076F7CDAC4327DF636BB, 1ADED20D5A0D0A76E2F85CB778FD06BAB814868D35F8532E17D67045FF4770C2 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
10:54:22.0002 0x140c clr_optimization_v2.0.50727_64 - ok
10:54:22.0018 0x140c [ E87213F37A13E2B54391E40934F071D0, 7EB221127EFB5BF158FB03D18EFDA2C55FB6CE3D1A1FE69C01D70DBED02C87E5 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
10:54:22.0033 0x140c clr_optimization_v4.0.30319_32 - ok
10:54:22.0049 0x140c [ 4AEDAB50F83580D0B4D6CF78191F92AA, D113C47013B018B45161911B96E93AF96A2F3B34FA47061BF6E7A71FBA03194A ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
10:54:22.0065 0x140c clr_optimization_v4.0.30319_64 - ok
10:54:22.0065 0x140c [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
10:54:22.0080 0x140c CmBatt - ok
10:54:22.0080 0x140c [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide C:\Windows\system32\drivers\cmdide.sys
10:54:22.0096 0x140c cmdide - ok
10:54:22.0111 0x140c [ 27667A788130A7F7A5858DE27572E6D7, 5501D80BCCB7A811ECCED3828DFD0A5D948BBED8504E9BCC4A3BFB840DD41CBC ] CNG C:\Windows\system32\Drivers\cng.sys
10:54:22.0143 0x140c CNG - ok
10:54:22.0143 0x140c [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
10:54:22.0143 0x140c Compbatt - ok
10:54:22.0158 0x140c [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
10:54:22.0174 0x140c CompositeBus - ok
10:54:22.0174 0x140c COMSysApp - ok
10:54:22.0205 0x140c [ 9DFA0D835CA97E2E99C03419185B57EE, 247E6FD2EF2C9904D114D270E65577B180477AA8211D4EC2AE4AE558A12FB0C7 ] cphs C:\Windows\SysWow64\IntelCpHeciSvc.exe
10:54:22.0236 0x140c cphs - ok
10:54:22.0236 0x140c [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
10:54:22.0252 0x140c crcdisk - ok
10:54:22.0252 0x140c [ 1CD76A83B9E8E9A5A3519B39E28354D9, F9931743B99820FFBFB13136DFFD92F86802D543F9D8478648CDC554FB38899D ] CryptSvc C:\Windows\system32\cryptsvc.dll
10:54:22.0267 0x140c CryptSvc - ok
10:54:22.0283 0x140c [ 54DA3DFD29ED9F1619B6F53F3CE55E49, 9177C6907A983296BF188892A894B668A09FFA058FD56B50FE12940D54B0FA5E ] CSC C:\Windows\system32\drivers\csc.sys
10:54:22.0314 0x140c CSC - ok
10:54:22.0330 0x140c [ 3AB183AB4D2C79DCF459CD2C1266B043, 72B0187EBA9DC74E61EC5CB3DC24058DDB768843E865801894AAEAA211610C56 ] CscService C:\Windows\System32\cscsvc.dll
10:54:22.0361 0x140c CscService - ok
10:54:22.0361 0x140c [ BC3D4F90978CD7C8EABD1BAF3BF7873A, 5978139650FC51BE0CAB12061702C7BC7BEDF6E7C3A047FF0A6328AA674E4226 ] CtClsFlt C:\Windows\system32\DRIVERS\CtClsFlt.sys
10:54:22.0377 0x140c CtClsFlt - ok
10:54:22.0392 0x140c [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] DcomLaunch C:\Windows\system32\rpcss.dll
10:54:22.0439 0x140c DcomLaunch - ok
10:54:22.0439 0x140c [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc C:\Windows\System32\defragsvc.dll
10:54:22.0486 0x140c defragsvc - ok
10:54:22.0486 0x140c [ 9BB2EF44EAA163B29C4A4587887A0FE4, 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F ] DfsC C:\Windows\system32\Drivers\dfsc.sys
10:54:22.0517 0x140c DfsC - ok
10:54:22.0517 0x140c [ 73BDD44A6088916964945886F9025409, 8E2ECC9AAEF3C6EBA2E61D25F657FDFCC72AB517CC4FD5FFF992E1F9EB942662 ] dg_ssudbus C:\Windows\system32\DRIVERS\ssudbus.sys
10:54:22.0533 0x140c dg_ssudbus - ok
10:54:22.0548 0x140c [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp C:\Windows\system32\dhcpcore.dll
10:54:22.0564 0x140c Dhcp - ok
10:54:22.0595 0x140c [ EA8A3E8C674B03CB4AFA1D344DBD7BC1, 564D9370AE4D12973647997684B9637B2A5A7480F66B87018F789CE4E43C8191 ] DiagTrack C:\Windows\system32\diagtrack.dll
10:54:22.0642 0x140c DiagTrack - ok
10:54:22.0642 0x140c [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache C:\Windows\system32\drivers\discache.sys
10:54:22.0673 0x140c discache - ok
10:54:22.0673 0x140c [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk C:\Windows\system32\drivers\disk.sys
10:54:22.0689 0x140c Disk - ok
10:54:22.0704 0x140c [ 5DB085A8A6600BE6401F2B24EECB5415, 5FC5C7C1B4DB7BF6EFD0992E91DB41FD047E90D1ABA0B8F868CB72557F88FB13 ] dmvsc C:\Windows\system32\drivers\dmvsc.sys
10:54:22.0720 0x140c dmvsc - ok
10:54:22.0720 0x140c [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache C:\Windows\System32\dnsrslvr.dll
10:54:22.0735 0x140c Dnscache - ok
10:54:22.0751 0x140c [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc C:\Windows\System32\dot3svc.dll
10:54:22.0798 0x140c dot3svc - ok
10:54:22.0798 0x140c [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS C:\Windows\system32\dps.dll
10:54:22.0829 0x140c DPS - ok
10:54:22.0829 0x140c [ 9B19F34400D24DF84C858A421C205754, 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
10:54:22.0845 0x140c drmkaud - ok
10:54:22.0845 0x140c [ F2D97A85F4F6E0942BC17C4EECEEE6B7, 3583D00634C36B16880766F7635BFF48D04CECA4F2489E2720EBE33007CA0B9B ] dsNcAdpt C:\Windows\system32\DRIVERS\dsNcAdpt.sys
10:54:22.0860 0x140c dsNcAdpt - ok
10:54:22.0876 0x140c [ 07D2BA840A68855E0D0C9E0DF72B0FE6, 8FFE84A92DEBFD96B0A82D9262799DF1D0C131E4F1A4D80DAE99AA9159F557E9 ] dsNcService C:\Program Files (x86)\Juniper Networks\Common Files\dsNcService.exe
10:54:22.0907 0x140c dsNcService - ok
10:54:22.0907 0x140c [ 6A0E850DDCB136AA3D2FB7234382DF12, C01863E95F45E1B74AC65C9CD12C8DC769299218255B3C94E3EBF58C4D79FEF3 ] dtsoftbus01 C:\Windows\system32\DRIVERS\dtsoftbus01.sys
10:54:22.0938 0x140c dtsoftbus01 - ok
10:54:22.0954 0x140c [ 87CE5C8965E101CCCED1F4675557E868, 077D98F0F130B2FC710208BA34016EF2B2506EE2BD71740B228145E34A3046F1 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
10:54:23.0001 0x140c DXGKrnl - ok
10:54:23.0001 0x140c [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost C:\Windows\System32\eapsvc.dll
10:54:23.0047 0x140c EapHost - ok
10:54:23.0110 0x140c [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv C:\Windows\system32\drivers\evbda.sys
10:54:23.0203 0x140c ebdrv - ok
10:54:23.0219 0x140c [ 9262D6E2C239EDD6D87B080F2BCCEC9F, 4947F2C3DD9D2D08CBB03FCA822C78B24F841464FF52FDBFF7D34AC7EB484104 ] EFS C:\Windows\System32\lsass.exe
10:54:23.0235 0x140c EFS - ok
10:54:23.0250 0x140c [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
10:54:23.0297 0x140c ehRecvr - ok
10:54:23.0297 0x140c [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched C:\Windows\ehome\ehsched.exe
10:54:23.0313 0x140c ehSched - ok
10:54:23.0328 0x140c [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor C:\Windows\system32\drivers\elxstor.sys
10:54:23.0344 0x140c elxstor - ok
10:54:23.0344 0x140c [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev C:\Windows\system32\drivers\errdev.sys
10:54:23.0359 0x140c ErrDev - ok
10:54:23.0375 0x140c [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem C:\Windows\system32\es.dll
10:54:23.0422 0x140c EventSystem - ok
10:54:23.0453 0x140c [ B20A788579E443F768AAB1A24F705D0A, 7F861BFAE038F44FABE96F91FA9C28D6FFEBA61A400F49B77F60829DE3C31638 ] EvtEng C:\Program Files\Intel\WiFi\bin\EvtEng.exe
10:54:23.0500 0x140c EvtEng - ok
10:54:23.0500 0x140c [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat C:\Windows\system32\drivers\exfat.sys
10:54:23.0531 0x140c exfat - ok
10:54:23.0547 0x140c [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat C:\Windows\system32\drivers\fastfat.sys
10:54:23.0578 0x140c fastfat - ok
10:54:23.0593 0x140c [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax C:\Windows\system32\fxssvc.exe
10:54:23.0625 0x140c Fax - ok
10:54:23.0625 0x140c [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc C:\Windows\system32\drivers\fdc.sys
10:54:23.0640 0x140c fdc - ok
10:54:23.0640 0x140c [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost C:\Windows\system32\fdPHost.dll
10:54:23.0671 0x140c fdPHost - ok
10:54:23.0671 0x140c [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub C:\Windows\system32\fdrespub.dll
10:54:23.0703 0x140c FDResPub - ok
10:54:23.0718 0x140c [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
10:54:23.0734 0x140c FileInfo - ok
10:54:23.0734 0x140c [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
10:54:23.0765 0x140c Filetrace - ok
10:54:23.0765 0x140c [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
10:54:23.0781 0x140c flpydisk - ok
10:54:23.0781 0x140c [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
10:54:23.0812 0x140c FltMgr - ok
10:54:23.0827 0x140c [ E612E86FA15EA1EF9A52433A2743C447, 8A66164541D2EE2334B6DE3995C31138EA85E3A06BC7FD901E60D345E4E1E8A8 ] FontCache C:\Windows\system32\FntCache.dll
10:54:23.0874 0x140c FontCache - ok
10:54:23.0874 0x140c [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
10:54:23.0890 0x140c FontCache3.0.0.0 - ok
10:54:23.0890 0x140c [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
10:54:23.0905 0x140c FsDepends - ok
10:54:23.0905 0x140c [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
10:54:23.0921 0x140c Fs_Rec - ok
10:54:23.0937 0x140c [ 38F3CF15321DC2B47C7907EB222B637A, C2CE4F62BD7C93566C36B7290DA3E804FB79A18A18E2544E2B6404B473483D4E ] fussvc C:\Program Files (x86)\Windows Kits\8.1\App Certification Kit\fussvc.exe
10:54:23.0937 0x140c fussvc - detected UnsignedFile.Multi.Generic ( 1 )
10:54:26.0811 0x140c Detect skipped due to KSN trusted
10:54:26.0811 0x140c fussvc - ok
10:54:26.0827 0x140c [ 8F6322049018354F45F05A2FD2D4E5E0, 73BF0FB4EBD7887E992DDEBB79E906958D6678F8D1107E8C368F5A0514D80359 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
10:54:26.0842 0x140c fvevol - ok
10:54:26.0842 0x140c [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
10:54:26.0858 0x140c gagp30kx - ok
10:54:26.0873 0x140c [ 277BBC7E1AA1EE957F573A10ECA7EF3A, 2EE60B924E583E847CC24E78B401EF95C69DB777A5B74E1EC963E18D47B94D24 ] gpsvc C:\Windows\System32\gpsvc.dll
10:54:26.0920 0x140c gpsvc - ok
10:54:26.0936 0x140c [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
10:54:26.0936 0x140c gupdate - ok
10:54:26.0951 0x140c [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
10:54:26.0951 0x140c gupdatem - ok
10:54:26.0951 0x140c [ BDDBCFF870442B3C24C158CD53079132, 62314C296ACF1EF9EB38FB70B66B57D1BB9917C8536B39892272D172BC58A5C3 ] hcmon C:\Windows\system32\drivers\hcmon.sys
10:54:26.0967 0x140c hcmon - ok
10:54:26.0967 0x140c [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
10:54:26.0983 0x140c hcw85cir - ok
10:54:26.0998 0x140c [ 975761C778E33CD22498059B91E7373A, 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
10:54:27.0029 0x140c HdAudAddService - ok
10:54:27.0029 0x140c [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
10:54:27.0045 0x140c HDAudBus - ok
10:54:27.0045 0x140c [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
10:54:27.0061 0x140c HidBatt - ok
10:54:27.0061 0x140c [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth C:\Windows\system32\drivers\hidbth.sys
10:54:27.0092 0x140c HidBth - ok
10:54:27.0092 0x140c [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr C:\Windows\system32\drivers\hidir.sys
10:54:27.0107 0x140c HidIr - ok
10:54:27.0107 0x140c [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv C:\Windows\system32\hidserv.dll
10:54:27.0139 0x140c hidserv - ok
10:54:27.0139 0x140c [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
10:54:27.0154 0x140c HidUsb - ok
10:54:27.0154 0x140c HitmanPro37CrusaderBoot - ok
10:54:27.0170 0x140c [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc C:\Windows\system32\kmsvc.dll
10:54:27.0201 0x140c hkmsvc - ok
10:54:27.0201 0x140c [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
10:54:27.0232 0x140c HomeGroupListener - ok
10:54:27.0232 0x140c [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
10:54:27.0248 0x140c HomeGroupProvider - ok
10:54:27.0263 0x140c [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
10:54:27.0279 0x140c HpSAMD - ok
10:54:27.0295 0x140c [ F61634BEC53F73702A10DE69F6DCAF57, BBA7344CF3AB96A46D1A6F1D50F2758EA8D097FE558C38B4EF45C8C334AF96E1 ] HTTP C:\Windows\system32\drivers\HTTP.sys
10:54:27.0310 0x140c HTTP - ok
10:54:27.0326 0x140c [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
10:54:27.0326 0x140c hwpolicy - ok
10:54:27.0326 0x140c [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
10:54:27.0388 0x140c i8042prt - ok
10:54:27.0404 0x140c [ D469B77687E12FE43E344806740B624D, DFDD486FD040813BF4E5DDB504CF9E0BFBF6D4E540DDDA4829F9B675ACF63E89 ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
10:54:27.0419 0x140c iaStor - ok
10:54:27.0419 0x140c [ 983FC69644DDF0486C8DFEA262948D1A, 329EC95117C31E61F6D22D79CFF339D70A70522710E7DC0CED06EC95E6D4B34F ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
10:54:27.0419 0x140c IAStorDataMgrSvc - ok
10:54:27.0435 0x140c [ AAAF44DB3BD0B9D1FB6969B23ECC8366, 805AA4A9464002D1AB3832E4106B2AAA1331F4281367E75956062AAE99699385 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
10:54:27.0466 0x140c iaStorV - ok
10:54:27.0466 0x140c [ 23E22B130EFE5A225E279467BE146317, 2302C119FE9C57F3A71DFE504489423B6F7140E2DFF5D501883AD971CB671CB4 ] iBtFltCoex C:\Windows\system32\DRIVERS\iBtFltCoex.sys
10:54:27.0482 0x140c iBtFltCoex - ok
10:54:27.0482 0x140c [ 83FF82FE209E7997067B375DAD6CF23D, E312DD068E51DBF96A8232D7D1C9F158652FDA23649655F1102928B320795091 ] ICCS C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
10:54:27.0497 0x140c ICCS - ok
10:54:27.0513 0x140c [ C98A5B9D932430AD8EEBD3EF73756EF7, DF7E1D391A0F3345AD61154363922C27BD557DEEACE395A6A8A8A16BFD1BB9A8 ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
10:54:27.0560 0x140c idsvc - ok
10:54:27.0560 0x140c IEEtwCollectorService - ok
10:54:27.0669 0x140c [ 0143C860F0D09B8465AE803FDDB47BE9, C11B079AC7338981BA844BF62B96FDC4FD83018E9F67CCA9ADE426978FCF2562 ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
10:54:27.0856 0x140c igfx - ok
10:54:27.0887 0x140c [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp C:\Windows\system32\drivers\iirsp.sys
10:54:27.0887 0x140c iirsp - ok
10:54:27.0903 0x140c [ AB55B8A9B13130F638546881CE4425F8, 8427E67BE02ECABAA3F0C48BD4205BCBD4C978B48AE4E7336DA5821DFC49029E ] IISADMIN C:\Windows\system32\inetsrv\inetinfo.exe
10:54:27.0919 0x140c IISADMIN - ok
10:54:27.0934 0x140c [ 344789398EC3EE5A4E00C52B31847946, 3DA5F08E4B46F4E63456AA588D49E39A6A09A97D0509880C00F327623DB6122D ] IKEEXT C:\Windows\System32\ikeext.dll
10:54:27.0965 0x140c IKEEXT - ok
10:54:28.0028 0x140c [ 8FED6428FDE53D7F4C105095F22524BE, 58DE45CB61643B25ABA73BD77553021FDD9AA904749582B10CDC662534CD77E7 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
10:54:28.0106 0x140c IntcAzAudAddService - ok
10:54:28.0121 0x140c [ F5495B38BFB9149925F54F65AB40EFBF, 7CBB72C41E2343DACBFB967A39CA04788561EDECB289C41BC2D6A06B80882AC4 ] IntcDAud C:\Windows\system32\DRIVERS\IntcDAud.sys
10:54:28.0153 0x140c IntcDAud - ok
10:54:28.0153 0x140c [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide C:\Windows\system32\drivers\intelide.sys
10:54:28.0153 0x140c intelide - ok
10:54:28.0168 0x140c [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
10:54:28.0184 0x140c intelppm - ok
10:54:28.0184 0x140c [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum C:\Windows\system32\ipbusenum.dll
10:54:28.0215 0x140c IPBusEnum - ok
10:54:28.0215 0x140c [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
10:54:28.0246 0x140c IpFilterDriver - ok
10:54:28.0262 0x140c [ 08C2957BB30058E663720C5606885653, E13EDF6701512E2A9977A531454932CA5023087CB50E1D2F416B8BCDD92B67BE ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
10:54:28.0293 0x140c iphlpsvc - ok
10:54:28.0293 0x140c [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
10:54:28.0309 0x140c IPMIDRV - ok
10:54:28.0309 0x140c [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT C:\Windows\system32\drivers\ipnat.sys
10:54:28.0340 0x140c IPNAT - ok
10:54:28.0355 0x140c [ 944A6D2E1D971806EFFE4BBABF0DBDC7, 394FC1137D2F5CAE0076229EBFEA940584A15AE4D382006507292A94441AF442 ] IpOverUsbSvc C:\Program Files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe
10:54:28.0355 0x140c IpOverUsbSvc - ok
10:54:28.0355 0x140c [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM C:\Windows\system32\drivers\irenum.sys
10:54:28.0371 0x140c IRENUM - ok
10:54:28.0387 0x140c [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp C:\Windows\system32\drivers\isapnp.sys
10:54:28.0387 0x140c isapnp - ok
10:54:28.0402 0x140c [ 96BB922A0981BC7432C8CF52B5410FE6, 236C05509B1040059B15021CBBDBDAF3B9C0F00910142BE5887B2C7561BAAFBA ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
10:54:28.0418 0x140c iScsiPrt - ok
10:54:28.0433 0x140c [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
10:54:28.0433 0x140c kbdclass - ok
10:54:28.0449 0x140c [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
10:54:28.0449 0x140c kbdhid - ok
10:54:28.0465 0x140c [ 9262D6E2C239EDD6D87B080F2BCCEC9F, 4947F2C3DD9D2D08CBB03FCA822C78B24F841464FF52FDBFF7D34AC7EB484104 ] KeyIso C:\Windows\system32\lsass.exe
10:54:28.0465 0x140c KeyIso - ok
10:54:28.0465 0x140c [ F7DFAE6040AC910B7C64EE208A34157D, AEF1100F12391692D9DB78519D843A90C97E199A80DDC4D43E3AF1919A9E8E56 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
10:54:28.0480 0x140c KSecDD - ok
10:54:28.0496 0x140c [ 8FE94F2EF9BF444E93E35D87E210D02F, 78E8F6FD7C1EA3556194947707BE6893538A9E25A550C22045866C5B30251D14 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
10:54:28.0511 0x140c KSecPkg - ok
10:54:28.0511 0x140c [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
10:54:28.0543 0x140c ksthunk - ok
10:54:28.0558 0x140c [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm C:\Windows\system32\msdtckrm.dll
10:54:28.0589 0x140c KtmRm - ok
10:54:28.0605 0x140c [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer C:\Windows\system32\srvsvc.dll
10:54:28.0636 0x140c LanmanServer - ok
10:54:28.0636 0x140c [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
10:54:28.0683 0x140c LanmanWorkstation - ok
10:54:28.0683 0x140c [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
10:54:28.0714 0x140c lltdio - ok
10:54:28.0730 0x140c [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc C:\Windows\System32\lltdsvc.dll
10:54:28.0761 0x140c lltdsvc - ok
10:54:28.0777 0x140c [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts C:\Windows\System32\lmhsvc.dll
10:54:28.0808 0x140c lmhosts - ok
10:54:28.0808 0x140c [ 7F32D4C47A50E7223491E8FB9359907D, 6D3F59A8D006BED3234697933D09C8EE8F7A9F4A4196CFA878F8E8A929B24CE5 ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
10:54:28.0823 0x140c LMS - ok
10:54:28.0823 0x140c [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
10:54:28.0839 0x140c LSI_FC - ok
10:54:28.0855 0x140c [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
10:54:28.0870 0x140c LSI_SAS - ok
10:54:28.0870 0x140c [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
10:54:28.0886 0x140c LSI_SAS2 - ok
10:54:28.0886 0x140c [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
10:54:28.0901 0x140c LSI_SCSI - ok
10:54:28.0901 0x140c [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv C:\Windows\system32\drivers\luafv.sys
10:54:28.0933 0x140c luafv - ok
10:54:28.0948 0x140c [ 1E9E32AEC3E1EB1B31B8169F33168B56, 39114585E1FDBBA31E1F781C6A627281907183F94626EB347B08D1F78992ED2A ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
10:54:28.0948 0x140c MBAMProtector - ok
10:54:28.0979 0x140c [ 2B983F067AEE3F9EB4DF5E97F45D21D1, 0B9ED0E91FF01A5445927650113E320C3C0EA16F1401AA55A509DDBF704DF22F ] MBAMService C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe
10:54:29.0011 0x140c MBAMService - ok
10:54:29.0026 0x140c [ E9CD058C79EA15B4AA93E259FA713B07, 2B09F65188D8782F9C797545F2F791EC7EAB85D8914B2C0B30BD869C412E3980 ] MBAMSwissArmy C:\Windows\system32\drivers\MBAMSwissArmy.sys
10:54:29.0042 0x140c MBAMSwissArmy - ok
10:54:29.0042 0x140c [ F49FB3C88E263AE9A246593B0BB29294, FB53D6FA4A98B98334DCFF81E40712265256D31A9E9FF36022887BABD50F39EB ] MBAMWebAccessControl C:\Windows\system32\drivers\mwac.sys
10:54:29.0057 0x140c MBAMWebAccessControl - ok
10:54:29.0057 0x140c [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
10:54:29.0089 0x140c Mcx2Svc - ok
10:54:29.0089 0x140c [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas C:\Windows\system32\drivers\megasas.sys
10:54:29.0106 0x140c megasas - ok
10:54:29.0106 0x140c [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
10:54:29.0122 0x140c MegaSR - ok
10:54:29.0137 0x140c [ A6518DCC42F7A6E999BB3BEA8FD87567, 8A9AE992F93F37E0723761EA271A7E1AA8172702C471041A17324474FC96B9BC ] MEIx64 C:\Windows\system32\DRIVERS\HECIx64.sys
10:54:29.0137 0x140c MEIx64 - ok
10:54:29.0153 0x140c [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS C:\Windows\system32\mmcss.dll
10:54:29.0169 0x140c MMCSS - ok
10:54:29.0184 0x140c [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem C:\Windows\system32\drivers\modem.sys
10:54:29.0215 0x140c Modem - ok
10:54:29.0215 0x140c [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
10:54:29.0231 0x140c monitor - ok
10:54:29.0231 0x140c [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
10:54:29.0247 0x140c mouclass - ok
10:54:29.0247 0x140c [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
10:54:29.0262 0x140c mouhid - ok
10:54:29.0262 0x140c [ 87BCD1034CBF33537D4D4C251D39BA26, CB9DD235B62B79383F99873D75E26EEA5EE7914CA89E4B75992207F83420437F ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
10:54:29.0278 0x140c mountmgr - ok
10:54:29.0278 0x140c [ DD370A8148862150BA81A3F5C56A1E40, F56B84297BDC32266CB69D10FB2D66B8B332D60CAB7E64E4E3AC2BB749BBD31B ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
10:54:29.0293 0x140c MozillaMaintenance - ok
10:54:29.0309 0x140c [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio C:\Windows\system32\drivers\mpio.sys
10:54:29.0325 0x140c mpio - ok
10:54:29.0325 0x140c [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
10:54:29.0356 0x140c mpsdrv - ok
10:54:29.0371 0x140c [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc C:\Windows\system32\mpssvc.dll
10:54:29.0434 0x140c MpsSvc - ok
10:54:29.0434 0x140c [ AE3334958D8F631FF14A0AEB3D7EFB3A, F5FD6B61F896104C20DFC43FEE2FCE6930B73F78DF876BD19A333EABB9139C6D ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
10:54:29.0465 0x140c MRxDAV - ok
10:54:29.0465 0x140c [ A5D9106A73DC88564C825D317CAC68AC, 0457B2AEA4E05A91D0E43F317894A614434D8CEBE35020785387F307E231FBE4 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
10:54:29.0481 0x140c mrxsmb - ok
10:54:29.0496 0x140c [ D711B3C1D5F42C0C2415687BE09FC163, 9B3013AC60BD2D0FF52086658BA5FF486ADE15954A552D7DD590580E8BAE3EFF ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
10:54:29.0512 0x140c mrxsmb10 - ok
10:54:29.0512 0x140c [ 9423E9D355C8D303E76B8CFBD8A5C30C, 220B33F120C2DD937FE4D5664F4B581DC0ACF78D62EB56B7720888F67B9644CC ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
10:54:29.0527 0x140c mrxsmb20 - ok
10:54:29.0543 0x140c [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci C:\Windows\system32\drivers\msahci.sys
10:54:29.0543 0x140c msahci - ok
10:54:29.0559 0x140c [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm C:\Windows\system32\drivers\msdsm.sys
10:54:29.0574 0x140c msdsm - ok
10:54:29.0574 0x140c [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC C:\Windows\System32\msdtc.exe
10:54:29.0590 0x140c MSDTC - ok
10:54:29.0590 0x140c [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs C:\Windows\system32\drivers\Msfs.sys
10:54:29.0621 0x140c Msfs - ok
10:54:29.0637 0x140c [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
10:54:29.0652 0x140c mshidkmdf - ok
10:54:29.0668 0x140c [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
10:54:29.0668 0x140c msisadrv - ok
10:54:29.0683 0x140c [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
10:54:29.0715 0x140c MSiSCSI - ok
10:54:29.0730 0x140c msiserver - ok
10:54:29.0730 0x140c [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
10:54:29.0761 0x140c MSKSSRV - ok
10:54:29.0761 0x140c [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
10:54:29.0793 0x140c MSPCLOCK - ok
10:54:29.0793 0x140c [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
10:54:29.0808 0x140c MSPQM - ok
10:54:29.0824 0x140c [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
10:54:29.0839 0x140c MsRPC - ok
10:54:29.0855 0x140c [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
10:54:29.0871 0x140c mssmbios - ok
10:54:29.0871 0x140c MSSQL$SQLEXPRESS - ok
10:54:29.0871 0x140c [ 04EF36EAF5C4DBCE424D81B76F1E9231, ABA97C3004903852357264291613649D823F5BB24806E6CF9952AB3AA0E97C15 ] MSSQLServerADHelper100 c:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE
10:54:29.0886 0x140c MSSQLServerADHelper100 - ok
10:54:29.0886 0x140c [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
10:54:29.0917 0x140c MSTEE - ok
10:54:29.0917 0x140c [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
10:54:29.0933 0x140c MTConfig - ok
10:54:29.0933 0x140c [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup C:\Windows\system32\Drivers\mup.sys
10:54:29.0949 0x140c Mup - ok
10:54:29.0964 0x140c [ F217D7718FD7577AF331E89910B2D21E, 216605E4F3F7E2FDB531E4197FBDE46166D5C7D812099D322E20E0CA4BF4797C ] MyWiFiDHCPDNS C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
10:54:29.0980 0x140c MyWiFiDHCPDNS - ok
10:54:29.0995 0x140c [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent C:\Windows\system32\qagentRT.dll
10:54:30.0027 0x140c napagent - ok
10:54:30.0042 0x140c [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
10:54:30.0058 0x140c NativeWifiP - ok
10:54:30.0089 0x140c [ 760E38053BF56E501D562B70AD796B88, F856E81A975D44F8684A6F2466549CEEDFAEB3950191698555A93A1206E0A42D ] NDIS C:\Windows\system32\drivers\ndis.sys
10:54:30.0105 0x140c NDIS - ok
10:54:30.0120 0x140c [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
10:54:30.0151 0x140c NdisCap - ok
10:54:30.0151 0x140c [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
10:54:30.0183 0x140c NdisTapi - ok
10:54:30.0183 0x140c [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
10:54:30.0214 0x140c Ndisuio - ok
10:54:30.0214 0x140c [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
10:54:30.0245 0x140c NdisWan - ok
10:54:30.0261 0x140c [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
10:54:30.0276 0x140c NDProxy - ok
10:54:30.0292 0x140c [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
10:54:30.0323 0x140c NetBIOS - ok
10:54:30.0323 0x140c [ 09594D1089C523423B32A4229263F068, 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
10:54:30.0354 0x140c NetBT - ok
10:54:30.0354 0x140c [ 9262D6E2C239EDD6D87B080F2BCCEC9F, 4947F2C3DD9D2D08CBB03FCA822C78B24F841464FF52FDBFF7D34AC7EB484104 ] Netlogon C:\Windows\system32\lsass.exe
10:54:30.0370 0x140c Netlogon - ok
10:54:30.0370 0x140c [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman C:\Windows\System32\netman.dll
10:54:30.0417 0x140c Netman - ok
10:54:30.0417 0x140c [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
10:54:30.0448 0x140c NetMsmqActivator - ok
10:54:30.0448 0x140c [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
10:54:30.0463 0x140c NetPipeActivator - ok
10:54:30.0479 0x140c [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm C:\Windows\System32\netprofm.dll
10:54:30.0526 0x140c netprofm - ok
10:54:30.0526 0x140c [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
10:54:30.0541 0x140c NetTcpActivator - ok
10:54:30.0541 0x140c [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
10:54:30.0557 0x140c NetTcpPortSharing - ok
10:54:30.0744 0x140c [ 9FD1BE1881446D954FF77244AE58FBCB, 4FC9FFDB8F3079372C33F87102E38DC6A82E47FB8751498447CA4B00C2A17694 ] NETwNs64 C:\Windows\system32\DRIVERS\NETwNs64.sys
10:54:30.0978 0x140c NETwNs64 - ok
10:54:30.0994 0x140c [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
10:54:31.0009 0x140c nfrd960 - ok
10:54:31.0009 0x140c [ 8B301D474B478E9A92823BAB50A7BC49, 8181816035F41B1DABEC05E65E4F67BCD785F56760A61F1049E91BA39D42F01D ] NlaSvc C:\Windows\System32\nlasvc.dll
10:54:31.0025 0x140c NlaSvc - ok
10:54:31.0041 0x140c [ DE7FCC77F4A503AF4CA6A47D49B3713D, 4BFAA99393F635CD05D91A64DE73EDB5639412C129E049F0FE34F88517A10FC6 ] NPF C:\Windows\system32\drivers\npf.sys
10:54:31.0056 0x140c NPF - ok
10:54:31.0056 0x140c [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs C:\Windows\system32\drivers\Npfs.sys
10:54:31.0087 0x140c Npfs - ok
10:54:31.0087 0x140c [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi C:\Windows\system32\nsisvc.dll
10:54:31.0119 0x140c nsi - ok
10:54:31.0119 0x140c [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
10:54:31.0150 0x140c nsiproxy - ok
10:54:31.0181 0x140c [ 1A29A59A4C5BA6F8C85062A613B7E2B2, CC137F499A12C724D4166C2D85E9F447413419A0683DAC6F1A802B7F210C77F1 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
10:54:31.0243 0x140c Ntfs - ok
10:54:31.0243 0x140c [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null C:\Windows\system32\drivers\Null.sys
10:54:31.0275 0x140c Null - ok
10:54:31.0275 0x140c [ D584ABB6A308933A5F72B46C9E5A783F, 31922A27B3A9A64A9F71B7591FCAC6E0ACD15E36B9BFC4B4D75DE473E0F5CF6B ] nusb3hub C:\Windows\system32\DRIVERS\nusb3hub.sys
10:54:31.0290 0x140c nusb3hub - ok
10:54:31.0290 0x140c [ 345B9C04E2036DA4346E3249A5BDFD06, 2FCA4661757EC8E33F6D1E8066165C0E0A0D32649318412A79A915B83496236A ] nusb3xhc C:\Windows\system32\DRIVERS\nusb3xhc.sys
10:54:31.0306 0x140c nusb3xhc - ok
10:54:31.0321 0x140c [ 10204955027011E08A9DC27737A48A54, 80F75EDE9FBEF4B6E6B2D43563C025C3458BA43F3E0988F52316C5591A54CAF0 ] NVHDA C:\Windows\system32\drivers\nvhda64v.sys
10:54:31.0337 0x140c NVHDA - ok
10:54:31.0337 0x140c [ 198FA966EAF04D732EBD13BA9EE47CB7, FEF8EF4BF3FE32BB25B3ADC04C4827151FC4B08910406FB2E9D111E410930328 ] nvkflt C:\Windows\system32\DRIVERS\nvkflt.sys
10:54:31.0368 0x140c nvkflt - ok
10:54:31.0620 0x140c [ B98F9AE82D175F85290BC6FE2141A79F, C73BCFB3B881DB2636608F7FC3DF124F90CFC1AA83CE413C1EAA573F78CDBAD2 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
10:54:31.0932 0x140c nvlddmkm - ok
10:54:31.0979 0x140c [ 1B53F35149571A14D8C012FBD4A044A6, C851FDF850D81A44EE29F4AFA82C17BFF94F80C3947C68D47657C0C3927BC677 ] NvNetworkService C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
10:54:32.0025 0x140c NvNetworkService - ok
10:54:32.0025 0x140c [ 8F1C3A1020EE98422A903F0B6A71BF43, 3E33E21B2D1ABF50D0CAEDD47892A0A08B460E620072C0DF1E5D91422EC512EF ] nvpciflt C:\Windows\system32\DRIVERS\nvpciflt.sys
10:54:32.0041 0x140c nvpciflt - ok
10:54:32.0057 0x140c [ 0A92CB65770442ED0DC44834632F66AD, 581327F07A68DBD5CC749214BE5F1211FC2CE41C7A4F0656B680AFB51A35ACE7 ] nvraid C:\Windows\system32\drivers\nvraid.sys
10:54:32.0072 0x140c nvraid - ok
10:54:32.0072 0x140c [ DAB0E87525C10052BF65F06152F37E4A, AD9BFF0D5FD3FFB95C758B478E1F6A9FE45E7B37AEC71EB5070D292FEAAEDF37 ] nvstor C:\Windows\system32\drivers\nvstor.sys
10:54:32.0088 0x140c nvstor - ok
10:54:32.0088 0x140c [ EAEFCA23772313EDECEAE7BBC923940F, BB12E55D449EB55D4414F0AF7658E5484A3688DBA65EC14EA100A62D7B4F76D5 ] NvStreamKms C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys
10:54:32.0103 0x140c NvStreamKms - ok
10:54:32.0478 0x140c [ 97AE451221EB748CBE409D238CB2B44E, B83587BB92F8D3D6A1E43BBEA4B917410B2782690E006281A7F3877FFBFE3FA7 ] NvStreamSvc C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
10:54:32.0946 0x140c NvStreamSvc - ok
10:54:33.0024 0x140c [ E51E82C7FAF2ED0F61CF901D28949ADB, 1CB209F61F26DD4A6D2DB2369B423BCA2848227B265C5809F9B2C411ACEE16F9 ] nvsvc C:\Windows\system32\nvvsvc.exe
10:54:33.0055 0x140c nvsvc - ok
10:54:33.0071 0x140c [ 75034A4D7C02327D150B617571D4196A, 8E7DAFEC4307E883D52BD0B5F0732E26E019C953770B52ACBBAD3074A66393CB ] nvvad_WaveExtensible C:\Windows\system32\drivers\nvvad64v.sys
10:54:33.0071 0x140c nvvad_WaveExtensible - ok
10:54:33.0086 0x140c [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
10:54:33.0102 0x140c nv_agp - ok
10:54:33.0117 0x140c [ 785F487A64950F3CB8E9F16253BA3B7B, 02445344BD214370A6D48B1CA04921D8EFCB13E676B5648266DD0E076C0822B6 ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
10:54:33.0133 0x140c odserv - ok
10:54:33.0149 0x140c [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
10:54:33.0164 0x140c ohci1394 - ok
10:54:33.0164 0x140c [ 5A432A042DAE460ABE7199B758E8606C, 6E5D1F477D290905BE27CEBF9572BAC6B05FFEF2FAD901D3C8E11F665F8B9A71 ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
10:54:33.0180 0x140c ose - ok
10:54:33.0195 0x140c [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
10:54:33.0211 0x140c p2pimsvc - ok
10:54:33.0227 0x140c [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc C:\Windows\system32\p2psvc.dll
10:54:33.0242 0x140c p2psvc - ok
10:54:33.0258 0x140c [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport C:\Windows\system32\drivers\parport.sys
10:54:33.0273 0x140c Parport - ok
10:54:33.0273 0x140c [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr C:\Windows\system32\drivers\partmgr.sys
10:54:33.0289 0x140c partmgr - ok
10:54:33.0289 0x140c [ DB2D62AA2DF6B1F3D690A9EC9701AA2C, BEAC55E1AA0494565F1547DF5E6FE20FCEA66461764C016FCB68D8BFF0F0C375 ] PcaSvc C:\Windows\System32\pcasvc.dll
10:54:33.0305 0x140c PcaSvc - ok
10:54:33.0320 0x140c [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci C:\Windows\system32\drivers\pci.sys
10:54:33.0336 0x140c pci - ok
10:54:33.0336 0x140c [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide C:\Windows\system32\drivers\pciide.sys
10:54:33.0351 0x140c pciide - ok
10:54:33.0351 0x140c [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
10:54:33.0367 0x140c pcmcia - ok
10:54:33.0383 0x140c [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw C:\Windows\system32\drivers\pcw.sys
10:54:33.0398 0x140c pcw - ok
10:54:33.0414 0x140c [ ED6E75158D28D33A2E2A020AC5B2B59D, 0F364D9A88304C45F31318605C417A70A9D0E4CF087D73E949B42C12CC76CD6C ] PEAUTH C:\Windows\system32\drivers\peauth.sys
10:54:33.0445 0x140c PEAUTH - ok
10:54:33.0476 0x140c [ B9B0A4299DD2D76A4243F75FD54DC680, BBF62E9628131FA396EB08D63B76D2D5FBDD61339E92B759125A066470D1C039 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
10:54:33.0523 0x140c PeerDistSvc - ok
10:54:33.0539 0x140c [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost C:\Windows\SysWow64\perfhost.exe
10:54:33.0554 0x140c PerfHost - ok
10:54:33.0585 0x140c [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla C:\Windows\system32\pla.dll
10:54:33.0663 0x140c pla - ok
10:54:33.0679 0x140c [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
10:54:33.0710 0x140c PlugPlay - ok
10:54:33.0710 0x140c [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
10:54:33.0726 0x140c PNRPAutoReg - ok
10:54:33.0741 0x140c [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
10:54:33.0757 0x140c PNRPsvc - ok
10:54:33.0773 0x140c [ 4F15D75ADF6156BF56ECED6D4A55C389, 2ADA3EA69A5D7EC2A4D2DD89178DB94EAFDDF95F07B0070D654D9F7A5C12A044 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
10:54:33.0804 0x140c PolicyAgent - ok
10:54:33.0819 0x140c [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power C:\Windows\system32\umpo.dll
10:54:33.0851 0x140c Power - ok
10:54:33.0851 0x140c [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
10:54:33.0882 0x140c PptpMiniport - ok
10:54:33.0882 0x140c [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor C:\Windows\system32\drivers\processr.sys
10:54:33.0897 0x140c Processor - ok
10:54:33.0913 0x140c [ B6A58491307B4CADA572583D863DC602, 5C44936605E52C9533E4CE22F18FAB8211475877F71EFD88DA4D02FD608C90A3 ] ProfSvc C:\Windows\system32\profsvc.dll
10:54:33.0929 0x140c ProfSvc - ok
10:54:33.0929 0x140c [ 9262D6E2C239EDD6D87B080F2BCCEC9F, 4947F2C3DD9D2D08CBB03FCA822C78B24F841464FF52FDBFF7D34AC7EB484104 ] ProtectedStorage C:\Windows\system32\lsass.exe
10:54:33.0944 0x140c ProtectedStorage - ok
10:54:33.0944 0x140c [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched C:\Windows\system32\DRIVERS\pacer.sys
10:54:33.0975 0x140c Psched - ok
10:54:33.0975 0x140c [ 87B04878A6D59D6C79251DC960C674C1, 3EB8DB0624E646F0A65D0381408D35CF9FDC5ABFC30DF6431F4070A8EB68447C ] PxHlpa64 C:\Windows\system32\Drivers\PxHlpa64.sys
10:54:33.0991 0x140c PxHlpa64 - ok
10:54:33.0991 0x140c [ 0928BD20273625622722FE1DE5BBDE57, 5313C222F8810D3A62CCE64482B5E50E58BBE2A2C298A23C84A454C34324AC52 ] qicflt C:\Windows\system32\DRIVERS\qicflt.sys
10:54:34.0007 0x140c qicflt - ok
10:54:34.0038 0x140c [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
10:54:34.0085 0x140c ql2300 - ok
10:54:34.0100 0x140c [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
10:54:34.0116 0x140c ql40xx - ok
10:54:34.0116 0x140c [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE C:\Windows\system32\qwave.dll
10:54:34.0147 0x140c QWAVE - ok
10:54:34.0147 0x140c [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
10:54:34.0163 0x140c QWAVEdrv - ok
10:54:34.0163 0x140c [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
10:54:34.0194 0x140c RasAcd - ok
10:54:34.0209 0x140c [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
10:54:34.0225 0x140c RasAgileVpn - ok
10:54:34.0241 0x140c [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto C:\Windows\System32\rasauto.dll
10:54:34.0272 0x140c RasAuto - ok
10:54:34.0272 0x140c [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
10:54:34.0303 0x140c Rasl2tp - ok
10:54:34.0319 0x140c [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan C:\Windows\System32\rasmans.dll
10:54:34.0350 0x140c RasMan - ok
10:54:34.0365 0x140c [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
10:54:34.0397 0x140c RasPppoe - ok
10:54:34.0397 0x140c [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
10:54:34.0428 0x140c RasSstp - ok
10:54:34.0428 0x140c [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
10:54:34.0475 0x140c rdbss - ok
10:54:34.0475 0x140c [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
10:54:34.0490 0x140c rdpbus - ok
10:54:34.0490 0x140c [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
10:54:34.0521 0x140c RDPCDD - ok
10:54:34.0521 0x140c [ 1B6163C503398B23FF8B939C67747683, 339A5AA7970FF34FAAB213B655860C5B0DEC5F983A4A11A088017D849F320ACE ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
10:54:34.0537 0x140c RDPDR - ok
10:54:34.0553 0x140c [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
10:54:34.0568 0x140c RDPENCDD - ok
10:54:34.0584 0x140c [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
10:54:34.0599 0x140c RDPREFMP - ok
10:54:34.0615 0x140c [ FE571E088C2D83619D2D48D4E961BF41, 88C5A2FCB1D0E528657842E39963471A6E42FCA3FCDF37955AEC8258AB4C48EA ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
10:54:34.0631 0x140c RDPWD - ok
10:54:34.0631 0x140c [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
10:54:34.0662 0x140c rdyboost - ok
10:54:34.0677 0x140c [ B9A0810D16EA7935B10A5499ABA61DC3, 231D8E9E07FACC03D2E0A4AC97B1151DB942B0B297FFF20A703878EC3A20770D ] RegSrvc C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
10:54:34.0693 0x140c RegSrvc - ok
10:54:34.0709 0x140c [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess C:\Windows\System32\mprdim.dll
10:54:34.0740 0x140c RemoteAccess - ok
10:54:34.0740 0x140c [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry C:\Windows\system32\regsvc.dll
10:54:34.0787 0x140c RemoteRegistry - ok
10:54:34.0787 0x140c [ 3DD798846E2C28102B922C56E71B7932, 30B111615D74CB2213997A5C08DD9C8613ADE441D9423CC1C49A753D13CE524D ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
10:54:34.0802 0x140c RFCOMM - ok
10:54:34.0818 0x140c [ 83A6C2CAFE236652D1559640594A0EA8, 52360F17C9C70C9CEA3316560B40C4D89FD705ED7E6B6088C99FC54D4CC35EB5 ] rpcapd C:\Program Files (x86)\WinPcap\rpcapd.exe
10:54:34.0833 0x140c rpcapd - ok
10:54:34.0833 0x140c [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
10:54:34.0865 0x140c RpcEptMapper - ok
10:54:34.0865 0x140c [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator C:\Windows\system32\locator.exe
10:54:34.0880 0x140c RpcLocator - ok
10:54:34.0896 0x140c [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] RpcSs C:\Windows\system32\rpcss.dll
10:54:34.0927 0x140c RpcSs - ok
10:54:34.0943 0x140c [ 8415D92661B147BA54BE05AD18B82186, EA1A31887332273D81CF0C1D4C1AD3D735A6EB24E80B838F6D7B501439BD49B5 ] RsFx0153 C:\Windows\system32\DRIVERS\RsFx0153.sys
10:54:34.0958 0x140c RsFx0153 - ok
10:54:34.0974 0x140c [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
10:54:34.0989 0x140c rspndr - ok
10:54:35.0005 0x140c [ 9140DB0911DE035FED0A9A77A2D156EA, 07C9D7E2978062ABD84B58B390360D4C0F72C6A5A2310444579DC095943BD008 ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
10:54:35.0036 0x140c RTL8167 - ok
10:54:35.0036 0x140c [ E60C0A09F997826C7627B244195AB581, E8630ED74B38B98BF584E353D992C1311BC36AB7F20A1BB66C9CD65CE1E46F8D ] s3cap C:\Windows\system32\drivers\vms3cap.sys
10:54:35.0052 0x140c s3cap - ok
10:54:35.0052 0x140c [ 9262D6E2C239EDD6D87B080F2BCCEC9F, 4947F2C3DD9D2D08CBB03FCA822C78B24F841464FF52FDBFF7D34AC7EB484104 ] SamSs C:\Windows\system32\lsass.exe
10:54:35.0067 0x140c SamSs - ok
10:54:35.0067 0x140c [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
10:54:35.0083 0x140c sbp2port - ok
10:54:35.0083 0x140c [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr C:\Windows\System32\SCardSvr.dll
10:54:35.0130 0x140c SCardSvr - ok
10:54:35.0130 0x140c [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
10:54:35.0161 0x140c scfilter - ok
10:54:35.0192 0x140c [ 262F6592C3299C005FD6BEC90FC4463A, 54095E37F0B6CC677A3E9BDD40F4647C713273D197DB341063AA7F342A60C4A7 ] Schedule C:\Windows\system32\schedsvc.dll
10:54:35.0255 0x140c Schedule - ok
10:54:35.0255 0x140c [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc C:\Windows\System32\certprop.dll
10:54:35.0270 0x140c SCPolicySvc - ok
10:54:35.0286 0x140c [ 111E0EBC0AD79CB0FA014B907B231CF0, B7D43D156C2524938503CF8E99C4D1F7A5C55E16C0368F57F4CD23C6D833B38F ] sdbus C:\Windows\system32\DRIVERS\sdbus.sys
10:54:35.0301 0x140c sdbus - ok
10:54:35.0301 0x140c [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC C:\Windows\System32\SDRSVC.dll
10:54:35.0333 0x140c SDRSVC - ok
10:54:35.0333 0x140c [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv C:\Windows\system32\drivers\secdrv.sys
10:54:35.0364 0x140c secdrv - ok
10:54:35.0364 0x140c [ BC617A4E1B4FA8DF523A061739A0BD87, 10C4057F6B321EB5237FF619747B74F5401BC17D15A8C7060829E8204A2297F9 ] seclogon C:\Windows\system32\seclogon.dll
10:54:35.0395 0x140c seclogon - ok
10:54:35.0395 0x140c [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS C:\Windows\System32\sens.dll
10:54:35.0426 0x140c SENS - ok
10:54:35.0442 0x140c [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc C:\Windows\system32\sensrsvc.dll
10:54:35.0457 0x140c SensrSvc - ok
10:54:35.0457 0x140c [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum C:\Windows\system32\drivers\serenum.sys
10:54:35.0473 0x140c Serenum - ok
10:54:35.0473 0x140c [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial C:\Windows\system32\drivers\serial.sys
10:54:35.0489 0x140c Serial - ok
10:54:35.0489 0x140c [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse C:\Windows\system32\drivers\sermouse.sys
10:54:35.0504 0x140c sermouse - ok
10:54:35.0520 0x140c [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv C:\Windows\system32\sessenv.dll
10:54:35.0551 0x140c SessionEnv - ok
10:54:35.0551 0x140c [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk C:\Windows\system32\DRIVERS\sffdisk.sys
10:54:35.0567 0x140c sffdisk - ok
10:54:35.0567 0x140c [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc C:\Windows\system32\DRIVERS\sffp_mmc.sys
10:54:35.0582 0x140c sffp_mmc - ok
10:54:35.0582 0x140c [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd C:\Windows\system32\DRIVERS\sffp_sd.sys
10:54:35.0598 0x140c sffp_sd - ok
10:54:35.0598 0x140c [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
10:54:35.0613 0x140c sfloppy - ok
10:54:35.0629 0x140c [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess C:\Windows\System32\ipnathlp.dll
10:54:35.0660 0x140c SharedAccess - ok
10:54:35.0676 0x140c [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
10:54:35.0723 0x140c ShellHWDetection - ok
10:54:35.0723 0x140c [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
10:54:35.0738 0x140c SiSRaid2 - ok
10:54:35.0738 0x140c [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
10:54:35.0754 0x140c SiSRaid4 - ok
10:54:35.0769 0x140c [ 704B4F81729F676BBF034529FC334D82, 1E50DAF97836807A500284385D99272780A8B69CA88761250451060B207824F8 ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
10:54:35.0769 0x140c SkypeUpdate - ok
10:54:35.0785 0x140c [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb C:\Windows\system32\DRIVERS\smb.sys
10:54:35.0816 0x140c Smb - ok
10:54:35.0816 0x140c [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
10:54:35.0832 0x140c SNMPTRAP - ok
10:54:35.0832 0x140c [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr C:\Windows\system32\drivers\spldr.sys
10:54:35.0847 0x140c spldr - ok
10:54:35.0863 0x140c [ 85DAA09A98C9286D4EA2BA8D0E644377, F9C324E2EF81193FE831C7EECC44A100CA06F82FA731BF555D9EA4D91DA13329 ] Spooler C:\Windows\System32\spoolsv.exe
10:54:35.0894 0x140c Spooler - ok
10:54:35.0972 0x140c [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc C:\Windows\system32\sppsvc.exe
10:54:36.0066 0x140c sppsvc - ok
10:54:36.0081 0x140c [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify C:\Windows\system32\sppuinotify.dll
10:54:36.0128 0x140c sppuinotify - ok
10:54:36.0128 0x140c [ F6057BCA087F571DE25267C7FC0FCB7E, 7D804277F3615CB759A62431906F5ABFC0C30DFD4AC42F3EE22735063B15E8AE ] SQLAgent$SQLEXPRESS c:\Program Files\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE
10:54:36.0159 0x140c SQLAgent$SQLEXPRESS - ok
10:54:36.0159 0x140c [ 8FD8EE71D7D639F85805EEE4ADB2AA15, 027E680BE49F705843B0117A72FAFC7681798B99685B91989928EF03767CD7A5 ] SQLWriter C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
10:54:36.0175 0x140c SQLWriter - ok
10:54:36.0191 0x140c [ 441FBA48BFF01FDB9D5969EBC1838F0B, 306128F1AD489F87161A089D1BDC1542A4CB742D91A0C12A7CD1863FDB8932C0 ] srv C:\Windows\system32\DRIVERS\srv.sys
10:54:36.0222 0x140c srv - ok
10:54:36.0237 0x140c [ B4ADEBBF5E3677CCE9651E0F01F7CC28, 726DB2283113AB2A9681E8E9F61132303D6D86E9CD034C40EE4A8C9DB29E87F7 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
10:54:36.0253 0x140c srv2 - ok
10:54:36.0269 0x140c [ 27E461F0BE5BFF5FC737328F749538C3, AFA4704ED8FFC1A0BAB40DFB81D3AE3F3D933A3C9BF54DDAF39FF9AF3646D9E6 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
10:54:36.0284 0x140c srvnet - ok
10:54:36.0284 0x140c [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
10:54:36.0331 0x140c SSDPSRV - ok
10:54:36.0331 0x140c [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc C:\Windows\system32\sstpsvc.dll
10:54:36.0362 0x140c SstpSvc - ok
10:54:36.0378 0x140c [ 5252D7BC56E5E0ED715AEA8FE173A455, 1408B3E98B35A449434718777EE70595F0D306197A428279C6281D2F1953F259 ] ssudmdm C:\Windows\system32\DRIVERS\ssudmdm.sys
10:54:36.0393 0x140c ssudmdm - ok
10:54:36.0409 0x140c [ 75573D89D9DAE72F00F156EC9C963B71, F24A2DDE26046244E8A1C623A50F2730DDED5152A4E209BFD686F4A12A9CD0DE ] Stereo Service C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
10:54:36.0425 0x140c Stereo Service - ok
10:54:36.0425 0x140c [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor C:\Windows\system32\drivers\stexstor.sys
10:54:36.0440 0x140c stexstor - ok
10:54:36.0456 0x140c [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc C:\Windows\System32\wiaservc.dll
10:54:36.0487 0x140c stisvc - ok
10:54:36.0503 0x140c [ 7785DC213270D2FC066538DAF94087E7, F09CB2895241719CA5147B2EE9F7ECBD0303AFFB5CD896F06D4D29BAAAFC207B ] storflt C:\Windows\system32\drivers\vmstorfl.sys
10:54:36.0503 0x140c storflt - ok
10:54:36.0518 0x140c [ C40841817EF57D491F22EB103DA587CC, 5FAA2DE43BADC16A898C0C290C44C41E4411D919A95FE8C6FF45EA7A34495079 ] StorSvc C:\Windows\system32\storsvc.dll
10:54:36.0534 0x140c StorSvc - ok
10:54:36.0534 0x140c [ D34E4943D5AC096C8EDEEBFD80D76E23, 1DD7F6F97060B5F763A04ACA1F75E59DAB09EF824FD09B83FC3C192837D006DE ] storvsc C:\Windows\system32\drivers\storvsc.sys
10:54:36.0549 0x140c storvsc - ok
10:54:36.0549 0x140c [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
10:54:36.0565 0x140c swenum - ok
10:54:36.0581 0x140c [ F577910A133A592234EBAAD3F3AFA258, 36F514740EE2D2B2F7ABFFFA13D575233EC4CE774EB58BF889C09930FEF1F443 ] SwitchBoard C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
10:54:36.0612 0x140c SwitchBoard - detected UnsignedFile.Multi.Generic ( 1 )
10:54:39.0435 0x140c Detect skipped due to KSN trusted
10:54:39.0435 0x140c SwitchBoard - ok
10:54:39.0451 0x140c [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv C:\Windows\System32\swprv.dll
10:54:39.0498 0x140c swprv - ok
10:54:39.0529 0x140c [ B0C7D4DCF4800DF2F2145B500D0161E8, 0E62B0143040C135CA3C09E6D8A5BD6FC0655C860C3BD000BE076EB1E69E7273 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
10:54:39.0576 0x140c SynTP - ok
10:54:39.0607 0x140c [ BF9CCC0BF39B418C8D0AE8B05CF95B7D, 3C13217548BE61F2BDB8BD41F77345CDDA1F97BF0AE17241C335B9807EB3DBB8 ] SysMain C:\Windows\system32\sysmain.dll
10:54:39.0669 0x140c SysMain - ok
10:54:39.0685 0x140c [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\Windows\System32\TabSvc.dll
10:54:39.0701 0x140c TabletInputService - ok
10:54:39.0716 0x140c [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv C:\Windows\System32\tapisrv.dll
10:54:39.0747 0x140c TapiSrv - ok
10:54:39.0763 0x140c [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS C:\Windows\System32\tbssvc.dll
10:54:39.0779 0x140c TBS - ok
10:54:39.0825 0x140c [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
10:54:39.0888 0x140c Tcpip - ok
10:54:39.0935 0x140c [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
10:54:39.0981 0x140c TCPIP6 - ok
10:54:39.0981 0x140c [ 1B16D0BD9841794A6E0CDE0CEF744ABC, 7EB8BA97339199EEE7F2B09DA2DA6279DA64A510D4598D42CF86415D67CD674C ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
10:54:39.0997 0x140c tcpipreg - ok
10:54:39.0997 0x140c [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
10:54:40.0013 0x140c TDPIPE - ok
10:54:40.0013 0x140c [ 51C5ECEB1CDEE2468A1748BE550CFBC8, 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
10:54:40.0028 0x140c TDTCP - ok
10:54:40.0028 0x140c [ 70988118145F5F10EF24720B97F35F65, F80C806417A68047FFB3D63214BC4AE5445315219AC594E043293006B704A63D ] tdx C:\Windows\system32\DRIVERS\tdx.sys
10:54:40.0044 0x140c tdx - ok
10:54:40.0059 0x140c [ 950AD1AE7498A492126FB9F9B2E27DB5, C4C9A972015F567FC87A4094C86835B2DD3476426AB8B40CD4872A725CA89CFC ] Te.Service C:\Program Files (x86)\Windows Kits\8.1\Testing\Runtimes\TAEF\Wex.Services.exe
10:54:40.0059 0x140c Te.Service - detected UnsignedFile.Multi.Generic ( 1 )
10:54:42.0948 0x140c Detect skipped due to KSN trusted
10:54:42.0948 0x140c Te.Service - ok
10:54:42.0948 0x140c [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
10:54:42.0964 0x140c TermDD - ok
10:54:42.0995 0x140c [ 008CD4EBFABCF78D0F19B3778492648C, 9050490EEE0AD86E73F0A82D83E4FC29DF84F6B6FDB389AE135FD712B5F425BE ] TermService C:\Windows\System32\termsrv.dll
10:54:43.0042 0x140c TermService - ok
10:54:43.0042 0x140c [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes C:\Windows\system32\themeservice.dll
10:54:43.0058 0x140c Themes - ok
10:54:43.0073 0x140c [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER C:\Windows\system32\mmcss.dll
10:54:43.0089 0x140c THREADORDER - ok
10:54:43.0104 0x140c [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks C:\Windows\System32\trkwks.dll
10:54:43.0136 0x140c TrkWks - ok
10:54:43.0136 0x140c [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
10:54:43.0167 0x140c TrustedInstaller - ok
10:54:43.0167 0x140c [ E232A3B43A894BB327FC161529BD9ED1, F2673DA8C920F21ACCECC25F7C59A05822E5E577D47F126EDF9C94FEB4B30C5F ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
10:54:43.0182 0x140c tssecsrv - ok
10:54:43.0182 0x140c [ D11C783E3EF9A3C52C0EBE83CC5000E9, A136C355D4C8945729163D15801364A614E23217B15F9313C85BA45BB71A74EB ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
10:54:43.0198 0x140c TsUsbFlt - ok
10:54:43.0214 0x140c [ 9CC2CCAE8A84820EAECB886D477CBCB8, 50D8AA2D7477A6618A0C31BB4D1C4887B457865FB1105E2E7B984EEFA337B804 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
10:54:43.0214 0x140c TsUsbGD - ok
10:54:43.0229 0x140c [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
10:54:43.0260 0x140c tunnel - ok
10:54:43.0260 0x140c [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
10:54:43.0276 0x140c uagp35 - ok
10:54:43.0276 0x140c [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
10:54:43.0323 0x140c udfs - ok
10:54:43.0338 0x140c [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect C:\Windows\system32\UI0Detect.exe
10:54:43.0354 0x140c UI0Detect - ok
10:54:43.0354 0x140c [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
10:54:43.0370 0x140c uliagpkx - ok
10:54:43.0370 0x140c [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus C:\Windows\system32\DRIVERS\umbus.sys
10:54:43.0385 0x140c umbus - ok
10:54:43.0401 0x140c [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass C:\Windows\system32\drivers\umpass.sys
10:54:43.0401 0x140c UmPass - ok
10:54:43.0416 0x140c [ A293DCD756D04D8492A750D03B9A297C, 203600ED0B7F8BA4C6D6F4ED810F4DF5AB70928B06EC4131C5D8ADF628444ED1 ] UmRdpService C:\Windows\System32\umrdp.dll
10:54:43.0432 0x140c UmRdpService - ok
10:54:43.0494 0x140c [ 2C16648A12999AE69A9EBF41974B0BA2, 06008F61B6EC36CD34CB8C4BA983371DB7A9F4BEE15E5329F5E90FEEE300D258 ] UNS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
10:54:43.0557 0x140c UNS - ok
10:54:43.0572 0x140c [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost C:\Windows\System32\upnphost.dll
10:54:43.0604 0x140c upnphost - ok
10:54:43.0604 0x140c [ F720A06140072B31E43A96F123858AA5, CA94176F2B72247F920B2C041B36CEDE360BA19BF6A7F17149561FA39AAA4449 ] US800_01 C:\Windows\system32\DRIVERS\US800Wdm.sys
10:54:43.0619 0x140c US800_01 - ok
10:54:43.0619 0x140c [ A074A3491B023FB8EC826B1DF6716141, 90E898E3BEEC60A1170E93C56C03E97D5BA83D74613BBA13871D22E03918020B ] US800_AA C:\Windows\system32\DRIVERS\US800Drv.sys
10:54:43.0635 0x140c US800_AA - ok
10:54:43.0650 0x140c [ B0435098C81D04CAFFF80DDB746CD3A2, A17B207740382E38729571F0B0BC98FF874E856A7C7CE9EB930328A2AD88F52A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
10:54:43.0666 0x140c usbaudio - ok
10:54:43.0666 0x140c [ DCA68B0943D6FA415F0C56C92158A83A, BEE5A5B33B22D1DF50B884D46D89FC3B8286EB16E38AD5A20F0A49E5C6766C57 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
10:54:43.0682 0x140c usbccgp - ok
10:54:43.0697 0x140c [ 80B0F7D5CCF86CEB5D402EAAF61FEC31, 140C62116A425DEAD25FE8D82DE283BC92C482A9F643658D512F9F67061F28AD ] usbcir C:\Windows\system32\drivers\usbcir.sys
10:54:43.0713 0x140c usbcir - ok
10:54:43.0713 0x140c [ 18A85013A3E0F7E1755365D287443965, 811C5EDF38C765BCF71BCE25CB6626FF6988C3699F5EF1846240EA0052F34C33 ] usbehci C:\Windows\system32\drivers\usbehci.sys
10:54:43.0728 0x140c usbehci - ok
10:54:43.0728 0x140c [ 8D1196CFBB223621F2C67D45710F25BA, B5D7AFE51833B24FC9576F3AED3D8A2B290E5846060E73F9FFFAC1890A8B6003 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
10:54:43.0760 0x140c usbhub - ok
10:54:43.0760 0x140c [ 765A92D428A8DB88B960DA5A8D6089DC, 56DE8A2ED58E53B202C399CA7BACB1551136303C2EE0AB426BDBBF880E3C542C ] usbohci C:\Windows\system32\drivers\usbohci.sys
10:54:43.0775 0x140c usbohci - ok
10:54:43.0775 0x140c [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint C:\Windows\system32\drivers\usbprint.sys
10:54:43.0791 0x140c usbprint - ok
10:54:43.0791 0x140c [ FED648B01349A3C8395A5169DB5FB7D6, DC4D7594C24ADD076927B9347F1B50B91CF03A4ABDB284248D5711D9C19DEB96 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
10:54:43.0806 0x140c USBSTOR - ok
10:54:43.0822 0x140c [ DD253AFC3BC6CBA412342DE60C3647F3, 146F8613F1057AC054DC3593E84BC52899DA27EA33B0E72ACFB78C3699ADCDE7 ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
10:54:43.0822 0x140c usbuhci - ok
10:54:43.0838 0x140c [ 1F775DA4CF1A3A1834207E975A72E9D7, 6D3DE5BD3EF3A76E997E5BAF900C51D25308F5A9682D1F62017F577A24095B90 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
10:54:43.0853 0x140c usbvideo - ok
10:54:43.0853 0x140c [ 7B28E2FBE75115660FAB31079C0A9F29, 81BB5A3E64B652A672A0782A88ABF6DDD729D38712D0706CE0FB9DE6D1EE1515 ] usb_rndisx C:\Windows\system32\DRIVERS\usb8023x.sys
10:54:43.0869 0x140c usb_rndisx - ok
10:54:43.0869 0x140c [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms C:\Windows\System32\uxsms.dll
10:54:43.0900 0x140c UxSms - ok
10:54:43.0900 0x140c [ 9262D6E2C239EDD6D87B080F2BCCEC9F, 4947F2C3DD9D2D08CBB03FCA822C78B24F841464FF52FDBFF7D34AC7EB484104 ] VaultSvc C:\Windows\system32\lsass.exe
10:54:43.0916 0x140c VaultSvc - ok
10:54:43.0931 0x140c [ D6C1F7B354C49A248BD897D4B7BA3C37, 90C9E8BED1AEB314636A7BC86E26E484EADE53C744D2E8A7A316459709760A5E ] VBoxDrv C:\Windows\system32\DRIVERS\VBoxDrv.sys
10:54:43.0962 0x140c VBoxDrv - ok
10:54:43.0978 0x140c [ 95717FCA60876284568B5CD476A59C41, 9A360985F072448A89890ACC5DD2155DDA0FD1EC2FFAC4697F0CFE60548CC980 ] VBoxNetAdp C:\Windows\system32\DRIVERS\VBoxNetAdp.sys
10:54:43.0994 0x140c VBoxNetAdp - ok
10:54:43.0994 0x140c [ 15C038D331E2497DF81926A379D87FEC, C56208F4F6D1FD2E6CB6ECB6B258ABE71B22CC07136258C623FE42676E6F26AF ] VBoxNetFlt C:\Windows\system32\DRIVERS\VBoxNetFlt.sys
10:54:44.0009 0x140c VBoxNetFlt - ok
10:54:44.0009 0x140c [ 93B031F740A2E1BB8B6C713DD09A897F, 22AF911DD4C1C1E256F0CA086CF32F222E1040056C859A2E97AA1D39A0A4B0AB ] VBoxUSBMon C:\Windows\system32\DRIVERS\VBoxUSBMon.sys
10:54:44.0040 0x140c VBoxUSBMon - ok
10:54:44.0040 0x140c [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
10:54:44.0056 0x140c vdrvroot - ok
10:54:44.0056 0x140c [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds C:\Windows\System32\vds.exe
10:54:44.0103 0x140c vds - ok
10:54:44.0103 0x140c [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
10:54:44.0118 0x140c vga - ok
10:54:44.0134 0x140c [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave C:\Windows\System32\drivers\vga.sys
10:54:44.0150 0x140c VgaSave - ok
10:54:44.0165 0x140c [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
10:54:44.0181 0x140c vhdmp - ok
10:54:44.0181 0x140c [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide C:\Windows\system32\drivers\viaide.sys
10:54:44.0196 0x140c viaide - ok
10:54:44.0196 0x140c [ D07589E4434BD14E192ACED6C398B0CB, 08E15EBB91CCC67175614EA814DDD0A4864934358E06AC4718EE12BFC4D2B9AE ] VMAuthdService C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
10:54:44.0212 0x140c VMAuthdService - ok
10:54:44.0212 0x140c [ 86EA3E79AE350FEA5331A1303054005F, 7E7D6027EB41E591633C7383A5D29A3BA8ECFC08C177D2BCF741EE27686B1691 ] vmbus C:\Windows\system32\drivers\vmbus.sys
10:54:44.0243 0x140c vmbus - ok
10:54:44.0243 0x140c [ 7DE90B48F210D29649380545DB45A187, 09522F84285D62B961868DA98C40B82E746CA4D24A9780905673A2349D6B07F4 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
10:54:44.0259 0x140c VMBusHID - ok
10:54:44.0259 0x140c [ BE8E5E5D53ACF71D4E8E686B68C99B04, 4F30A360095FCB2627068FA6A65A951688058E8FDDF5CE895E2AE39500A413B1 ] vmci C:\Windows\system32\DRIVERS\vmci.sys
10:54:44.0274 0x140c vmci - ok
10:54:44.0274 0x140c [ C3775FAA7CA359E9512DEDFF54DE7C1C, F47226459EB55FDFD7201B9D7389F118609E9298B5D1087662FA3484DAB19068 ] vmkbd C:\Windows\system32\drivers\VMkbd.sys
10:54:44.0290 0x140c vmkbd - ok
10:54:44.0290 0x140c [ 18AA5F4A3B1204AD00045EE5AD39BCDB, 0211A8E94F169A2A52CD39CD580293907EBE104E52038DC36B988DE1CA7F2392 ] VMnetAdapter C:\Windows\system32\DRIVERS\vmnetadapter.sys
10:54:44.0306 0x140c VMnetAdapter - ok
10:54:44.0306 0x140c [ 04CD4347CD9E8C40F78AD51F7FF426D0, BCA3E593E118BCA30142B23CD1CBE6905442D31C3DEB4C71B06D721E601F7BD8 ] VMnetBridge C:\Windows\system32\DRIVERS\vmnetbridge.sys
10:54:44.0321 0x140c VMnetBridge - ok
10:54:44.0321 0x140c VMnetDHCP - ok
10:54:44.0321 0x140c [ 50160AC31D1820C10BEE0D26707298E0, B59CB319503D3BFFAAD4B019E8EF19D0FEA62E2D29D4CC5B3C0E647A86390E7A ] VMnetuserif C:\Windows\system32\drivers\vmnetuserif.sys
10:54:44.0337 0x140c VMnetuserif - ok
10:54:44.0352 0x140c [ 41FAE6618768DC93D98DDAF3F8282D3E, 95995542026CC111B8FFAA01AC9E55B2F942A9108F5F00502A35339C13BBF20D ] VMUSBArbService C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe
10:54:44.0384 0x140c VMUSBArbService - ok
10:54:44.0384 0x140c VMware NAT Service - ok
10:54:44.0384 0x140c [ 11CAB5305913D3510854A2BD6D5ED1FB, EDD1909820CAB0EDF0BA52CB685F2D33F5162415DAD3F369A06E2D88F8102393 ] vmx86 C:\Windows\system32\drivers\vmx86.sys
10:54:44.0399 0x140c vmx86 - ok
10:54:44.0399 0x140c [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr C:\Windows\system32\drivers\volmgr.sys
10:54:44.0415 0x140c volmgr - ok
10:54:44.0430 0x140c [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
10:54:44.0446 0x140c volmgrx - ok
10:54:44.0462 0x140c [ 0D08D2F3B3FF84E433346669B5E0F639, 3D6716CEC95B8861A7CC5778E91F310528DC6BEE0E57A3C8757FC675154EBDEC ] volsnap C:\Windows\system32\drivers\volsnap.sys
10:54:44.0477 0x140c volsnap - ok
10:54:44.0477 0x140c [ ED1F4BDF68C649C6F79A02502BB6C9BC, 3D2830822D4A2C7B3676100B27DEC7B1C2EF640DA36C6543365A9CF2A61BF68E ] VsEtwService120 C:\Program Files\Microsoft Visual Studio 12.0\Common7\Packages\Debugger\Services\VsEtwService.exe
10:54:44.0493 0x140c VsEtwService120 - ok
10:54:44.0508 0x140c [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
10:54:44.0524 0x140c vsmraid - ok
10:54:44.0524 0x140c [ CB4D2E3C5E8BFA3CF6AFFF6DDC6CC70D, 32A891045AF36FEAC62373894B98ABDCEA437978BDE027169C22EBC2C72D586E ] vsock C:\Windows\system32\drivers\vsock.sys
10:54:44.0540 0x140c vsock - ok
10:54:44.0571 0x140c [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS C:\Windows\system32\vssvc.exe
10:54:44.0633 0x140c VSS - ok
10:54:44.0649 0x140c [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
10:54:44.0664 0x140c vwifibus - ok
10:54:44.0664 0x140c [ 6A3D66263414FF0D6FA754C646612F3F, 30F6BA594B0D3B94113064015A16D97811CD989DF1715CCE21CEAB9894C1B4FB ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
10:54:44.0680 0x140c vwififlt - ok
10:54:44.0680 0x140c [ 6A638FC4BFDDC4D9B186C28C91BD1A01, 5521F1DC515586777EC4837E0AEAA3E613CC178AF1074031C4D0D0C695A93168 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
10:54:44.0696 0x140c vwifimp - ok
10:54:44.0711 0x140c [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time C:\Windows\system32\w32time.dll
10:54:44.0758 0x140c W32Time - ok
10:54:44.0774 0x140c [ B32009DB1972E7F2C227499289C4384A, D491CD90ACE895EC60A5A2F995EAE39F8ED662B71BC548C3FF5BBDBC60054788 ] W3SVC C:\Windows\system32\inetsrv\iisw3adm.dll
10:54:44.0805 0x140c W3SVC - ok
10:54:44.0805 0x140c [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
10:54:44.0820 0x140c WacomPen - ok
10:54:44.0820 0x140c [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
10:54:44.0852 0x140c WANARP - ok
10:54:44.0852 0x140c [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
10:54:44.0883 0x140c Wanarpv6 - ok
10:54:44.0898 0x140c [ B32009DB1972E7F2C227499289C4384A, D491CD90ACE895EC60A5A2F995EAE39F8ED662B71BC548C3FF5BBDBC60054788 ] WAS C:\Windows\system32\inetsrv\iisw3adm.dll
10:54:44.0914 0x140c WAS - ok
10:54:44.0945 0x140c [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine C:\Windows\system32\wbengine.exe
10:54:44.0992 0x140c wbengine - ok
10:54:45.0008 0x140c [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
10:54:45.0023 0x140c WbioSrvc - ok
10:54:45.0039 0x140c [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc C:\Windows\System32\wcncsvc.dll
10:54:45.0070 0x140c wcncsvc - ok
10:54:45.0070 0x140c [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
10:54:45.0086 0x140c WcsPlugInService - ok
10:54:45.0086 0x140c [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd C:\Windows\system32\drivers\wd.sys
10:54:45.0101 0x140c Wd - ok
10:54:45.0117 0x140c [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
10:54:45.0164 0x140c Wdf01000 - ok
10:54:45.0164 0x140c [ C6F7473B55510F0B93961DA03D8E3B38, 4BAB9274DED8F7AC4A52B8739F501323FFFA0367CAA24BFAFDB5523812E0CE39 ] WdiServiceHost C:\Windows\system32\wdi.dll
10:54:45.0179 0x140c WdiServiceHost - ok
10:54:45.0179 0x140c [ C6F7473B55510F0B93961DA03D8E3B38, 4BAB9274DED8F7AC4A52B8739F501323FFFA0367CAA24BFAFDB5523812E0CE39 ] WdiSystemHost C:\Windows\system32\wdi.dll
10:54:45.0195 0x140c WdiSystemHost - ok
10:54:45.0195 0x140c [ 0EB0E5D22B1760F2DBCE632F2DD7A54D, B8A4CC62F88768947FB0A161CF9564DB28FD9C1C037B5475DF192982DE035C22 ] WebClient C:\Windows\System32\webclnt.dll
10:54:45.0226 0x140c WebClient - ok
10:54:45.0226 0x140c [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc C:\Windows\system32\wecsvc.dll
10:54:45.0273 0x140c Wecsvc - ok
10:54:45.0273 0x140c [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport C:\Windows\System32\wercplsupport.dll
10:54:45.0304 0x140c wercplsupport - ok
10:54:45.0304 0x140c [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc C:\Windows\System32\WerSvc.dll
10:54:45.0335 0x140c WerSvc - ok
10:54:45.0335 0x140c [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
10:54:45.0366 0x140c WfpLwf - ok
10:54:45.0366 0x140c [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount C:\Windows\system32\drivers\wimmount.sys
10:54:45.0382 0x140c WIMMount - ok
10:54:45.0382 0x140c WinDefend - ok
10:54:45.0398 0x140c WinHttpAutoProxySvc - ok
10:54:45.0398 0x140c [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
10:54:45.0444 0x140c Winmgmt - ok
10:54:45.0476 0x140c [ D929ABD465A2DED963DA8B30946A8D5C, DE8DBFB01C11D2AE903CBD6A974D6F995E9813CE2D6484B7DA06EAE4C545842A ] WinRM C:\Windows\system32\WsmSvc.dll
10:54:45.0554 0x140c WinRM - ok
10:54:45.0554 0x140c [ FE88B288356E7B47B74B13372ADD906D, A16B166F6BB32EF9D2A142F27B9EC54CBC7B3AC915799783CF4C40E525BC9E03 ] WinUsb C:\Windows\system32\drivers\WinUsb.sys
10:54:45.0569 0x140c WinUsb - ok
10:54:45.0600 0x140c [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc C:\Windows\System32\wlansvc.dll
10:54:45.0632 0x140c Wlansvc - ok
10:54:45.0632 0x140c [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
10:54:45.0647 0x140c WmiAcpi - ok
10:54:45.0663 0x140c [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
10:54:45.0678 0x140c wmiApSrv - ok
10:54:45.0678 0x140c WMPNetworkSvc - ok
10:54:45.0678 0x140c [ B5BD872122A2CE82D196ABF2D5D8D80A, 06FD527BA98261905DF6C1D752843DE45987D776EAA075EBBFCFCA4652D6664A ] WMSVC C:\Windows\system32\inetsrv\wmsvc.exe
10:54:45.0694 0x140c WMSVC - ok
10:54:45.0694 0x140c [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc C:\Windows\System32\wpcsvc.dll
10:54:45.0710 0x140c WPCSvc - ok
10:54:45.0725 0x140c [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
10:54:45.0741 0x140c WPDBusEnum - ok
10:54:45.0741 0x140c [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
10:54:45.0772 0x140c ws2ifsl - ok
10:54:45.0772 0x140c [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc C:\Windows\System32\wscsvc.dll
10:54:45.0788 0x140c wscsvc - ok
10:54:45.0803 0x140c WSearch - ok
10:54:45.0850 0x140c [ 0814A74C853F50B354F08F83DDA9F7FB, 0A63BAA8DE451B8C2C71FEF961718E769B9BAC305C76D24048C664CB27D0DF28 ] wuauserv C:\Windows\system32\wuaueng.dll
10:54:45.0928 0x140c wuauserv - ok
10:54:45.0944 0x140c [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
10:54:45.0944 0x140c WudfPf - ok
10:54:45.0959 0x140c [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd C:\Windows\system32\drivers\WUDFRd.sys
10:54:45.0975 0x140c WUDFRd - ok
10:54:45.0975 0x140c [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
10:54:45.0990 0x140c wudfsvc - ok
10:54:46.0006 0x140c [ 04F82965C09CBDF646B487E145060301, 2CD8533EDBE24C3E42EB7550E20F8A2EB9E5E345B165DEF543163A6BC1FDD18B ] WwanSvc C:\Windows\System32\wwansvc.dll
10:54:46.0022 0x140c WwanSvc - ok
10:54:46.0053 0x140c [ 7EB06617A7F2F280D58CF62776FDDDC2, F994D0F837E65141EBFCA673DC15ACEDFDBB999E032F59079308E0F81726BD47 ] ZcfgSvc7 C:\Program Files\Intel\WiFi\bin\ZCfgSvc7.exe
10:54:46.0100 0x140c ZcfgSvc7 - ok
10:54:46.0115 0x140c ================ Scan global ===============================
10:54:46.0115 0x140c [ BA0CD8C393E8C9F83354106093832C7B, 18D8A4780A2BAA6CEF7FBBBDA0EF6BF2DADF146E1E578A618DD5859E8ADBF1A8 ] C:\Windows\system32\basesrv.dll
10:54:46.0131 0x140c [ D17DD01601460F5899E5C154B3FD0BFA, B2FCFDE4B6F87634EA1F6D8AEA6D9B3C641D41D999C68B76F95491539B19D422 ] C:\Windows\system32\winsrv.dll
10:54:46.0146 0x140c [ D17DD01601460F5899E5C154B3FD0BFA, B2FCFDE4B6F87634EA1F6D8AEA6D9B3C641D41D999C68B76F95491539B19D422 ] C:\Windows\system32\winsrv.dll
10:54:46.0146 0x140c [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\Windows\system32\sxssrv.dll
10:54:46.0162 0x140c [ 71C85477DF9347FE8E7BC55768473FCA, A86D6A6D1F5A0EFCD649792A06F3AE9B37158D48493D2ECA7F52DCC1CB9B6536 ] C:\Windows\system32\services.exe
10:54:46.0178 0x140c [ Global ] - ok
10:54:46.0178 0x140c ================ Scan MBR ==================================
10:54:46.0178 0x140c [ EA923EB0EC0060F1451E9AD7B5762CFE ] \Device\Harddisk0\DR0
10:54:46.0209 0x140c \Device\Harddisk0\DR0 - ok
10:54:46.0209 0x140c ================ Scan VBR ==================================
10:54:46.0209 0x140c [ 767BE6D2073F9D4064C814405503A876 ] \Device\Harddisk0\DR0\Partition1
10:54:46.0209 0x140c \Device\Harddisk0\DR0\Partition1 - ok
10:54:46.0209 0x140c [ D419F3238E0AC4D422EC4BB8883A086E ] \Device\Harddisk0\DR0\Partition2
10:54:46.0209 0x140c \Device\Harddisk0\DR0\Partition2 - ok
10:54:46.0209 0x140c ================ Scan generic autorun ======================
10:54:46.0349 0x140c [ 29A1AA60BEB49F0D270817F138618647, 0581DEB23E721938F96D8DD3BCAF2E83E0B35E7A36821CE9C216CFF1B578A849 ] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
10:54:46.0490 0x140c RTHDVCPL - ok
10:54:46.0552 0x140c [ 495B01F44E917CCDF79005CC0EC56F5A, F9FE6E5EC0C40B8877F846568BA4DC23EEBCC0CCA1F43364C65079F7B77F19F9 ] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
10:54:46.0599 0x140c RtHDVBg - ok
10:54:46.0614 0x140c SynTPEnh - ok
10:54:46.0708 0x140c [ 2C3FB0759319FE11AC5940E8C2F037CE, 8C44CFD0E47207D62B3746438280A648BAD7A0779AEE6E73E6EFDD213BD51F63 ] C:\Program Files\Dell\QuickSet\QuickSet.exe
10:54:46.0817 0x140c QuickSet - detected UnsignedFile.Multi.Generic ( 1 )
10:54:49.0719 0x140c Detect skipped due to KSN trusted
10:54:49.0719 0x140c QuickSet - ok
10:54:49.0734 0x140c [ 774DB458ADE586B56BBC8E61D974C52A, 93F9FED7D07BBAA9C45AEB8F38AAD6EE3AACA32D982A2A0DE072D86E12DF7125 ] C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe
10:54:49.0734 0x140c BLEServicesCtrl - ok
10:54:49.0734 0x140c BTMTrayAgent - ok
10:54:49.0750 0x140c [ 844A67882C52C717A9A393FC93AB7C9D, FE0249C967D2E38AF4D29FF61FAE7D05A79A8C413B785605F993667FD3249412 ] C:\Windows\system32\igfxtray.exe
10:54:49.0750 0x140c IgfxTray - ok
10:54:49.0766 0x140c [ AD0119DF1702BE01FE74C1E5980B3E8B, 8ED3E7797F482796100DBE5E9A425F8DB07EE8F15E874D99954DFD15375C5F25 ] C:\Windows\system32\hkcmd.exe
10:54:49.0781 0x140c HotKeysCmds - ok
10:54:49.0797 0x140c [ FC1C7A950FAFF5536889ED6F03AC8DAF, 9DFC82BDEBA803C446CAE21ECCF825663C40EF3A571F2CD0AE24B3238EB23E30 ] C:\Windows\system32\igfxpers.exe
10:54:49.0812 0x140c Persistence - ok
10:54:49.0859 0x140c [ 522E613FAE006005515F89F122358221, 3D33595D2A9D369966E859583854B0ACA5CC3ECB7F29DA7955FCE4DB0E2F25A9 ] C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
10:54:49.0906 0x140c NvBackend - ok
10:54:49.0922 0x140c [ DD81D91FF3B0763C392422865C9AC12E, F5691B8F200E3196E6808E932630E862F8F26F31CD949981373F23C9D87DB8B9 ] C:\Windows\system32\rundll32.exe
10:54:49.0922 0x140c ShadowPlay - ok
10:54:49.0953 0x140c [ 66177D4C99FD8B578C7C56DE445E4D5D, 003D0254D7C693A72DE84CB76858F8D67D9FD62206F1B56DF7F5D0FA834C3BA7 ] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
10:54:49.0968 0x140c avgnt - ok
10:54:50.0000 0x140c [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
10:54:50.0062 0x140c Sidebar - ok
10:54:50.0062 0x140c [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
10:54:50.0093 0x140c mctadmin - ok
10:54:50.0109 0x140c [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
10:54:50.0140 0x140c Sidebar - ok
10:54:50.0156 0x140c [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
10:54:50.0156 0x140c mctadmin - ok
10:54:50.0187 0x140c [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
10:54:50.0218 0x140c Sidebar - ok
10:54:50.0234 0x140c [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
10:54:50.0234 0x140c mctadmin - ok
10:54:50.0265 0x140c [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
10:54:50.0296 0x140c Sidebar - ok
10:54:50.0312 0x140c [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
10:54:50.0327 0x140c mctadmin - ok
10:54:50.0343 0x140c [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
10:54:50.0374 0x140c Sidebar - ok
10:54:50.0390 0x140c [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
10:54:50.0405 0x140c mctadmin - ok
10:54:50.0405 0x140c Waiting for KSN requests completion. In queue: 199
10:54:51.0419 0x140c Waiting for KSN requests completion. In queue: 199
10:54:52.0433 0x140c Waiting for KSN requests completion. In queue: 199
10:54:53.0463 0x140c AV detected via SS2: Avira Antivirus, C:\Program Files (x86)\Avira\AntiVir Desktop\wsctool.exe ( 15.0.10.414 ), 0x40000 ( disabled : updated )
10:54:53.0478 0x140c Win FW state via NFP2: enabled
10:54:56.0304 0x140c ============================================================
10:54:56.0304 0x140c Scan finished
10:54:56.0304 0x140c ============================================================
10:54:56.0304 0x1c64 Detected object count: 0
10:54:56.0304 0x1c64 Actual detected object count: 0
du warst nur so schnell, dass deine Antwort schneller kam als meine Logs oben waren  |
|
24.05.2015, 10:01
| #8 |
| /// TB-Ausbilder | Telekom Brief Zeus/Zbot Servus, Du hast da mindestens eine illegale/gecrackte Software auf deinem Rechner: Adobe Photoshop CS5 / Adobe Premiere Elements 9 Lesestoff:Illegale Software: Cracks, Keygens und Co Bitte lesen => http://www.trojaner-board.de/95393-c...-software.html Es geht weiter, wenn du alles Illegale entfernt hast. Bei wiederholten Crack/Keygen Verstößen behalte ich es mir vor, den Support einzustellen, d.h. Hilfe nur noch bei der Datensicherung und Neuinstallation des Betriebssystems. |
|
24.05.2015, 10:57
| #9 |
| | Telekom Brief Zeus/Zbot Premiere Elements 9 war im Softwarepakte von Dell enthalten, Photoshop habe ich von einem Freund abgekauft, kann ich aber vorübergehend entfernen wenn dies notwendig ist. soooo um Missverständnisse zu vermeiden habe ich jetzt einfach mal die ganze Adobe Software deinstalliert  Sind Logs als Beweis notwendig? Wenn ja welche? Grüße Log von FRST nach dem entfernen der Software (habe noch mehr entfernt, musste mal aufgeräumt werden.) Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 22-05-2015 01
Ran by Michael (administrator) on MICHAEL-LAPTOP on 24-05-2015 11:51:26
Running from C:\Users\Michael\Desktop
Loaded Profiles: Michael & Classic .NET AppPool & DefaultAppPool & ASP.NET v4.0 (Available Profiles: Michael & Classic .NET AppPool & DefaultAppPool & ASP.NET v4.0)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Juniper Networks, Inc.) C:\Program Files (x86)\Juniper Networks\Common Files\dsNcService.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Microsoft Corporation) C:\Windows\System32\inetsrv\inetinfo.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
(VMware, Inc.) C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Dropbox, Inc.) C:\Users\Michael\AppData\Roaming\Dropbox\bin\Dropbox.exe
(hxxp://tortoisesvn.net) C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\btplayerctrl.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe
(hxxp://tortoisesvn.net) C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM-x32\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6611048 2011-02-18] (Realtek Semiconductor)
HKLM-x32\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2188904 2011-01-18] (Realtek Semiconductor)
HKLM-x32\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2531624 2010-12-17] (Synaptics Incorporated)
HKLM-x32\...\Run: [QuickSet] => C:\Program Files\Dell\QuickSet\QuickSet.exe [4479648 2011-01-25] (Dell Inc.)
HKLM-x32\...\Run: [BLEServicesCtrl] => C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe [184632 2013-10-18] (Motorola Solutions, Inc.)
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
HKLM-x32\...\Run: [IgfxTray] => C:\Windows\system32\igfxtray.exe [172016 2014-04-09] (Intel Corporation)
HKLM-x32\...\Run: [HotKeysCmds] => C:\Windows\system32\hkcmd.exe [399856 2014-04-09] (Intel Corporation)
HKLM-x32\...\Run: [Persistence] => C:\Windows\system32\igfxpers.exe [442352 2014-04-09] (Intel Corporation)
HKLM-x32\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2403104 2014-07-24] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [728312 2015-05-05] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [129272 2015-03-16] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1041102655-3613075563-312560558-1000\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-1041102655-3613075563-312560558-1000\...\RunOnce: [DeleteMarkAny] => C:\Windows\SysWOW64\MASetupCleaner.exe [24576 2014-01-23] ((주)마크애니)
HKU\S-1-5-21-1041102655-3613075563-312560558-1000\...\MountPoints2: E - E:\wubi.exe
HKU\S-1-5-21-1041102655-3613075563-312560558-1000\...\MountPoints2: {233f92e5-4f25-11e3-a1ba-4ceb424e2b21} - F:\LaunchU3.exe -a
HKU\S-1-5-21-1041102655-3613075563-312560558-1000\...\MountPoints2: {58fdc2f7-67d4-11e3-a298-4ceb424e2b21} - E:\wubi.exe
HKU\S-1-5-21-1041102655-3613075563-312560558-1000\...\MountPoints2: {5cd36e32-34d7-11e3-897d-806e6f6e6963} - D:\autoRcd.exe
HKU\S-1-5-21-1041102655-3613075563-312560558-1000\...\MountPoints2: {5f7174cc-34db-11e3-885c-806e6f6e6963} - D:\wubi.exe
HKU\S-1-5-21-1041102655-3613075563-312560558-1000\...\MountPoints2: {bd8fa51f-a0d6-11e3-9f05-4ceb424e2b21} - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\start.exe
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [166616 2014-09-10] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [146528 2014-09-10] (NVIDIA Corporation)
Startup: C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2014-08-18]
ShortcutTarget: Dropbox.lnk -> C:\Users\Michael\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [1TortoiseNormal] -> {C5994560-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [2TortoiseModified] -> {C5994561-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [3TortoiseConflict] -> {C5994562-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [4TortoiseLocked] -> {C5994563-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [5TortoiseReadOnly] -> {C5994564-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [6TortoiseDeleted] -> {C5994565-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [7TortoiseAdded] -> {C5994566-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [8TortoiseIgnored] -> {C5994567-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [9TortoiseUnversioned] -> {C5994568-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Michael\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Michael\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Michael\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Michael\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [1TortoiseNormal] -> {C5994560-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [2TortoiseModified] -> {C5994561-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [3TortoiseConflict] -> {C5994562-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [4TortoiseLocked] -> {C5994563-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [5TortoiseReadOnly] -> {C5994564-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [6TortoiseDeleted] -> {C5994565-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [7TortoiseAdded] -> {C5994566-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [8TortoiseIgnored] -> {C5994567-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [9TortoiseUnversioned] -> {C5994568-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Michael\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Michael\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Michael\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR HKU\S-1-5-21-1041102655-3613075563-312560558-1000\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\S-1-5-21-1041102655-3613075563-312560558-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
BHO: No Name -> {41564952-412D-5637-00A7-7A786E7484D7} -> No File
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll [2015-02-18] (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-02-18] (Oracle Corporation)
BHO-x32: Microsoft Web Test Recorder 12.0 Helper -> {432dd630-7e03-4c97-9d62-b99f52df4fc2} -> C:\Program Files (x86)\Microsoft Visual Studio 12.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll [2013-10-05] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-02-18] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-02-18] (Oracle Corporation)
Toolbar: HKU\S-1-5-21-1041102655-3613075563-312560558-1000 -> No Name - {41564952-412D-5637-00A7-7A786E7484D7} - No File
DPF: HKLM {AA570693-00E2-4907-B6F1-60A1199B030C} https://juniper.net/dana-cached/sc/JuniperSetupClient64.cab
DPF: HKLM-x32 {6C269571-C6D7-4818-BCA4-32A035E8C884} hxxp://ccfiles.creative.com/Web/softwareupdate/su/ocx/15102/CTSUEng.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: HKLM-x32 {D4B68B83-8710-488B-A692-D74B50BA558E} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: HKLM-x32 {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/dana-cached/sc/JuniperSetupClient.cab
DPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/130321/CTPID.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 192.168.2.1
FireFox:
========
FF ProfilePath: C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\9wr46jyi.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_134.dll [2015-04-06] ()
FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-02-18] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-02-18] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll No File
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_134.dll [2015-04-06] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin-x32: @IPCWebComponents -> C:\Program Files (x86)\IPCWebComponents\npIPCReg.dll [2015-01-14] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-02-18] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-02-18] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2014-09-10] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2014-09-10] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-18] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-18] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-09-12] (Adobe Systems Inc.)
FF Extension: Avira Browser Safety - C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\9wr46jyi.default\Extensions\abs@avira.com [2015-04-29]
FF Extension: Selenium IDE: C# Formatters - C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\9wr46jyi.default\Extensions\csharpformatters@seleniumhq.org.xpi [2014-02-18]
FF Extension: Firebug - C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\9wr46jyi.default\Extensions\firebug@software.joehewitt.com.xpi [2013-12-11]
FF Extension: Selenium IDE: Java Formatters - C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\9wr46jyi.default\Extensions\javaformatters@seleniumhq.org.xpi [2014-02-18]
FF Extension: Selenium IDE: Python Formatters - C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\9wr46jyi.default\Extensions\pythonformatters@seleniumhq.org.xpi [2014-02-18]
FF Extension: Selenium IDE: Ruby Formatters - C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\9wr46jyi.default\Extensions\rubyformatters@seleniumhq.org.xpi [2014-02-18]
FF Extension: ProxTube - C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\9wr46jyi.default\Extensions\{2541D29A-DB9E-4c1e-949A-31EFB4AEF4E7}.xpi [2014-07-29]
FF Extension: Selenium IDE - C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\9wr46jyi.default\Extensions\{a6fd85ed-e919-4a43-a5af-8da18bda539f}.xpi [2014-02-18]
FF Extension: Adblock Plus - C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\9wr46jyi.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-10-14]
FF Extension: Fox!Box - C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\9wr46jyi.default\Extensions\{df4e4df5-5cb7-46b0-9aef-6c784c3249f8}.xpi [2013-10-27]
Chrome:
=======
CHR Profile: C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-01-24]
CHR Extension: (Google Drive) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-01-24]
CHR Extension: (YouTube) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-01-24]
CHR Extension: (Adblock Plus) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-10-08]
CHR Extension: (Google Search) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-01-24]
CHR Extension: (Adobe Acrobat - Create PDF) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2014-07-19]
CHR Extension: (Avira Browser Safety) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2015-01-20]
CHR Extension: (Bookmark Manager) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-04-22]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-16]
CHR Extension: (Google Wallet) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-24]
CHR Extension: (Gmail) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-01-24]
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [827640 2015-05-05] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [434424 2015-05-05] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [434424 2015-05-05] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1185584 2015-05-05] (Avira Operations GmbH & Co. KG)
S2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [201008 2015-03-16] (Avira Operations GmbH & Co. KG)
S3 c2wts; C:\Program Files\Windows Identity Foundation\v3.5\c2wtshost.exe [15768 2010-02-03] (Microsoft Corporation)
R2 DiagTrack; C:\Windows\system32\diagtrack.dll [1254400 2015-04-27] (Microsoft Corporation)
S3 fussvc; C:\Program Files (x86)\Windows Kits\8.1\App Certification Kit\fussvc.exe [142336 2014-02-20] (Microsoft Corporation) []
R2 IISADMIN; C:\Windows\system32\inetsrv\inetinfo.exe [15872 2010-11-21] (Microsoft Corporation)
R2 IpOverUsbSvc; C:\Program Files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe [22744 2014-10-15] (Microsoft Corporation)
S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
S2 MSSQL$SQLEXPRESS; c:\Program Files\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [62379184 2014-07-10] (Microsoft Corporation)
S4 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-09-15] ()
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1720608 2014-07-24] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [18955552 2014-07-24] (NVIDIA Corporation)
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-03-01] (Riverbed Technology, Inc.)
S4 SQLAgent$SQLEXPRESS; c:\Program Files\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [442536 2014-07-10] (Microsoft Corporation)
S3 Te.Service; C:\Program Files (x86)\Windows Kits\8.1\Testing\Runtimes\TAEF\Wex.Services.exe [119808 2013-08-22] (Microsoft Corporation) []
S3 VsEtwService120; C:\Program Files\Microsoft Visual Studio 12.0\Common7\Packages\Debugger\Services\VsEtwService.exe [89232 2014-07-22] (Microsoft Corporation)
R2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [453120 2010-11-21] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S3 WMSVC; C:\Windows\system32\inetsrv\wmsvc.exe [10752 2009-07-14] (Microsoft Corporation)
S4 ZcfgSvc7; C:\Program Files\Intel\WiFi\bin\ZCfgSvc7.exe [994064 2011-09-15] (Intel(R) Corporation)
S2 HitmanPro37CrusaderBoot; "F:\HitmanPro_x64 (1).exe" /crusader:boot [X]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [152744 2015-05-05] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132120 2015-05-05] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-09-30] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [44088 2015-03-10] (Avira Operations GmbH & Co. KG)
R3 btmaudio; C:\Windows\System32\drivers\btmaud.sys [88376 2013-03-18] (Motorola Solutions, Inc.)
R3 btmaux; C:\Windows\System32\DRIVERS\btmaux.sys [140600 2013-07-22] (Motorola Solutions, Inc.)
R3 btmhsf; C:\Windows\System32\DRIVERS\btmhsf.sys [1408824 2013-10-18] (Motorola Solutions, Inc.)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2013-12-18] (Disc Soft Ltd)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [136408 2015-05-23] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-04-14] (Malwarebytes Corporation)
R2 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-03-01] (Riverbed Technology, Inc.)
R1 nvkflt; C:\Windows\System32\DRIVERS\nvkflt.sys [300352 2014-09-10] (NVIDIA Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [20256 2014-07-24] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [40392 2014-03-31] (NVIDIA Corporation)
S4 RsFx0153; C:\Windows\System32\DRIVERS\RsFx0153.sys [322736 2014-07-10] (Microsoft Corporation)
S3 US800_01; C:\Windows\System32\DRIVERS\US800Wdm.sys [36440 2011-01-08] ()
S3 US800_AA; C:\Windows\System32\DRIVERS\US800Drv.sys [90200 2011-01-08] ()
R0 vsock; C:\Windows\System32\drivers\vsock.sys [73296 2013-10-08] (VMware, Inc.)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-06-07 15:59 - 2015-05-10 22:16 - 00000600 _____ () C:\Users\Michael\AppData\Local\PUTTY.RND
2015-06-07 09:38 - 2015-06-07 09:39 - 00524288 _____ (Simon Tatham) C:\Users\Michael\Desktop\putty.exe
2015-06-06 17:11 - 2015-06-06 17:11 - 00689051 _____ () C:\Users\Michael\Documents\VisualBoyAdvance-1.8.0-beta3.zip
2015-06-06 17:11 - 2015-06-06 17:11 - 00000000 ____D () C:\Users\Michael\Desktop\gbx
2015-06-06 17:09 - 2015-06-06 17:09 - 00303558 _____ () C:\Users\Michael\Documents\Zelda - Links Awakening (D).zip
2015-05-24 11:10 - 2015-05-24 11:10 - 00000000 ____D () C:\Windows\SysWOW64\syncdb
2015-05-24 10:51 - 2015-05-24 10:51 - 04197016 _____ (Kaspersky Lab ZAO) C:\Users\Michael\Downloads\tdsskiller.exe
2015-05-23 17:52 - 2015-05-23 17:52 - 00001209 _____ () C:\Users\Michael\Desktop\mbam.txt
2015-05-23 17:47 - 2015-05-23 17:47 - 00117220 _____ () C:\Users\Michael\Desktop\gmer.txt
2015-05-23 17:25 - 2015-05-23 17:25 - 00380416 _____ () C:\Users\Michael\Desktop\oxqoiqu8.exe
2015-05-23 17:21 - 2015-05-23 17:24 - 00073028 _____ () C:\Users\Michael\Desktop\Addition.txt
2015-05-23 17:20 - 2015-05-24 11:51 - 00028418 _____ () C:\Users\Michael\Desktop\FRST.txt
2015-05-23 17:20 - 2015-05-24 11:51 - 00000000 ____D () C:\FRST
2015-05-23 17:19 - 2015-05-23 17:19 - 02108416 _____ (Farbar) C:\Users\Michael\Desktop\FRST64.exe
2015-05-23 17:18 - 2015-05-23 17:18 - 00050477 _____ () C:\Users\Michael\Documents\Defogger.exe
2015-05-23 17:18 - 2015-05-23 17:18 - 00000546 _____ () C:\Users\Michael\Desktop\defogger_disable.log
2015-05-23 17:18 - 2015-05-23 17:18 - 00000168 _____ () C:\Users\Michael\defogger_reenable
2015-05-23 16:46 - 2015-05-23 16:46 - 00012872 _____ (SurfRight B.V.) C:\Windows\system32\bootdelete.exe
2015-05-23 16:46 - 2015-05-23 16:46 - 00004908 _____ () C:\Windows\system32\.crusader
2015-05-23 16:37 - 2015-05-23 16:46 - 00000000 ____D () C:\ProgramData\HitmanPro
2015-05-19 00:43 - 2015-05-01 15:17 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-19 00:43 - 2015-05-01 15:16 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-05-18 23:41 - 2015-05-18 23:42 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-05-18 23:01 - 2015-05-05 03:29 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-05-18 23:01 - 2015-05-05 03:12 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-05-18 23:01 - 2015-04-22 04:28 - 00389840 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-05-18 23:01 - 2015-04-22 03:48 - 00342736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-05-18 23:01 - 2015-04-21 19:14 - 24971776 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-05-18 23:01 - 2015-04-21 19:08 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-05-18 23:01 - 2015-04-21 19:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-05-18 23:01 - 2015-04-21 18:51 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-05-18 23:01 - 2015-04-21 18:50 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-05-18 23:01 - 2015-04-21 18:50 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-05-18 23:01 - 2015-04-21 18:50 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-05-18 23:01 - 2015-04-21 18:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-05-18 23:01 - 2015-04-21 18:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-05-18 23:01 - 2015-04-21 18:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-05-18 23:01 - 2015-04-21 18:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-05-18 23:01 - 2015-04-21 18:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-05-18 23:01 - 2015-04-21 18:35 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-05-18 23:01 - 2015-04-21 18:35 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-05-18 23:01 - 2015-04-21 18:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-05-18 23:01 - 2015-04-21 18:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-05-18 23:01 - 2015-04-21 18:31 - 06025728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-05-18 23:01 - 2015-04-21 18:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-05-18 23:01 - 2015-04-21 18:25 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-05-18 23:01 - 2015-04-21 18:24 - 19691008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-05-18 23:01 - 2015-04-21 18:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-05-18 23:01 - 2015-04-21 18:14 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-05-18 23:01 - 2015-04-21 18:11 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-05-18 23:01 - 2015-04-21 18:11 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-05-18 23:01 - 2015-04-21 18:10 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-05-18 23:01 - 2015-04-21 18:09 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-05-18 23:01 - 2015-04-21 18:09 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-05-18 23:01 - 2015-04-21 18:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-05-18 23:01 - 2015-04-21 18:08 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-05-18 23:01 - 2015-04-21 18:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-05-18 23:01 - 2015-04-21 18:04 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-05-18 23:01 - 2015-04-21 18:03 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-05-18 23:01 - 2015-04-21 18:02 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-05-18 23:01 - 2015-04-21 18:00 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-05-18 23:01 - 2015-04-21 17:58 - 00664576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-05-18 23:01 - 2015-04-21 17:58 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-05-18 23:01 - 2015-04-21 17:57 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-05-18 23:01 - 2015-04-21 17:49 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-05-18 23:01 - 2015-04-21 17:49 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-05-18 23:01 - 2015-04-21 17:48 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-05-18 23:01 - 2015-04-21 17:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-05-18 23:01 - 2015-04-21 17:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-05-18 23:01 - 2015-04-21 17:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-05-18 23:01 - 2015-04-21 17:40 - 14401536 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-05-18 23:01 - 2015-04-21 17:39 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-05-18 23:01 - 2015-04-21 17:38 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-05-18 23:01 - 2015-04-21 17:36 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-05-18 23:01 - 2015-04-21 17:31 - 04305920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-05-18 23:01 - 2015-04-21 17:27 - 02352128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-05-18 23:01 - 2015-04-21 17:26 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-05-18 23:01 - 2015-04-21 17:25 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-05-18 23:01 - 2015-04-21 17:24 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-05-18 23:01 - 2015-04-21 17:17 - 12828672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-05-18 23:01 - 2015-04-21 17:15 - 01547264 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-05-18 23:01 - 2015-04-21 17:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-05-18 23:01 - 2015-04-21 17:02 - 01882112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-05-18 23:01 - 2015-04-21 16:58 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-05-18 23:01 - 2015-04-21 16:56 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-05-18 23:01 - 2015-04-18 05:10 - 00460800 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2015-05-18 23:01 - 2015-04-18 04:56 - 00342016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2015-05-18 23:00 - 2015-04-13 05:28 - 00328704 _____ (Microsoft Corporation) C:\Windows\system32\services.exe
2015-05-18 22:59 - 2015-04-27 21:28 - 05569984 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-05-18 22:59 - 2015-04-27 21:28 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-05-18 22:59 - 2015-04-27 21:28 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-05-18 22:59 - 2015-04-27 21:26 - 01728960 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-05-18 22:59 - 2015-04-27 21:23 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-05-18 22:59 - 2015-04-27 21:23 - 01254400 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2015-05-18 22:59 - 2015-04-27 21:23 - 01162752 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-05-18 22:59 - 2015-04-27 21:23 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2015-05-18 22:59 - 2015-04-27 21:23 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2015-05-18 22:59 - 2015-04-27 21:23 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-05-18 22:59 - 2015-04-27 21:23 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-05-18 22:59 - 2015-04-27 21:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-05-18 22:59 - 2015-04-27 21:23 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-05-18 22:59 - 2015-04-27 21:23 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-05-18 22:59 - 2015-04-27 21:23 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-05-18 22:59 - 2015-04-27 21:23 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-05-18 22:59 - 2015-04-27 21:23 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-05-18 22:59 - 2015-04-27 21:23 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-05-18 22:59 - 2015-04-27 21:23 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-05-18 22:59 - 2015-04-27 21:23 - 00113664 _____ (Microsoft Corporation) C:\Windows\system32\sechost.dll
2015-05-18 22:59 - 2015-04-27 21:23 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-05-18 22:59 - 2015-04-27 21:23 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-05-18 22:59 - 2015-04-27 21:23 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-05-18 22:59 - 2015-04-27 21:23 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-05-18 22:59 - 2015-04-27 21:23 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-05-18 22:59 - 2015-04-27 21:23 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-05-18 22:59 - 2015-04-27 21:23 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-05-18 22:59 - 2015-04-27 21:23 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-05-18 22:59 - 2015-04-27 21:22 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\tracerpt.exe
2015-05-18 22:59 - 2015-04-27 21:22 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-05-18 22:59 - 2015-04-27 21:22 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-05-18 22:59 - 2015-04-27 21:22 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-05-18 22:59 - 2015-04-27 21:22 - 00104448 _____ (Microsoft Corporation) C:\Windows\system32\logman.exe
2015-05-18 22:59 - 2015-04-27 21:22 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\typeperf.exe
2015-05-18 22:59 - 2015-04-27 21:22 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\relog.exe
2015-05-18 22:59 - 2015-04-27 21:22 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-05-18 22:59 - 2015-04-27 21:22 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\diskperf.exe
2015-05-18 22:59 - 2015-04-27 21:21 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-05-18 22:59 - 2015-04-27 21:18 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-05-18 22:59 - 2015-04-27 21:18 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-05-18 22:59 - 2015-04-27 21:16 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-05-18 22:59 - 2015-04-27 21:16 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-05-18 22:59 - 2015-04-27 21:16 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-05-18 22:59 - 2015-04-27 21:16 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-05-18 22:59 - 2015-04-27 21:16 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-05-18 22:59 - 2015-04-27 21:16 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-05-18 22:59 - 2015-04-27 21:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-05-18 22:59 - 2015-04-27 21:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-05-18 22:59 - 2015-04-27 21:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-05-18 22:59 - 2015-04-27 21:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-05-18 22:59 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-05-18 22:59 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-05-18 22:59 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-05-18 22:59 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-05-18 22:59 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-05-18 22:59 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-05-18 22:59 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-05-18 22:59 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-05-18 22:59 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-05-18 22:59 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-05-18 22:59 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-05-18 22:59 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-05-18 22:59 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-05-18 22:59 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-05-18 22:59 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-05-18 22:59 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-05-18 22:59 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-05-18 22:59 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-05-18 22:59 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-05-18 22:59 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-05-18 22:59 - 2015-04-27 21:11 - 03989440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-05-18 22:59 - 2015-04-27 21:11 - 03934144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-05-18 22:59 - 2015-04-27 21:08 - 01310744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-05-18 22:59 - 2015-04-27 21:05 - 00635392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2015-05-18 22:59 - 2015-04-27 21:05 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-05-18 22:59 - 2015-04-27 21:05 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-05-18 22:59 - 2015-04-27 21:05 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-05-18 22:59 - 2015-04-27 21:05 - 00092160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sechost.dll
2015-05-18 22:59 - 2015-04-27 21:05 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-05-18 22:59 - 2015-04-27 21:05 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-05-18 22:59 - 2015-04-27 21:05 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-05-18 22:59 - 2015-04-27 21:05 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-05-18 22:59 - 2015-04-27 21:04 - 00641536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2015-05-18 22:59 - 2015-04-27 21:04 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-05-18 22:59 - 2015-04-27 21:04 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tracerpt.exe
2015-05-18 22:59 - 2015-04-27 21:04 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\logman.exe
2015-05-18 22:59 - 2015-04-27 21:04 - 00040448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\typeperf.exe
2015-05-18 22:59 - 2015-04-27 21:04 - 00037888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\relog.exe
2015-05-18 22:59 - 2015-04-27 21:04 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-05-18 22:59 - 2015-04-27 21:04 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-05-18 22:59 - 2015-04-27 21:03 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-05-18 22:59 - 2015-04-27 21:03 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-05-18 22:59 - 2015-04-27 21:03 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-05-18 22:59 - 2015-04-27 21:03 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-05-18 22:59 - 2015-04-27 21:03 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\diskperf.exe
2015-05-18 22:59 - 2015-04-27 21:03 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-05-18 22:59 - 2015-04-27 21:01 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-05-18 22:59 - 2015-04-27 21:01 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-05-18 22:59 - 2015-04-27 20:59 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-05-18 22:59 - 2015-04-27 20:59 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-05-18 22:59 - 2015-04-27 20:59 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-05-18 22:59 - 2015-04-27 20:59 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-05-18 22:59 - 2015-04-27 20:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-05-18 22:59 - 2015-04-27 20:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-05-18 22:59 - 2015-04-27 20:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-05-18 22:59 - 2015-04-27 20:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-05-18 22:59 - 2015-04-27 20:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-05-18 22:59 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-05-18 22:59 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-05-18 22:59 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-05-18 22:59 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-05-18 22:59 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-05-18 22:59 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-05-18 22:59 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-05-18 22:59 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-05-18 22:59 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-05-18 22:59 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-05-18 22:59 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-05-18 22:59 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-05-18 22:59 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-05-18 22:59 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-05-18 22:59 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-05-18 22:59 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-05-18 22:59 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-05-18 22:59 - 2015-04-27 20:06 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2015-05-18 22:59 - 2015-04-27 19:57 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-05-18 22:59 - 2015-04-27 19:57 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-05-18 22:59 - 2015-04-27 19:55 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-05-18 22:59 - 2015-04-27 19:55 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-05-18 22:59 - 2015-04-27 19:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-05-18 22:59 - 2015-04-27 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-05-18 22:59 - 2015-04-20 05:17 - 01647104 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-05-18 22:59 - 2015-04-20 05:17 - 01179136 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-05-18 22:59 - 2015-04-20 04:56 - 01250816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-05-18 22:59 - 2015-04-20 04:11 - 03204608 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-05-18 22:59 - 2015-04-08 05:29 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2015-05-18 22:59 - 2015-04-08 05:29 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll
2015-05-18 22:59 - 2015-04-08 05:14 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
2015-05-18 22:59 - 2015-03-04 06:41 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\apphelp.dll
2015-05-18 22:59 - 2015-03-04 06:41 - 00072192 _____ (Microsoft Corporation) C:\Windows\system32\aelupsvc.dll
2015-05-18 22:59 - 2015-03-04 06:41 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\sdbinst.exe
2015-05-18 22:59 - 2015-03-04 06:41 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\shimeng.dll
2015-05-18 22:59 - 2015-03-04 06:11 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shimeng.dll
2015-05-18 22:59 - 2015-03-04 06:10 - 00295936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apphelp.dll
2015-05-18 22:59 - 2015-03-04 06:10 - 00020992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sdbinst.exe
2015-05-18 22:59 - 2015-02-18 09:06 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2015-05-18 22:59 - 2015-02-18 09:04 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2015-05-18 22:59 - 2015-01-29 05:19 - 02543104 _____ (Microsoft Corporation) C:\Windows\system32\wpdshext.dll
2015-05-18 22:59 - 2015-01-29 05:02 - 02311168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wpdshext.dll
2015-05-03 13:50 - 2015-05-03 13:50 - 00000000 __SHD () C:\found.000
2015-04-29 21:46 - 2015-04-29 21:52 - 136308332 _____ () C:\Users\Michael\Documents\ClappLend_MicrosoftAvi_720x480.avi
2015-04-29 21:43 - 2015-04-29 21:44 - 102627328 _____ () C:\Users\Michael\Documents\ClappLend720p25.mpg
2015-04-29 20:59 - 2015-04-29 21:02 - 438235520 _____ () C:\Users\Michael\Documents\ClappLendH264_1080i25.m2t
2015-04-29 20:59 - 2015-04-29 21:02 - 00106196 _____ () C:\Users\Michael\Documents\ClappLendH264_1080i25.m2t.xmpses
2015-04-29 19:30 - 2015-04-29 19:33 - 438235520 _____ () C:\Users\Michael\Documents\Unbenannt.m2t
2015-04-29 19:30 - 2015-04-29 19:33 - 00106196 _____ () C:\Users\Michael\Documents\Unbenannt.m2t.xmpses
2015-04-29 19:18 - 2015-04-29 19:18 - 00285487 _____ () C:\Users\Michael\Downloads\H264_presets.zip
2015-04-29 19:18 - 2015-04-29 19:18 - 00000000 ____D () C:\Users\Michael\Downloads\H264_presets
2015-04-29 19:11 - 2015-04-29 19:13 - 42096984 _____ (Apple Inc.) C:\Users\Michael\Downloads\QuickTimeInstaller(1).exe
2015-04-29 18:53 - 2015-04-29 18:56 - 00000000 _____ () C:\Users\Michael\Documents\Unbenannt.avi
2015-04-29 18:05 - 2015-04-29 18:06 - 608648700 _____ () C:\Users\Michael\Documents\ClappLend720x576DVPAL25.avi
2015-04-29 17:42 - 2015-04-29 17:48 - 136554112 _____ () C:\Users\Michael\Documents\ClappLend720x480MicrosoftAvi.avi
2015-04-29 11:47 - 2015-04-29 11:48 - 42096984 _____ (Apple Inc.) C:\Users\Michael\Downloads\QuickTimeInstaller.exe
2015-04-29 11:43 - 2015-04-29 11:45 - 25716682 _____ () C:\Users\Michael\Documents\ClappLend720x480avi2997.avi
2015-04-28 22:42 - 2015-04-28 22:43 - 103688192 _____ () C:\Users\Michael\Documents\Preview.mpg
2015-04-28 22:07 - 2015-04-28 22:08 - 103694336 _____ () C:\Users\Michael\Documents\OhneLogoTausch.mpg
2015-04-28 18:40 - 2015-04-28 18:40 - 00000000 ____D () C:\Users\Michael\Documents\Promovideo
2015-04-28 18:29 - 2015-04-28 18:30 - 101259264 _____ () C:\Users\Michael\Documents\Unbenannt.mpg
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-06-07 12:14 - 2014-03-10 17:55 - 00001029 _____ () C:\Users\Michael\Desktop\Dropbox.lnk
2015-06-07 12:14 - 2014-03-10 17:53 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-05-24 11:32 - 2014-05-13 02:29 - 00000000 ____D () C:\Program Files (x86)\Warcraft III
2015-05-24 11:31 - 2014-03-08 11:38 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\Samsung
2015-05-24 11:31 - 2014-03-08 11:33 - 00000000 ____D () C:\ProgramData\Samsung
2015-05-24 11:31 - 2014-03-08 11:33 - 00000000 ____D () C:\Program Files (x86)\Samsung
2015-05-24 11:31 - 2013-10-14 15:56 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-05-24 11:30 - 2015-01-25 20:57 - 00000000 ____D () C:\Program Files (x86)\Compona
2015-05-24 11:22 - 2013-10-14 17:58 - 00000000 ____D () C:\Program Files (x86)\Adobe
2015-05-24 11:18 - 2014-07-24 20:45 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\Canon
2015-05-24 11:09 - 2013-10-14 18:40 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-05-24 11:09 - 2013-10-14 17:55 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\Adobe
2015-05-24 11:07 - 2014-01-24 14:10 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-05-24 11:07 - 2013-10-14 17:58 - 00000000 ____D () C:\ProgramData\Adobe
2015-05-24 10:28 - 2013-10-14 17:55 - 00000000 ____D () C:\Users\Michael\AppData\Local\Adobe
2015-05-24 10:26 - 2009-07-14 06:45 - 00031680 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-05-24 10:26 - 2009-07-14 06:45 - 00031680 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-05-24 10:22 - 2013-10-14 15:51 - 01730584 _____ () C:\Windows\WindowsUpdate.log
2015-05-24 10:20 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\inetsrv
2015-05-24 10:19 - 2014-01-06 12:32 - 00000550 _____ () C:\Windows\Tasks\MATLAB R2013b Startup Accelerator.job
2015-05-24 10:18 - 2014-04-29 21:51 - 00000000 ____D () C:\ProgramData\VMware
2015-05-24 10:18 - 2014-03-10 17:55 - 00000000 ___RD () C:\Users\Michael\Dropbox
2015-05-24 10:18 - 2014-03-10 17:53 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\Dropbox
2015-05-24 10:18 - 2014-01-24 14:10 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-05-24 10:18 - 2013-11-05 17:20 - 00000000 ____D () C:\Users\Michael\AppData\Local\TSVNCache
2015-05-24 10:18 - 2013-10-14 16:08 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-05-24 10:18 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-05-24 10:18 - 2009-07-14 06:51 - 00029630 _____ () C:\Windows\setupact.log
2015-05-23 17:51 - 2014-06-10 10:45 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-05-23 17:18 - 2013-10-14 15:51 - 00000000 ____D () C:\Users\Michael
2015-05-23 17:04 - 2015-01-20 08:08 - 00001102 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-05-23 17:04 - 2014-06-10 10:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2015-05-23 17:04 - 2014-06-10 10:45 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2015-05-23 15:47 - 2013-10-14 18:05 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-05-22 11:12 - 2013-10-14 23:40 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\Skype
2015-05-22 10:09 - 2014-01-24 14:10 - 00002175 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-05-21 19:50 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2015-05-21 18:30 - 2013-10-14 23:40 - 00000000 ____D () C:\ProgramData\Skype
2015-05-21 09:49 - 2015-04-06 23:08 - 00000000 ___SD () C:\Windows\SysWOW64\GWX
2015-05-21 09:49 - 2015-04-06 23:08 - 00000000 ___SD () C:\Windows\system32\GWX
2015-05-19 07:38 - 2009-07-14 06:45 - 04892952 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-05-19 07:37 - 2011-04-12 09:55 - 00000000 ____D () C:\Program Files\Windows Journal
2015-05-19 07:37 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\AdvancedInstallers
2015-05-19 00:51 - 2013-10-29 02:26 - 00000000 ____D () C:\Windows\system32\MRT
2015-05-19 00:51 - 2013-10-15 11:10 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-05-19 00:44 - 2013-10-29 02:26 - 140425016 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-05-19 00:43 - 2013-11-10 04:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-05-19 00:42 - 2013-11-10 04:03 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2015-05-19 00:42 - 2013-11-10 04:03 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2015-05-18 23:02 - 2014-01-24 14:10 - 00004106 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-05-18 23:02 - 2014-01-24 14:10 - 00003854 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-05-10 22:55 - 2015-04-02 18:48 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\aacs
2015-05-05 11:16 - 2013-10-14 16:49 - 00152744 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2015-05-05 11:16 - 2013-10-14 16:49 - 00132120 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2015-05-05 11:16 - 2013-10-14 16:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-04-29 21:21 - 2013-10-15 10:49 - 00035997 _____ () C:\Windows\system32\DICoInst64.log
2015-04-28 18:36 - 2013-10-14 18:15 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\vlc
==================== Files in the root of some directories =======
2013-11-22 14:02 - 2013-11-22 14:02 - 0000132 _____ () C:\Users\Michael\AppData\Roaming\Adobe BMP Format CS5 Prefs
2014-06-20 11:31 - 2014-08-19 12:16 - 0000132 _____ () C:\Users\Michael\AppData\Roaming\Adobe PNG Format CS5 Prefs
2013-12-03 09:52 - 2013-12-03 09:52 - 0000009 _____ () C:\Users\Michael\AppData\Roaming\pref.ga
2014-03-05 13:42 - 2014-05-28 12:06 - 0005120 _____ () C:\Users\Michael\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-06-07 15:59 - 2015-05-10 22:16 - 0000600 _____ () C:\Users\Michael\AppData\Local\PUTTY.RND
2015-04-02 18:36 - 2015-04-02 18:36 - 0001829 _____ () C:\Users\Michael\AppData\Local\recently-used.xbel
2013-10-14 18:27 - 2014-11-09 20:20 - 0007660 _____ () C:\Users\Michael\AppData\Local\Resmon.ResmonCfg
Some files in TEMP:
====================
C:\Users\Michael\AppData\Local\Temp\avgnt.exe
C:\Users\Michael\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpxvkr8y.dll
C:\Users\Michael\AppData\Local\Temp\GLF10B5.tmp.exe
C:\Users\Michael\AppData\Local\Temp\GLFA99D.tmp.exe
C:\Users\Michael\AppData\Local\Temp\GLFCA05.tmp.exe
C:\Users\Michael\AppData\Local\Temp\GLFD702.tmp.exe
C:\Users\Michael\AppData\Local\Temp\GLFDA0F.tmp.exe
C:\Users\Michael\AppData\Local\Temp\GLFF107.tmp.exe
C:\Users\Michael\AppData\Local\Temp\JavaRa.exe
C:\Users\Michael\AppData\Local\Temp\jli.dll
C:\Users\Michael\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\Michael\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
C:\Users\Michael\AppData\Local\Temp\jre-7u65-windows-i586-iftw.exe
C:\Users\Michael\AppData\Local\Temp\jre-8u31-windows-i586.exe
C:\Users\Michael\AppData\Local\Temp\jre-8u31-windows-x64.exe
C:\Users\Michael\AppData\Local\Temp\msvcr100.dll
C:\Users\Michael\AppData\Local\Temp\neoNCSetup64.exe
C:\Users\Michael\AppData\Local\Temp\node.exe
C:\Users\Michael\AppData\Local\Temp\ose00000.exe
C:\Users\Michael\AppData\Local\Temp\SIntf16.dll
C:\Users\Michael\AppData\Local\Temp\SIntf32.dll
C:\Users\Michael\AppData\Local\Temp\SIntfNT.dll
C:\Users\Michael\AppData\Local\Temp\sqlite3.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-06-06 01:54
==================== End of log ============================
Geändert von rootofallevi (24.05.2015 um 10:24 Uhr) |
|
24.05.2015, 11:03
| #10 |
| /// TB-Ausbilder | Telekom Brief Zeus/Zbot Also auf diesem Rechner (Win 7) sehe ich bisher keinen Zeus. Nur ein paar andere Reste, die wir noch entfernen. Wir entfernen die letzten Reste und kontrollieren nochmal alles. ESET kann länger (> 2 h) dauern. Im Anschluss entfernen wir alle verwendeten Tools und ich gebe dir noch ein paar Tipps mit auf den Weg. Schritt 1 Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter start
CloseProcesses:
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR HKU\S-1-5-21-1041102655-3613075563-312560558-1000\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
C:\Windows\system32\Drivers\etc\hosts
BHO: No Name -> {41564952-412D-5637-00A7-7A786E7484D7} -> No File
Hosts:
RemoveProxy:
EmptyTemp:
end
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Schritt 2 ESET Online Scanner
Schritt 3 Downloade Dir bitte  SecurityCheck und:
Bitte poste mit deiner nächsten Antwort
|
|
24.05.2015, 12:10
| #11 |
| | Telekom Brief Zeus/Zbot Kann ich während ESET auf dem Laptop läuft schon einmal FRST und TDSS auf den anderen Rechnern ausführen und die Logs posten? Oder wie sieht das weiter vorgehen mit den anderen Rechnern aus? Kann eigentlich auch eines meiner Lubuntu Systeme von diesem Schädling befallen sein oder ist dieser Schädling ausschließlich auf Windows Systemen? Achja und vielen vielen Dank für die Hilfe  Geändert von rootofallevi (24.05.2015 um 12:15 Uhr) |
|
24.05.2015, 12:43
| #12 |
| /// TB-Ausbilder | Telekom Brief Zeus/Zbot Servus, auf Ubuntu ist der Schädling nicht. Klar kannst du auf deinem Windows 8 Rechner FRST und TDSS-Killer ausführen, aber bitte für die zwei Themen immer getrennte Posts verwenden, nicht, dass wir da durcheinander kommen. |
|
24.05.2015, 13:00
| #13 |
| | Telekom Brief Zeus/Zbot Ok Super, dann leg ich mal los Ich fange mit meinem Desktop (win 8.1) an: FRST: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 24-05-2015
Ran by Michael (administrator) on BLACKTOWER on 24-05-2015 13:31:19
Running from C:\Users\Michael\Desktop
Loaded Profiles: Michael (Available Profiles: Michael)
Platform: Windows 8.1 Pro (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AMD) C:\Windows\System32\atiesrxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Andrea Electronics Corporation) C:\Windows\System32\AEADISRV.EXE
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\ng\ngservice.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Raid\nvraidservice.exe
() C:\Windows\System32\US800Pan.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\MOM.exe
(Analog Devices, Inc.) C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
(Analog Devices, Inc.) C:\Program Files (x86)\Analog Devices\SoundMAX\SoundMAX.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(ATI Technologies Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Microsoft Corporation) C:\Windows\SysWOW64\WWAHost.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\livecomm.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [NVRaidService] => C:\Program Files\NVIDIA Corporation\Raid\nvraidservice.exe [291944 2010-04-09] (NVIDIA Corporation)
HKLM\...\Run: [US800Pane] => C:\Windows\system32\US800Pan.exe [1796696 2015-04-12] ()
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2014-11-20] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [SoundMAXPnP] => C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe [1261568 2007-06-06] (Analog Devices, Inc.)
HKLM-x32\...\Run: [SoundMAX] => C:\Program Files (x86)\Analog Devices\SoundMAX\soundmax.exe [3440640 2007-06-06] (Analog Devices, Inc.)
HKLM-x32\...\Run: [AVMWlanClient] => C:\Program Files (x86)\avmwlanstick\wlangui.exe [2105344 2010-10-22] (AVM Berlin)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227648 2015-03-30] (AVAST Software)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [335232 2015-02-10] (Oracle Corporation)
HKU\S-1-5-21-2705135437-1520576403-3312034090-1001\...\MountPoints2: {585dddbe-aadf-11e4-8250-001a92dae90a} - "G:\pushinst.exe"
Startup: C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Touchpad Server.lnk [2015-02-03]
ShortcutTarget: Touchpad Server.lnk -> C:\Program Files (x86)\Things & Stuff\Touchpad Server\TouchpadServer.exe (Things & Stuff)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-02-09] (AVAST Software)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\S-1-5-21-2705135437-1520576403-3312034090-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/de-de/?ocid=iehp
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-02-09] (AVAST Software)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\ssv.dll [2015-03-17] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-02-09] (AVAST Software)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\jp2ssv.dll [2015-03-17] (Oracle Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 192.168.2.1
FireFox:
========
FF ProfilePath: C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\7bfq37mz.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-04-28] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-02-27] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-02-27] (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-28] ()
FF Plugin-x32: @IPCWebComponents -> C:\Program Files (x86)\IPCWebComponents\npIPCReg.dll [2015-01-14] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll [2015-03-17] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\plugin2\npjp2.dll [2015-03-17] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-18] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-18] (Google Inc.)
FF Extension: Adblock Plus - C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\7bfq37mz.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-02-16]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-02-09]
Chrome:
=======
CHR Profile: C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-09]
CHR Extension: (Google Docs) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-09]
CHR Extension: (Google Drive) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-02-09]
CHR Extension: (YouTube) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-02-09]
CHR Extension: (Adblock Plus) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-02-10]
CHR Extension: (Google Search) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-02-09]
CHR Extension: (Avast SafePrice) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2015-02-16]
CHR Extension: (Google Sheets) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-09]
CHR Extension: (Bookmark Manager) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-04-28]
CHR Extension: (Avast Online Security) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-02-09]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-17]
CHR Extension: (Google Wallet) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-02-09]
CHR Extension: (ScriptSafe) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiigbmnaadbkfbmpbfijlflahbdbdgdf [2015-02-10]
CHR Extension: (Gmail) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-02-09]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2015-02-09]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-02-09]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AEADIFilters; C:\Windows\system32\AEADISRV.EXE [89088 2007-06-07] (Andrea Electronics Corporation)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2015-02-09] (AVAST Software)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4012248 2015-02-09] (Avast Software)
S4 AVM WLAN Connection Service; C:\Program Files (x86)\avmwlanstick\WlanNetService.exe [376832 2010-10-22] (AVM Berlin) []
S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
S3 OpenVPNService; C:\Program Files\OpenVPN\bin\openvpnserv.exe [38200 2014-12-01] (The OpenVPN Project)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-04] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-04] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R0 amdkmafd; C:\Windows\System32\drivers\amdkmafd.sys [21160 2012-09-23] (Advanced Micro Devices, Inc.)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2015-02-09] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [87912 2015-02-09] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2015-02-09] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2015-02-09] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2015-02-09] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2015-02-09] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2015-02-09] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2015-02-09] ()
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [223232 2014-06-21] (Advanced Micro Devices)
S3 avmeject; C:\Windows\System32\drivers\avmeject.sys [14120 2010-10-22] (AVM Berlin)
S3 FWLANUSB; C:\Windows\system32\DRIVERS\fwlanusb.sys [460800 2010-10-22] (AVM GmbH)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-04-14] (Malwarebytes Corporation)
R3 MTsensor; C:\Windows\system32\DRIVERS\ASACPI.sys [15416 2015-02-02] ()
R3 RtlWlanu; C:\Windows\system32\DRIVERS\rtwlanu.sys [1975000 2013-07-31] (Realtek Semiconductor Corporation )
R3 SaiK0728; C:\Windows\system32\DRIVERS\SaiK0728.sys [129024 2008-01-21] (Saitek)
R0 SI3132; C:\Windows\System32\DRIVERS\SI3132.sys [90664 2007-10-03] (Silicon Image, Inc)
R0 SiFilter; C:\Windows\System32\DRIVERS\SiWinAcc.sys [22056 2007-10-03] (Silicon Image, Inc)
R0 SiRemFil; C:\Windows\System32\DRIVERS\SiRemFil.sys [17448 2007-10-03] (Silicon Image, Inc)
S3 US800_01; C:\Windows\system32\DRIVERS\US800Wdm.sys [36440 2015-04-12] ()
S3 US800_AA; C:\Windows\system32\DRIVERS\US800Drv.sys [90200 2015-04-12] ()
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [271752 2015-02-09] (Avast Software)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-04] (Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-05-24 13:31 - 2015-05-24 13:31 - 00013429 _____ () C:\Users\Michael\Desktop\FRST.txt
2015-05-24 13:31 - 2015-05-24 13:31 - 00000000 ____D () C:\FRST
2015-05-24 13:15 - 2015-05-24 13:17 - 02108416 _____ (Farbar) C:\Users\Michael\Desktop\FRST64.exe
2015-05-23 17:02 - 2015-05-23 17:02 - 00002047 _____ () C:\Users\Michael\Desktop\Entfernen des Avira EU-Cleaners.lnk
2015-05-23 17:02 - 2015-05-23 17:02 - 00001991 _____ () C:\Users\Michael\Desktop\Avira EU-Cleaner.lnk
2015-05-23 15:49 - 2015-05-23 15:49 - 00000000 ____D () C:\Program Files\HitmanPro
2015-05-23 15:42 - 2015-05-23 17:02 - 00000000 ____D () C:\ProgramData\HitmanPro
2015-05-19 16:05 - 2015-05-19 16:06 - 00000197 _____ () C:\Windows\system32\2015-05-19-14-05-43.080-AvastVBoxSVC.exe-1640.log
2015-05-19 15:56 - 2015-05-19 15:56 - 00000197 _____ () C:\Windows\system32\2015-05-19-13-56-34.011-AvastVBoxSVC.exe-2428.log
2015-05-18 17:26 - 2015-05-18 17:26 - 00001136 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d0917eff72797b.job
2015-05-09 20:17 - 2015-05-09 20:17 - 00000000 ___RD () C:\Users\Michael\OneDrive
2015-04-28 14:27 - 2015-04-28 14:27 - 00279760 _____ () C:\Windows\Minidump\042815-23703-01.dmp
2015-04-28 14:07 - 2015-04-28 14:07 - 00279760 _____ () C:\Windows\Minidump\042815-19859-01.dmp
2015-04-28 10:39 - 2015-04-28 10:39 - 00000197 _____ () C:\Windows\system32\2015-04-28-08-39-38.035-AvastVBoxSVC.exe-2352.log
2015-04-28 10:32 - 2015-05-09 20:17 - 00000000 ___RD () C:\Users\Michael\OneDrive (5).old
2015-04-28 10:24 - 2015-04-28 10:24 - 00000197 _____ () C:\Windows\system32\2015-04-28-08-24-32.022-AvastVBoxSVC.exe-2400.log
2015-04-28 10:19 - 2015-04-28 10:32 - 00000000 ___RD () C:\Users\Michael\OneDrive (4).old
2015-04-28 10:19 - 2015-04-28 10:19 - 00000197 _____ () C:\Windows\system32\2015-04-28-08-19-26.095-AvastVBoxSVC.exe-2372.log
2015-04-28 10:11 - 2015-04-28 10:11 - 00000197 _____ () C:\Windows\system32\2015-04-28-08-11-53.013-AvastVBoxSVC.exe-2384.log
2015-04-28 10:10 - 2015-04-28 10:10 - 18178736 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2015-04-25 21:32 - 2015-04-25 21:48 - 00000000 ____D () C:\os161
2015-04-25 21:28 - 2015-04-26 01:25 - 00000600 _____ () C:\Users\Michael\AppData\Local\PUTTY.RND
2015-04-25 17:55 - 2015-04-25 17:55 - 00000197 _____ () C:\Windows\system32\2015-04-25-15-55-09.029-AvastVBoxSVC.exe-2388.log
2015-04-25 17:51 - 2015-04-25 17:51 - 00000197 _____ () C:\Windows\system32\2015-04-25-15-51-05.037-AvastVBoxSVC.exe-2384.log
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-05-24 13:03 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\system32\sru
2015-05-23 17:08 - 2015-02-09 20:51 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-05-23 17:06 - 2015-02-09 20:51 - 00001118 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-05-23 17:06 - 2015-02-09 20:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2015-05-23 17:06 - 2015-02-09 20:51 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2015-05-23 15:47 - 2015-02-02 14:54 - 01776918 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-05-23 15:47 - 2013-08-23 01:24 - 00764340 _____ () C:\Windows\system32\perfh007.dat
2015-05-23 15:47 - 2013-08-23 01:24 - 00159160 _____ () C:\Windows\system32\perfc007.dat
2015-05-23 15:32 - 2015-04-12 10:38 - 00064346 _____ () C:\Windows\system32\DICoInst64.log
2015-05-23 15:32 - 2015-02-02 16:30 - 00647236 _____ () C:\Windows\avmfwlanci.log
2015-05-23 15:32 - 2015-02-01 19:07 - 01074270 _____ () C:\Windows\WindowsUpdate.log
2015-05-23 15:27 - 2015-02-09 20:48 - 00002195 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-05-23 15:25 - 2013-08-22 17:20 - 00000000 ____D () C:\Windows\CbsTemp
2015-05-23 15:13 - 2015-04-12 10:38 - 00131214 _____ () C:\Windows\system32\DICoInst64.bak
2015-05-23 15:13 - 2015-02-10 17:26 - 00000000 ___DO () C:\Users\Michael\SkyDrive
2015-05-20 21:48 - 2015-02-16 22:36 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-05-20 21:48 - 2015-02-10 09:59 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-05-19 16:07 - 2015-02-09 20:44 - 00001136 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-05-19 16:07 - 2013-08-22 16:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-05-19 16:03 - 2013-08-22 16:46 - 00028481 _____ () C:\Windows\setupact.log
2015-05-19 16:02 - 2013-08-22 15:25 - 00524288 ___SH () C:\Windows\system32\config\BBI
2015-05-19 15:56 - 2015-02-09 20:44 - 00001140 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-05-09 20:21 - 2015-02-09 21:49 - 128913832 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-05-09 20:21 - 2015-02-09 21:49 - 00000000 ____D () C:\Windows\system32\MRT
2015-05-09 20:17 - 2015-02-01 19:07 - 00000000 ____D () C:\Users\Michael
2015-04-29 22:05 - 2015-04-02 17:01 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\dvdcss
2015-04-29 22:05 - 2015-02-03 20:10 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\vlc
2015-04-28 17:57 - 2015-02-10 09:59 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2015-04-28 14:33 - 2015-02-02 15:11 - 00003598 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2705135437-1520576403-3312034090-1001
2015-04-28 14:27 - 2015-02-02 16:23 - 00000000 ____D () C:\Windows\Minidump
2015-04-28 10:19 - 2015-04-13 18:48 - 00000000 ___RD () C:\Users\Michael\OneDrive (3).old
2015-04-28 10:11 - 2015-02-17 18:28 - 00003786 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-04-28 10:11 - 2015-02-17 18:28 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-04-28 10:09 - 2015-02-01 19:02 - 00024492 _____ () C:\Windows\PFRO.log
2015-04-25 17:50 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\AppReadiness
==================== Files in the root of some directories =======
2015-04-25 21:28 - 2015-04-26 01:25 - 0000600 _____ () C:\Users\Michael\AppData\Local\PUTTY.RND
2015-03-31 20:37 - 2015-03-31 20:37 - 0000218 _____ () C:\Users\Michael\AppData\Local\recently-used.xbel
2015-02-09 21:25 - 2015-03-03 14:31 - 0007627 _____ () C:\Users\Michael\AppData\Local\Resmon.ResmonCfg
Some files in TEMP:
====================
C:\Users\Michael\AppData\Local\Temp\GLF255D.tmp.exe
C:\Users\Michael\AppData\Local\Temp\GLF9770.tmp.exe
C:\Users\Michael\AppData\Local\Temp\npp.6.7.4.Installer.exe
C:\Users\Michael\AppData\Local\Temp\xmlUpdater.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-04-10 21:36
==================== End of log ============================
Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 24-05-2015
Ran by Michael at 2015-05-24 13:32:20
Running from C:\Users\Michael\Desktop
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-2705135437-1520576403-3312034090-500 - Administrator - Disabled)
Gast (S-1-5-21-2705135437-1520576403-3312034090-501 - Limited - Disabled)
Michael (S-1-5-21-2705135437-1520576403-3312034090-1001 - Administrator - Enabled) => C:\Users\Michael
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.169 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{F2A7CE36-57BF-5C86-952D-90DBF3746D82}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.0.2208 - AVAST Software)
AVM FRITZ!WLAN (HKLM-x32\...\AVMWLANCLI) (Version: - AVM Berlin)
eLicenser Control (HKLM-x32\...\eLicenser Control) (Version: 6.8.5.1165 - Steinberg Media Technologies GmbH)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 43.0.2357.65 - Google Inc.)
Google Update Helper (x32 Version: 1.3.21.169 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden
Host OpenAL (ADI) (HKLM-x32\...\Host OpenAL (ADI)) (Version: - )
IPCWebComponents 3.0.0.2 (HKLM-x32\...\{4740E1B2-51CF-4083-8976-D6B3B5A5064F}_is1) (Version: 3.0.0.2 - )
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
Java 8 Update 40 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218040F0}) (Version: 8.0.400 - Oracle Corporation)
Malwarebytes Anti-Malware Version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Mozilla Firefox 38.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 38.0.1 (x86 de)) (Version: 38.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 31.4.0 - Mozilla)
Mozilla Thunderbird 31.6.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 31.6.0 (x86 de)) (Version: 31.6.0 - Mozilla)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.7.4 - Notepad++ Team)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.7 - NVIDIA Corporation)
NVIDIA MediaShield (HKLM-x32\...\{CC452A50-5C87-4A1F-B295-445C3C69BF7D}) (Version: 11.1.0.43 - NVIDIA Corporation)
OpenVPN 2.3.6-I001 (HKLM\...\OpenVPN) (Version: 2.3.6-I001 - )
Pivot Animator version 4.1.10 (HKLM-x32\...\Pivot Animator_is1) (Version: 4.1.10 - Motus Software Ltd)
RollerCoaster Tycoon (HKLM-x32\...\RollerCoaster Tycoon Setup) (Version: - )
Skype™ 7.2 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.2.103 - Skype Technologies S.A.)
SoundMAX (HKLM-x32\...\{F0A37341-D692-11D4-A984-009027EC0A9C}) (Version: 6.10.2.6260 - Analog Devices)
Steinberg Cubase LE 5 (HKLM-x32\...\{50C78780-1A54-4A5C-B3A7-FF828C62C5C2}) (Version: 5.1.2 - Steinberg Media Technologies GmbH)
Steinberg HALionOne (HKLM-x32\...\{E70E7159-93B1-470D-9FBD-D8E9EF34B538}) (Version: 1.1.0.457 - Steinberg Media Technologies GmbH)
Steinberg HALionOne Essential Set (HKLM-x32\...\{C04D5974-F528-4347-A494-EAF56124CC1A}) (Version: 1.0.1.457 - Steinberg Media Technologies GmbH)
Synfig Studio (HKLM-x32\...\synfigstudio) (Version: 0.64.3 - )
TAP-Windows 9.9.2 (HKLM\...\TAP-Windows) (Version: 9.9.2 - )
Touchpad Server (HKLM-x32\...\Touchpad Server_is1) (Version: 1.3 - Things & Stuff)
US800 Audio Driver (HKLM-x32\...\US800 Audio Driver Setup) (Version: - )
VLC media player (HKLM\...\VLC media player) (Version: 2.2.0 - VideoLAN)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== Restore Points =========================
23-03-2015 12:10:07 Geplanter Prüfpunkt
30-03-2015 12:46:47 Geplanter Prüfpunkt
10-04-2015 21:36:18 Windows Update
12-04-2015 10:47:21 Windows Modules Installer
09-05-2015 20:17:54 Windows Update
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2013-08-22 15:25 - 2013-08-22 15:25 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {091CCA98-CFD0-4668-816F-FDE30641D621} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
Task: {1588799C-4460-41C0-AA69-FF77F32E3381} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-04-28] (Adobe Systems Incorporated)
Task: {25D3BFD7-0A4F-4BC6-B291-8B1C18A4D77B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-02-09] (Google Inc.)
Task: {44E0C120-F662-4486-92FE-F3E65B0819F1} - System32\Tasks\{F11BBD6E-B477-4B35-95EE-89F16075F125} => pcalua.exe -a E:\S3\Autorun.exe -d E:\
Task: {5AE49BDE-A780-4138-9F2D-7E9A0F4EA6C0} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-02-09] (Google Inc.)
Task: {5BFFBCE8-BED4-46D8-9116-9FCAC4414459} - System32\Tasks\MalwareScan => C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe [2015-04-14] (Malwarebytes Corporation)
Task: {7BFBE983-69DD-4525-8DE1-26DBAFFB4B65} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2015-05-09] (Microsoft Corporation)
Task: {8CCEC2F7-8D00-4D80-99D1-C94B977D5B9F} - System32\Tasks\{74D79551-C8A4-4047-B788-89735DC425A5} => pcalua.exe -a "F:\Laptop SWAP\Downloads\SilI3132_SATA_V10120_Vista64bit\Sata_vista64bit\Driver\Amd64\AsusSetup.exe" -d "F:\Laptop SWAP\Downloads\SilI3132_SATA_V10120_Vista64bit\Sata_vista64bit\Driver\Amd64"
Task: {9767B787-CE1C-4A13-B1BD-B7A19AC736A6} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
Task: {B0D8A2D7-7D68-456A-9761-E462073237E6} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-02-09] (AVAST Software)
Task: {BA1C29FA-CAB8-462C-BAA0-7A5C76D6755C} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-03-24] (Microsoft Corporation)
Task: {BE3560FE-A816-4757-B5FF-17E0EA6B513A} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d0917eff72797b.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (Whitelisted) ==============
2015-02-09 20:43 - 2015-02-09 20:43 - 00388208 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxDDU.dll
2015-02-09 20:43 - 2015-02-09 20:43 - 05851328 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxRT.dll
2014-05-12 11:49 - 2014-05-12 11:49 - 00222720 _____ () C:\Program Files (x86)\Notepad++\NppShell_06.dll
2011-01-08 05:44 - 2015-04-12 10:36 - 01796696 _____ () C:\Windows\System32\US800Pan.exe
2015-05-19 15:56 - 2015-05-19 15:56 - 02929664 _____ () C:\Program Files\AVAST Software\Avast\defs\15051900\algo.dll
2015-02-09 20:44 - 2015-02-09 20:44 - 04495336 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\x86\VBoxRT-x86.dll
2015-05-20 23:08 - 2015-05-20 23:08 - 02929664 _____ () C:\Program Files\AVAST Software\Avast\defs\15052000\algo.dll
2015-03-13 21:06 - 2015-03-13 21:06 - 38714440 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\Users\Michael\OneDrive:ms-properties
AlternateDataStreams: C:\Users\Michael\OneDrive (2).old:ms-properties
AlternateDataStreams: C:\Users\Michael\OneDrive (3).old:ms-properties
AlternateDataStreams: C:\Users\Michael\OneDrive (4).old:ms-properties
AlternateDataStreams: C:\Users\Michael\OneDrive (5).old:ms-properties
AlternateDataStreams: C:\Users\Michael\OneDrive.old:ms-properties
AlternateDataStreams: C:\Users\Michael\SkyDrive:ms-properties
AlternateDataStreams: C:\Users\Michael\SkyDrive.old:ms-properties
==================== Safe Mode (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-2705135437-1520576403-3312034090-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 192.168.2.1
==================== MSCONFIG/TASK MANAGER Error getting ==
(Currently there is no automatic fix for this section.)
MSCONFIG\Services: AVM WLAN Connection Service => 2
MSCONFIG\Services: MozillaMaintenance => 3
HKLM\...\StartupApproved\Run32: => "AVMWlanClient"
HKU\S-1-5-21-2705135437-1520576403-3312034090-1001\...\StartupApproved\StartupFolder: => "Touchpad Server.lnk"
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppextcomobj.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppextcomobj.exe
FirewallRules: [TCP Query User{AAB8A8D3-CA72-49D4-8E20-B5F79820D6DF}C:\program files (x86)\things & stuff\touchpad server\touchpadserver.exe] => (Allow) C:\program files (x86)\things & stuff\touchpad server\touchpadserver.exe
FirewallRules: [UDP Query User{7ACB1CC4-9D9A-4196-96E9-3BB7ADEFF15C}C:\program files (x86)\things & stuff\touchpad server\touchpadserver.exe] => (Allow) C:\program files (x86)\things & stuff\touchpad server\touchpadserver.exe
FirewallRules: [{0A4270A5-2AE3-40EC-B4DF-A3078AA225FA}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{E88398C1-C9BB-429D-A194-C9A5D82C3EC8}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [TCP Query User{8F792302-9964-4FD1-8689-8C96C290C6DD}C:\program files (x86)\things & stuff\touchpad server\touchpadserver.exe] => (Allow) C:\program files (x86)\things & stuff\touchpad server\touchpadserver.exe
FirewallRules: [UDP Query User{9939554D-8E8F-416F-8E27-EE7ECAC23FAD}C:\program files (x86)\things & stuff\touchpad server\touchpadserver.exe] => (Allow) C:\program files (x86)\things & stuff\touchpad server\touchpadserver.exe
FirewallRules: [{F930095C-CF05-4655-B911-28714319CEFD}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{F5C5F221-2B1B-4D2D-9A7F-32373DFD30FB}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{EACDBECC-7E95-402B-AADF-13C3FAD92F11}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{B7D48A1B-2CA4-42EF-9DA7-7227A4759BDF}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [TCP Query User{4E89C4D8-799E-4F08-A0C6-8D49E16BC966}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{D179C17E-73EA-4CC1-B480-08B9F98E175B}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [TCP Query User{14D4C7D2-5D15-4E49-9AFD-EB236DC9D5F3}C:\program files (x86)\steinberg\cubase le 5\cubase le 5.exe] => (Allow) C:\program files (x86)\steinberg\cubase le 5\cubase le 5.exe
FirewallRules: [UDP Query User{C77E243B-4DFC-47F3-BB1E-B41D9FA1C02C}C:\program files (x86)\steinberg\cubase le 5\cubase le 5.exe] => (Allow) C:\program files (x86)\steinberg\cubase le 5\cubase le 5.exe
FirewallRules: [{7FCB0EF7-2955-4FC1-99F2-C07B347486EA}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (05/24/2015 01:32:36 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Fehler beim Planen des Softwareschutzdiensts für den erneuten Start bei 2115-04-30T11:32:36Z. Fehlercode: 0x80040154.
Error: (05/24/2015 01:32:06 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Fehler beim Planen des Softwareschutzdiensts für den erneuten Start bei 2115-04-30T11:32:06Z. Fehlercode: 0x80040154.
Error: (05/24/2015 01:31:36 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Fehler beim Planen des Softwareschutzdiensts für den erneuten Start bei 2115-04-30T11:31:36Z. Fehlercode: 0x80040154.
Error: (05/24/2015 01:31:06 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Fehler beim Planen des Softwareschutzdiensts für den erneuten Start bei 2115-04-30T11:31:06Z. Fehlercode: 0x80040154.
Error: (05/24/2015 01:30:36 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Fehler beim Planen des Softwareschutzdiensts für den erneuten Start bei 2115-04-30T11:30:36Z. Fehlercode: 0x80040154.
Error: (05/24/2015 01:30:06 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Fehler beim Planen des Softwareschutzdiensts für den erneuten Start bei 2115-04-30T11:30:06Z. Fehlercode: 0x80040154.
Error: (05/24/2015 01:29:36 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Fehler beim Planen des Softwareschutzdiensts für den erneuten Start bei 2115-04-30T11:29:36Z. Fehlercode: 0x80040154.
Error: (05/24/2015 01:29:06 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Fehler beim Planen des Softwareschutzdiensts für den erneuten Start bei 2115-04-30T11:29:06Z. Fehlercode: 0x80040154.
Error: (05/24/2015 01:28:36 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Fehler beim Planen des Softwareschutzdiensts für den erneuten Start bei 2115-04-30T11:28:36Z. Fehlercode: 0x80040154.
Error: (05/24/2015 01:28:06 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Fehler beim Planen des Softwareschutzdiensts für den erneuten Start bei 2115-04-30T11:28:06Z. Fehlercode: 0x80040154.
System errors:
=============
Error: (05/23/2015 05:47:09 PM) (Source: Microsoft-Windows-HAL) (EventID: 12) (User: )
Description: Der Speicher wurde beim letzten Leistungsübergang des Systems von der Plattformfirmware beschädigt. Überprüfen Sie, ob für Ihr System aktualisierte Firmware verfügbar ist.
Error: (05/23/2015 03:34:46 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden des Dienstes "Computerbrowser" Korrekturmaßnahmen (Neustart des Diensts) durchzuführen, ist fehlgeschlagen. Fehler:
%%1056
Error: (05/23/2015 03:32:46 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Windows Update" wurde unerwartet beendet. Dies ist bereits 4 Mal passiert.
Error: (05/23/2015 03:32:46 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Anmelde-Assistent für Microsoft-Konten" wurde unerwartet beendet. Dies ist bereits 4 Mal passiert.
Error: (05/23/2015 03:32:46 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Windows-Verwaltungsinstrumentation" wurde unerwartet beendet. Dies ist bereits 4 Mal passiert.
Error: (05/23/2015 03:32:46 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Benachrichtigungsdienst für Systemereignisse" wurde unerwartet beendet. Dies ist bereits 3 Mal passiert.
Error: (05/23/2015 03:32:46 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Benutzerprofildienst" wurde unerwartet beendet. Dies ist bereits 3 Mal passiert.
Error: (05/23/2015 03:32:46 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Multimediaklassenplaner" wurde unerwartet beendet. Dies ist bereits 3 Mal passiert.
Error: (05/23/2015 03:32:46 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Server" wurde unerwartet beendet. Dies ist bereits 4 Mal passiert.
Error: (05/23/2015 03:32:46 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "IP-Hilfsdienst" wurde unerwartet beendet. Dies ist bereits 3 Mal passiert.
Microsoft Office:
=========================
Error: (05/24/2015 01:32:36 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: 0x800401542115-04-30T11:32:36Z
Error: (05/24/2015 01:32:06 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: 0x800401542115-04-30T11:32:06Z
Error: (05/24/2015 01:31:36 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: 0x800401542115-04-30T11:31:36Z
Error: (05/24/2015 01:31:06 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: 0x800401542115-04-30T11:31:06Z
Error: (05/24/2015 01:30:36 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: 0x800401542115-04-30T11:30:36Z
Error: (05/24/2015 01:30:06 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: 0x800401542115-04-30T11:30:06Z
Error: (05/24/2015 01:29:36 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: 0x800401542115-04-30T11:29:36Z
Error: (05/24/2015 01:29:06 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: 0x800401542115-04-30T11:29:06Z
Error: (05/24/2015 01:28:36 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: 0x800401542115-04-30T11:28:36Z
Error: (05/24/2015 01:28:06 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: 0x800401542115-04-30T11:28:06Z
==================== Memory info ===========================
Processor: Intel(R) Core(TM)2 Duo CPU E6850 @ 3.00GHz
Percentage of memory in use: 37%
Total physical RAM: 4094.55 MB
Available physical RAM: 2571.03 MB
Total Pagefile: 8190.55 MB
Available Pagefile: 6082.21 MB
Total Virtual: 131072 MB
Available Virtual: 131071.79 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:68.02 GB) (Free:16.7 GB) NTFS
Drive d: () (Fixed) (Total:698.63 GB) (Free:256.95 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 149.1 GB) (Disk ID: E19F6F61)
Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=68 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=3.8 GB) - (Type=82)
Partition 4: (Not Active) - (Size=76.9 GB) - (Type=83)
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 698.6 GB) (Disk ID: 07F2837E)
Partition 1: (Not Active) - (Size=698.6 GB) - (Type=07 NTFS)
==================== End of log ============================
|
|
24.05.2015, 13:00
| #14 |
| | Telekom Brief Zeus/Zbot Log von tdss auf meinem Desktop: Code:
ATTFilter 13:39:29.0498 0x0b5c TDSS rootkit removing tool 3.0.0.44 Jan 22 2015 08:27:04
13:39:31.0792 0x0b5c ============================================================
13:39:31.0792 0x0b5c Current date / time: 2015/05/24 13:39:31.0792
13:39:31.0792 0x0b5c SystemInfo:
13:39:31.0792 0x0b5c
13:39:31.0792 0x0b5c OS Version: 6.3.9600 ServicePack: 0.0
13:39:31.0792 0x0b5c Product type: Workstation
13:39:31.0792 0x0b5c ComputerName: BLACKTOWER
13:39:31.0793 0x0b5c UserName: Michael
13:39:31.0793 0x0b5c Windows directory: C:\Windows
13:39:31.0793 0x0b5c System windows directory: C:\Windows
13:39:31.0793 0x0b5c Running under WOW64
13:39:31.0793 0x0b5c Processor architecture: Intel x64
13:39:31.0793 0x0b5c Number of processors: 2
13:39:31.0793 0x0b5c Page size: 0x1000
13:39:31.0793 0x0b5c Boot type: Normal boot
13:39:31.0793 0x0b5c ============================================================
13:39:32.0517 0x0b5c KLMD registered as C:\Windows\system32\drivers\75673909.sys
13:39:32.0766 0x0b5c System UUID: {3D6BD311-D095-7645-115A-3EBCE90700B5}
13:39:33.0257 0x0b5c Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 ( 149.05 Gb ), SectorSize: 0x200, Cylinders: 0x50C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000040
13:39:33.0300 0x0b5c Drive \Device\Harddisk1\DR1 - Size: 0xAEA8CDE000 ( 698.64 Gb ), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
13:39:33.0309 0x0b5c ============================================================
13:39:33.0309 0x0b5c \Device\Harddisk0\DR0:
13:39:33.0325 0x0b5c MBR partitions:
13:39:33.0325 0x0b5c \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xAF000
13:39:33.0326 0x0b5c \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0xAF800, BlocksNum 0x8809000
13:39:33.0326 0x0b5c \Device\Harddisk1\DR1:
13:39:33.0326 0x0b5c MBR partitions:
13:39:33.0326 0x0b5c \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x57545000
13:39:33.0326 0x0b5c ============================================================
13:39:33.0348 0x0b5c C: <-> \Device\Harddisk0\DR0\Partition2
13:39:33.0363 0x0b5c D: <-> \Device\Harddisk1\DR1\Partition1
13:39:33.0363 0x0b5c ============================================================
13:39:33.0363 0x0b5c Initialize success
13:39:33.0363 0x0b5c ============================================================
13:39:51.0040 0x1404 ============================================================
13:39:51.0040 0x1404 Scan started
13:39:51.0040 0x1404 Mode: Manual; SigCheck; TDLFS;
13:39:51.0040 0x1404 ============================================================
13:39:51.0040 0x1404 KSN ping started
13:39:53.0458 0x1404 KSN ping finished: true
13:39:54.0710 0x1404 ================ Scan system memory ========================
13:39:54.0710 0x1404 System memory - ok
13:39:54.0711 0x1404 ================ Scan services =============================
13:39:55.0402 0x1404 [ E1832BD9FD7E0FC2DC9FA5935DE3E8C1, 41FF7418887AFC8B9C96EF21C5950DD342CC9E3C0D87AFD60A05B988C1D6CC23 ] 1394ohci C:\Windows\System32\drivers\1394ohci.sys
13:39:55.0478 0x1404 1394ohci - ok
13:39:55.0537 0x1404 [ AD508A1A46EC21B740AB31C28EFDFDB1, 9B1046CF0B80723149BD359B55CC0B8B3ABBEAA9038469F542A4C345C503FB02 ] 3ware C:\Windows\system32\drivers\3ware.sys
13:39:55.0558 0x1404 3ware - ok
13:39:55.0714 0x1404 [ 9539F7917B4B6D92C90F0FAA6B86C605, B4C284E8EECC2E7025053A3320EFDC9F47BCA9828853AD2A805DB826CA4AC27E ] ACPI C:\Windows\system32\drivers\ACPI.sys
13:39:55.0746 0x1404 ACPI - ok
13:39:55.0763 0x1404 [ AC8279D229398BCF05C3154ADCA86813, 083E86CBE53244D24C334DB1511C77025133AE7875191845764B890A8CA5AFA9 ] acpiex C:\Windows\system32\Drivers\acpiex.sys
13:39:55.0779 0x1404 acpiex - ok
13:39:55.0823 0x1404 [ A8970D9BF23CD309E0403978A1B58F3F, 9946C8477104EEC7DB197E2222F9905307F101C398CCED4B5FD0F86A5622C791 ] acpipagr C:\Windows\System32\drivers\acpipagr.sys
13:39:55.0841 0x1404 acpipagr - ok
13:39:55.0873 0x1404 [ 111A89C99C5B4F1A7BCE5F643DD86F65, 41A2E49FF443927D05F7EF638518108227852984E68D4663C8761178C0B84A45 ] AcpiPmi C:\Windows\System32\drivers\acpipmi.sys
13:39:55.0891 0x1404 AcpiPmi - ok
13:39:55.0899 0x1404 [ 5758387D68A20AE7D3245011B07E36E7, 77832E200E8B0D259552F6F60FE454A887E3EBBB9EA2F3590E6645289A04E293 ] acpitime C:\Windows\System32\drivers\acpitime.sys
13:39:55.0916 0x1404 acpitime - ok
13:39:55.0998 0x1404 [ 9C2430847D0D7DF0CB60EFACE1AA453A, 792CF51D9264E7ADD1F4A1720ECECE3C9D13E7AFFCD0C1A238F247293EC8297A ] ADIHdAudAddService C:\Windows\system32\drivers\ADIHdAud.sys
13:39:56.0021 0x1404 ADIHdAudAddService - ok
13:39:56.0976 0x1404 [ B04A4810C6CC205F9DC72DC22E4AB236, 547321F5C28C80D4818372D65E2A33D4BAC593015DD6613B24586FE4B4A95D5D ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
13:39:56.0994 0x1404 AdobeFlashPlayerUpdateSvc - ok
13:39:57.0151 0x1404 [ 7C1FDF1B48298CBA7CE4BDD4978951AD, 80F4D536E1231B30E836F72ADC8814AE6AA9FEC573FB5F3F965FAC8ABCCAF0F8 ] ADP80XX C:\Windows\system32\drivers\ADP80XX.SYS
13:39:57.0192 0x1404 ADP80XX - ok
13:39:57.0248 0x1404 [ C084FC3139509297586357CB8B2D3EDB, 5003723166E0972089C2D715D92CA81EB0DA2802D49E8D5D3C486E3D22C4F4A7 ] AEADIFilters C:\Windows\system32\AEADISRV.EXE
13:39:57.0275 0x1404 AEADIFilters - ok
13:39:57.0311 0x1404 [ 0F17D49BE041B7EFF1D33BF1414E7AC6, F8B536B60903814DF88DAF535753288537EF0993E42AA4E734EDA8D68B24C7AB ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
13:39:57.0357 0x1404 AeLookupSvc - ok
13:39:57.0409 0x1404 [ 374E27295F0A9DCAA8FC96370F9BEEA5, 51C394E0C2322D7D093941A1B8766171B5D1F47DF2FE0834209492891EA7D999 ] AFD C:\Windows\system32\drivers\afd.sys
13:39:57.0469 0x1404 AFD - ok
13:39:57.0486 0x1404 [ 7DFAEBA9AD62D20102B576D5CAC45EC8, 9FA5207335303D1E8E9A3C9E1FB82C09AD21B04382F69D777A67E48EE91D2093 ] agp440 C:\Windows\system32\drivers\agp440.sys
13:39:57.0500 0x1404 agp440 - ok
13:39:57.0525 0x1404 [ F0CB6DB513CAC393D04A0FCE0A59E1BF, E6EE159D0E6B1F666946B1FE421874044E89BB2EB60A521BAA111A1229FA7B2D ] ahcache C:\Windows\system32\DRIVERS\ahcache.sys
13:39:57.0567 0x1404 ahcache - ok
13:39:57.0593 0x1404 [ A91D8E1E433EFB32551BCE69037E1CE7, 41DFDD5B56918D19D09DFB3E4B07460AA85647A8647ABBBB906158D8D6653290 ] ALG C:\Windows\System32\alg.exe
13:39:57.0644 0x1404 ALG - ok
13:39:57.0677 0x1404 [ 2998362D1E550F0C990D77E34415BEB6, 36BBC575DFE0CBD5BC4AF9AD8B54DCEF950E93AF48884D6523457071296514CC ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
13:39:57.0756 0x1404 AMD External Events Utility - ok
13:39:57.0781 0x1404 [ 7589DE749DB6F71A68489DCE04158729, 5F35EDD50737985595C9D6703237CA2ADE49AA5443331020899698EB5114A0FB ] AmdK8 C:\Windows\System32\drivers\amdk8.sys
13:39:57.0820 0x1404 AmdK8 - ok
13:39:57.0838 0x1404 [ F2FF8C1B41B3784EDBD5C6D5397F403C, 104873700D2BDF4812DC48200B4609F46A63E7A50594A0599100EF1438863708 ] amdkmafd C:\Windows\system32\drivers\amdkmafd.sys
13:39:57.0856 0x1404 amdkmafd - ok
13:40:00.0323 0x1404 [ A87FC6E3670DB55788184FE3A3808712, 2366E7423B4EBC6E12F0C172246E4D2D3BDD702193FA6955A08180FFFCB217B9 ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
13:40:01.0235 0x1404 amdkmdag - ok
13:40:01.0324 0x1404 [ 971F3B12C24BB83B48F8CCA2ED019906, E4757480DFF2678E3C7897F6E720EEFF76D452707FC87401B209FE533BFC3210 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
13:40:01.0370 0x1404 amdkmdap - ok
13:40:01.0415 0x1404 [ B46D2D89AFF8A9490FA8C98C7A5616E3, BE0765B5423B690E0F097FECD9717FAA95BFDFFDC6CF1B93DE5A19A1B7797879 ] AmdPPM C:\Windows\System32\drivers\amdppm.sys
13:40:01.0459 0x1404 AmdPPM - ok
13:40:01.0492 0x1404 [ D2BF2F94A47D332814910FD47C6BBCD2, FE273D77D119D958676E1197D9EA7B008E3B05C6192B1962A81D4223ED204C35 ] amdsata C:\Windows\system32\drivers\amdsata.sys
13:40:01.0507 0x1404 amdsata - ok
13:40:01.0531 0x1404 [ A8E04943C7BBA7219AA50400272C3C6E, 794C0BD12DF0392654E9A37AE4A24B5BE2D83F1F24F74DD48A1A0BF3AB8B1FF8 ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
13:40:01.0553 0x1404 amdsbs - ok
13:40:01.0559 0x1404 [ CEA5F4F27CFC08E3A44D576811B35F50, 89DF64B81BD109BAABAE93A4603C1617241219F38DDAF325EFE6BD35FF6FD717 ] amdxata C:\Windows\system32\drivers\amdxata.sys
13:40:01.0571 0x1404 amdxata - ok
13:40:01.0609 0x1404 [ 04951A9A937CBE28A2D3FEEA360B6D1F, D8AAF000BE4FE4B203DC2EB2A64F780A542E5238CE3F9952FD03277379B11529 ] AppID C:\Windows\system32\drivers\appid.sys
13:40:01.0655 0x1404 AppID - ok
13:40:01.0695 0x1404 [ C0DC3F58214A227980AEB091CFD2F973, 0C3E8453C9F65ADA3E74C38C0E3AC3E0CBFD807B827097046265B38839E151E3 ] AppIDSvc C:\Windows\System32\appidsvc.dll
13:40:01.0728 0x1404 AppIDSvc - ok
13:40:01.0760 0x1404 [ 034ED41F13D9C1845C1E081F05B640DB, E4E17BA0B22C464DE60A6BF68D4D035D1B838DE4F0361029DED1AE00503E135C ] Appinfo C:\Windows\System32\appinfo.dll
13:40:01.0789 0x1404 Appinfo - ok
13:40:01.0800 0x1404 [ 8176FBA685178FB0F52D46693474FA50, 69FE3692C7FE24289A479ADD74F2C782B59A099B7B07FE5ACFC4DA899E40BFDE ] AppMgmt C:\Windows\System32\appmgmts.dll
13:40:01.0845 0x1404 AppMgmt - ok
13:40:01.0917 0x1404 [ CB12C47647D8BDAFAA94C0856B14128B, 5590C98095357C92563EF94800107D3611AA6ECA1A70BE463C03B279E618A6C4 ] AppReadiness C:\Windows\system32\AppReadiness.dll
13:40:01.0978 0x1404 AppReadiness - ok
13:40:02.0071 0x1404 [ F7529BD3FFAC9C33D15F6DE3B7353B03, 8EF0A84C9687A246B60939A326E498121039E9CC617A7ABBA933EDD327F3467E ] AppXSvc C:\Windows\system32\appxdeploymentserver.dll
13:40:02.0163 0x1404 AppXSvc - ok
13:40:02.0192 0x1404 [ 65045784366F7EC5FB4E71BCF923187B, 53C215C64FF12E44B097F7CB88E8482438CE0ACBD3C68D8FD38BA0D0D8747FAA ] arcsas C:\Windows\system32\drivers\arcsas.sys
13:40:02.0210 0x1404 arcsas - ok
13:40:02.0244 0x1404 [ B5B4C90E9F52DA8586F1E5461AD90A5D, D1EAA34E6AEB014E942D22F8CB5FB19BF1E2EADE5B5357274C001F44FDC25F05 ] aswHwid C:\Windows\system32\drivers\aswHwid.sys
13:40:02.0257 0x1404 aswHwid - ok
13:40:02.0279 0x1404 [ 300CB8E510855189CAD0B72FFB5590CB, EB50DC553FA8FD9DE3F60AAFED20702EAFBB1498EBD3220A39CC52A12F694246 ] aswMonFlt C:\Windows\system32\drivers\aswMonFlt.sys
13:40:02.0293 0x1404 aswMonFlt - ok
13:40:02.0312 0x1404 [ 6D37D8DB30D086739507C5F6E542656A, 746D9E32E729138EA19062F4E6B6C98B6833504020A296E3E2A9CD92E0FED0B9 ] aswRdr C:\Windows\system32\drivers\aswRdr2.sys
13:40:02.0326 0x1404 aswRdr - ok
13:40:02.0344 0x1404 [ 07E32DFCA422A2920482D762D01957EC, A6502D26266D708E55EB2883897673AD3087C41D9EA0B41CD6BF6BD923EBDCB8 ] aswRvrt C:\Windows\system32\drivers\aswRvrt.sys
13:40:02.0356 0x1404 aswRvrt - ok
13:40:02.0432 0x1404 [ 3B4AC2DBFC86F7247C1FF1FAF2860530, A54A693D01C02AAE2B78BFE9B3900B5A6DD0C2C37C8FA58B14B5F57107032FF5 ] aswSnx C:\Windows\system32\drivers\aswSnx.sys
13:40:02.0488 0x1404 aswSnx - ok
13:40:02.0532 0x1404 [ B1368BE5F6BA529E0886F4DA2361BD2D, B95F430B4E4EFE9D257870722AA8F0507FB96FBE3AAB12068C662CCB6A180FE2 ] aswSP C:\Windows\system32\drivers\aswSP.sys
13:40:02.0556 0x1404 aswSP - ok
13:40:02.0586 0x1404 [ 6E53278ECCFFBC2ACC2A5006745ED4BB, 392170073A8933DB43CD1D64AD087F972F1971BF83BCAFE5B8FA1273C02026CE ] aswStm C:\Windows\system32\drivers\aswStm.sys
13:40:02.0601 0x1404 aswStm - ok
13:40:02.0625 0x1404 [ 91782404718C6352C26B3242BAC3F0F1, 84B1CDD1EBC83FAEBDCC8F67B13CA405C6CF0C518FC016603889EBE48FC91AB9 ] aswVmm C:\Windows\system32\drivers\aswVmm.sys
13:40:02.0644 0x1404 aswVmm - ok
13:40:02.0659 0x1404 [ 74B14192CF79A72F7536B27CB8814FBD, 0CF6BBB63FFE0C12777664D80B2797923844C8392D0FD81D7962EE5EE2C3C3D9 ] atapi C:\Windows\system32\drivers\atapi.sys
13:40:02.0672 0x1404 atapi - ok
13:40:02.0703 0x1404 [ 8523AA8BD207F937E8C047F8713D4788, EB131C38F51DEDCE2445648CAAE7B7F04F0009EB823A77D1D08B2E9CA8EC9B7D ] AtiHDAudioService C:\Windows\system32\drivers\AtihdWB6.sys
13:40:02.0753 0x1404 AtiHDAudioService - ok
13:40:02.0794 0x1404 [ 8779FDAE68BC948B0FE152E758CC8DA7, 13070C2073F8E7546B48AE9CF54067B9BB75DFCD98F2987B90FFAD20D40D54CF ] AudioEndpointBuilder C:\Windows\System32\AudioEndpointBuilder.dll
13:40:02.0842 0x1404 AudioEndpointBuilder - ok
13:40:02.0938 0x1404 [ 61EA45A645854FE81D8A924E2D93DFFE, 34F79532297F609CA93C380B68BB8B7B0F027F9C8F4FB8E02A9A43EA3D155F1B ] Audiosrv C:\Windows\System32\Audiosrv.dll
13:40:03.0050 0x1404 Audiosrv - ok
13:40:03.0187 0x1404 [ E3F7EC811923F3F1A77B185F22638E5E, 324041256314C1471B5F123FA8DECC8F374A6B497A6419D4CAF61E68E1733265 ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
13:40:03.0209 0x1404 avast! Antivirus - ok
13:40:03.0903 0x1404 [ 4F4EBF6163D3A02D52A66BBD145B0069, 179B2FD2671F6BB8D3F77B39001F546A0DEBE85BFF9782060AF1DC50DFA071EF ] AvastVBoxSvc C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
13:40:04.0102 0x1404 AvastVBoxSvc - ok
13:40:04.0267 0x1404 [ C6F4C466B654C1BE98AF31418BB5AC30, 62AA4456F8E22A6E508EB44DE4309615057117AAF923C13BBED15AA39630E76B ] AVM WLAN Connection Service C:\Program Files (x86)\avmwlanstick\WlanNetService.exe
13:40:04.0347 0x1404 AVM WLAN Connection Service - detected UnsignedFile.Multi.Generic ( 1 )
13:40:06.0922 0x1404 Detect skipped due to KSN trusted
13:40:06.0923 0x1404 AVM WLAN Connection Service - ok
13:40:06.0964 0x1404 [ 1DC2F715792CF33428AD7993ACBD224D, 129FBD517E016914CD61C35894C0B9B2074E680F1EB21201597E5C13CAF4529F ] avmeject C:\Windows\system32\drivers\avmeject.sys
13:40:06.0985 0x1404 avmeject - ok
13:40:07.0020 0x1404 [ 96E8CAF20FC4B6C31CAD7816A801EB78, E4870DB8FFBDCFEE98449338D0BDBF2DD0B5FEC75514E41C11A882BE6EB16833 ] AxInstSV C:\Windows\System32\AxInstSV.dll
13:40:07.0069 0x1404 AxInstSV - ok
13:40:07.0120 0x1404 [ A4A73F631FE2AA2826FBE4A399B04DEF, 973AACE8DC8DA669D0DF20F17EFDEEABB90AA046AC980948D16A62D39A606A79 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
13:40:07.0159 0x1404 b06bdrv - ok
13:40:07.0199 0x1404 [ 8CC7F7E4AFCBA605921B137ED7992C68, 71406E6D6E9964740A6D90B05329D5492BB90AF40E0630CF2FBF4BA4BA14F2DD ] BasicDisplay C:\Windows\System32\drivers\BasicDisplay.sys
13:40:07.0244 0x1404 BasicDisplay - ok
13:40:07.0279 0x1404 [ 38A82F4EE8C416A6744B6D30381ED768, 9EAAE5F43BA09359130AC04B1DCA0F5D4DF32ED89C02DC5CEB640918948847F7 ] BasicRender C:\Windows\System32\drivers\BasicRender.sys
13:40:07.0313 0x1404 BasicRender - ok
13:40:07.0332 0x1404 [ C1ABB0F7E3BEA48A0417BDF6FF14AB21, 1CAC63A1A0FB9855A27EE977794576A860F6650C9EF7667FFB27F2A2FF721857 ] bcmfn2 C:\Windows\System32\drivers\bcmfn2.sys
13:40:07.0343 0x1404 bcmfn2 - ok
13:40:07.0383 0x1404 [ E07C80468D0C599BFF01D9D4EC7AEDC3, F675F455924DEC3FF69AD816DFEB6E74C804AEC3D3BFF7515953DB9D79C9B2D0 ] BDESVC C:\Windows\System32\bdesvc.dll
13:40:07.0440 0x1404 BDESVC - ok
13:40:07.0459 0x1404 [ EC19013E4CF87609534165DF897274D6, 8ED45537CF2D58D759A587CCBFDADD5580C7447B0C3B172CF19ECC7585E073FC ] Beep C:\Windows\system32\drivers\Beep.sys
13:40:07.0499 0x1404 Beep - ok
13:40:07.0589 0x1404 [ 20FB137ADDE1255F15F265A7BD9579BE, 87B4D5C91EFEAD987AAC3491A4360F82824C46AFF958B6F4CAED7C12224EF159 ] BFE C:\Windows\System32\bfe.dll
13:40:07.0668 0x1404 BFE - ok
13:40:07.0738 0x1404 [ 15225081966C785A9192782401643FD4, E2BA0C8D044556FDD9DD7A25F7F71553DE7A2924E78F9284413C2AC46F0BF4EB ] BITS C:\Windows\System32\qmgr.dll
13:40:07.0831 0x1404 BITS - ok
13:40:07.0860 0x1404 [ 6B4FFFDDC618FCF64473CAA86E305697, 29EA66071D5822920F5C50533673ADAB5204F8B25C11027AD27450D881F1142D ] bowser C:\Windows\system32\DRIVERS\bowser.sys
13:40:07.0916 0x1404 bowser - ok
13:40:07.0954 0x1404 [ E325BCD68EC0CF2E2EDD0AB7CC17C698, 4DEDEF91F6BD1CC8DBE118AC28CA6BD874449A053B9CDE9FFEB1C7B98501D938 ] BrokerInfrastructure C:\Windows\System32\bisrv.dll
13:40:07.0991 0x1404 BrokerInfrastructure - ok
13:40:08.0025 0x1404 [ 041A999E4FF9A7CDBE67357751881FB8, 356C52637EA715D6FA2B65BD311C9BF1635A582023434902EC2DE4A2448961F8 ] Browser C:\Windows\System32\browser.dll
13:40:08.0073 0x1404 Browser - ok
13:40:08.0090 0x1404 [ A8F23D453A424FF4DE04989C4727ECC7, AE4A9081395C7379F1C947EF8243F7609F90C843E086B8E77E1A2C06E36D4381 ] BthAvrcpTg C:\Windows\System32\drivers\BthAvrcpTg.sys
13:40:08.0137 0x1404 BthAvrcpTg - ok
13:40:08.0150 0x1404 [ 746B9F94214915AECDE4B7FEA5FF9664, EA2877D49DB4B7B9CE61653D63E8776DFF1CBCCAB12C14DB1D20DA44B8F06357 ] BthHFEnum C:\Windows\System32\drivers\bthhfenum.sys
13:40:08.0178 0x1404 BthHFEnum - ok
13:40:08.0185 0x1404 [ 71FE2A48E4C93DDB9798C024880B6C07, 8E93DE29C61A5FA64216231228CB3C4A1A693FE87CAA2C070BCAD7BE2D8ED000 ] bthhfhid C:\Windows\System32\drivers\BthHFHid.sys
13:40:08.0213 0x1404 bthhfhid - ok
13:40:08.0224 0x1404 [ 07E33226AD218A2A162662A05CAFB52F, 0AC3D8B79EDA6DA232FA4E1CAF6592420A9EDE96350D1F0504C2434261684F0B ] BTHMODEM C:\Windows\System32\drivers\bthmodem.sys
13:40:08.0246 0x1404 BTHMODEM - ok
13:40:08.0283 0x1404 [ E5E48FEED73D463175EAB1542495191C, 0A8182F5BA7B694AB1DD3680F1194E4A568FE40DBA4BFDFF2EA09BAD045FFB29 ] bthserv C:\Windows\system32\bthserv.dll
13:40:08.0304 0x1404 bthserv - ok
13:40:08.0320 0x1404 [ 2FA6510E33F7DEFEC03658B74101A9B9, 61C8C8E3F09B427711464C974EE22E1E01C48E10DB54A4EC9901F482FC36C978 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
13:40:08.0359 0x1404 cdfs - ok
13:40:08.0378 0x1404 [ C6796EA22B513E3457514D92DCDB1A3D, 2B893F3950C6B913B934C2089B69F3B0B77F229AE1820907E598455CBB78139C ] cdrom C:\Windows\System32\drivers\cdrom.sys
13:40:08.0400 0x1404 cdrom - ok
13:40:08.0426 0x1404 [ AB285CE3431FF3D2ACE669245874C1C7, 6AF4C3E86EFA51F7FB6F8492CB2CCB807C7775EAE0508B87F07134FDAC679BD7 ] CertPropSvc C:\Windows\System32\certprop.dll
13:40:08.0481 0x1404 CertPropSvc - ok
13:40:08.0488 0x1404 [ BE9936EDD3267FAAFF94A7835867F00B, 3CEEF2377D45ED38C7CD3CE4C746EC5EA7277EFEC728A5438F0EF5F62FC7C859 ] circlass C:\Windows\System32\drivers\circlass.sys
13:40:08.0518 0x1404 circlass - ok
13:40:08.0564 0x1404 [ 179A41249055D5F039F1B6703F3B6D2B, 886CF715D9E85DB5C9B991EBCB9B12E27AA0EEE52528E222C80CA5B5B0A7AF52 ] CLFS C:\Windows\system32\drivers\CLFS.sys
13:40:08.0601 0x1404 CLFS - ok
13:40:08.0631 0x1404 [ EF6EF85DADC3184A10D8F2F7159973CB, 42FCB286CED95A5DEBC5C0C894FCBC4818A2C818BB71087142FB51A08A0BE96B ] CmBatt C:\Windows\System32\drivers\CmBatt.sys
13:40:08.0700 0x1404 CmBatt - ok
13:40:08.0771 0x1404 [ 3930E508DDA46C1FF68FD963F350AA0A, BF63F9C7AB30E2A8199D65EDD6DCBB797C93A4A0B972373643FBE1C38BCFA697 ] CNG C:\Windows\system32\Drivers\cng.sys
13:40:08.0805 0x1404 CNG - ok
13:40:08.0833 0x1404 [ 03AAED827C36F35D70900558B8274905, 8E44A23C6013FFAE7769F99CAA3B1D6288DE00A38937F9056903AC265B503AFA ] CompositeBus C:\Windows\System32\drivers\CompositeBus.sys
13:40:08.0866 0x1404 CompositeBus - ok
13:40:08.0872 0x1404 COMSysApp - ok
13:40:08.0891 0x1404 [ A1FF7DFBFBE164CF92603C651D304DD2, 470ACE5A75E64FC62C950037201199857E974803625DC73BEDBCF6FA4DDD496C ] condrv C:\Windows\system32\drivers\condrv.sys
13:40:08.0923 0x1404 condrv - ok
13:40:08.0950 0x1404 [ 0EFE4B5884A8032617826A4D76F80969, 083D296CC623C83D36A97AEE343ADF819B17E490F931DBE4D161BD1E8C289E02 ] CryptSvc C:\Windows\system32\cryptsvc.dll
13:40:08.0995 0x1404 CryptSvc - ok
13:40:09.0041 0x1404 [ EE2F3C0D6ADBC975D6B621EC15ACF4E2, D158C0FACA6344BCD77616EC3D23212F9FD76D7D0C834ACA51998B80162106D5 ] CSC C:\Windows\system32\drivers\csc.sys
13:40:09.0090 0x1404 CSC - ok
13:40:09.0179 0x1404 [ 936D9E2871CEEFF6A33695D98374367B, C30D42E870F196C4FA20AF95C7B9D9C9C5414D6DDE71268F88C3FC5BF372E61B ] CscService C:\Windows\System32\cscsvc.dll
13:40:09.0238 0x1404 CscService - ok
13:40:09.0264 0x1404 [ 315BA4BC19316D72B2E037534E048B93, 69613635DB23E6A935673B1025C2010ED3E195473D25368CF74234C4C36910BE ] dam C:\Windows\system32\drivers\dam.sys
13:40:09.0280 0x1404 dam - ok
13:40:09.0382 0x1404 [ 81979817943D830BF24571B7C1B28A1A, 9584D8F1FB3E6CF17BD465670B208C723A8E8B06775A3DA44F75D7710404EEA6 ] DcomLaunch C:\Windows\system32\rpcss.dll
13:40:09.0456 0x1404 DcomLaunch - ok
13:40:09.0508 0x1404 [ D249C3A58A4FCF755EF4C94F7047E015, 68C044CE2DB93FB502F85F6E081EA164F6E6DCBA6B3EE2A5CBDA122065E522F8 ] defragsvc C:\Windows\System32\defragsvc.dll
13:40:09.0572 0x1404 defragsvc - ok
13:40:09.0614 0x1404 [ 8F387C2C99EE09C6E2AC316205F86A17, EC9E8AE72A21992AA118964E17090BA4503EB051273AD18185C95172F57328CE ] DeviceAssociationService C:\Windows\system32\das.dll
13:40:09.0667 0x1404 DeviceAssociationService - ok
13:40:09.0707 0x1404 [ BC6849C62DB407573C6AD8CB1A4D2628, 5BDE0D60F85E4C27CEAD1B301155B54D841FB773BD5BB8AC5DDAEE31F8E94627 ] DeviceInstall C:\Windows\system32\umpnpmgr.dll
13:40:09.0748 0x1404 DeviceInstall - ok
13:40:09.0786 0x1404 [ A03F362C5557E238CBFA914689C77248, BAD0A1124E6A384C15028FBE121ADF650F7716442555AD3737B9EA1F58A69246 ] Dfsc C:\Windows\system32\Drivers\dfsc.sys
13:40:09.0835 0x1404 Dfsc - ok
13:40:09.0865 0x1404 [ 73BDD44A6088916964945886F9025409, 8E2ECC9AAEF3C6EBA2E61D25F657FDFCC72AB517CC4FD5FFF992E1F9EB942662 ] dg_ssudbus C:\Windows\system32\DRIVERS\ssudbus.sys
13:40:09.0880 0x1404 dg_ssudbus - ok
13:40:09.0931 0x1404 [ 05DE04005CE0D84D0E6AD21CAEB369C6, E6704A2A685BCFD560796D7C328F8E53DF0793DBDA590598A492D9070D109298 ] Dhcp C:\Windows\system32\dhcpcore.dll
13:40:09.0980 0x1404 Dhcp - ok
13:40:10.0007 0x1404 [ 4D40C9B33F738797CF50E77CB7C53E85, 7BA341342A47DEB15B51971C97A5237ACD8BDAD9033F63DF0000892BE43F8E13 ] disk C:\Windows\system32\drivers\disk.sys
13:40:10.0023 0x1404 disk - ok
13:40:10.0043 0x1404 [ EB70A894708D1BC176AFD690FF06085F, 0DD2A97F5E1B38D1F7C0D44E50F09EA222B18B3B074CC9C8CD25A7526CB1A112 ] dmvsc C:\Windows\System32\drivers\dmvsc.sys
13:40:10.0069 0x1404 dmvsc - ok
13:40:10.0105 0x1404 [ FE7656474448BE6A6C68E5C9BEB7CA94, 8B9F04CAA29A6EEFCA3D1E7BAFE340D5CCA8AF665474E69B1DF7E2A518B83A89 ] Dnscache C:\Windows\System32\dnsrslvr.dll
13:40:10.0148 0x1404 Dnscache - ok
13:40:10.0181 0x1404 [ 50288EA079BB520C2B8C8A154202D518, 8916A9180CA009D124FFDFB4CCF5FDFEF7FA2FD37CBCD49FAD4C68E051B4734D ] dot3svc C:\Windows\System32\dot3svc.dll
13:40:10.0223 0x1404 dot3svc - ok
13:40:10.0243 0x1404 [ 281BEE07BA97E3E98D12A822D923D0D8, 6EB482B2D4D6048D145C3738B2B6FA27A90B5EA53E9167447820F9981B004E63 ] DPS C:\Windows\system32\dps.dll
13:40:10.0330 0x1404 DPS - ok
13:40:10.0360 0x1404 [ DDC11A202207C0400CBE07315B8FDE5E, 3ED0CA3A714582D92001BA3BFF78BE082F4DC8021298D5A2632F3B2B0A1C09DC ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
13:40:10.0372 0x1404 drmkaud - ok
13:40:10.0399 0x1404 [ 5B074F14F5DD6418F46EE4CA2DEB7EA8, B8223D73C3DE123759101F7D5D45C60BD12B221F09D349575A1044CE3F43CBC5 ] DsmSvc C:\Windows\System32\DeviceSetupManager.dll
13:40:10.0442 0x1404 DsmSvc - ok
13:40:10.0656 0x1404 [ 313DCE665B57000B18CB26C6B6A10DFE, 6C332D4AD13A316C192321AB7E7597E66AF8E1688101FFD851E06C52128DBA52 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
13:40:10.0729 0x1404 DXGKrnl - ok
13:40:10.0789 0x1404 [ 6073537F250B45E1CB2A02E97F0FE1B2, 653F3F2F2019168EDF225944A88AFDBF8393B62AA076BD19980691778F3DB67D ] Eaphost C:\Windows\System32\eapsvc.dll
13:40:10.0832 0x1404 Eaphost - ok
13:40:11.0378 0x1404 [ 114BCFDF367FF37C3F1B0A96AF542E4D, D385BC1D91BC1406091C8C3691C07A90BD60EDE05B1384E5AA3506FCB909C857 ] ebdrv C:\Windows\system32\drivers\evbda.sys
13:40:11.0565 0x1404 ebdrv - ok
13:40:11.0608 0x1404 [ F6F209DDB94959BA104FC8FC87C53759, 8E862D41F4332EABF64BD034E2C0E3CC8109C7990CB4112C2B2880E8E6EDF2D3 ] EFS C:\Windows\System32\lsass.exe
13:40:11.0634 0x1404 EFS - ok
13:40:11.0654 0x1404 [ 43531A5993380CC5113242C29D265FD9, EE0076D96F7F3CF29884AC7A67C08A429115A7201354A1FB5DE45FD63ABB4960 ] EhStorClass C:\Windows\system32\drivers\EhStorClass.sys
13:40:11.0670 0x1404 EhStorClass - ok
13:40:11.0693 0x1404 [ 6F8E738A9505A388B1157FDDE7B3101B, 3696CA634102B41EEA11EB9DCA0B24439D8636AED4A7190C138C5E64A2EFB514 ] EhStorTcgDrv C:\Windows\system32\drivers\EhStorTcgDrv.sys
13:40:11.0710 0x1404 EhStorTcgDrv - ok
13:40:11.0725 0x1404 [ DFFFAE1442BA4076E18EED5E406FA0D3, 329FC6FB8D14BEACDBE2A5D4C496EDEA485E838B1DF27566E278F8F8E0D8E82E ] ErrDev C:\Windows\System32\drivers\errdev.sys
13:40:11.0759 0x1404 ErrDev - ok
13:40:11.0812 0x1404 [ 030CE75B7D8F75FAA7BA1EC6FD0EB5A3, 5264734F0572FAEDCCB008221C9982CCB7922C4FFC358605424EA413CDCDAE99 ] EventSystem C:\Windows\system32\es.dll
13:40:11.0879 0x1404 EventSystem - ok
13:40:11.0915 0x1404 [ 7729D294A555C7AEB281ED8E4D0E01E4, 7269E79D72CCE477AC108294D0DDFB59CF533B03C587599C5AB0507C43A0B6D4 ] exfat C:\Windows\system32\drivers\exfat.sys
13:40:11.0954 0x1404 exfat - ok
13:40:11.0979 0x1404 [ 7C4E0D5900B2A1D11EDD626D6DDB937B, 732F310F8F6016C56F432A81636B13CE0124A802FE8DD91287B618EED22C9A1D ] fastfat C:\Windows\system32\drivers\fastfat.sys
13:40:11.0998 0x1404 fastfat - ok
13:40:12.0047 0x1404 [ 2BC8532ABF2B3756B78FA1DA54147DDE, DF65EE2AB0255A2CF3221085A6BE7C37E3DB6BFEED3BCADCDD69BB1049F6DCB1 ] Fax C:\Windows\system32\fxssvc.exe
13:40:12.0117 0x1404 Fax - ok
13:40:12.0133 0x1404 [ 5D8402613E778B3BD45E687A8372710B, EE9EA10805168D309A609B9019AEC5961EE46D18207B5E0EA2DE4064A5770AF8 ] fdc C:\Windows\System32\drivers\fdc.sys
13:40:12.0166 0x1404 fdc - ok
13:40:12.0189 0x1404 [ DC1A78BCCCB7EE53D6FD3BD615A8E222, EE16B6853185AAE779D7135035983938009901658F76A8856AAC12EBA15BB34E ] fdPHost C:\Windows\system32\fdPHost.dll
13:40:12.0223 0x1404 fdPHost - ok
13:40:12.0247 0x1404 [ E5AD448F2DC84B1CF387FA7F2A3D1936, BBB29C79A085C503F5EFFB5144596D5DEC48A4EB34A049A4E7B38B27F6D92E0A ] FDResPub C:\Windows\system32\fdrespub.dll
13:40:12.0285 0x1404 FDResPub - ok
13:40:12.0308 0x1404 [ 0046E0BD031213D37123876B0D0FA61C, A4FE17D56F0BAFB70D0D421ED9D1B6E50AF8ADAA4B59328A41AEC5B4C068A3CB ] fhsvc C:\Windows\system32\fhsvc.dll
13:40:12.0351 0x1404 fhsvc - ok
13:40:12.0386 0x1404 [ BCFD8B149B3ADF92D0DB1E909CAF0265, 002B085C131473642450176B4B8359F3E5B04350AFB659B9C0F9EB587D1181E7 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
13:40:12.0401 0x1404 FileInfo - ok
13:40:12.0414 0x1404 [ A1A66C4FDAFD6B0289523232AFB7D8AF, 0F5832F626BB62190D5F3A088CE6E048D8A400CCF9EA527F06973CAD96D3A81C ] Filetrace C:\Windows\system32\drivers\filetrace.sys
13:40:12.0444 0x1404 Filetrace - ok
13:40:12.0465 0x1404 [ BE743083CF7063C486A4398E3AEFE59A, 85796D89943DD6FE3932C1ED6CF01470C1B4DFD243C390B07055FFDA3C231551 ] flpydisk C:\Windows\System32\drivers\flpydisk.sys
13:40:12.0490 0x1404 flpydisk - ok
13:40:12.0532 0x1404 [ 6592D192E2823C043EDBC010E7774053, C025A0EC5517DC3BD5D6656DC0F0F19021FB3D2EE90EC6194E1BD74E638EBBDC ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
13:40:12.0558 0x1404 FltMgr - ok
13:40:12.0645 0x1404 [ 3FA6DC6B29717E32E211C1FD821F2C75, E467F3775427C93CC2B87327B0A45669631A5FC460C558F6796BA26002A8BBFC ] FontCache C:\Windows\system32\FntCache.dll
13:40:12.0739 0x1404 FontCache - ok
13:40:12.0864 0x1404 [ 1C52387BF5A127F5F3BFB31288F30D93, 90D13F60170CD74304F3036A90D596AA3E1E134455A780310BDF67AC7815F2E7 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
13:40:12.0887 0x1404 FontCache3.0.0.0 - ok
13:40:12.0906 0x1404 [ 35005534E600E993A90B036E4E599F2B, DA56FA3776FBD3D50276CB7410E0CB6F137DD8FCA84C0F3FEF8B1FEA5F6CA592 ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
13:40:12.0921 0x1404 FsDepends - ok
13:40:12.0936 0x1404 [ 09F460AFEDCA03F3BF6E07D1CCC9AC42, B832091BC9B2C2FE38A4BCA132ABB58251E851F21EC6F39636E73777AB9A5791 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
13:40:12.0950 0x1404 Fs_Rec - ok
13:40:12.0994 0x1404 [ F152D55E497E12256290C43B31C7D0CE, FFC54B14CCFBC1548948C07FB3866E40A11D0C05AC352BD000E71CEF053F6A6E ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
13:40:13.0044 0x1404 fvevol - ok
13:40:13.0130 0x1404 [ 444534CBA693DD23C1CC589681E01656, DF8ED7FFA66E0A88EBB58A491A177D8CEB35B08B0911D7A1F4B8865755DC27CE ] FWLANUSB C:\Windows\system32\DRIVERS\fwlanusb.sys
13:40:13.0175 0x1404 FWLANUSB - ok
13:40:13.0188 0x1404 [ 9591D0B9351ED489EAFD9D1CE52A8015, AC64C236C3AE545FCE8ED44A4A87FB86265A453BA60026EC9A4DE2B631E99996 ] FxPPM C:\Windows\System32\drivers\fxppm.sys
13:40:13.0218 0x1404 FxPPM - ok
13:40:13.0227 0x1404 [ FC3EF65EE20D39F8749C2218DBA681CA, 12980F1DE99B25E6920A33556F3ABDA5EC9BFE4757BE602130B5E939D8D25CE3 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
13:40:13.0242 0x1404 gagp30kx - ok
13:40:13.0268 0x1404 [ 0BF5CAD281E25F1418E5B8875DC5ADD1, 0929AD8437DD78234553D8B2CDF0D6838FD54ACDE1918AFEBE48684EB32A07A3 ] gencounter C:\Windows\System32\drivers\vmgencounter.sys
13:40:13.0297 0x1404 gencounter - ok
13:40:13.0322 0x1404 [ 8DF1254093B5C354CE725EB6B9B0DE19, DE6C5661CC076DA44B8A5D044FDB7280EDCF38D322A98C14FDC82E25586B3014 ] GPIOClx0101 C:\Windows\system32\Drivers\msgpioclx.sys
13:40:13.0340 0x1404 GPIOClx0101 - ok
13:40:13.0535 0x1404 [ 69DB09F0263C637DA8568D404842466A, D042194266978AAD31E04DAF7018CD50754077212DC74A4D8AFF6BFEE80CDD20 ] gpsvc C:\Windows\System32\gpsvc.dll
13:40:13.0622 0x1404 gpsvc - ok
13:40:13.0683 0x1404 [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
13:40:13.0705 0x1404 gupdate - ok
13:40:13.0712 0x1404 [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
13:40:13.0722 0x1404 gupdatem - ok
13:40:13.0871 0x1404 [ 56F69F7C25FB67C970997D7066DBC593, 83E03A82237DCC5BCB3E722ACECACEF3510CAA619F33E0D7C4D902A482E90418 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
13:40:13.0916 0x1404 HdAudAddService - ok
13:40:13.0945 0x1404 [ D4B7ED39C7900384D9E5C1283F1E7926, F93F98858067B40F1C071EAD0F8E85442A78B95342BC692AF4D726540634923F ] HDAudBus C:\Windows\System32\drivers\HDAudBus.sys
13:40:13.0985 0x1404 HDAudBus - ok
13:40:14.0008 0x1404 [ 10A70BC1871CD955D85CD88372724906, 2480A74854D0A89FF028EE9BA41224D4B2F9B0863066BFC43097920794FEE08D ] HidBatt C:\Windows\System32\drivers\HidBatt.sys
13:40:14.0025 0x1404 HidBatt - ok
13:40:14.0056 0x1404 [ 42F88B57CAE42FC10059C887B3FCFCEA, 9363AA2B8E839A6935A7C6A36C491938DF78024886DCCE6D29CB18E1D6A6D806 ] HidBth C:\Windows\System32\drivers\hidbth.sys
13:40:14.0123 0x1404 HidBth - ok
13:40:14.0130 0x1404 [ C241A8BAFBBFC90176EA0F5240EACC17, 571E20B87818618BE9179986177D55739A240F04D1F740B3C1B7809B9427B767 ] hidi2c C:\Windows\System32\drivers\hidi2c.sys
13:40:14.0148 0x1404 hidi2c - ok
13:40:14.0155 0x1404 [ 9BDDEE26255421017E161CCB9D5EDA95, B766FD5E31708F29384F69418FC33C4BCC6E3064AA553D5B1D30EE0B8B1BFB40 ] HidIr C:\Windows\System32\drivers\hidir.sys
13:40:14.0183 0x1404 HidIr - ok
13:40:14.0220 0x1404 [ 449A20A674AA3FAA7F0DD4E33EE2DC20, 28B9BDA306456E8640C355718DE3477537B0FAF8C37F633C709129AAB64D9873 ] hidserv C:\Windows\system32\hidserv.dll
13:40:14.0240 0x1404 hidserv - ok
13:40:14.0275 0x1404 [ 8DB8EAB9D0C6A5DF0BDCADEA239220B4, EDA23E6909EB83E5E148816DFB16CC29EA01BD6BD2F73AA46B3D820B85FB9C83 ] HidUsb C:\Windows\System32\drivers\hidusb.sys
13:40:14.0317 0x1404 HidUsb - ok
13:40:14.0343 0x1404 [ 7BF3ADCBD021D4F4A84CF40EB49C71B5, 5758A51FD2EBE67E6DBE3A298D714D351910F9E01C428D0C1359457C9242B298 ] hkmsvc C:\Windows\system32\kmsvc.dll
13:40:14.0367 0x1404 hkmsvc - ok
13:40:14.0387 0x1404 [ 6CD9C3819BE8C0A3DACC82AE5D3C4F18, 46BF4A968E506DE17CA401401D716B444CDC10A5C60EB081890DD4B886AEDF5F ] HomeGroupListener C:\Windows\system32\ListSvc.dll
13:40:14.0433 0x1404 HomeGroupListener - ok
13:40:14.0477 0x1404 [ 1A4DA1D6287B99033D144B436C23B656, D4D1EEB372E61512EA36A33F095E68C225B8E6C72CC57ED8BD00533F88012F40 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
13:40:14.0533 0x1404 HomeGroupProvider - ok
13:40:14.0552 0x1404 [ A6AACEA4C785789BDA5912AD1FEDA80D, D197012A5DA6AB3F76FF298336DF0CF027C07ECC71267BAEF5912DE12893E096 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
13:40:14.0567 0x1404 HpSAMD - ok
13:40:14.0631 0x1404 [ 9DDCA7F18983C5410DEFF79F819DF93C, CE97B4440377BFC5CA81BB600C3BD1DD9FB3951CA1EB70735F5E2050EBB74223 ] HTTP C:\Windows\system32\drivers\HTTP.sys
13:40:14.0694 0x1404 HTTP - ok
13:40:14.0711 0x1404 [ 90656C0B3864804B090434EFC582404F, BDB60050B729AACB9E009AC7129BEBD6298BBD8A9DB14B817D02E8E13669BD6E ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
13:40:14.0724 0x1404 hwpolicy - ok
13:40:14.0729 0x1404 [ 6D6F9E3BF0484967E52F7E846BFF1CA1, C982966BDE6A3E6773D9441ADA7A3B08D13511DFC68D04DF303248B942423F38 ] hyperkbd C:\Windows\System32\drivers\hyperkbd.sys
13:40:14.0755 0x1404 hyperkbd - ok
13:40:14.0761 0x1404 [ 907C870F8C31F8DDD6F090857B46AB25, 308664A31717383D06185875E76C6612407A9F04E7DB28404F574A5706C6715D ] HyperVideo C:\Windows\system32\DRIVERS\HyperVideo.sys
13:40:14.0777 0x1404 HyperVideo - ok
13:40:14.0793 0x1404 [ 84CFC5EFA97D0C965EDE1D56F116A541, 0155EA62BF07D99D98D1C9B6559C8E3301B016A20D03DF1EF64B2FAB8C37403B ] i8042prt C:\Windows\System32\drivers\i8042prt.sys
13:40:14.0814 0x1404 i8042prt - ok
13:40:14.0822 0x1404 [ 5D90E32E36CE5D4C535D17CE08AEAF05, 976A463343E8C8308AFBE9E64DF56C430D2241DE002430D00318AB065EB72E4A ] iaLPSSi_GPIO C:\Windows\System32\drivers\iaLPSSi_GPIO.sys
13:40:14.0834 0x1404 iaLPSSi_GPIO - ok
13:40:14.0853 0x1404 [ DD05E7E80F52ADE9AEB292819920F32C, E71AB6A50B0F90C8F94569CE89F66F915A0A4A00D4AC091B2E5E750D88CFC334 ] iaLPSSi_I2C C:\Windows\System32\drivers\iaLPSSi_I2C.sys
13:40:14.0867 0x1404 iaLPSSi_I2C - ok
13:40:14.0931 0x1404 [ 08BFE413B0B4AA8DFA4B5684CE06D3DC, 95DEEBB203E12EE6E191F5247A74C04AEC0E16DE981FADDC4D6C42EE41D8D079 ] iaStorAV C:\Windows\system32\drivers\iaStorAV.sys
13:40:14.0961 0x1404 iaStorAV - ok
13:40:14.0989 0x1404 [ A2200C3033FA4EF249FC096A7A7D02A2, 5819F5C2020DE2EEE339B0C08CD4B1E3490EAFBBEA1277CE649DB5A5150986B0 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
13:40:15.0034 0x1404 iaStorV - ok
13:40:15.0039 0x1404 IEEtwCollectorService - ok
13:40:15.0227 0x1404 [ DEA76F90F9777E3427D70E380222B23B, B917BA423896A12E45623E3D494CA03317A6FC612CA433C62C897524DC3E756B ] IKEEXT C:\Windows\System32\ikeext.dll
13:40:15.0297 0x1404 IKEEXT - ok
13:40:15.0309 0x1404 [ 4E448FCFFD00E8D657CD9E48D3E47157, 4A958CF0BF8DAEAE5E008500BA67CE89B21388592811274331EE39CAC1043A00 ] intelide C:\Windows\system32\drivers\intelide.sys
13:40:15.0322 0x1404 intelide - ok
13:40:15.0349 0x1404 [ A770340FC02B999EF0DE6C2A6BC8437C, 214567BE706B21BEA7EC13AF6B10FBFF658000511DBBA79BAA28D1D4EFD029A7 ] intelpep C:\Windows\system32\drivers\intelpep.sys
13:40:15.0362 0x1404 intelpep - ok
13:40:15.0375 0x1404 [ 47E74A8E53C7C24DCE38311E1451C1D9, 79B06E37A552C8A847404D4C572CDB8CF525354D8AE3BEBC06892B7C3B330761 ] intelppm C:\Windows\System32\drivers\intelppm.sys
13:40:15.0404 0x1404 intelppm - ok
13:40:15.0423 0x1404 [ 9DB76D7F9E4E53EFE5DD8C53DE837514, 07BA4EDA9BE9139A689A2C3EFC1D1A4F3D1216625ED145F313398292A2CD5703 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
13:40:15.0445 0x1404 IpFilterDriver - ok
13:40:15.0619 0x1404 [ ACFEE9487693C2BD573DFCA71D98E17C, A347FD476147CD3568EEE6993B46AFC05A66A4269094CA51572D0FD013FCB535 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
13:40:15.0680 0x1404 iphlpsvc - ok
13:40:15.0716 0x1404 [ 9C096BF5E10CA8BFA56F32522A89FAF1, 6C1151160799338DA351C7237AB049926C6C15F24F5E154BBF5929B4A96C0B8D ] IPMIDRV C:\Windows\System32\drivers\IPMIDrv.sys
13:40:15.0751 0x1404 IPMIDRV - ok
13:40:15.0782 0x1404 [ B7342B3C58E91107F6E946A93D9D4EFD, D5DA3C02C5C5A343785745EF6983CC9B5FBD3FB8D49FE9B450523E50212D1A32 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
13:40:15.0823 0x1404 IPNAT - ok
13:40:15.0842 0x1404 [ AE44C526AB5F8A487D941CEB57B10C97, A783A2EAF7A6FF450FB3F189A5930036FA60D125C42171AC44B6FE2E3DBD6F7A ] IRENUM C:\Windows\system32\drivers\irenum.sys
13:40:15.0861 0x1404 IRENUM - ok
13:40:15.0893 0x1404 [ 8AFEEA3955AA43616A60F133B1D25F21, E99359A4F1D653790133F145CF7C9F97399FD75C5E135AA7E5F989BB660789AF ] isapnp C:\Windows\system32\drivers\isapnp.sys
13:40:15.0919 0x1404 isapnp - ok
13:40:15.0951 0x1404 [ D90AB68D0FAC9F357F663670FDBB511E, A82AAA5DF1B38EFBDCF834535A0C520D1BB2D7A4A906C18CFDD22BCF16BDB97D ] iScsiPrt C:\Windows\System32\drivers\msiscsi.sys
13:40:15.0975 0x1404 iScsiPrt - ok
13:40:15.0990 0x1404 [ 8BE92376799B6B44D543E8D07CDCF885, 425B8BB1BAF62F735B3CB5A002E6055879F02E7207E55942BFD37F1784F5F368 ] kbdclass C:\Windows\System32\drivers\kbdclass.sys
13:40:16.0016 0x1404 kbdclass - ok
13:40:16.0040 0x1404 [ FB6E47E569D4872ABEB506BE03A45FBA, 5C4056CADA8F67587A119D9AE2A0EFAB30387CF6298F4019FF68AC92E2F6F54B ] kbdhid C:\Windows\System32\drivers\kbdhid.sys
13:40:16.0069 0x1404 kbdhid - ok
13:40:16.0087 0x1404 [ DB7A09BC90DF20F44F16F8B0F9ED3491, 2DF5E042284D61368A5801B2557351B2C4B1044AA6F966DF4DDCE7B453D1B9AE ] kbldfltr C:\Windows\system32\drivers\kbldfltr.sys
13:40:16.0100 0x1404 kbldfltr - ok
13:40:16.0114 0x1404 [ 813871C7D402A05F2E3A7075F9584A05, FF0C2F87EB083F8CE74C679D80C845CDFBFBBC70BE818F899F3336BBB54A3FFB ] kdnic C:\Windows\system32\DRIVERS\kdnic.sys
13:40:16.0156 0x1404 kdnic - ok
13:40:16.0172 0x1404 [ F6F209DDB94959BA104FC8FC87C53759, 8E862D41F4332EABF64BD034E2C0E3CC8109C7990CB4112C2B2880E8E6EDF2D3 ] KeyIso C:\Windows\system32\lsass.exe
13:40:16.0188 0x1404 KeyIso - ok
13:40:16.0220 0x1404 [ ADDECBCC777665BD113BED437E602AB0, B6283475A1219CE44E9F683DD3BEB8C42DA0943297E5C4699B22176AD8A6A7ED ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
13:40:16.0250 0x1404 KSecDD - ok
13:40:16.0312 0x1404 [ 15C8C65CEA018C02EA0F648448C491C5, DF909704D22D891BE439B2E3D8386EA659444F91DC92AABFF9766446AEE5EBC0 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
13:40:16.0331 0x1404 KSecPkg - ok
13:40:16.0346 0x1404 [ 11AFB527AA370B1DAFD5C36F35F6D45F, 757AD234284467ADB826F7CA0251F58D48866B91995BC867DEA4BAF676947163 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
13:40:16.0372 0x1404 ksthunk - ok
13:40:16.0414 0x1404 [ 32B1A8351160F307A8C66BCB0F94A9C2, 52F1DEC2BBD4D5DDBB85ED20B99D96BBA7EB83304D76F183A11FDAFDA364E873 ] KtmRm C:\Windows\system32\msdtckrm.dll
13:40:16.0459 0x1404 KtmRm - ok
13:40:16.0517 0x1404 [ 793EACA6BAE9F481C2059BCB3743EB4A, 2624905C6B6A1227BD1CAC7D4FE55A5F6543E1278DAB31EC553748472D180D1D ] LanmanServer C:\Windows\system32\srvsvc.dll
13:40:16.0560 0x1404 LanmanServer - ok
13:40:16.0591 0x1404 [ D0D9C2ECA4D03A8F06DCD91236B90C98, E2D1144DC8040EA5FEB0602A20BA4CB920B4BC86AD5AD05FC0DF7D74DC95DC66 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
13:40:16.0620 0x1404 LanmanWorkstation - ok
13:40:16.0678 0x1404 [ 626D19F1771E1AE72208AE9A8F3082F7, 78FDB64545ED2EAE9F51C08120E21D2C3285208F6846BD8BBA08CAA839E7A0C4 ] lfsvc C:\Windows\System32\GeofenceMonitorService.dll
13:40:16.0719 0x1404 lfsvc - ok
13:40:16.0743 0x1404 [ C09010B3680860131631F53E8FE7BAD8, 35F2A06D5F29478D22ABDCC20DA893EF9D96504C65594A0CEA674D1C21B04FF8 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
13:40:16.0775 0x1404 lltdio - ok
13:40:16.0853 0x1404 [ 00E070FC0C673311AFD4B068D1242780, 50B0E0E625361145332C849709498FF444E46578DCAD2536E6D0289E0125580F ] lltdsvc C:\Windows\System32\lltdsvc.dll
13:40:16.0943 0x1404 lltdsvc - ok
13:40:16.0964 0x1404 [ D113FAD71A5E67AA94B32A0F8828D265, 08DDB4BBDB570C59926DBF5E27FCF46DCDF8B8212BB9251E97837E0504516FB3 ] lmhosts C:\Windows\System32\lmhsvc.dll
13:40:17.0015 0x1404 lmhosts - ok
13:40:17.0042 0x1404 [ C755AE4635457AA2A11F79C0DF857ABC, E03D1ACAC155287291FE1BD0B653953ADC94279A74D0152088D698FAA796460F ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
13:40:17.0059 0x1404 LSI_SAS - ok
13:40:17.0068 0x1404 [ ADAC09CBE7A2040B7F68B5E5C9A75141, 7865DA7E91404F3642BC444B97F6B7AA42B9523D5EDD7F6365DA236B8EC3410F ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
13:40:17.0084 0x1404 LSI_SAS2 - ok
13:40:17.0104 0x1404 [ 04D1274BB9BBCCF12BD12374002AA191, 4B9618F8D25F2278DE1610A70ACAADB074D171D162C3AF27D464F5DC800A8E60 ] LSI_SAS3 C:\Windows\system32\drivers\lsi_sas3.sys
13:40:17.0119 0x1404 LSI_SAS3 - ok
13:40:17.0130 0x1404 [ 327469EEF3833D0C584B7E88A76AEC0C, 3D88B5A2D68F93F01B39C6E3D8D5C7A2A20686EFC756086E66AFFF1BC3019B85 ] LSI_SSS C:\Windows\system32\drivers\lsi_sss.sys
13:40:17.0147 0x1404 LSI_SSS - ok
13:40:17.0206 0x1404 [ 8EBB271E4588D835784A3FF7E80076A8, A508BE95F6F5063A76F4C8726D9425BB1F00DE803EFE73A0BE145DD9AB82FF0A ] LSM C:\Windows\System32\lsm.dll
13:40:17.0274 0x1404 LSM - ok
13:40:17.0316 0x1404 [ DDEE191AB32DFC22C6465002ECDF5EE4, 190C3930A8449118F9FEDF43C482837EF1C255E6D67F9651156E66A1E2BC6553 ] luafv C:\Windows\system32\drivers\luafv.sys
13:40:17.0345 0x1404 luafv - ok
13:40:17.0391 0x1404 [ 1E9E32AEC3E1EB1B31B8169F33168B56, 39114585E1FDBBA31E1F781C6A627281907183F94626EB347B08D1F78992ED2A ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
13:40:17.0402 0x1404 MBAMProtector - ok
13:40:17.0489 0x1404 [ 2B983F067AEE3F9EB4DF5E97F45D21D1, 0B9ED0E91FF01A5445927650113E320C3C0EA16F1401AA55A509DDBF704DF22F ] MBAMService C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe
13:40:17.0547 0x1404 MBAMService - ok
13:40:17.0568 0x1404 [ 28B597A61C9AC9B59BC0573D70A62CBF, 032C095ECDAEEE800BD9C7AB08C089E7530A9DD09AE577D1612035F2BFFAA61C ] MBAMWebAccessControl C:\Windows\system32\drivers\mwac.sys
13:40:17.0580 0x1404 MBAMWebAccessControl - ok
13:40:17.0598 0x1404 [ EB5C03A070F30D64A6DF80E53B22F53F, 12051B6AEBDEE1E28F24364F25A52BA3A6E282ECF86D6290E34BD38E6D4E066D ] megasas C:\Windows\system32\drivers\megasas.sys
13:40:17.0612 0x1404 megasas - ok
13:40:17.0660 0x1404 [ F6F13533196DE7A582D422B0241E4363, B3CD9B08937AFFF12141B38634AF3A56F5AC5FF3EF03941802B9841DEC559469 ] megasr C:\Windows\system32\drivers\megasr.sys
13:40:17.0696 0x1404 megasr - ok
13:40:17.0726 0x1404 [ FD788C2D96EA91469A3C1D13E80D7473, 7B14D4BFDE18CECC19FBFFAA5AFF5FD78BFB7FCDA6613990740A8A7DD9873D26 ] MMCSS C:\Windows\system32\mmcss.dll
13:40:17.0770 0x1404 MMCSS - ok
13:40:17.0789 0x1404 [ 8B38C44F69259987C95135C9627E2378, E698B82D4EFFF56D66C7FC9866369BA5736FDBDBE2028CC421C51E70DEA74727 ] Modem C:\Windows\system32\drivers\modem.sys
13:40:17.0811 0x1404 Modem - ok
13:40:17.0834 0x1404 [ 601589000CC90F0DF8DA2CC254A3CCC9, D1238A386C41B6C368D9A44B7C112C943995B5403E2A5B4B7346B266DDB0C5A0 ] monitor C:\Windows\System32\drivers\monitor.sys
13:40:17.0873 0x1404 monitor - ok
13:40:17.0891 0x1404 [ CEAC6D40FE887CE8406C2393CF97DE06, 34E76908B802764FF0D7AB3AF89BE77BD35B44787983343FAD89891891C0A045 ] mouclass C:\Windows\System32\drivers\mouclass.sys
13:40:17.0905 0x1404 mouclass - ok
13:40:17.0915 0x1404 [ 02D98BF804084E9A0D69D1C69B02CCA9, EC5BC5D87043DFFD035FD4DD27B3D94E03119063519E4151BCC3522B613E2D7F ] mouhid C:\Windows\System32\drivers\mouhid.sys
13:40:17.0946 0x1404 mouhid - ok
13:40:17.0966 0x1404 [ 515549560D481138E6E21AF7C6998E56, C7E4B38D8CCAF15B9BDA63C8C8209F6193AD220DA02E1264F1B687AACD8F409F ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
13:40:17.0982 0x1404 mountmgr - ok
13:40:18.0021 0x1404 [ DD370A8148862150BA81A3F5C56A1E40, F56B84297BDC32266CB69D10FB2D66B8B332D60CAB7E64E4E3AC2BB749BBD31B ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
13:40:18.0035 0x1404 MozillaMaintenance - ok
13:40:18.0055 0x1404 [ F170510BE94CF45E3C6274578F6204B2, 344C3DDE1D622607CA2ABECB2C47CB0166D2D258BD94A7960C45A5ADBB640566 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
13:40:18.0076 0x1404 mpsdrv - ok
13:40:18.0129 0x1404 [ D186C5844393252147BE934F3871DB7A, 30160F8268B9F46E82C5CB536867E0CF280DC98074A481595072E3320200E343 ] MpsSvc C:\Windows\system32\mpssvc.dll
13:40:18.0197 0x1404 MpsSvc - ok
13:40:18.0228 0x1404 [ DB32958F0E704EFBF7F15161A569E39F, 8A26448B954F8A16EE9BA72EF47F6C549A75B30BD13FEB5A29EB099A74D8F678 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
13:40:18.0273 0x1404 MRxDAV - ok
13:40:18.0316 0x1404 [ 7A1A3F213CDB3363D179D5014272025D, 6756F5B7D9FBF6839DB1FF4E94EA45B5499D7DF925E75581C96FBBA4BE131542 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
13:40:18.0361 0x1404 mrxsmb - ok
13:40:18.0404 0x1404 [ 3E28B99198B514DFEB152EACF913025E, 6C1D8353DCD5F811F39C0C3CB5DF3D2457F0D17EE80FB06196AA169E3D19E9B2 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
13:40:18.0448 0x1404 mrxsmb10 - ok
13:40:18.0479 0x1404 [ C910E5D18958914A66F0E45689D0B40A, AD7C91DD8A60A511E580DD56BACC97F85075A539E7C5D95040A8F870A621DAF4 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
13:40:18.0508 0x1404 mrxsmb20 - ok
13:40:18.0537 0x1404 [ E0927EFA25D473367C3341B9F5969779, B77A162BD3334557623674373D8EC2BE7CC0B359DF06304E467ABFFEE0530271 ] MsBridge C:\Windows\system32\DRIVERS\bridge.sys
13:40:18.0577 0x1404 MsBridge - ok
13:40:18.0612 0x1404 [ A082C17D14D0790E27D064EA4B138AE1, 9A565ED885782D9D5135C8399C11C356DBF9EBF3B8EB4B4504BD2604AD0B45E6 ] MSDTC C:\Windows\System32\msdtc.exe
13:40:18.0649 0x1404 MSDTC - ok
13:40:18.0679 0x1404 [ D13329FBF8345B28AB30F44CC247DC08, 9C7EC2D4D65E6510EB5B9E61BB0D14F725D7E8FE98D65161C3971E43EF1AB6EB ] Msfs C:\Windows\system32\drivers\Msfs.sys
13:40:18.0712 0x1404 Msfs - ok
13:40:18.0730 0x1404 [ C6B474E46F9E543B875981ED3FFE6ADD, E16687E52FB649C23D92159A1F036CB662202C1E58D961EECDAA528AA4FA669A ] msgpiowin32 C:\Windows\System32\drivers\msgpiowin32.sys
13:40:18.0744 0x1404 msgpiowin32 - ok
13:40:18.0752 0x1404 [ 65C92EB9D08DB5C69F28C7FFD4E84E31, D709BA4723225321F665B1157A33A4AE230420752308EF535DA9A41CAC164628 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
13:40:18.0769 0x1404 mshidkmdf - ok
13:40:18.0787 0x1404 [ 52299F086AC2DAFD100DD5DC4A8614BA, B36BE0FC96798E5EB8C193C318970E3906961E3ABC3BFAAD73138C76D9A95B0B ] mshidumdf C:\Windows\System32\drivers\mshidumdf.sys
13:40:18.0814 0x1404 mshidumdf - ok
13:40:18.0838 0x1404 [ 36D92AF3343C3A3E57FEF11C449AEA4C, ECC85AA1E530DF55B4A4545798219F87F0FCA66DDD2E37BCEF0850D3C9129DD2 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
13:40:18.0851 0x1404 msisadrv - ok
13:40:18.0878 0x1404 [ 810F8A0A0680662BB0CE44D0E2CEF90C, 5631B07911B7EF378CB1583A480A3C5715E59A5488B33A528F4D7A2F849B9113 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
13:40:18.0905 0x1404 MSiSCSI - ok
13:40:18.0914 0x1404 msiserver - ok
13:40:18.0957 0x1404 [ D22AE5313F6B7EFDDD8C117B5501F4A3, 1937EEE33BF9C4485F172B10FB17AEF3F3B8978371307F49C3338D74D96A8389 ] MsKeyboardFilter C:\Windows\System32\KeyboardFilterSvc.dll
13:40:18.0977 0x1404 MsKeyboardFilter - ok
13:40:18.0983 0x1404 [ A9BBBD2BAE6142253B9195E949AC2E8D, 599D2952D4E0B0B3E02D91E38A30F4900B1ADA330716B887B156A1CB9A3E6EE9 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
13:40:19.0010 0x1404 MSKSSRV - ok
13:40:19.0028 0x1404 [ 375E44168F2DFB91A68B8A3F619C5A7C, AC243E02E9A39D0B4DE9571F196941700EE6EB5E94F5B0BA8994FB551E73A7A8 ] MsLldp C:\Windows\system32\DRIVERS\mslldp.sys
13:40:19.0058 0x1404 MsLldp - ok
13:40:19.0065 0x1404 [ 7B2128EB875DCBC006E6A913211006D6, 97BBD7FF770741FBFC0F181A609AD0954EA926DA203B742E8F08C89AD8FE476E ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
13:40:19.0081 0x1404 MSPCLOCK - ok
13:40:19.0088 0x1404 [ 1E88171579B218115C7A772F8DE04BD8, B9EAA835D0BF8F9C4DF8403D95EF1400E8AE38F28F9DBA87657DE2129FEF02D2 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
13:40:19.0110 0x1404 MSPQM - ok
13:40:19.0139 0x1404 [ BBE2A455053E63BECBF42C2F9B21FAE0, 7C5DF563499DF59DF9895A1581E47ADF5FD54C94ECEF6C886CDB60E5E95A6DAE ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
13:40:19.0164 0x1404 MsRPC - ok
13:40:19.0180 0x1404 [ 8D6B7D515C5CBCDB75B928A0B73C3C5E, 1EB4DC3DD21D2627C78EC3F9931D9E5D033169087E43B5D7C17BF1FF2A0028CD ] mssmbios C:\Windows\System32\drivers\mssmbios.sys
13:40:19.0194 0x1404 mssmbios - ok
13:40:19.0213 0x1404 [ 115019AE01E0EB9C048530D2928AB4A2, 6E2275E85EACF2D0FC784792E0D72A165589D33CBAB3BCFA8E271CA09566C925 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
13:40:19.0230 0x1404 MSTEE - ok
13:40:19.0238 0x1404 [ 96D604A35070360F0DD4A7A8AF410B5E, F94DD1A3566C7C8D0A76D6E1E2530552A9B7F99C5DA0DE11829325EAB9F8B7ED ] MTConfig C:\Windows\System32\drivers\MTConfig.sys
13:40:19.0266 0x1404 MTConfig - ok
13:40:19.0292 0x1404 [ 2219A3D695405E7BA2186BA6B9EDE14A, 8B99BD22DACB56FF544ED922962FE4EC1172BF90987A46E3A5F62A3B4E720B0C ] MTsensor C:\Windows\system32\DRIVERS\ASACPI.sys
13:40:19.0301 0x1404 MTsensor - ok
13:40:19.0314 0x1404 [ 619CA29326B82372621DB2C0964D8365, 4091F08E266DB45A6E33A4A8B1CE9FA78BB294B3111526AA9E3868620F30AFDF ] Mup C:\Windows\system32\Drivers\mup.sys
13:40:19.0329 0x1404 Mup - ok
13:40:19.0344 0x1404 [ B8C35C94DCB2DFEAF03BB42131F2F77F, F0FCF367CA8F722D6ABCF7F363CD406D890D71452E91C3FC6677B47AD74D6324 ] mvumis C:\Windows\system32\drivers\mvumis.sys
13:40:19.0359 0x1404 mvumis - ok
13:40:19.0412 0x1404 [ 41A45D2A75494EABF2806EA051E00376, EB2497561C8E33A4297C044604C717FF854C7F046882A9E4A400AE7679BF5467 ] napagent C:\Windows\system32\qagentRT.dll
13:40:19.0462 0x1404 napagent - ok
13:40:19.0516 0x1404 [ 26ACA481FAFEC59FE311D719E3027BBA, 16A24CCA95A38BDFE970580159F6ACAA13FF1B74CF2290B1B020D909F90D3347 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
13:40:19.0553 0x1404 NativeWifiP - ok
13:40:19.0587 0x1404 [ 71E3C0100AA19D11373CCEB2F51A6008, 58FBF35F5FE19BEABE483C11E9996BE93D76721C8C34465350FA98B465CA3672 ] NcaSvc C:\Windows\System32\ncasvc.dll
13:40:19.0624 0x1404 NcaSvc - ok
13:40:19.0644 0x1404 [ 51DF09CAB2CAC64FEE3E371D9028ED01, 9B81604D0D0359AF8F54FED6DA7116FFD2F40407895028EAD99FF1D7CFDC2D14 ] NcbService C:\Windows\System32\ncbservice.dll
13:40:19.0680 0x1404 NcbService - ok
13:40:19.0700 0x1404 [ 2586C4C167499210DCBF3ECFD8CCE210, D8129FEDE9918BF4FB0057CC58700D4E08457060E810B9CC25CA0F598506ADB8 ] NcdAutoSetup C:\Windows\System32\NcdAutoSetup.dll
13:40:19.0742 0x1404 NcdAutoSetup - ok
13:40:19.0808 0x1404 [ 6D3A2565E01B3E4B0F1BEDB0D4B00B3F, 95F2608E17CA3E25BD7958D1A49F7030EC8088BC1DF12422F1DAC5BA99113E34 ] NDIS C:\Windows\system32\drivers\ndis.sys
13:40:19.0873 0x1404 NDIS - ok
13:40:19.0888 0x1404 [ C6BB12BC35D1637CA17AE16D3A4725EB, 01C1D9FA738886A195166F88207EEB6715A1DE0608978ED6C5DC738AF5C02513 ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
13:40:19.0909 0x1404 NdisCap - ok
13:40:19.0928 0x1404 [ B1AA3B19A2E596A59224F893E01A5A75, E08696CA5E087E51AC3E64D4FB8490EEADD612DDF30C9A94DD1BD1BA124B71B7 ] NdisImPlatform C:\Windows\system32\DRIVERS\NdisImPlatform.sys
13:40:19.0959 0x1404 NdisImPlatform - ok
13:40:19.0990 0x1404 [ 9423421E735BD5394351E0C47C76BB92, 763E5D06F896C0EF8AD52515464F28BA85DB7A1560E451857AC9AA68FAFCBC66 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
13:40:20.0019 0x1404 NdisTapi - ok
13:40:20.0039 0x1404 [ B832B35055BA2B7B4181861FF94D8E59, 2E60E5D503E88D27E35ECFEE265D51328E93A9C7B9B931F86D9CBC947636BB00 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
13:40:20.0071 0x1404 Ndisuio - ok
13:40:20.0091 0x1404 [ 1F58E48EF75F34C35D8E93A0DC535CFE, D65619A6C4B1747F8B05DA08A44EF0E46B5CC384880E04E4755A2BA6CDB3C4EA ] NdisVirtualBus C:\Windows\System32\drivers\NdisVirtualBus.sys
13:40:20.0125 0x1404 NdisVirtualBus - ok
13:40:20.0144 0x1404 [ DEC29080202D4F9F17F55E18BCFCC41A, F7E543741B1F4F637A99C40543D6AEC6EBF893F74359BBA769D1F882E0AFB571 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
13:40:20.0183 0x1404 NdisWan - ok
13:40:20.0193 0x1404 [ DEC29080202D4F9F17F55E18BCFCC41A, F7E543741B1F4F637A99C40543D6AEC6EBF893F74359BBA769D1F882E0AFB571 ] NdisWanLegacy C:\Windows\system32\DRIVERS\ndiswan.sys
13:40:20.0216 0x1404 NdisWanLegacy - ok
13:40:20.0233 0x1404 [ A5BD69A8812FA79D1A487691DD3FB244, 67B5EDE101943E0E8B8041DB2353D20C8B9F2D253E77964761CFE8F136C0BBC7 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
13:40:20.0273 0x1404 NDProxy - ok
13:40:20.0290 0x1404 [ 5A072F0B90C29C5233D78BE33EF5ED78, B32ED76A674B1FC743361FB7BBD4C915A78B14132AB056AADD445D5995AD4F32 ] Ndu C:\Windows\system32\drivers\Ndu.sys
13:40:20.0320 0x1404 Ndu - ok
13:40:20.0336 0x1404 [ A83D67D347A684F10B7D3019C8A6380C, 2B86832967981C8C786BF24C1CF8E13E01745ACE3333CF5C821DD93D623B96E4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
13:40:20.0369 0x1404 NetBIOS - ok
13:40:20.0398 0x1404 [ 0217532E19A748F0E5D569307363D5FD, C40C2E7AFA276057E7327A7BB173122689D6CEC9AE443C3850C3F94AF03DFBF5 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
13:40:20.0447 0x1404 NetBT - ok
13:40:20.0463 0x1404 [ F6F209DDB94959BA104FC8FC87C53759, 8E862D41F4332EABF64BD034E2C0E3CC8109C7990CB4112C2B2880E8E6EDF2D3 ] Netlogon C:\Windows\system32\lsass.exe
13:40:20.0478 0x1404 Netlogon - ok
13:40:20.0558 0x1404 [ B7AD851A21FEBA3BA214972627614207, 29605320CCC3DAAD062CAECF0009DACBC2F6D28ED4E8AF7CE76132129F5572A0 ] Netman C:\Windows\System32\netman.dll
13:40:20.0586 0x1404 Netman - ok
13:40:20.0651 0x1404 [ F0F0A372C2EF6358399C4936F91B6131, CE596C71EB4D1A5E104D3148F2D0D8789882C59FD198DCF33CCAC7A08B50E4EE ] netprofm C:\Windows\System32\netprofmsvc.dll
13:40:20.0700 0x1404 netprofm - ok
13:40:20.0744 0x1404 [ 1092B3190E69E0C5ECBCE90F171DE047, C16106EEFC324EE80E5F659CB71A5DD69FA800D36D829F5B0E6AD3393BD1BAF7 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
13:40:20.0760 0x1404 NetTcpPortSharing - ok
13:40:20.0780 0x1404 [ 70414DB660BFBB7BD58FCE8EA4364E1B, 6DFB3897CD55E22BA1EDF0AE672F4D7A6A1F512F8A0A26AF106765E6B1CF65AC ] netvsc C:\Windows\system32\DRIVERS\netvsc63.sys
13:40:20.0798 0x1404 netvsc - ok
13:40:20.0840 0x1404 [ E94EB2A95D7D016E119C4D6868788831, 3E4A925D23262FBA0A6432DD635FBE94B0CEF76BD9BB323254B66977497FEE2A ] NlaSvc C:\Windows\System32\nlasvc.dll
13:40:20.0918 0x1404 NlaSvc - ok
13:40:20.0947 0x1404 [ 8F44A2F57C9F1A19AC9C6288C10FB351, 310274DDBAC0FE4BE54ECD3B90C97D82A0F9F5CFCA7A35711A36164DE4B94074 ] Npfs C:\Windows\system32\drivers\Npfs.sys
13:40:20.0981 0x1404 Npfs - ok
13:40:20.0999 0x1404 [ CBDB4F0871C88DF930FC0E8588CA67FC, 7E4AA3EA81A9D532F236FD7896744F07ED07CA9B37A9F18A9778BCCCC67490F2 ] npsvctrig C:\Windows\System32\drivers\npsvctrig.sys
13:40:21.0025 0x1404 npsvctrig - ok
13:40:21.0047 0x1404 [ 6E2271ED0C3E95B8E29F3752B91B9E84, 44026AD9757EA82967D7F7578455802FAD7FE0057EAC088E0AE207C15F594B86 ] nsi C:\Windows\system32\nsisvc.dll
13:40:21.0077 0x1404 nsi - ok
13:40:21.0083 0x1404 [ E490B459978CB87779E84C761D22B827, 1E5CA38626E41618E4CA16DD0C70EB2FA86E986F0CF21A749BDE2A17015DEEC6 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
13:40:21.0112 0x1404 nsiproxy - ok
13:40:21.0369 0x1404 [ 038C77D577900EE39410662478BB0D50, A33AAFD5750245C17A47EC71F3C6EAD2E0925CAD34C65AB3E6CEE44756C668E6 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
13:40:21.0456 0x1404 Ntfs - ok
13:40:21.0473 0x1404 [ EF1B290FC9F0E47CC0B537292BEE5904, DBC07BBC54EBC2D2E576B23A4CE116B3DA988577AD0D96CB7289A6748A60F9EA ] Null C:\Windows\system32\drivers\Null.sys
13:40:21.0506 0x1404 Null - ok
13:40:21.0541 0x1404 [ C42C32BF90A78D72D4B7C144FF907FB6, 4BAD5469CE035E0D9989F3EDB5B7CA1118FB895B013FB16FEC2788C85265FC71 ] NVNET C:\Windows\system32\DRIVERS\nvmf6264.sys
13:40:21.0561 0x1404 NVNET - ok
13:40:21.0582 0x1404 [ BC6B5942AFF25EBAF62DE43C3807EDF8, CB0FA194084B8C309039D571B5760FDA800E9531B8660C499B4F9977BA5C36D5 ] nvraid C:\Windows\system32\drivers\nvraid.sys
13:40:21.0600 0x1404 nvraid - ok
13:40:21.0670 0x1404 [ 1F43ABFFAC3D6CA356851D517392966E, 6FD7621F67BA94B0E1D8F43BEC2951DBCDEEA1E848BB265AC169E27C01DA68F2 ] nvstor C:\Windows\system32\drivers\nvstor.sys
13:40:21.0702 0x1404 nvstor - ok
13:40:21.0813 0x1404 [ 71B6ECD3C56FBF12FB1968DA3953B703, 47E39FBC336C9BFC159AA0FF9D8DEE950724ABB782102858E397A7EF87112584 ] nvstor64 C:\Windows\system32\DRIVERS\nvstor64.sys
13:40:21.0827 0x1404 nvstor64 - ok
13:40:21.0844 0x1404 [ 6934A936A7369DFE37B7DBA93F5E5E49, 0900FEEB0CE8D09F0FC60630B5B986034A8BCD3882ED66E47170810C32492892 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
13:40:21.0861 0x1404 nv_agp - ok
13:40:21.0896 0x1404 [ E47C13E2DEC4244836D6728C36CDA1A6, 851FA9894918D515D1B49E847F0789ECBA6CC3C8BBF3EA491D7F6AB6E7205FB6 ] OpenVPNService C:\Program Files\OpenVPN\bin\openvpnserv.exe
13:40:21.0907 0x1404 OpenVPNService - ok
13:40:21.0965 0x1404 [ E287F157F7A0011D93179C64EF8ADCF2, C16FB92C7B18D634BB1344238D35B3111494C243FBD5853F05376F5051480D83 ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
13:40:22.0076 0x1404 p2pimsvc - ok
13:40:22.0121 0x1404 [ 2A57A937BC5B1B2D6AFE6A8C5925F50B, 00D84EFED5A7129AAD86945940030474795905C32D65CBD5B1A3EBADCED8F873 ] p2psvc C:\Windows\system32\p2psvc.dll
13:40:22.0175 0x1404 p2psvc - ok
13:40:22.0211 0x1404 [ 764B1121867B2D9B31C491668AC72B2B, 32C04B6FCE1DDD09697B81473A23BDCED8BEEFBCD0D2D58DDC9A11A33C756967 ] Parport C:\Windows\System32\drivers\parport.sys
13:40:22.0240 0x1404 Parport - ok
13:40:22.0261 0x1404 [ EF0C1749C9A8CEE9A457473D433CC00F, A5FDAB5AD47471640D697C6CFBA6C67730878ABBA47D394EAA47C9733EDCE1F3 ] partmgr C:\Windows\system32\drivers\partmgr.sys
13:40:22.0276 0x1404 partmgr - ok
13:40:22.0339 0x1404 [ 9A5309EF92F39346CFD5A4C2C3D1BFAD, 5908E0C9562F9CB24784491BD9AE7983A33A6BDF81AFA0A08045518A0C9BB2B1 ] PcaSvc C:\Windows\System32\pcasvc.dll
13:40:22.0378 0x1404 PcaSvc - ok
13:40:22.0425 0x1404 [ 91ED124E261EA8FAA1C0FFDF2A71B0C4, 20E41A38067395D03184938983A9BE459717A1941352972DBC28D83D542319EC ] pci C:\Windows\system32\drivers\pci.sys
13:40:22.0456 0x1404 pci - ok
13:40:22.0472 0x1404 [ 346E38FCC6859A727DD28AFAD1F0AFF4, FF3DA26F79B3BC3A5B8A8AA0B9139B9EF70297F4EA1203B1E68FB5A212C3AA58 ] pciide C:\Windows\system32\drivers\pciide.sys
13:40:22.0485 0x1404 pciide - ok
13:40:22.0504 0x1404 [ 4D3BDCC1C7B40C9D7B6AD990E6DEC397, 27A7AF2127B699F4579CB77936F38DC102211E26E5E2947DB808756FE06FC98E ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
13:40:22.0520 0x1404 pcmcia - ok
13:40:22.0539 0x1404 [ BF28771D1436C88BE1D297D3098B0F7D, 5F7630916A76A8CF31289E9C577F522B999C74C39E541CD40E62BD53004BEF74 ] pcw C:\Windows\system32\drivers\pcw.sys
13:40:22.0553 0x1404 pcw - ok
13:40:22.0568 0x1404 [ 24A8DFC07E4BAF29AEA26E383D4CC886, 1B903FE52CD816662D37A8113930B4B7019B6996D49F1982D8F42933A3525A67 ] pdc C:\Windows\system32\drivers\pdc.sys
13:40:22.0584 0x1404 pdc - ok
13:40:22.0634 0x1404 [ 0ECEE590F2E2EF969FB74A6FC583A1E6, 1C611D9225C863CF32125F684B324C58BDE1942F4F283F5674133200AC505D44 ] PEAUTH C:\Windows\system32\drivers\peauth.sys
13:40:22.0695 0x1404 PEAUTH - ok
13:40:22.0838 0x1404 [ 084DE525DFE82AE7453DD527390FA110, 8216AE63AE740D97204CDED6543B66FC1FB55DB86D42FBA0EC629361C40F9EC0 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
13:40:22.0975 0x1404 PeerDistSvc - ok
13:40:23.0500 0x1404 [ 8E3C640FFF5A963F570233AE99C0FFF3, 3DE978B005BF2E88BA858CE37D9E27BD3584642B8412E22C300A1E739743838A ] PerfHost C:\Windows\SysWow64\perfhost.exe
13:40:23.0541 0x1404 PerfHost - ok
13:40:23.0704 0x1404 [ 928061178CD9856CA6B67FFFCE6BA766, 71DE3C7CA7F83EAAA550CD8A68FB67DE042B0AE51BFACB1ECB8852D502E11F50 ] pla C:\Windows\system32\pla.dll
13:40:23.0806 0x1404 pla - ok
13:40:23.0844 0x1404 [ BC6849C62DB407573C6AD8CB1A4D2628, 5BDE0D60F85E4C27CEAD1B301155B54D841FB773BD5BB8AC5DDAEE31F8E94627 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
13:40:23.0865 0x1404 PlugPlay - ok
13:40:23.0887 0x1404 [ 045EB4F260606A03BE340D09DEAF3BA4, 6F34B8D414F7F69F4388F2F8A86E0F3AD179E423126990AF3E1EC4DCCB8E7693 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
13:40:23.0923 0x1404 PNRPAutoReg - ok
13:40:23.0950 0x1404 [ E287F157F7A0011D93179C64EF8ADCF2, C16FB92C7B18D634BB1344238D35B3111494C243FBD5853F05376F5051480D83 ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
13:40:23.0976 0x1404 PNRPsvc - ok
13:40:24.0060 0x1404 [ C16097D77A232A288D65F299E2E01105, 5CE4B44B06FD26569C0F92FF1D3991D0128D8444AE7BC9EBEF5A33811D721BE8 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
13:40:24.0111 0x1404 PolicyAgent - ok
13:40:24.0149 0x1404 [ 00E08B30E7F7C13ECE2CDF4F46A77311, 1807C0A64C1794E572C86730816C01DCF4D8F773ADE9CAEA3AC0658F7BD71A4E ] Power C:\Windows\system32\umpo.dll
13:40:24.0197 0x1404 Power - ok
13:40:24.0637 0x1404 [ 3C96A45CA3403A276B0F045C448EC27B, C0011DB8C5A85817CAF815CC0095EE2C1CDD5964DCD8EAF4C35A2495D6A873CC ] PrintNotify C:\Windows\system32\spool\drivers\x64\3\PrintConfig.dll
13:40:24.0760 0x1404 PrintNotify - ok
13:40:24.0795 0x1404 [ ECD373F9571C745894367CC2635EA44F, E08B2A1017DAE1BF10B986DAFAD14BDE20D79703E0EF3A8C700A3753908C1392 ] Processor C:\Windows\System32\drivers\processr.sys
13:40:24.0823 0x1404 Processor - ok
13:40:24.0857 0x1404 [ 19424364D8C03B990C4281BE53963FD0, 958FC8436E6B754858E20BC48B0D4B269991E8CA94C15C2761BF04ED52591907 ] ProfSvc C:\Windows\system32\profsvc.dll
13:40:24.0906 0x1404 ProfSvc - ok
13:40:24.0927 0x1404 [ 8528BB05E4D4E25945F78B00B2555FB7, FF8E0D4580F93CD348080967F52FE6C2C68B56DAEACAE2EAEF04E19412A953AE ] Psched C:\Windows\system32\DRIVERS\pacer.sys
13:40:24.0962 0x1404 Psched - ok
13:40:24.0996 0x1404 [ AF90BB44C99D6820BE52C9BBAA523283, 9772D9CC1666959EC8EE4ED740A5179473CE4F38762109F1123DD68010D20EA1 ] QWAVE C:\Windows\system32\qwave.dll
13:40:25.0034 0x1404 QWAVE - ok
13:40:25.0055 0x1404 [ 3FB466684609A4329858CF2EBD62E0FD, CFC8FBAB1436948F9D34CE6A2D6DE2F86F3E93E50B86851CED979C8CCE609798 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
13:40:25.0099 0x1404 QWAVEdrv - ok
13:40:25.0118 0x1404 [ 2C56F0EE27E4EF70CA4B4983D3638905, AFFDD686886CE982424B644D9168D61C6F86A5244FF97BC644DF75B321E415E5 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
13:40:25.0137 0x1404 RasAcd - ok
13:40:25.0147 0x1404 [ 5F061AC45266841A2860C1858ED863B8, 9E0D52BAC8A50225C32D0397C35350601B996443E2481C808CC59D3B0763FEF0 ] RasAuto C:\Windows\System32\rasauto.dll
13:40:25.0171 0x1404 RasAuto - ok
13:40:25.0267 0x1404 [ 5C7B86EE33505E36026AFAAB62DA6364, 903BB1A355AC746BF09C2A7C87B068168648DB79DEF39AB1DC710B6A7A5F6556 ] RasMan C:\Windows\System32\rasmans.dll
13:40:25.0325 0x1404 RasMan - ok
13:40:25.0355 0x1404 [ 5247F308C4103CDC4FE12AE1D235800A, E567CD33CA1897D53795E071B7AFBAF98B2C8F725F8BED0BA90F5EF611520E48 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
13:40:25.0387 0x1404 RasPppoe - ok
13:40:25.0465 0x1404 [ A1A5E79C0D1352AFDC08328A623DA051, 01546DDE6F1FF159A7EB7F2BF104910445D3D863F1F37DEA695579BA60D84280 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
13:40:25.0519 0x1404 rdbss - ok
13:40:25.0539 0x1404 [ 6B21EBF892CD8CACB71669B35AB5DE32, 0AD8E14FEF16FB2559F5FC8AFBC9D49E4E24F43CF65F480DBF9FAB593269B419 ] rdpbus C:\Windows\System32\drivers\rdpbus.sys
13:40:25.0578 0x1404 rdpbus - ok
13:40:25.0598 0x1404 [ 680C1DAE268B6FB67FA21B389A8B79EF, 856911F77BDD8830C3D683EBE8AF399FB3A54C7D8D0B34EA37D903377F0A39BD ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
13:40:25.0642 0x1404 RDPDR - ok
13:40:25.0678 0x1404 [ BC8A79C625568DDB7DCA49D0C2741A64, AB0A7ED9EC2282EC0356D27EA4F70515943E41C2112428B787636B8BEC278933 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
13:40:25.0690 0x1404 RdpVideoMiniport - ok
13:40:25.0722 0x1404 [ A26AEC49F318FEE141DDDB2C5F99B3E6, 246AD79FF27E79DEDCB0AAA7C22A8EA6349DEDAC863413A1E378E68FD94C9C4F ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
13:40:25.0743 0x1404 rdyboost - ok
13:40:25.0898 0x1404 [ E515A287C8FAE901EB8FB42F168E14F2, 9AE8D608587713FD18BB728BADD402C86FFF06A67359B22ED9431705522BC310 ] ReFS C:\Windows\system32\drivers\ReFS.sys
13:40:25.0949 0x1404 ReFS - ok
13:40:26.0032 0x1404 [ BFFB40FBE6D2C3469F8D06EE5E4934AB, 5B6763F973A740DCD53CEA75156926457BED8B075965033C484877DDA8B97F39 ] RemoteAccess C:\Windows\System32\mprdim.dll
13:40:26.0065 0x1404 RemoteAccess - ok
13:40:26.0096 0x1404 [ 4DCCABE03D06955ED61BABBD8EF9F30F, 531CD60315AAF283B73E0F6CF77D4DE093B809E73C44D2AC43B7247500B3485E ] RemoteRegistry C:\Windows\system32\regsvc.dll
13:40:26.0127 0x1404 RemoteRegistry - ok
13:40:26.0151 0x1404 [ D894CBD7DA753C881EE8D5E33B583225, DA4472A85F10A3DF8CE969F731E67FE7C75EE6095908AB8AC2C44851DC5A3F8B ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
13:40:26.0183 0x1404 RpcEptMapper - ok
13:40:26.0210 0x1404 [ 5CAE8F47B31D5CFC322B5B898C19E0FE, FDB5F0B6EA36403E031D9147AB0519011FAAD3AC8190DE5B1F17FB5472D79D47 ] RpcLocator C:\Windows\system32\locator.exe
13:40:26.0248 0x1404 RpcLocator - ok
13:40:26.0317 0x1404 [ 81979817943D830BF24571B7C1B28A1A, 9584D8F1FB3E6CF17BD465670B208C723A8E8B06775A3DA44F75D7710404EEA6 ] RpcSs C:\Windows\system32\rpcss.dll
13:40:26.0353 0x1404 RpcSs - ok
13:40:26.0370 0x1404 [ 2D05A5508F4685412F2B89E8C2189ABC, 82F12B4E0E73411A121EFD35FBD3B44CBBC0AE96ACFBB45D8C3C3777E2EA320D ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
13:40:26.0400 0x1404 rspndr - ok
13:40:26.0503 0x1404 [ B0A0260A3C03156937ECDB67CE5C6FE5, 88102D22976398599FA6165E9DBC1213EF2A001C99602E2195C9A7BAB0A127D7 ] RtlWlanu C:\Windows\system32\DRIVERS\rtwlanu.sys
13:40:26.0587 0x1404 RtlWlanu - ok
13:40:26.0614 0x1404 [ 1A063730F221B2746FF00457AE17E4F0, 39A3C258CBFE3BC566C63528C9020A3BC9409736AE5289C08A7BA471D8409263 ] s3cap C:\Windows\System32\drivers\vms3cap.sys
13:40:26.0637 0x1404 s3cap - ok
13:40:26.0668 0x1404 [ 476BAA3EEBE9DB94BF6BDFAF46747E5D, 6E8FB06225341989B88C1F554800724F5DFE16A359C3E019CA63D6C2FAA22F72 ] SaiK0728 C:\Windows\system32\DRIVERS\SaiK0728.sys
13:40:26.0730 0x1404 SaiK0728 - ok
13:40:26.0760 0x1404 [ F6F209DDB94959BA104FC8FC87C53759, 8E862D41F4332EABF64BD034E2C0E3CC8109C7990CB4112C2B2880E8E6EDF2D3 ] SamSs C:\Windows\system32\lsass.exe
13:40:26.0776 0x1404 SamSs - ok
13:40:26.0837 0x1404 [ C624A1B32211C3166EDB3F4AB02A30B7, 6B2A4607DB52D74242787ED9DF9067058983D310431D8612D2B0236E6201E681 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
13:40:26.0857 0x1404 sbp2port - ok
13:40:26.0888 0x1404 [ 47C497FA4DDEA908633CAA60CEBE6805, 4DF5742D4C99D3F7B6A5671AEDB1E5E47D3399D36B28BA19C105FA604D8D5A1C ] SCardSvr C:\Windows\System32\SCardSvr.dll
13:40:26.0934 0x1404 SCardSvr - ok
13:40:26.0942 0x1404 [ E76C4E98302AE39CC6FA5D20FC8B5438, B6B6B59CF427515087689285797F4A5763103440EBE5D87A61FA74F80F895BD0 ] ScDeviceEnum C:\Windows\System32\ScDeviceEnum.dll
13:40:26.0969 0x1404 ScDeviceEnum - ok
13:40:26.0993 0x1404 [ ABD0237B15DBD2B4695F4B7D734A58F7, D6831921F0CD3E03CBF1CA3ED5824EE0C75127842D12D4E897E74EC72B0792EB ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
13:40:27.0012 0x1404 scfilter - ok
13:40:27.0197 0x1404 [ D3AE5DB16EAF913860EC28654CE00E6B, AD76B6044F7247C6E86F6DCB7CFD6B25BCA2B9F09A97A419F043A999E66726A2 ] Schedule C:\Windows\system32\schedsvc.dll
13:40:27.0293 0x1404 Schedule - ok
13:40:27.0328 0x1404 [ AB285CE3431FF3D2ACE669245874C1C7, 6AF4C3E86EFA51F7FB6F8492CB2CCB807C7775EAE0508B87F07134FDAC679BD7 ] SCPolicySvc C:\Windows\System32\certprop.dll
13:40:27.0350 0x1404 SCPolicySvc - ok
13:40:27.0464 0x1404 [ 7B7C482CF48E6EE33664340D1A78E6FE, CE5077C4B0372F4F9F02B0B37AE58C0DAEFCA9D242065731A23F072506430575 ] sdbus C:\Windows\System32\drivers\sdbus.sys
13:40:27.0492 0x1404 sdbus - ok
13:40:27.0544 0x1404 [ 0B1E929D11A8E358106955603FAC65E8, A5EC91BFC0873EC6AB1D0DB4E91654BD35339BD680E7E82DA2DC64996B4AE515 ] sdstor C:\Windows\System32\drivers\sdstor.sys
13:40:27.0565 0x1404 sdstor - ok
13:40:27.0589 0x1404 [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv C:\Windows\system32\drivers\secdrv.sys
13:40:27.0613 0x1404 secdrv - ok
13:40:27.0642 0x1404 [ C49009F897BA4F2F4F31043663AA1485, 48C8BE1E3A4F150662AD012AF4E0357ABA792AD1147AB90EFF6CB2630E2501B6 ] seclogon C:\Windows\system32\seclogon.dll
13:40:27.0678 0x1404 seclogon - ok
13:40:27.0695 0x1404 [ A88882E64BDC1D8E8D6E727B71CCCC53, 12D2235F54D0CEEED8AA268C17CDE44020269F4FEFC70CE957DBBF99AF7F553D ] SENS C:\Windows\System32\sens.dll
13:40:27.0737 0x1404 SENS - ok
13:40:27.0761 0x1404 [ E66A7C8CE7ED22DED6DF1CA479FB4790, ADEB076F131E7A8C3AD96022B09BB33EB9AB26C9C831503B8C6960AA763B8975 ] SensrSvc C:\Windows\system32\sensrsvc.dll
13:40:27.0806 0x1404 SensrSvc - ok
13:40:27.0827 0x1404 [ DB2FF24CE0BDD15FE75870AFE312BA89, 7DB0D978C92CD0A0A81F7AB46FE323B4929CEA01585B0F330921E6DFA7DE1B85 ] SerCx C:\Windows\system32\drivers\SerCx.sys
13:40:27.0842 0x1404 SerCx - ok
13:40:27.0871 0x1404 [ 0044B31F93946D5D41982314381FE431, 95B8A94BA9EF770F29ACD5B23D447EC2B6CF1CB3D0030343BA1550AC31F6E2A5 ] SerCx2 C:\Windows\system32\drivers\SerCx2.sys
13:40:27.0888 0x1404 SerCx2 - ok
13:40:27.0895 0x1404 [ 3CD600C089C1251BEEB4CD4CD5164F9E, D9F81951B4454B24E821E33ACA53A851A61F3135E8EC6FBE6761A1A3E1CDCBE2 ] Serenum C:\Windows\System32\drivers\serenum.sys
13:40:27.0911 0x1404 Serenum - ok
13:40:27.0928 0x1404 [ D864381BC9C725FAB01D94C060660166, 132FED95222BBE3B0B25B3F1F0EFC5903D04564BD047BA4D2042AD51E3FDA724 ] Serial C:\Windows\System32\drivers\serial.sys
13:40:27.0956 0x1404 Serial - ok
13:40:27.0964 0x1404 [ 0BD2B65DCE756FDE95A2E5CCCBF7705D, F13FAFEC8FCF3E796196562717C433CE359A74A3E5876AB070647C717AF74028 ] sermouse C:\Windows\System32\drivers\sermouse.sys
13:40:27.0981 0x1404 sermouse - ok
13:40:28.0063 0x1404 [ D5C3776CBD8BC307DCCA3FD4CE667A37, 98E4253B770C25914C91A6148E2EA15ED0EF37ADCB042A47252DBA135972BF74 ] SessionEnv C:\Windows\system32\sessenv.dll
13:40:28.0126 0x1404 SessionEnv - ok
13:40:28.0136 0x1404 [ 472B7A5AC181C050888DB454663DD764, C950A8615D57BFD455E18880398350642B2E1D6B951EC9754FD8D429F3418835 ] sfloppy C:\Windows\System32\drivers\sfloppy.sys
13:40:28.0164 0x1404 sfloppy - ok
13:40:28.0228 0x1404 [ F4414F57DF2CECB8FC969AA43A6B0D50, AD09A6E1294721507DD6BE82B91F2EEB0FF0151B9BC14A75840CD657DBFDECEC ] SharedAccess C:\Windows\System32\ipnathlp.dll
13:40:28.0286 0x1404 SharedAccess - ok
13:40:28.0353 0x1404 [ 0D190D8B4B20446BE6299AC734DFADF1, 6551095971F99820BBFC5FED8FAB9591A3F8ABFA0F027887F3B71B79325FF6D9 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
13:40:28.0418 0x1404 ShellHWDetection - ok
13:40:28.0448 0x1404 [ 0F498DEE92FD73DD999BAE4D506367F5, F85EC9A0D4A20D02B4DD30B489BA67E5C677B1DFD67EC7346083DAFB61B834C3 ] SI3132 C:\Windows\system32\DRIVERS\SI3132.sys
13:40:28.0474 0x1404 SI3132 - ok
13:40:28.0493 0x1404 [ 127CE10E01F53F2EDACA7FE42E5631EA, 665632BB4CCCEC92824F78985302588E09855B560E2D35273EAE36F45582B1F2 ] SiFilter C:\Windows\system32\DRIVERS\SiWinAcc.sys
13:40:28.0502 0x1404 SiFilter - ok
13:40:28.0511 0x1404 [ B742C37002B8EBEF6E230DF9B4B28546, E7DAF42E4C2A5E01218790AFDB54317448B9301FD8F874FDED853E5088E751CD ] SiRemFil C:\Windows\system32\DRIVERS\SiRemFil.sys
13:40:28.0520 0x1404 SiRemFil - ok
13:40:28.0533 0x1404 [ 2F518D13DD6F3053837FE606F1A2EA1F, 64109296CE95BD233525688A350D575CF97B9464659AA07CF78B307B6ADBC835 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
13:40:28.0547 0x1404 SiSRaid2 - ok
13:40:28.0557 0x1404 [ 1AC9A200A9C49C4508F04AAFFCA34A3F, 972BCB2A39169155F74111FAC74ACCD8F50E34EADCF087833B0980827627BBF4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
13:40:28.0572 0x1404 SiSRaid4 - ok
13:40:28.0677 0x1404 [ A9C057A9463C25490CF99EA8DF8A4B35, 8F4D1C40D0F17EDBF84ED455B8946F782C7552383F0A07E410A9B6CFF7F51D63 ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
13:40:28.0713 0x1404 SkypeUpdate - ok
13:40:28.0745 0x1404 [ 587ACA15210D1B01FBF272E07A08F91A, 1F3C13C218C5EA329C6E33E4AE7CFE88DAD59DA40F59FDE09D733AFD2E489000 ] smphost C:\Windows\System32\smphost.dll
13:40:28.0775 0x1404 smphost - ok
13:40:28.0793 0x1404 [ 49EEB92DE930B8566EF615D600781DB4, 0B7C929D24FAFC34F95BB4AA77DCBA29DDD8F1977EB42713B64228677D1FBFD3 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
13:40:28.0826 0x1404 SNMPTRAP - ok
13:40:28.0871 0x1404 [ 240C5C3793206725AA05665851E8C214, 96ADFB85EB1623EB00C251C1C6A1F441A1795F0EBFD10B17DD1CA58E3AE8A90D ] spaceport C:\Windows\system32\drivers\spaceport.sys
13:40:28.0910 0x1404 spaceport - ok
13:40:28.0929 0x1404 [ F337BE11071818FC3F5DC2940B6BDE34, D5CFF00E5DF37045F71AEE101AC9B270EBB29F372F404757B58600E9966C7E4D ] SpbCx C:\Windows\system32\drivers\SpbCx.sys
13:40:28.0944 0x1404 SpbCx - ok
13:40:28.0982 0x1404 [ 42FEA9E0BA9761D9E65A4F167D91515B, 9A34CE83F3ACD50608671BDABE5E475F8E0C8335D3B8B7B3D7E84B2A319FA29F ] Spooler C:\Windows\System32\spoolsv.exe
13:40:29.0058 0x1404 Spooler - ok
13:40:29.0771 0x1404 [ C993A0B97BECD3AAF5158E3869878465, 8B86F37DEFCBE55DE507D830EC4980EBB39B3CCA30C2B3E76B588AAB282A50FC ] sppsvc C:\Windows\system32\sppsvc.exe
13:40:30.0098 0x1404 sppsvc - ok
13:40:30.0151 0x1404 [ 6416E79A58A8FCC33A447A4DDDD3BF04, 839E3107ACCD520C309BD6C8324DF7A8EB724EAD442AB1F1CACB0D83F84BE488 ] srv C:\Windows\system32\DRIVERS\srv.sys
13:40:30.0214 0x1404 srv - ok
13:40:30.0399 0x1404 [ 5BED3AB69797C8786EF70AEA8C33748B, 0474EE6C43D437CBA9848BCF25D1341B122D7E9F371A0FF3C62C83D14B2CB095 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
13:40:30.0439 0x1404 srv2 - ok
13:40:30.0492 0x1404 [ D047CD668E6277FD80F0C613946F034C, BD0209E7FD89F9295D4DE48C9652DF2A2990277C16AFA473B96704B1CBD2F338 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
13:40:30.0524 0x1404 srvnet - ok
13:40:30.0560 0x1404 [ BB9ED3EDD8E85008215A7250D325A72E, D3404E31B7706B25CDEA7CB4260C343B5F090E8CCB9A5FA203B0F94A9112F1B3 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
13:40:30.0600 0x1404 SSDPSRV - ok
13:40:30.0635 0x1404 [ 3911418AFDE10EA6823B7799E4815524, A73517C4C1271E666B2B3A747756070098E923742B41572AA16573170440AA07 ] SstpSvc C:\Windows\system32\sstpsvc.dll
13:40:30.0669 0x1404 SstpSvc - ok
13:40:30.0731 0x1404 [ 5252D7BC56E5E0ED715AEA8FE173A455, 1408B3E98B35A449434718777EE70595F0D306197A428279C6281D2F1953F259 ] ssudmdm C:\Windows\system32\DRIVERS\ssudmdm.sys
13:40:30.0759 0x1404 ssudmdm - ok
13:40:30.0777 0x1404 [ 366DEA74BBA65B362BCCFC6FC2ADFD8B, 4D28122AB9D8DAB724021E6513B4474BD34FCEDF47769B1D27AC7551FCA002F8 ] stexstor C:\Windows\system32\drivers\stexstor.sys
13:40:30.0790 0x1404 stexstor - ok
13:40:30.0838 0x1404 [ D638904FE86A5FE542A1BA13A9D68E5C, 89A956F932316BC50DD99B54BAF4E2809DCAA084DBB04CB84D11E5470BEAF251 ] stisvc C:\Windows\System32\wiaservc.dll
13:40:30.0909 0x1404 stisvc - ok
13:40:30.0930 0x1404 [ 0ED2E318ABB68C1A35A8B8038BDB4C90, 5C3ABC245F4BCFE64E646D9C0E2F5E211244956C84D03084C71FF6A7E0CDED30 ] storahci C:\Windows\system32\drivers\storahci.sys
13:40:30.0946 0x1404 storahci - ok
13:40:30.0962 0x1404 [ 7A08CEE1535F5A448215634C5EA74E50, 41529CDC08A3956F8FE9D5759B147E2E56E3305149EA415EB200249F7CD32094 ] storflt C:\Windows\system32\DRIVERS\vmstorfl.sys
13:40:30.0976 0x1404 storflt - ok
13:40:31.0003 0x1404 [ 6B06E2D11E604BE2B1A406C4CB3B90DE, 2DDEA1568A85AD64FCE5D10D348304FCD9BE6E96C2313353EF70A2933306D188 ] stornvme C:\Windows\system32\drivers\stornvme.sys
13:40:31.0017 0x1404 stornvme - ok
13:40:31.0038 0x1404 [ 3118058E3D07021A55324A943C6D722B, 0B255DF1977DADD2B9766EEEA814B464F0ABFA34D6439F3C453083850C121F16 ] StorSvc C:\Windows\system32\storsvc.dll
13:40:31.0065 0x1404 StorSvc - ok
13:40:31.0075 0x1404 [ 548759755BC73DAD663250239D7E0B9F, D31A05A8CE800B539420B6E545F1F4BF6E4B02EAF8366DE89CAF13A83C6CA48D ] storvsc C:\Windows\system32\drivers\storvsc.sys
13:40:31.0089 0x1404 storvsc - ok
13:40:31.0103 0x1404 [ 03618F935379614837F915D04C45FC0E, 9CC0CBA7AFC58E7F921C13FA3F5269714F1F827535A311E11EA48689C4D539DE ] storvsp C:\Windows\System32\drivers\storvsp.sys
13:40:31.0122 0x1404 storvsp - ok
13:40:31.0132 0x1404 [ D8E1AE075AB3E8AD56F69C44AA978596, CAFF5116DE7F0EEFFEBE38724BCEE7D11B44153AD35EE43E314C56D5E210758A ] svsvc C:\Windows\system32\svsvc.dll
13:40:31.0172 0x1404 svsvc - ok
13:40:31.0190 0x1404 [ 84E0F5D41C138C5CC975137A2A98F6D3, 1E36CED05E4F4365C2AB020CAF920E3959995D7F89F3FABD7B2FB05985F85F38 ] swenum C:\Windows\System32\drivers\swenum.sys
13:40:31.0219 0x1404 swenum - ok
13:40:31.0312 0x1404 [ 850EBB87584484DC16F917E7B6F4A304, C253D1DFFCDFB018432063602FB01DBCBDDD6E03458E5C366AABD4670F114B0C ] swprv C:\Windows\System32\swprv.dll
13:40:31.0394 0x1404 swprv - ok
13:40:31.0561 0x1404 [ 3DA26652B12E9AB43FD04976AC6DFD33, DEFE220D86197949E97342FE3487CD6A07DD2FFAF6D17A7C65419C2C1B9D1AB5 ] SysMain C:\Windows\system32\sysmain.dll
13:40:31.0625 0x1404 SysMain - ok
13:40:31.0665 0x1404 [ FD4EA8E9232ADD51DC31C295DDEF2768, 3EA40D7376AB5AA5DA2BCF4745C79F7BF819363466967ECC3CD15ADECBFD7244 ] SystemEventsBroker C:\Windows\System32\SystemEventsBrokerServer.dll
13:40:31.0700 0x1404 SystemEventsBroker - ok
13:40:31.0725 0x1404 [ BA6DD39266A5E15515C8C14DA2DA3E5C, 5BC917BA4E7281A67CC6CEF2F4D1972DF04DECBEFB6DED0B08FFBD06E15D4B4F ] TabletInputService C:\Windows\System32\TabSvc.dll
13:40:31.0749 0x1404 TabletInputService - ok
13:40:31.0781 0x1404 [ 3C32FF010F869BC184DF71290477384E, 55CFCEC7F026C6E2E96A2FBE846AB513BB12BB0348735274FE1B71AF019C837B ] tap0901 C:\Windows\system32\DRIVERS\tap0901.sys
13:40:31.0793 0x1404 tap0901 - ok
13:40:31.0817 0x1404 [ B517410F157693043DACA21B19B258A6, 2224EECEB575CEA811036C43BB5B0A408DE5F59BC97235AB948968E4C3E438F2 ] TapiSrv C:\Windows\System32\tapisrv.dll
13:40:31.0867 0x1404 TapiSrv - ok
13:40:32.0235 0x1404 [ CCB3A2BB60FE5073F2DEA63FE83CF8FE, 02982136236DD595D8974E6645A008D663B4DD3BC3824721E4DE4377B97887C7 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
13:40:32.0397 0x1404 Tcpip - ok
13:40:32.0636 0x1404 [ CCB3A2BB60FE5073F2DEA63FE83CF8FE, 02982136236DD595D8974E6645A008D663B4DD3BC3824721E4DE4377B97887C7 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
13:40:32.0717 0x1404 TCPIP6 - ok
13:40:32.0759 0x1404 [ 41CF802064F72E55F50CA0A221FD36D4, 70ABCDF9E96611E8C83042C581575E26649FE479475E8E118CD3FF6CB1C84C3F ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
13:40:32.0802 0x1404 tcpipreg - ok
13:40:32.0831 0x1404 [ FFF28F9F6823EB1756C60F1649560BBF, 208DFF8BF0329D0D4761C7E31527AEED7FF5F3C36C5005953D01477F35408D5C ] tdx C:\Windows\system32\DRIVERS\tdx.sys
13:40:32.0862 0x1404 tdx - ok
13:40:32.0879 0x1404 [ 232D185D2337F141311D0CF1983E1431, 02EB56D3F26174AF1741C1A444CE30DE84D5BAF583C1A52C7A953BCC52445547 ] terminpt C:\Windows\System32\drivers\terminpt.sys
13:40:32.0893 0x1404 terminpt - ok
13:40:32.0979 0x1404 [ 3D748E5558FD9A9F03182CB2330698DC, 70B2069AB7912EB49AB3ABD18D4B42CB94AC99CA6DE3F63F4888B8EAAC78AAA2 ] TermService C:\Windows\System32\termsrv.dll
13:40:33.0065 0x1404 TermService - ok
13:40:33.0087 0x1404 [ 05FBE1F7C13E87AF7A414CDF288B1F62, 24079E1A6B2E33A1A8E76A77F73473B93DD6B379E44C982CE50D6CEED9747838 ] Themes C:\Windows\system32\themeservice.dll
13:40:33.0128 0x1404 Themes - ok
13:40:33.0155 0x1404 [ FD788C2D96EA91469A3C1D13E80D7473, 7B14D4BFDE18CECC19FBFFAA5AFF5FD78BFB7FCDA6613990740A8A7DD9873D26 ] THREADORDER C:\Windows\system32\mmcss.dll
13:40:33.0177 0x1404 THREADORDER - ok
13:40:33.0262 0x1404 [ 347A3E49CE18402305B8119A6EC7CFEB, 6768B20EE577880B0353FE84B980D4A18D323929A63FAE41F7A55123BBFC8DBA ] TimeBroker C:\Windows\System32\TimeBrokerServer.dll
13:40:33.0303 0x1404 TimeBroker - ok
13:40:33.0345 0x1404 [ 82F909359600D3603FE852DB7F135626, 2EB2BB9D81AC9A2E432B2628E296B7B21F1C82EAE8009300EEF1B8596A9F418D ] TPM C:\Windows\system32\drivers\tpm.sys
13:40:33.0363 0x1404 TPM - ok
13:40:33.0379 0x1404 [ C97E14BB6A196B0554D6EB67D8818175, C00588C94988F10507F84584DFA4C0A43B8648AD1AD35E9BAE14CDD21FCF7B90 ] TrkWks C:\Windows\System32\trkwks.dll
13:40:33.0419 0x1404 TrkWks - ok
13:40:33.0462 0x1404 [ 887CC44830D3F367CAD17A0CA7CCA5C8, D4022A76433A11FD66D0F41A1EB4D6893BC5B22317E7E9E021739109EB493B44 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
13:40:33.0502 0x1404 TrustedInstaller - ok
13:40:33.0523 0x1404 [ BF8F54CA37E9C9D6582C31C5761F8C93, 337C566792F6FB9B7FD5D1D4384B767CFE4CF5DBB2E4688CCC36CBB018A0DD0F ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
13:40:33.0563 0x1404 TsUsbFlt - ok
13:40:33.0571 0x1404 [ E0088068DCE2EE82897027DDB8E05254, FA9C201D3C885DAD2ABE6A23343EDCC83CFB342EFF9E3005FA50B1D88B21D203 ] TsUsbGD C:\Windows\System32\drivers\TsUsbGD.sys
13:40:33.0609 0x1404 TsUsbGD - ok
13:40:33.0636 0x1404 [ C8E0E78B5D284C2FF59BDFFDAF997242, BA1576C491A1246EF9866762426D110F4570F9DB42A68C174943C7D5020FE3E2 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
13:40:33.0660 0x1404 tunnel - ok
13:40:33.0678 0x1404 [ F6EEAD052943B5A3104C1405BB856C54, FE422813E6C1012E9F392EFF2AE4C6D3A4DBD9CB2BD5E6A5CAB57D4E89A29468 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
13:40:33.0692 0x1404 uagp35 - ok
13:40:33.0707 0x1404 [ FE6067B1FD4E63650C667B33D080565B, 2C330ED00E49BA55E25564230E0DFB8A35F2B5320EB18D4AF7CAACFA9A449044 ] UASPStor C:\Windows\System32\drivers\uaspstor.sys
13:40:33.0722 0x1404 UASPStor - ok
13:40:33.0762 0x1404 [ B034A41891A36457B994307DFA772293, CA5E6500764A9777AE0E15B2AFB6F05982C90F01374E3F6DDC6DF3852282C66B ] UCX01000 C:\Windows\System32\drivers\ucx01000.sys
13:40:33.0794 0x1404 UCX01000 - ok
13:40:33.0821 0x1404 [ 1EC649F112896FAE33250F0B97AC5D0B, 0C0A1C2C7615DEB298AD3073340FD1BF91FEBE611F133E3B48D994A6EAA8369F ] udfs C:\Windows\system32\DRIVERS\udfs.sys
13:40:33.0853 0x1404 udfs - ok
13:40:33.0859 0x1404 [ 9578691F297E1B1F519970FE6D47CB21, 080C352AAF22A16A4F3C4AB4DCEA5BFA656457C73F735CEBA30516FDACCF6301 ] UEFI C:\Windows\System32\drivers\UEFI.sys
13:40:33.0872 0x1404 UEFI - ok
13:40:33.0902 0x1404 [ 320878AFECDBBD61BBE98624A6CAAC08, 15C090EA32A24D976B5FCB1373B1281DCC2295C075299C814345D694AEB47CB9 ] UI0Detect C:\Windows\system32\UI0Detect.exe
13:40:33.0945 0x1404 UI0Detect - ok
13:40:33.0969 0x1404 [ 5EAB5117DDB24FC4D39E6FFFCF1837B9, 2BC709240867F161E94BE6625A04F478EAAA3EEE7BC7C37ED0DFA9EEA5928E98 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
13:40:33.0983 0x1404 uliagpkx - ok
13:40:34.0000 0x1404 [ DA34C39A18E60E7C3FA0630566408034, 2F162504214053894C72760D9933D01DBF3578609FE5E2376C3272818599FE32 ] umbus C:\Windows\System32\drivers\umbus.sys
13:40:34.0030 0x1404 umbus - ok
13:40:34.0048 0x1404 [ AE8294875E5446E359B1E8035D40C05E, AE0357BAB47C07C3576BC76951CD258C009BC5A1B93259D2122A841BD9CDA8FA ] UmPass C:\Windows\System32\drivers\umpass.sys
13:40:34.0064 0x1404 UmPass - ok
13:40:34.0088 0x1404 [ E3DDF7D43E05784FAA5E042605EEE528, 8E20E880FAB09AF4FF5C438BF9EAE9970D46C05167870110869B744E498FD761 ] UmRdpService C:\Windows\System32\umrdp.dll
13:40:34.0128 0x1404 UmRdpService - ok
13:40:34.0168 0x1404 [ 4A2FFDAC45F317E17DF642C7160EB633, F1AB762912FAA5F469F322407DA37C91556086C42D1643AD27516C12A84F74D0 ] upnphost C:\Windows\System32\upnphost.dll
13:40:34.0217 0x1404 upnphost - ok
13:40:34.0240 0x1404 [ F720A06140072B31E43A96F123858AA5, CA94176F2B72247F920B2C041B36CEDE360BA19BF6A7F17149561FA39AAA4449 ] US800_01 C:\Windows\system32\DRIVERS\US800Wdm.sys
13:40:34.0250 0x1404 US800_01 - ok
13:40:34.0268 0x1404 [ A074A3491B023FB8EC826B1DF6716141, 90E898E3BEEC60A1170E93C56C03E97D5BA83D74613BBA13871D22E03918020B ] US800_AA C:\Windows\system32\DRIVERS\US800Drv.sys
13:40:34.0280 0x1404 US800_AA - ok
13:40:34.0306 0x1404 [ FF78D053A05E5A394F4E3C1816CC65A8, 5DAE02414271231F5FDBB751AFEB99874779B467947020815D4AE54432D4269D ] usbccgp C:\Windows\System32\drivers\usbccgp.sys
13:40:34.0324 0x1404 usbccgp - ok
13:40:34.0345 0x1404 [ B3D6457D841A0CAEF4C52D88621715F2, CBDD76A8A28379B107B1FB530757B477B8AB74CD01F9F3CEDC7B1BA0C6E5A990 ] usbcir C:\Windows\System32\drivers\usbcir.sys
13:40:34.0374 0x1404 usbcir - ok
13:40:34.0411 0x1404 [ 48BA326A3DBA5B5BEB5F2777F4618696, B9EC8155F11A3A7644BD9DC8910681B46AE44AE3BF53F052DF50E9C5555E3229 ] usbehci C:\Windows\System32\drivers\usbehci.sys
13:40:34.0438 0x1404 usbehci - ok
13:40:34.0475 0x1404 [ FEF0BC107812B36849741C3211BA6B60, B3EF738BE1E6B6027F29C9713CD3F367EA067D2BE46580AFBC0FB58046EF6BBD ] usbhub C:\Windows\System32\drivers\usbhub.sys
13:40:34.0510 0x1404 usbhub - ok
13:40:34.0561 0x1404 [ 65392F3F3F65E4C6CC82A0F4F8A0B051, C11B662A28D95820717DFFC6B76DBB755E4876009A2342E5E3992DE32D6BFF61 ] USBHUB3 C:\Windows\System32\drivers\UsbHub3.sys
13:40:34.0592 0x1404 USBHUB3 - ok
13:40:34.0631 0x1404 [ 3019097FB6C985EF24C058090FF3BDBD, 24AC518D34E338D94BF3D5B3F72E53F8A1369BAA7F32FEA3EDBCF928C4FF1D17 ] usbohci C:\Windows\System32\drivers\usbohci.sys
13:40:34.0679 0x1404 usbohci - ok
13:40:34.0698 0x1404 [ 4D655E3B684BE9B0F7FFD8A2935C348C, 3A7FC1748C5AEA8CFE0E7C22ADC77E3DCA475455FC16D9C6A5C16EB5E949A516 ] usbprint C:\Windows\System32\drivers\usbprint.sys
13:40:34.0739 0x1404 usbprint - ok
13:40:34.0771 0x1404 [ 66732C13628BDB1AB0D6FD46027327C2, B582C0F348D8F79419CA5A58F10CA151E06D7CA3BE162344CADA46D9D7FED97C ] USBSTOR C:\Windows\System32\drivers\USBSTOR.SYS
13:40:34.0790 0x1404 USBSTOR - ok
13:40:34.0807 0x1404 [ 064260B3A5868AC894A4943543BC7AB7, D3534E98B34C4AC9A430D7E0AB301A0E5E1511E3117C2FEA392636B0DE2C38E2 ] usbuhci C:\Windows\System32\drivers\usbuhci.sys
13:40:34.0842 0x1404 usbuhci - ok
13:40:34.0882 0x1404 [ 48430B0313FC1CFE3D2400553F1A93CD, 92994DE6B131E904AFF2C9C4FBB4E6B0D58525A1539763327373DA18C9F08193 ] USBXHCI C:\Windows\System32\drivers\USBXHCI.SYS
13:40:34.0908 0x1404 USBXHCI - ok
13:40:34.0924 0x1404 [ F6F209DDB94959BA104FC8FC87C53759, 8E862D41F4332EABF64BD034E2C0E3CC8109C7990CB4112C2B2880E8E6EDF2D3 ] VaultSvc C:\Windows\system32\lsass.exe
13:40:34.0941 0x1404 VaultSvc - ok
13:40:35.0319 0x1404 [ 1352B215BDC5807A5641E7C143796DD7, B54F95307253BB81E4CEE4F2033782210652364DE6A1E833B27ECE7E04A2BD51 ] VBoxAswDrv C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys
13:40:35.0348 0x1404 VBoxAswDrv - ok
13:40:35.0378 0x1404 [ FEB26E3B8345A7E8D62F945C4AE86562, 3AAFE87C402FC8E92542DFE60EC9540559863065F88D429A16D7B1BF829223FF ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
13:40:35.0392 0x1404 vdrvroot - ok
13:40:35.0561 0x1404 [ E3EF58D4123B5AA29C8E19825AF84A5E, FB1046722BC643E955DBC3B1459DBF2A6D575EBA2BCF7B20A0FA51E3993835E2 ] vds C:\Windows\System32\vds.exe
13:40:35.0652 0x1404 vds - ok
13:40:35.0692 0x1404 [ A026EDEAA5EECAE0B08E2748B616D4BD, 2525A54DC7F49DDFBB999C22BF3FAB6D9E9F70C0806E58D81E90AC59F9F46089 ] VerifierExt C:\Windows\system32\drivers\VerifierExt.sys
13:40:35.0711 0x1404 VerifierExt - ok
13:40:35.0755 0x1404 [ 52E483A3701A5A61A75A06993720347D, 689E812755E485DF6960D1E049740FBAFB812467D23B673DCAA40C03FEBB544F ] vhdmp C:\Windows\System32\drivers\vhdmp.sys
13:40:35.0794 0x1404 vhdmp - ok
13:40:35.0808 0x1404 [ 06D38968028E9AB19DE9B618C7B6D199, 62022297A47F440D1C82CA0B0E57C0C8E9D5033D83DD3B40492B218DF65EBF68 ] viaide C:\Windows\system32\drivers\viaide.sys
13:40:35.0821 0x1404 viaide - ok
13:40:35.0854 0x1404 [ 3CE922E34DB12D9F3C0EA856BC09687C, E50A1885FBC775E49614989ECFEA4ACBBDDA16AF459CC5361EED9E23CC7CD42C ] Vid C:\Windows\System32\drivers\Vid.sys
13:40:35.0883 0x1404 Vid - ok
13:40:35.0904 0x1404 [ C6305BDFC4F7CE51F72BB072C03D4ACE, 73E62869CA3104F48CC3B0C45E69CE9BF4F8D7D06E29C2F049B9347ABB50554D ] vmbus C:\Windows\system32\drivers\vmbus.sys
13:40:35.0920 0x1404 vmbus - ok
13:40:35.0935 0x1404 [ DA40BEA0A863CE768C940CA9723BF81F, 567C0C3F422325635808B0CF76E05D3B6187F96845C33F85F92F98C9FE53A5B8 ] VMBusHID C:\Windows\System32\drivers\VMBusHID.sys
13:40:35.0952 0x1404 VMBusHID - ok
13:40:35.0971 0x1404 [ 68F8C26DEA2D42E8DEC0778943433C80, 81E8F9D62815F94952CEEABD0689473CC330F7890F66872DCD35A43C06ED33CD ] vmbusr C:\Windows\System32\drivers\vmbusr.sys
13:40:36.0004 0x1404 vmbusr - ok
13:40:36.0074 0x1404 [ 9067880BBB1C18703DBFF27D731D7ECA, 0044246249F4B945D72BBC0FEF9BF3C31E62F57CBF77615A95213B36A29F0C71 ] vmicguestinterface C:\Windows\System32\ICSvc.dll
13:40:36.0111 0x1404 vmicguestinterface - ok
13:40:36.0133 0x1404 [ 9067880BBB1C18703DBFF27D731D7ECA, 0044246249F4B945D72BBC0FEF9BF3C31E62F57CBF77615A95213B36A29F0C71 ] vmicheartbeat C:\Windows\System32\ICSvc.dll
13:40:36.0163 0x1404 vmicheartbeat - ok
13:40:36.0197 0x1404 [ 9067880BBB1C18703DBFF27D731D7ECA, 0044246249F4B945D72BBC0FEF9BF3C31E62F57CBF77615A95213B36A29F0C71 ] vmickvpexchange C:\Windows\System32\ICSvc.dll
13:40:36.0226 0x1404 vmickvpexchange - ok
13:40:36.0255 0x1404 [ 9067880BBB1C18703DBFF27D731D7ECA, 0044246249F4B945D72BBC0FEF9BF3C31E62F57CBF77615A95213B36A29F0C71 ] vmicrdv C:\Windows\System32\ICSvc.dll
13:40:36.0284 0x1404 vmicrdv - ok
13:40:36.0317 0x1404 [ 9067880BBB1C18703DBFF27D731D7ECA, 0044246249F4B945D72BBC0FEF9BF3C31E62F57CBF77615A95213B36A29F0C71 ] vmicshutdown C:\Windows\System32\ICSvc.dll
13:40:36.0346 0x1404 vmicshutdown - ok
13:40:36.0382 0x1404 [ 9067880BBB1C18703DBFF27D731D7ECA, 0044246249F4B945D72BBC0FEF9BF3C31E62F57CBF77615A95213B36A29F0C71 ] vmictimesync C:\Windows\System32\ICSvc.dll
13:40:36.0411 0x1404 vmictimesync - ok
13:40:36.0458 0x1404 [ 9067880BBB1C18703DBFF27D731D7ECA, 0044246249F4B945D72BBC0FEF9BF3C31E62F57CBF77615A95213B36A29F0C71 ] vmicvss C:\Windows\System32\ICSvc.dll
13:40:36.0487 0x1404 vmicvss - ok
13:40:36.0522 0x1404 [ 55D7D963DE85162F1C49721E502F9744, 5AD34D6DB707EF3E5242BD8CA67B21D6258EE7E7FC477D5227BD15500AE7F45F ] volmgr C:\Windows\system32\drivers\volmgr.sys
13:40:36.0537 0x1404 volmgr - ok
13:40:36.0572 0x1404 [ CCB9E901F7254BF96D28EB1B0E5329B7, F0E3CA4EFA544CDAEF4092284CF3EC7DF07F806A770285E281816457AD8813F5 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
13:40:36.0598 0x1404 volmgrx - ok
13:40:36.0701 0x1404 [ 64CA2B4A49A8EAF495E435623ECCE7DB, 81151F295A54DE2B8B88C7F48C86BF58CDFF96F98493509C06D6F41484594386 ] volsnap C:\Windows\system32\drivers\volsnap.sys
13:40:36.0735 0x1404 volsnap - ok
13:40:36.0750 0x1404 [ 01355C98B5C3ED1EC446743CDA848FCE, B9FCF558C20E05DD0F53FFB70BBEF873EA57801E13A16701E636128D625C4B67 ] vpci C:\Windows\System32\drivers\vpci.sys
13:40:36.0765 0x1404 vpci - ok
13:40:36.0779 0x1404 [ ADBE96C33D1A5BB1BBAF90B4BC84F523, 6E9C9ED3D51E4B6E494D42ECA6F824AD86D676C12C39BBE6B8BD96366BCB02DA ] vpcivsp C:\Windows\System32\drivers\vpcivsp.sys
13:40:36.0811 0x1404 vpcivsp - ok
13:40:36.0835 0x1404 [ 4539F45F9F4C9757A86A56C949421E07, DEC362314B2C66414F39354AFE79C02B18BF4EEF90787FB58307F6EB62237E2C ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
13:40:36.0854 0x1404 vsmraid - ok
13:40:37.0114 0x1404 [ E369C59F2C0852DDD090C07E0DDE0051, 4FAC94458EAAEED4F84A86FBAB8FBB332D0AF85BD528E63C0C058A2DA8E3011D ] VSS C:\Windows\system32\vssvc.exe
13:40:37.0201 0x1404 VSS - ok
13:40:37.0232 0x1404 [ 0849B7260F26FE05EA56DED0672E2F4B, 7EAC0E7988F45CB4133A15932955B7B03CE715C967A3BAC9999D81543EBCAEC5 ] VSTXRAID C:\Windows\system32\drivers\vstxraid.sys
13:40:37.0255 0x1404 VSTXRAID - ok
13:40:37.0277 0x1404 [ BE970C369E43B509C1EDA2B8FA7CECB0, 18951F2AA842A0795AA79A4E164EE925A35E6270EBE4C4CDB19D0A891830E383 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
13:40:37.0312 0x1404 vwifibus - ok
13:40:37.0373 0x1404 [ 35BF5C5F5E3C9902C98978C7640574DA, C61E50B04000DCEC72365723F0C0725C2E005529DAF2777A59E624C14DA29E55 ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
13:40:37.0474 0x1404 vwififlt - ok
13:40:37.0505 0x1404 [ 65ED7B9CFEA893DF7748D5FF692690DE, 73AB9D8BB928B3247BDFC7BB47AD7FCA763B375DC250C251DB4E0573531040E8 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
13:40:37.0543 0x1404 vwifimp - ok
13:40:37.0584 0x1404 [ 7599E582CA3A6AAA95A18FFE1172D339, A0410778FBBC4302EA91CF24B944427410B4706535F1192504D4F34C3ED4503E ] W32Time C:\Windows\system32\w32time.dll
13:40:37.0629 0x1404 W32Time - ok
13:40:37.0675 0x1404 [ 0910AB9ED404C1434E2D0376C2AD5D8B, 62585CA5F1375BDA440D28D5DF1ADDC9DE3DDFA196D49BBFF3456A5A09EE1C6B ] WacomPen C:\Windows\System32\drivers\wacompen.sys
13:40:37.0705 0x1404 WacomPen - ok
13:40:37.0882 0x1404 [ 61692DB39AD3DF2F29392D68EAA7BB93, 854D4B9C7DD1676968598ED973500650ECEC02C420E44C0B3957C24F073AA5FB ] wbengine C:\Windows\system32\wbengine.exe
13:40:37.0996 0x1404 wbengine - ok
13:40:38.0068 0x1404 [ 3BC1D1D56637A32CD91C8AE08E2484AA, 9EE1BD3FB0D289E25F3DDD0D8F67DC1C701A6B1D5418FADF348D0E642B1DEBEB ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
13:40:38.0126 0x1404 WbioSrvc - ok
13:40:38.0170 0x1404 [ A07CFC4B593D15B6BF06813C3B5B33BF, B57BD918E2AFF9943B51A24B95E0C4D3482B4DF73C0E2421E8CC67C2BC7A4C70 ] Wcmsvc C:\Windows\System32\wcmsvc.dll
13:40:38.0217 0x1404 Wcmsvc - ok
13:40:38.0280 0x1404 [ D2726823DF7E19F213F4805A9D6D145F, A7F582C99918D204264D3B374F70D75984BDA5805203041E3DECB8153D16E102 ] wcncsvc C:\Windows\System32\wcncsvc.dll
13:40:38.0334 0x1404 wcncsvc - ok
13:40:38.0360 0x1404 [ 846C02A8B48CBD921A3D6AB521AA0DC4, B07573A774A6C65D24E5718DC25DF378270EB5B40221CA5A53B21D47838381D3 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
13:40:38.0402 0x1404 WcsPlugInService - ok
13:40:38.0428 0x1404 [ 1751F6B031ADAC34724511057D2E455D, BCBC77DE02718868302F7469E8FBB8F2E7E0F8A5D3E46A5B4D48713E829FBAF6 ] WdBoot C:\Windows\system32\drivers\WdBoot.sys
13:40:38.0442 0x1404 WdBoot - ok
13:40:38.0472 0x1404 [ A3D04EBF5227886029B4532F20D026F7, D90F7B9C176008675DA0B5FD7E4973CBC2A04172CEDF8FB7D3B3B4F27B5440D7 ] WDC_SAM C:\Windows\System32\drivers\wdcsam64.sys
13:40:38.0494 0x1404 WDC_SAM - ok
13:40:38.0558 0x1404 [ CB6C63FF8342B467E2EF76E98D5B934D, BE017CE91E3BAB293DE6ECF143797CCE3F33CC63024437472B4E38C6961AD884 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
13:40:38.0615 0x1404 Wdf01000 - ok
13:40:38.0641 0x1404 [ D296D0F0DB2CD1504F90405603664493, 9531034AE2E027B5C7366713AA9003085501800B35F971D1CE7FFB8E5DAE3825 ] WdFilter C:\Windows\system32\drivers\WdFilter.sys
13:40:38.0669 0x1404 WdFilter - ok
13:40:38.0685 0x1404 [ 40C67D1A4891120874767F6E6604D6C5, 4D9DD658566DE711ADF4D6C33FCB31DA351EE050E3ED188664D04526CCAAEEF5 ] WdiServiceHost C:\Windows\system32\wdi.dll
13:40:38.0721 0x1404 WdiServiceHost - ok
13:40:38.0729 0x1404 [ 40C67D1A4891120874767F6E6604D6C5, 4D9DD658566DE711ADF4D6C33FCB31DA351EE050E3ED188664D04526CCAAEEF5 ] WdiSystemHost C:\Windows\system32\wdi.dll
13:40:38.0756 0x1404 WdiSystemHost - ok
13:40:38.0794 0x1404 [ 9F4DF0043965808973023A9B51A11136, 3A799125CBC5C214D9FBB91C348B39563B1FDB7403B520270752E9A177464723 ] WdNisDrv C:\Windows\system32\Drivers\WdNisDrv.sys
13:40:38.0822 0x1404 WdNisDrv - ok
13:40:38.0847 0x1404 WdNisSvc - ok
13:40:38.0918 0x1404 [ 91B18D7A1702ED589E67C6C81052B955, 5D1DA8B86106A28E50BBCCB36527CC130D41201F5BE1D3DC5F1D6F7ECCF807BA ] WebClient C:\Windows\System32\webclnt.dll
13:40:38.0966 0x1404 WebClient - ok
13:40:38.0990 0x1404 [ 3274312F263882B51B964329FAF49734, 99A020377ACF0762BE5ECD2D68EB5E1497B9D59963247E725F7F96FB5DF41FAD ] Wecsvc C:\Windows\system32\wecsvc.dll
13:40:39.0030 0x1404 Wecsvc - ok
13:40:39.0046 0x1404 [ 7CDD84E0023A0C5C230B06A7965EC65E, 6EC7DC18C76D66CF9A893C3DD20F9BE3ADD76546F9A9BA42CE4F24854709F9D9 ] WEPHOSTSVC C:\Windows\system32\wephostsvc.dll
13:40:39.0080 0x1404 WEPHOSTSVC - ok
13:40:39.0116 0x1404 [ 959534ACF085C137D2D094384EF89C45, D029F440789FE170A1C46217C6DE6D78DC0188A5CF33FCCC17FA65D3BC80C2B7 ] wercplsupport C:\Windows\System32\wercplsupport.dll
13:40:39.0161 0x1404 wercplsupport - ok
13:40:39.0197 0x1404 [ 82BCCF5FBE47AC9E8CBA2020994DFB3F, EA96C6BD98A701B465D0780EC10BDA92E45FE636D60C1385813AA3B456D8B931 ] WerSvc C:\Windows\System32\WerSvc.dll
13:40:39.0236 0x1404 WerSvc - ok
13:40:39.0265 0x1404 [ BFBE1C5F57FE7A885673A1962D5532B7, F0BD05B257108699FE6AB32EF11F927C31932F27062A705B3FEFA4F5B4C0D8C3 ] WFPLWFS C:\Windows\system32\DRIVERS\wfplwfs.sys
13:40:39.0282 0x1404 WFPLWFS - ok
13:40:39.0301 0x1404 [ E06AFE2F94BA7CFA2FE4FD2A449E60E2, 99A81E16366E9E77905D873B0246E4C11B383FE1E99E0E1D9A07FAD4E52EA9E4 ] WiaRpc C:\Windows\System32\wiarpc.dll
13:40:39.0322 0x1404 WiaRpc - ok
13:40:39.0343 0x1404 [ 867BCC69ED9C31C501465EB0E8BA9DFA, 678B7FF4D4E8624514301956CDA7FB451159BBFC83FF2E4E5E7DADAE3C7AB2EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
13:40:39.0356 0x1404 WIMMount - ok
13:40:39.0362 0x1404 WinDefend - ok
13:40:39.0429 0x1404 [ DD079EC8F44DCA3A176B345C6ADEFB66, 6CD9371B83EA23D2181891FAE1DB285BC111A78C35F374E57666ED09860C91A9 ] WinHttpAutoProxySvc C:\Windows\system32\winhttp.dll
13:40:39.0490 0x1404 WinHttpAutoProxySvc - ok
13:40:39.0543 0x1404 [ 9DB490F3E823C5C3C070644B96CB9D59, 81937D0B331E43C7C61514E60B3AD51370C5201F7B4D12F8534840D91EDC32DD ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
13:40:39.0572 0x1404 Winmgmt - ok
13:40:39.0811 0x1404 [ 9CE162EB9057CF079736F4DD00FC0D6C, 412C34557866D2A3B3CDAFA5A03B87C01AACF75E349802E511098B20137028D9 ] WinRM C:\Windows\system32\WsmSvc.dll
13:40:39.0931 0x1404 WinRM - ok
13:40:39.0964 0x1404 [ AC263C2F66405589528995AA41040599, 81B46E551D6130A2C3D113EC3B563CEDB5A06BB340986C0E03136CE5BE729481 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
13:40:39.0990 0x1404 WinUsb - ok
13:40:40.0099 0x1404 [ 3F5EF31C6AA204B099EE76497DF80A26, CBE648A4E7E1D98A3D8C72582C1CB3C2FD2329EAA24EE4DCAD271AAA6F4D82CE ] WlanSvc C:\Windows\System32\wlansvc.dll
13:40:40.0170 0x1404 WlanSvc - ok
13:40:40.0375 0x1404 [ 5F56C0DE776C7AE43AF749845BFAA1EF, 837993C5853B7E682C7FB8401B7F5D951FFD15E5659EBB1B01DC3F5719ACEE19 ] wlidsvc C:\Windows\system32\wlidsvc.dll
13:40:40.0489 0x1404 wlidsvc - ok
13:40:40.0518 0x1404 [ 2834D9D3B4F554A39C72F00EA3F0E128, D10124343C67FE9A0B711AD569BB8080495FCEA0ECEF9AC3F3FBD6865F436A44 ] WmiAcpi C:\Windows\System32\drivers\wmiacpi.sys
13:40:40.0540 0x1404 WmiAcpi - ok
13:40:40.0593 0x1404 [ 7AFAC828F52D62F304A911EC32F42EEE, 4EDCF4149069413A166169F2E23F7505F47B39B7EC319E1EF6D2C46CD140AA24 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
13:40:40.0636 0x1404 wmiApSrv - ok
13:40:40.0656 0x1404 WMPNetworkSvc - ok
13:40:40.0693 0x1404 [ 7FC5667DF73D4B04AA457CC3A4180E09, CB7B014945DCA16B6D120DBE0E5876C4C867A4ACD3C3536AEADC14B908613D4E ] Wof C:\Windows\system32\drivers\Wof.sys
13:40:40.0725 0x1404 Wof - ok
13:40:40.0929 0x1404 [ 61BF52E9FFAB27A0B6D621BE26088373, 81291D52C381360E69D51E7DEB05CFAC651A7E9EF781CA23062C0583D0C94708 ] workfolderssvc C:\Windows\system32\workfolderssvc.dll
13:40:41.0063 0x1404 workfolderssvc - ok
13:40:41.0092 0x1404 [ 182561A14F2E93E81E66FE3700D17A5A, FB9A06058A8BCCEDCDC5BF8899D9B2FBA5752C262C5FC6D2B8338884F3303D12 ] wpcfltr C:\Windows\system32\DRIVERS\wpcfltr.sys
13:40:41.0108 0x1404 wpcfltr - ok
13:40:41.0133 0x1404 [ 4E6A0F60DA7EF050D3D26417CD4D24E9, E6B3BFB007B641D41F8532ED086F92CB3D86E210023DBFAA9AD8152A9FD33CCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
13:40:41.0163 0x1404 WPCSvc - ok
13:40:41.0195 0x1404 [ 618A19EB31ECA7B7F2AA0207BAF598A5, CB18CF9B781EAB3D775F8201F294A7135E058D6C963D2CC759DCA14D95EED538 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
13:40:41.0247 0x1404 WPDBusEnum - ok
13:40:41.0270 0x1404 [ 9F2904B55F6CECCD1A8D986B5CE2609A, E19ED4DD3CEF3A22C058FC324824604FB3FC98A029C94E6C2A3389F938D680B6 ] WpdUpFltr C:\Windows\system32\drivers\WpdUpFltr.sys
13:40:41.0283 0x1404 WpdUpFltr - ok
13:40:41.0295 0x1404 [ AE072B0339D0A18E455DC21666CAD572, AB1DAEA25E2C7AD610818D4B4783F6D4190D85EBB3963BBAD410E8CEA7899EDB ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
13:40:41.0314 0x1404 ws2ifsl - ok
13:40:41.0364 0x1404 [ 9654DE19551093CD73874281E1573C94, 5E3513EC0CB180D90904BE8970AB64A4434279E8C467AE2CF693254E47B1D11E ] wscsvc C:\Windows\System32\wscsvc.dll
13:40:41.0404 0x1404 wscsvc - ok
13:40:41.0410 0x1404 WSearch - ok
13:40:41.0691 0x1404 [ 95B6670E6933E1DEE19686C55BE709A0, 4B9EB8F1712B7959A71F6DA445D29BD09B25EEFC6B30D736EFE30163D79B233E ] WSService C:\Windows\System32\WSService.dll
13:40:41.0901 0x1404 WSService - ok
13:40:42.0273 0x1404 [ D24002EB2F4A8A04897703067E81CC5D, 03806198D26DD7BA3E27EFE0911B49E5B48CAD8A05EC4F56AF45CF1E3FAD6916 ] wuauserv C:\Windows\system32\wuaueng.dll
13:40:42.0467 0x1404 wuauserv - ok
13:40:42.0515 0x1404 [ D537815E450A149752C15868392AD1F3, 8788CE493349299DB36E409C8CC3C6EA08301FA492C95D9D556E00BC13A05F13 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
13:40:42.0572 0x1404 WudfPf - ok
13:40:42.0621 0x1404 [ 7CCBBCEE408A5DBE3FE47297DB5A6CFC, FB44B65B37B1C1A12C618E16BEF195EF861A87179B9216E43024C671C3AE052C ] WUDFRd C:\Windows\System32\drivers\WUDFRd.sys
13:40:42.0652 0x1404 WUDFRd - ok
13:40:42.0668 0x1404 [ 7CCBBCEE408A5DBE3FE47297DB5A6CFC, FB44B65B37B1C1A12C618E16BEF195EF861A87179B9216E43024C671C3AE052C ] WUDFSensorLP C:\Windows\System32\drivers\WUDFRd.sys
13:40:42.0690 0x1404 WUDFSensorLP - ok
13:40:42.0724 0x1404 [ 9CDC2059A23E3C9B57696178508777E7, B680A2E2EDA5C8C6A547E7D9B2F2F8E6407C3EA0A01B82A4B88D48A27913A597 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
13:40:42.0758 0x1404 wudfsvc - ok
13:40:42.0775 0x1404 [ 7CCBBCEE408A5DBE3FE47297DB5A6CFC, FB44B65B37B1C1A12C618E16BEF195EF861A87179B9216E43024C671C3AE052C ] WUDFWpdFs C:\Windows\system32\DRIVERS\WUDFRd.sys
13:40:42.0801 0x1404 WUDFWpdFs - ok
13:40:42.0813 0x1404 [ 7CCBBCEE408A5DBE3FE47297DB5A6CFC, FB44B65B37B1C1A12C618E16BEF195EF861A87179B9216E43024C671C3AE052C ] WUDFWpdMtp C:\Windows\system32\DRIVERS\WUDFRd.sys
13:40:42.0833 0x1404 WUDFWpdMtp - ok
13:40:42.0923 0x1404 [ 2FA9794CA36147756F3FDFD6CA29B46F, 4B86DC38C2411C281686E9A4E64DA6FB2992E39391371F78E012D6D8BB85123F ] WwanSvc C:\Windows\System32\wwansvc.dll
13:40:42.0967 0x1404 WwanSvc - ok
13:40:43.0019 0x1404 ================ Scan global ===============================
13:40:43.0137 0x1404 [ C89780A6F58D113C28A96D85D1261DC5, 185114F33A60916C7904E4A0F278CA43258454343E614F01F0DAFA98BAC981B1 ] C:\Windows\system32\basesrv.dll
13:40:43.0171 0x1404 [ 00DD4D2ACC2E72155A8AAA82018BEC0D, 9D7CA68B4A81240477FCC85A3CC11EF986093F9D6228A6C5AC608EDAD664068C ] C:\Windows\system32\winsrv.dll
13:40:43.0204 0x1404 [ 9C1833ABD62876856836C5AE55C7CE86, 0A21E2C8B2FF3B0438C86DA7151A548F9C6F5C62CD402CBBEDB435994C8508F1 ] C:\Windows\system32\sxssrv.dll
13:40:43.0251 0x1404 [ 067CB90C277DB4A737D5DEABA3055972, C681BF013170F2D92A3FC4D783FC3F200CDC0C8173373B7ECC27FCF32A03CCBD ] C:\Windows\system32\services.exe
13:40:43.0267 0x1404 [ Global ] - ok
13:40:43.0267 0x1404 ================ Scan MBR ==================================
13:40:43.0275 0x1404 [ EA923EB0EC0060F1451E9AD7B5762CFE ] \Device\Harddisk0\DR0
13:40:43.0560 0x1404 \Device\Harddisk0\DR0 - ok
13:40:43.0854 0x1404 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk1\DR1
13:40:44.0052 0x1404 \Device\Harddisk1\DR1 - ok
13:40:44.0052 0x1404 ================ Scan VBR ==================================
13:40:44.0066 0x1404 [ CD3A218AC7D0A0298D1570351A66DF90 ] \Device\Harddisk0\DR0\Partition1
13:40:44.0093 0x1404 \Device\Harddisk0\DR0\Partition1 - ok
13:40:44.0110 0x1404 [ D27603B4B0F44DFC93F1B2583F8EBE4D ] \Device\Harddisk0\DR0\Partition2
13:40:44.0146 0x1404 \Device\Harddisk0\DR0\Partition2 - ok
13:40:44.0151 0x1404 [ BF16C15BFF29C1185600170DB54813C8 ] \Device\Harddisk1\DR1\Partition1
13:40:44.0168 0x1404 \Device\Harddisk1\DR1\Partition1 - ok
13:40:44.0169 0x1404 ================ Scan generic autorun ======================
13:40:44.0329 0x1404 [ 7FB2571A596467166E240D00C10690F0, 81912C242ABEF16BA68CDFD3F53714D9D8AD6A1C243CD2C47C1C30A424AF3D15 ] C:\Program Files\NVIDIA Corporation\Raid\nvraidservice.exe
13:40:44.0358 0x1404 NVRaidService - ok
13:40:44.0503 0x1404 [ A69D1E03FC1067321768E4B7A305CF6B, 6337827467B6390FFCB57A12ACE21C292BD0331A7E797C659B4B4291D88D8A2B ] C:\Windows\system32\US800Pan.exe
13:40:44.0599 0x1404 US800Pane - ok
13:40:44.0928 0x1404 [ 5FC6AD6AE07F8827F954C4C6B73568E2, 6A2C1328BFBFB8D41CE268C2D1C26B1E2FCF2E426A98A740536689FB568ACFE9 ] C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe
13:40:44.0975 0x1404 StartCCC - ok
13:40:45.0105 0x1404 [ D95924A87EE5ACF033BA832AA03F0875, 5C8DC0D9668390C33B85683FB6E2DC1C7FF8EEB35B5999B88DE8C26DBEB290FF ] C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
13:40:45.0162 0x1404 SoundMAXPnP - ok
13:40:45.0673 0x1404 [ 1C2CC2F54DCA024601989E956B7AF213, 5E30A1D0907CBB1C73D44B068C612DA1DCC0013E0A12919850CF97971B819322 ] C:\Program Files (x86)\Analog Devices\SoundMAX\soundmax.exe
13:40:45.0805 0x1404 SoundMAX - detected UnsignedFile.Multi.Generic ( 1 )
13:40:48.0358 0x1404 Detect skipped due to KSN trusted
13:40:48.0358 0x1404 SoundMAX - ok
13:40:48.0606 0x1404 [ 504C916D52ABA407FD4DC1E709AEA71E, 8F279620247481F28DF7D9FD4A81173396E39EB807E24587E89CAF1172CC846C ] C:\Program Files (x86)\avmwlanstick\wlangui.exe
13:40:48.0716 0x1404 AVMWlanClient - detected UnsignedFile.Multi.Generic ( 1 )
13:40:51.0254 0x1404 Detect skipped due to KSN trusted
13:40:51.0254 0x1404 AVMWlanClient - ok
13:40:51.0880 0x1404 [ 695BE0A3D240FFF4B876D9289110634A, C4F4A2D0E09DCA92C74C805FB77C0710213CD9DD8B6D62499373F8E56B83C8A9 ] C:\Program Files\AVAST Software\Avast\AvastUI.exe
13:40:52.0010 0x1404 AvastUI.exe - ok
13:40:52.0113 0x1404 [ 3FDCA1F725CA8E367B9DBBC43F983423, 95DCC1C68433FA8E0223F0A798A2BEC269564C6107E246222202757E2503E6DA ] C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
13:40:52.0144 0x1404 SunJavaUpdateSched - ok
13:40:52.0145 0x1404 Waiting for KSN requests completion. In queue: 2
13:40:53.0146 0x1404 Waiting for KSN requests completion. In queue: 2
13:40:54.0154 0x1404 Waiting for KSN requests completion. In queue: 2
13:40:55.0208 0x1404 AV detected via SS2: Windows Defender, C:\Program Files\Windows Defender\MSASCui.exe ( 4.7.205.0 ), 0x60100 ( disabled : updated )
13:40:55.0210 0x1404 AV detected via SS2: avast! Antivirus, C:\Program Files\AVAST Software\Avast\VisthAux.exe ( 10.0.2208.712 ), 0x41000 ( enabled : updated )
13:40:55.0214 0x1404 Win FW state via NFP2: enabled
13:40:57.0655 0x1404 ============================================================
13:40:57.0655 0x1404 Scan finished
13:40:57.0655 0x1404 ============================================================
13:40:57.0666 0x15cc Detected object count: 0
13:40:57.0666 0x15cc Actual detected object count: 0
|
|
24.05.2015, 13:06
| #15 |
| | Telekom Brief Zeus/Zbot sooo Dann die Ergebnisse vom Scan beim ersten Laptop meiner Mitbewohner (ich nenne ihn hier einfach mal Laptop2) Laptop2 FRST: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 24-05-2015
Ran by Doppel D (administrator) on DEISSLER on 24-05-2015 13:58:25
Running from C:\Users\Doppel D\Desktop
Loaded Profiles: Doppel D (Available Profiles: Doppel D)
Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Softex Inc.) C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Juniper Networks, Inc.) C:\Program Files (x86)\Common Files\Juniper Networks\JUNS\dsAccessService.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files (x86)\Realtek\REALTEK Bluetooth\BTDevMgr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\Dragon Notes\Core\DACore.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel(R) Corporation) C:\Program Files\Intel Corporation\Intel(R) Technology Access\IntelTechnologyAccessService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Expansion Programs International, Inc.) C:\SIMULIA\Documentation\monitor.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Expansion Programs International, Inc.) C:\SIMULIA\Documentation\monitor.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Juniper Networks, Inc.) C:\Program Files (x86)\Common Files\Juniper Networks\JUNS\dsAccessService.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\ClientCore.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe
() C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Pokki) C:\Users\Doppel D\AppData\Local\Pokki\Engine\HostAppServiceUpdater.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\Power2Go8\Power2GoExpress8.exe
() C:\Program Files (x86)\MP4 Player\Mp4Player.exe
(Dropbox, Inc.) C:\Users\Doppel D\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Juniper Networks, Inc.) C:\Program Files (x86)\Common Files\Juniper Networks\JamUI\Pulse.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Geek Software GmbH) C:\Program Files (x86)\PDF24\pdf24.exe
() C:\Windows\Samsung\PanelMgr\SSMMgr.exe
() C:\Windows\twain_32\Samsung\CLX3170\Scan2Pc.exe
() C:\Windows\Samsung\PanelMgr\caller64.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerSt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(WildTangent) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Pokki) C:\Users\Doppel D\AppData\Local\Pokki\Engine\HostAppService.exe
(Pokki) C:\Users\Doppel D\AppData\Local\Pokki\Engine\HostAppService.exe
(Pokki) C:\Users\Doppel D\AppData\Local\Pokki\Engine\StartMenuIndexer.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7666392 2014-12-11] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2818800 2014-04-22] (Synaptics Incorporated)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767200 2014-04-06] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [JunosPulse] => C:\Program Files (x86)\Common Files\Juniper Networks\JamUI\Pulse.exe [2521944 2014-10-06] (Juniper Networks, Inc.)
HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [193568 2014-11-28] (Geek Software GmbH)
HKLM-x32\...\Run: [Samsung PanelMgr] => C:\Windows\Samsung\PanelMgr\SSMMgr.exe [552960 2009-02-27] ()
HKLM-x32\...\Run: [3170 Scan2PC] => C:\Windows\Twain_32\Samsung\CLX3170\Scan2pc.exe [503808 2009-01-30] ()
HKLM-x32\...\Run: [AccelerometerSysTrayApplet] => C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerST.exe [126240 2014-04-01] (Hewlett-Packard Company)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [728312 2015-05-05] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe [509192 2014-12-01] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [129272 2015-03-16] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKU\S-1-5-21-1312067100-3160384092-1139304428-1002\...\Run: [Pokki] => "%LOCALAPPDATA%\Pokki\Engine\HostAppServiceUpdater.exe" /LOGON
HKU\S-1-5-21-1312067100-3160384092-1139304428-1002\...\Run: [Power2GoExpress8] => C:\Program Files (x86)\CyberLink\Power2Go8\Power2GoExpress8.exe [1718536 2014-07-24] (CyberLink Corp.)
HKU\S-1-5-21-1312067100-3160384092-1139304428-1002\...\Run: [MP4 Player] => C:\Program Files (x86)\MP4 Player\mp4Player.exe [772096 2008-11-06] ()
Startup: C:\Users\Doppel D\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2015-01-20]
ShortcutTarget: Dropbox.lnk -> C:\Users\Doppel D\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Doppel D\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Sidebar286.lnk [2015-05-24]
ShortcutTarget: Sidebar286.lnk -> C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Doppel D\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Doppel D\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Doppel D\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Doppel D\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Doppel D\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Doppel D\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Doppel D\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Doppel D\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-04-14] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-04-14] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-04-14] (Microsoft Corporation)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPNOT14/4
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPNOT14/4
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPNOT14/4
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPNOT14/4
HKU\S-1-5-21-1312067100-3160384092-1139304428-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPNOT14/4
HKU\S-1-5-21-1312067100-3160384092-1139304428-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPNOT14/4
SearchScopes: HKLM -> {8773227C-0654-4ED7-9FAA-408D4FA95AAA} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de2-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 -> {8773227C-0654-4ED7-9FAA-408D4FA95AAA} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de2-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-1312067100-3160384092-1139304428-1002 -> {8773227C-0654-4ED7-9FAA-408D4FA95AAA} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de2-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-05-06] (Microsoft Corporation)
BHO: Citavi Picker -> {609D670F-B735-4da7-AC6D-F3BD358E325E} -> C:\Windows\system32\mscoree.dll [2013-08-22] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-04-14] (Microsoft Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2013-08-28] (Hewlett-Packard)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll [2015-05-06] (Microsoft Corporation)
BHO-x32: Citavi Picker -> {609D670F-B735-4da7-AC6D-F3BD358E325E} -> C:\Windows\SysWOW64\mscoree.dll [2013-08-22] (Microsoft Corporation)
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2014-03-04] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-04-14] (Microsoft Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2013-08-28] (Hewlett-Packard)
DPF: HKLM {AA570693-00E2-4907-B6F1-60A1199B030C} https://juniper.net/dana-cached/sc/JuniperSetupClient64.cab
DPF: HKLM-x32 {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/dana-cached/sc/JuniperSetupClient.cab
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-05-06] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 192.168.2.1
Tcpip\..\Interfaces\{18EF1542-630C-4621-A51B-04F11DFE9BD4}: [NameServer] 129.13.64.5,129.13.96.2
FireFox:
========
FF ProfilePath: C:\Users\Doppel D\AppData\Roaming\Mozilla\Firefox\Profiles\p3h9gu7x.default
FF Homepage: hxxp://www.bvb.de/News/Uebersicht/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_188.dll [2015-05-17] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_188.dll [2015-05-17] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1216156.dll [2015-01-09] (Adobe Systems, Inc.)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-05-06] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2015-05-06] (Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2013-08-06] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)
FF Extension: Avira Browser Safety - C:\Users\Doppel D\AppData\Roaming\Mozilla\Firefox\Profiles\p3h9gu7x.default\Extensions\abs@avira.com [2015-04-28]
FF Extension: Adblock Plus - C:\Users\Doppel D\AppData\Roaming\Mozilla\Firefox\Profiles\p3h9gu7x.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-03-08]
FF HKLM-x32\...\Firefox\Extensions: [{8AA36F4F-6DC7-4c06-77AF-5035170634FE}] - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox
FF Extension: Citavi Picker - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox [2015-01-19]
FF HKLM-x32\...\Firefox\Extensions: [firefox@bho.com] - C:\Program Files\Hewlett-Packard\SimplePass\FFBHOExt
FF Extension: HP SimplePass - C:\Program Files\Hewlett-Packard\SimplePass\FFBHOExt [2015-02-11]
Chrome:
=======
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-04-06] (Advanced Micro Devices, Inc.) []
S2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [827640 2015-05-05] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [434424 2015-05-05] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [434424 2015-05-05] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1185584 2015-05-05] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [201008 2015-03-16] (Avira Operations GmbH & Co. KG)
R2 BTDevManager; C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe [98816 2014-10-11] () []
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-29] (Microsoft Corporation)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2736824 2015-04-07] (Microsoft Corporation)
R2 DACoreService; C:\Program Files (x86)\Nuance\Dragon Notes\Core\DACore.exe [411024 2013-02-01] (Nuance Communications, Inc.)
R2 DiagTrack; C:\Windows\system32\diagtrack.dll [1429504 2015-03-05] (Microsoft Corporation)
R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [227904 2014-01-28] (WildTangent)
R2 HPWMISVC; c:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe [573704 2014-12-01] (Hewlett-Packard Development Company, L.P.)
R2 Intel(R) TechnologyAccessService; C:\Program Files\Intel Corporation\Intel(R) Technology Access\IntelTechnologyAccessService.exe [93408 2015-03-17] (Intel(R) Corporation)
S3 iumsvc; C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [174368 2014-06-09] ()
S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
R2 omniserv; C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe [94720 2014-09-27] (Softex Inc.) []
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [292568 2015-02-10] (Realtek Semiconductor)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [191728 2014-04-22] (Synaptics Incorporated)
R2 Texis Monitor; C:\SIMULIA\Documentation\monitor.exe [4493312 2011-12-13] (Expansion Programs International, Inc.) []
S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2014-07-02] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-04] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-04] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [36608 2013-12-14] (Advanced Micro Devices, Inc.)
R2 AODDriver4.3; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59648 2013-11-04] (Advanced Micro Devices)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [222720 2013-12-20] (Advanced Micro Devices)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [152744 2015-05-05] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [132120 2015-05-05] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2015-02-04] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\system32\DRIVERS\avnetflt.sys [43576 2015-02-04] (Avira Operations GmbH & Co. KG)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-03-18] (Microsoft Corporation)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91912 2013-11-12] (CyberLink)
S2 DgiVecp; C:\Windows\system32\Drivers\DgiVecp.sys [54072 2007-10-22] (Samsung Electronics)
R1 jnprns; C:\Windows\system32\DRIVERS\jnprns.sys [507192 2014-08-20] (Juniper Networks)
S4 jnprTdi_807_50111; C:\Windows\system32\Drivers\jnprTdi_807_50111.sys [108344 2014-10-06] (Juniper Networks, Inc.)
S3 jnprva; C:\Windows\system32\DRIVERS\jnprva.sys [30072 2014-08-20] (Juniper Networks, Inc.)
R3 JnprVaMgr; C:\Windows\system32\DRIVERS\jnprvamgr.sys [45352 2014-08-20] (Juniper Networks, Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-04-14] (Malwarebytes Corporation)
R1 ndisrd; C:\Windows\system32\DRIVERS\ndisrfl.sys [41688 2014-10-30] (Intel Corporation)
R3 NetTap630; C:\Windows\system32\DRIVERS\nettap630.sys [67800 2014-10-30] (Intel Corporation)
R3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [291544 2014-01-04] (Realtek Semiconductor Corp.)
R3 RtkBtFilter; C:\Windows\system32\DRIVERS\RtkBtfilter.sys [580824 2014-09-10] (Realtek Semiconductor Corporation)
R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [3593432 2015-02-11] (Realtek Semiconductor Corporation )
R3 SmbDrv; C:\Windows\system32\DRIVERS\Smb_driver_AMDASF.sys [30448 2014-04-22] (Synaptics Incorporated)
S3 SmbDrvI; C:\Windows\System32\drivers\Smb_driver_Intel.sys [31472 2014-04-22] (Synaptics Incorporated)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-04] (Microsoft Corporation)
R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2013-07-22] (Hewlett-Packard Development Company, L.P.)
S3 GENERICDRV; \??\C:\swsetup\sp70137\amifldrv64.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-05-24 13:58 - 2015-05-24 13:58 - 00023038 _____ () C:\Users\Doppel D\Desktop\FRST.txt
2015-05-24 13:58 - 2015-05-24 13:58 - 00000000 ____D () C:\FRST
2015-05-24 13:48 - 2015-05-24 13:48 - 04197016 _____ (Kaspersky Lab ZAO) C:\Users\Doppel D\Desktop\tdsskiller.exe
2015-05-24 13:47 - 2015-05-24 13:47 - 02108416 _____ (Farbar) C:\Users\Doppel D\Desktop\FRST64.exe
2015-05-23 16:05 - 2015-05-23 16:22 - 00000000 ____D () C:\ProgramData\HitmanPro
2015-05-22 14:23 - 2015-04-16 08:17 - 00325464 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\USBXHCI.SYS
2015-05-22 14:23 - 2015-04-10 02:40 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\UIAutomationCore.dll
2015-05-22 14:23 - 2015-04-10 02:17 - 01018880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIAutomationCore.dll
2015-05-22 14:23 - 2015-04-09 00:41 - 00158720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rgb9rast.dll
2015-05-22 14:23 - 2015-04-09 00:07 - 00410336 _____ () C:\Windows\system32\ApnDatabase.xml
2015-05-22 14:23 - 2015-04-02 00:42 - 03097600 _____ (Microsoft Corporation) C:\Windows\system32\msftedit.dll
2015-05-22 14:23 - 2015-04-02 00:30 - 02483712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msftedit.dll
2015-05-22 14:23 - 2015-04-01 06:21 - 00337408 _____ (Microsoft Corporation) C:\Windows\system32\SearchProtocolHost.exe
2015-05-22 14:23 - 2015-04-01 06:18 - 00468480 _____ (Microsoft Corporation) C:\Windows\system32\mssph.dll
2015-05-22 14:23 - 2015-04-01 06:17 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\mssphtb.dll
2015-05-22 14:23 - 2015-04-01 06:08 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\mssvp.dll
2015-05-22 14:23 - 2015-04-01 05:46 - 03633664 _____ (Microsoft Corporation) C:\Windows\system32\tquery.dll
2015-05-22 14:23 - 2015-04-01 05:17 - 02551808 _____ (Microsoft Corporation) C:\Windows\system32\mssrch.dll
2015-05-22 14:23 - 2015-04-01 05:17 - 00903168 _____ (Microsoft Corporation) C:\Windows\system32\SearchIndexer.exe
2015-05-22 14:23 - 2015-04-01 04:53 - 00391680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssph.dll
2015-05-22 14:23 - 2015-04-01 04:53 - 00272896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe
2015-05-22 14:23 - 2015-04-01 04:45 - 02749952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tquery.dll
2015-05-22 14:23 - 2015-04-01 04:45 - 00699392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssvp.dll
2015-05-22 14:23 - 2015-04-01 04:14 - 01920000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssrch.dll
2015-05-22 14:23 - 2015-04-01 04:12 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchIndexer.exe
2015-05-22 14:23 - 2015-03-20 05:49 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\compstui.dll
2015-05-22 14:23 - 2015-03-20 05:08 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\puiobj.dll
2015-05-22 14:23 - 2015-03-20 04:37 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\puiobj.dll
2015-05-22 14:23 - 2015-03-20 04:07 - 01091072 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2015-05-22 14:23 - 2015-03-02 03:43 - 00222208 _____ (Microsoft Corporation) C:\Windows\system32\rastapi.dll
2015-05-22 14:23 - 2015-03-02 03:21 - 00207872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastapi.dll
2015-05-22 14:22 - 2015-04-14 00:37 - 00275968 _____ (Microsoft Corporation) C:\Windows\system32\authz.dll
2015-05-22 14:22 - 2015-04-14 00:34 - 00180224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authz.dll
2015-05-20 15:41 - 2015-05-21 20:48 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2015-05-18 19:27 - 2015-05-18 19:27 - 00000000 ____D () C:\Users\Doppel D\AppData\Roaming\PDF Writer
2015-05-18 19:27 - 2015-05-18 19:27 - 00000000 ____D () C:\Users\Doppel D\AppData\Local\PDF Writer
2015-05-18 19:25 - 2015-05-18 19:26 - 00000000 ____D () C:\ProgramData\PDF Writer
2015-05-18 19:25 - 2015-05-18 19:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-PDF
2015-05-18 19:25 - 2015-05-18 19:25 - 00000000 ____D () C:\Program Files\Common Files\7-PDF
2015-05-18 19:25 - 2015-05-18 19:25 - 00000000 ____D () C:\Program Files\7-PDF
2015-05-18 19:25 - 2015-05-04 11:33 - 06967260 ____N (7-PDF, Germany - Th. Hodes ) C:\Users\Doppel D\Downloads\Setup_7PDF_10_11_0_2342_FREE.exe
2015-05-18 19:25 - 2014-11-19 17:38 - 00228352 _____ (Bullzip) C:\Windows\SysWOW64\bzFlRdr.dll
2015-05-18 19:25 - 2013-09-01 13:59 - 01103872 _____ () C:\Windows\SysWOW64\CBLCtlsU.ocx
2015-05-18 19:25 - 2013-07-13 13:15 - 00805376 _____ () C:\Windows\SysWOW64\EditCtlsU.ocx
2015-05-18 19:25 - 2013-07-12 23:57 - 00539648 _____ () C:\Windows\SysWOW64\LblCtlsU.ocx
2015-05-18 19:25 - 2013-04-05 14:55 - 00476160 _____ () C:\Windows\SysWOW64\TabStripCtlU.ocx
2015-05-18 19:25 - 2013-03-29 00:13 - 00645632 _____ () C:\Windows\SysWOW64\BtnCtlsU.ocx
2015-05-18 19:25 - 2013-03-03 15:37 - 01061888 _____ () C:\Windows\SysWOW64\ExLvwU.ocx
2015-05-18 19:25 - 2008-07-09 17:38 - 00103424 _____ (Bullzip) C:\Windows\SysWOW64\bzDCT.dll
2015-05-18 19:25 - 1999-05-07 01:00 - 00140288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comdlg32.OCX
2015-05-18 19:24 - 2015-05-18 19:24 - 06889574 _____ () C:\Users\Doppel D\Downloads\Setup_7PDF_10_11_0_2342_FREE.zip
2015-05-18 17:17 - 2015-05-21 07:33 - 00000000 ____D () C:\Program Files\paint.net
2015-05-18 17:17 - 2015-05-18 17:19 - 00000000 ____D () C:\Users\Doppel D\AppData\Local\paint.net
2015-05-18 17:16 - 2015-05-18 17:16 - 06528454 _____ () C:\Users\Doppel D\Downloads\paint.net.4.0.5.install.zip
2015-05-18 17:10 - 2015-05-18 17:10 - 01203488 _____ () C:\Users\Doppel D\Downloads\Paint NET - CHIP-Installer.exe
2015-05-17 08:49 - 2015-05-17 16:52 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-05-12 22:20 - 2015-04-30 22:35 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-12 22:20 - 2015-04-30 22:35 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-05-12 22:03 - 2015-05-01 01:05 - 00429568 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-05-12 22:03 - 2015-05-01 00:48 - 00358912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-05-12 22:03 - 2015-04-21 19:14 - 24971776 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-05-12 22:03 - 2015-04-21 18:50 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-05-12 22:03 - 2015-04-21 18:50 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-05-12 22:03 - 2015-04-21 18:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-05-12 22:03 - 2015-04-21 18:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-05-12 22:03 - 2015-04-21 18:35 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-05-12 22:03 - 2015-04-21 18:31 - 06025728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-05-12 22:03 - 2015-04-21 18:24 - 19691008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-05-12 22:03 - 2015-04-21 18:13 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2015-05-12 22:03 - 2015-04-21 18:11 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-05-12 22:03 - 2015-04-21 18:09 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-05-12 22:03 - 2015-04-21 18:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-05-12 22:03 - 2015-04-21 18:07 - 00145408 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2015-05-12 22:03 - 2015-04-21 18:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-05-12 22:03 - 2015-04-21 18:04 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-05-12 22:03 - 2015-04-21 17:59 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2015-05-12 22:03 - 2015-04-21 17:58 - 00664576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-05-12 22:03 - 2015-04-21 17:52 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-05-12 22:03 - 2015-04-21 17:49 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-05-12 22:03 - 2015-04-21 17:49 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-05-12 22:03 - 2015-04-21 17:49 - 00374272 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-05-12 22:03 - 2015-04-21 17:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-05-12 22:03 - 2015-04-21 17:40 - 14401536 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-05-12 22:03 - 2015-04-21 17:38 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-05-12 22:03 - 2015-04-21 17:37 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2015-05-12 22:03 - 2015-04-21 17:36 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-05-12 22:03 - 2015-04-21 17:32 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2015-05-12 22:03 - 2015-04-21 17:31 - 04305920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-05-12 22:03 - 2015-04-21 17:28 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2015-05-12 22:03 - 2015-04-21 17:27 - 02352128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-05-12 22:03 - 2015-04-21 17:26 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-05-12 22:03 - 2015-04-21 17:26 - 00327168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-05-12 22:03 - 2015-04-21 17:25 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-05-12 22:03 - 2015-04-21 17:17 - 12828672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-05-12 22:03 - 2015-04-21 17:15 - 01547264 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-05-12 22:03 - 2015-04-21 17:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-05-12 22:03 - 2015-04-21 17:02 - 01882112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-05-12 22:03 - 2015-04-21 16:58 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-05-12 22:03 - 2015-04-21 16:56 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-05-12 22:03 - 2015-04-14 00:48 - 04180480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-05-12 22:03 - 2015-04-10 03:00 - 01996800 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-05-12 22:03 - 2015-04-10 02:50 - 01387008 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-05-12 22:03 - 2015-04-10 02:26 - 01560576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-05-12 22:03 - 2015-04-09 00:55 - 00410128 _____ (Microsoft Corporation) C:\Windows\system32\services.exe
2015-05-12 22:03 - 2015-03-30 07:47 - 00561928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-05-12 22:03 - 2015-03-27 05:27 - 00445440 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2015-05-12 22:03 - 2015-03-27 04:50 - 00324096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2015-05-12 22:03 - 2015-03-27 04:48 - 01441792 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-05-12 09:51 - 2015-05-12 09:51 - 00776278 _____ () C:\Users\Doppel D\Downloads\Semcon Standort Sindelfingen Anfahrtsskizze.pptx
2015-05-07 13:25 - 2015-05-07 13:25 - 00000000 ____D () C:\Users\Doppel D\Downloads\Windows 8.1 (multiple editions) (x86) - DVD (German)
2015-05-07 11:45 - 2015-05-07 13:25 - 00010759 _____ () C:\Users\Doppel D\Downloads\SecureDownloadManager.log
2015-05-07 11:45 - 2015-05-07 11:45 - 00000184 _____ () C:\Users\Doppel D\Downloads\100381076748.sdx
2015-05-07 11:44 - 2015-05-07 11:44 - 00720384 _____ () C:\Users\Doppel D\Downloads\SDM_DE.msi
2015-05-07 08:18 - 2015-04-10 02:34 - 02256896 _____ (Microsoft Corporation) C:\Windows\system32\dwmcore.dll
2015-05-07 08:18 - 2015-04-10 02:11 - 01943040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmcore.dll
2015-05-05 15:28 - 2015-05-05 15:28 - 00000036 ____H () C:\Users\Doppel D\AppData\Roaming\swk.ini
2015-05-05 15:28 - 2015-05-05 15:28 - 00000000 ____D () C:\Users\Doppel D\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MP4 Player
2015-05-05 15:28 - 2015-05-05 15:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MP4 Player
2015-05-05 15:28 - 2015-05-05 15:28 - 00000000 ____D () C:\Program Files (x86)\MP4 Player
2015-05-05 15:27 - 2015-05-05 15:27 - 01203488 _____ () C:\Users\Doppel D\Downloads\MP4 Player - CHIP-Installer.exe
2015-05-04 08:27 - 2015-05-04 08:28 - 00000000 ____D () C:\Users\Doppel D\Desktop\skripte
2015-05-01 19:48 - 2015-04-02 00:22 - 02985984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dbgeng.dll
2015-05-01 19:48 - 2015-04-02 00:20 - 04417536 _____ (Microsoft Corporation) C:\Windows\system32\dbgeng.dll
2015-05-01 19:48 - 2015-04-01 05:45 - 01491456 _____ (Microsoft Corporation) C:\Windows\system32\dbghelp.dll
2015-05-01 19:48 - 2015-03-20 03:56 - 00080384 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ahcache.sys
2015-05-01 19:48 - 2015-03-11 03:49 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\sdbinst.exe
2015-05-01 19:48 - 2015-03-11 03:09 - 00021504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sdbinst.exe
2015-05-01 19:47 - 2015-04-01 04:31 - 01207296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dbghelp.dll
2015-04-24 16:19 - 2015-04-24 16:19 - 00002342 _____ () C:\Users\Doppel D\AppData\Local\recently-used.xbel
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-05-24 13:46 - 2015-01-19 12:49 - 00000000 ____D () C:\Users\Doppel D\AppData\Local\Pokki
2015-05-24 13:28 - 2015-01-19 16:34 - 00000000 ___RD () C:\Users\Doppel D\Desktop\Programme
2015-05-24 13:03 - 2015-03-31 20:21 - 00005148 _____ () C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for Deissler-Doppel D Deissler
2015-05-24 13:00 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\system32\sru
2015-05-24 12:46 - 2015-01-20 08:32 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-05-24 11:44 - 2015-01-19 12:56 - 00003600 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1312067100-3160384092-1139304428-1002
2015-05-24 11:07 - 2015-01-19 12:45 - 01951662 _____ () C:\Windows\WindowsUpdate.log
2015-05-24 10:47 - 2015-01-19 12:53 - 00000000 ____D () C:\Users\Doppel D\Documents\Youcam
2015-05-24 10:46 - 2014-05-01 00:10 - 00800954 _____ () C:\Windows\system32\perfh007.dat
2015-05-24 10:46 - 2014-05-01 00:10 - 00174458 _____ () C:\Windows\system32\perfc007.dat
2015-05-24 10:46 - 2014-03-18 11:53 - 01921090 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-05-24 10:43 - 2015-01-20 10:53 - 00000000 ___RD () C:\Users\Doppel D\Dropbox
2015-05-24 10:42 - 2015-01-20 10:49 - 00000000 ____D () C:\Users\Doppel D\AppData\Roaming\Dropbox
2015-05-24 10:39 - 2013-08-22 16:46 - 00053276 _____ () C:\Windows\setupact.log
2015-05-24 10:39 - 2013-08-22 16:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-05-23 16:26 - 2015-03-08 12:58 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-05-23 16:24 - 2015-03-08 12:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2015-05-23 16:24 - 2015-03-08 12:58 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2015-05-23 15:52 - 2015-01-19 16:22 - 00000000 ____D () C:\Users\Doppel D\Documents\Bewerbung Job
2015-05-23 15:15 - 2015-03-17 11:17 - 00000362 _____ () C:\Windows\Tasks\HPCeeScheduleForDoppel D.job
2015-05-23 07:47 - 2013-08-22 17:20 - 00000000 ____D () C:\Windows\CbsTemp
2015-05-23 07:45 - 2015-04-01 09:22 - 00000000 ___SD () C:\Windows\SysWOW64\GWX
2015-05-23 07:45 - 2015-04-01 09:22 - 00000000 ___SD () C:\Windows\system32\GWX
2015-05-23 07:28 - 2014-08-05 21:39 - 00065536 _____ () C:\Windows\system32\spu_storage.bin
2015-05-23 07:28 - 2013-08-22 15:25 - 00262144 ___SH () C:\Windows\system32\config\BBI
2015-05-23 07:27 - 2013-08-22 17:36 - 00000000 ___RD () C:\Windows\ToastData
2015-05-23 07:22 - 2015-01-19 13:04 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-05-23 07:22 - 2014-03-18 11:44 - 00373540 _____ () C:\Windows\PFRO.log
2015-05-22 20:26 - 2015-01-23 22:12 - 00000000 ____D () C:\Users\Doppel D\AppData\Roaming\vlc
2015-05-22 14:19 - 2015-02-10 22:26 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
2015-05-22 08:42 - 2015-02-14 16:50 - 00000000 ____D () C:\Temp
2015-05-21 07:34 - 2015-01-20 15:31 - 00000000 ____D () C:\Users\Doppel D\AppData\Local\CrashDumps
2015-05-21 07:23 - 2015-01-21 21:44 - 00313344 ___SH () C:\Users\Doppel D\Desktop\Thumbs.db
2015-05-19 07:51 - 2015-03-21 15:47 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2015-05-17 20:04 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\AppReadiness
2015-05-17 17:59 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\rescache
2015-05-17 17:02 - 2015-01-19 14:24 - 00000000 ____D () C:\Users\Doppel D\AppData\Local\Adobe
2015-05-17 16:59 - 2015-01-20 08:32 - 00003772 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-05-17 16:59 - 2014-08-05 21:57 - 00000000 ____D () C:\ProgramData\McAfee
2015-05-17 11:18 - 2015-01-19 13:57 - 00002457 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-05-13 08:00 - 2013-08-22 16:44 - 00521792 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-05-13 07:58 - 2015-01-28 10:08 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2015-05-13 07:58 - 2015-01-28 10:08 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2015-05-12 22:21 - 2015-01-25 14:51 - 00000039 _____ () C:\Windows\vbaddin.ini
2015-05-12 22:21 - 2015-01-25 14:21 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-05-12 22:20 - 2015-01-22 18:38 - 00000000 ____D () C:\Windows\system32\MRT
2015-05-12 22:14 - 2015-01-22 18:38 - 140425016 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-05-12 22:10 - 2015-01-28 10:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-05-12 22:07 - 2014-03-18 11:38 - 00000000 ____D () C:\Program Files\Windows Journal
2015-05-12 21:15 - 2015-03-17 11:17 - 00003182 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForDoppel D
2015-05-12 08:49 - 2015-01-19 13:16 - 00002326 _____ () C:\Users\Doppel D\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PC App Store.lnk
2015-05-11 15:28 - 2015-01-19 14:35 - 00010848 _____ () C:\Users\Doppel D\AppData\Roaming\SmarThruOptions.xml
2015-05-09 10:17 - 2015-01-19 12:50 - 00000000 ____D () C:\Users\Doppel D\AppData\Local\Packages
2015-05-09 08:46 - 2015-01-20 10:51 - 00000000 ____D () C:\Users\Doppel D\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-05-08 08:27 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\LiveKernelReports
2015-05-06 09:14 - 2015-03-21 15:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2015-05-05 19:59 - 2015-01-22 21:40 - 00792568 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-05-05 19:59 - 2015-01-22 21:40 - 00178168 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-05-05 11:15 - 2015-02-15 17:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-05-05 11:14 - 2015-02-15 17:28 - 00152744 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2015-05-05 11:14 - 2015-02-15 17:28 - 00132120 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2015-04-30 13:10 - 2014-08-05 21:47 - 00000000 ____D () C:\ProgramData\CyberLink
2015-04-30 12:06 - 2015-01-19 14:08 - 00002244 ____H () C:\Users\Doppel D\Documents\Default.rdp
2015-04-28 09:48 - 2015-01-19 13:22 - 00000000 ____D () C:\Users\Doppel D\Documents\WG
2015-04-27 12:30 - 2015-01-19 15:34 - 00000000 ____D () C:\Users\Doppel D\Documents\Citavi 4
==================== Files in the root of some directories =======
2015-01-19 14:35 - 2015-05-11 15:28 - 0010848 _____ () C:\Users\Doppel D\AppData\Roaming\SmarThruOptions.xml
2015-05-05 15:28 - 2015-05-05 15:28 - 0000036 ____H () C:\Users\Doppel D\AppData\Roaming\swk.ini
2015-04-24 16:19 - 2015-04-24 16:19 - 0002342 _____ () C:\Users\Doppel D\AppData\Local\recently-used.xbel
2015-02-03 21:35 - 2015-02-03 21:35 - 0007606 _____ () C:\Users\Doppel D\AppData\Local\Resmon.ResmonCfg
Some files in TEMP:
====================
C:\Users\Doppel D\AppData\Local\Temp\avgnt.exe
C:\Users\Doppel D\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpt7vhkr.dll
C:\Users\Doppel D\AppData\Local\Temp\Extract.exe
C:\Users\Doppel D\AppData\Local\Temp\i4jdel0.exe
C:\Users\Doppel D\AppData\Local\Temp\Intel_Technology_Access_Software.exe
C:\Users\Doppel D\AppData\Local\Temp\mccspuninstall.exe
C:\Users\Doppel D\AppData\Local\Temp\oct2574.tmp.exe
C:\Users\Doppel D\AppData\Local\Temp\oct32CD.tmp.exe
C:\Users\Doppel D\AppData\Local\Temp\oct525A.tmp.exe
C:\Users\Doppel D\AppData\Local\Temp\oct5BA0.tmp.exe
C:\Users\Doppel D\AppData\Local\Temp\oct7CDF.tmp.exe
C:\Users\Doppel D\AppData\Local\Temp\octA187.tmp.exe
C:\Users\Doppel D\AppData\Local\Temp\octA561.tmp.exe
C:\Users\Doppel D\AppData\Local\Temp\octB3AC.tmp.exe
C:\Users\Doppel D\AppData\Local\Temp\octC461.tmp.exe
C:\Users\Doppel D\AppData\Local\Temp\octC9B2.tmp.exe
C:\Users\Doppel D\AppData\Local\Temp\octEB09.tmp.exe
C:\Users\Doppel D\AppData\Local\Temp\scipy-0.14.0-sse3.exe
C:\Users\Doppel D\AppData\Local\Temp\SP67280.exe
C:\Users\Doppel D\AppData\Local\Temp\SP67743.exe
C:\Users\Doppel D\AppData\Local\Temp\SP69229.exe
C:\Users\Doppel D\AppData\Local\Temp\SP69393.exe
C:\Users\Doppel D\AppData\Local\Temp\SP69401.exe
C:\Users\Doppel D\AppData\Local\Temp\SP69404.exe
C:\Users\Doppel D\AppData\Local\Temp\SP69411.exe
C:\Users\Doppel D\AppData\Local\Temp\SP69555.exe
C:\Users\Doppel D\AppData\Local\Temp\SP69559.exe
C:\Users\Doppel D\AppData\Local\Temp\SP69718.exe
C:\Users\Doppel D\AppData\Local\Temp\SP69738.exe
C:\Users\Doppel D\AppData\Local\Temp\SP69846.exe
C:\Users\Doppel D\AppData\Local\Temp\SP70137.exe
C:\Users\Doppel D\AppData\Local\Temp\SP70439.exe
C:\Users\Doppel D\AppData\Local\Temp\xmlUpdater.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-05-18 18:31
==================== End of log ============================
Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 24-05-2015
Ran by Doppel D at 2015-05-24 13:59:13
Running from C:\Users\Doppel D\Desktop
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-1312067100-3160384092-1139304428-500 - Administrator - Disabled)
Doppel D (S-1-5-21-1312067100-3160384092-1139304428-1002 - Administrator - Enabled) => C:\Users\Doppel D
Gast (S-1-5-21-1312067100-3160384092-1139304428-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1312067100-3160384092-1139304428-1004 - Limited - Enabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Avira Antivirus (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avira Antivirus (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
7-PDF Printer 10.11.0.2342 (HKLM\...\7-PDF Printer_is1) (Version: 10.11.0.2342 - 7-PDF, Germany - Th. Hodes)
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
8GadgetPack (HKLM-x32\...\{180B50DF-B2C8-43A1-AB97-2101AA62DDD3}) (Version: 12.0.0 - Helmut Buhler)
Abaqus 6.13 Documentation (HKLM-x32\...\Abaqus 6.13 Documentation) (Version: 6.13.0.0 - Dassault Systemes Simulia Corp.)
Abaqus 6.13-5 (HKLM-x32\...\Abaqus 6.13-5) (Version: 6.13.0.0 - Dassault Systemes Simulia Corp.)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.188 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.11) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.11 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.6.156 - Adobe Systems, Inc.)
AMD Catalyst Install Manager (HKLM\...\{0B448829-3672-18EA-4117-C1240D4CF140}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
Avira (HKLM-x32\...\{b5675cc4-ab8b-4945-8c1d-4c5479556d6a}) (Version: 1.1.34.19732 - Avira Operations GmbH & Co. KG)
Avira (x32 Version: 1.1.34.19732 - Avira Operations GmbH & Co. KG) Hidden
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.10.434 - Avira Operations GmbH & Co. KG)
Bejeweled 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Build-a-lot (x32 Version: 2.2.0.98 - WildTangent) Hidden
Building the Great Wall of China Collector's Edition (x32 Version: 3.0.2.48 - WildTangent) Hidden
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{AF312B06-5C5C-468E-89B3-BE6DE2645722}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{0A4EF0E6-A912-4CDE-A7F3-6E56E7C13A2F}) (Version: 1.1.6 - Cisco Systems, Inc.)
Citavi 4 (HKLM-x32\...\{CC0A85B2-734A-45B3-B678-05F6A6499AC7}) (Version: 4.4.0.28 - Swiss Academic Software)
Crazy Chicken Soccer (x32 Version: 2.2.0.110 - WildTangent) Hidden
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.8.4420 - CyberLink Corp.)
Cyberlink PhotoDirector (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.4.4824 - CyberLink Corp.)
CyberLink Power Media Player 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.5.4608 - CyberLink Corp.)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.8.4316 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.6.3906 - CyberLink Corp.)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 5.0.5.4628 - CyberLink Corp.)
DisableMSDefender (Version: 1.0.0 - Hewlett-Packard Company) Hidden
Dragon Notes de-DE (HKLM-x32\...\{C438C1D0-A46C-4BFA-AF07-11261DE9CCE0}) (Version: 01.00.100.011 - Nuance Communications Inc.)
Dropbox (HKU\S-1-5-21-1312067100-3160384092-1139304428-1002\...\Dropbox) (Version: 3.4.6 - Dropbox, Inc.)
Energy Star (HKLM\...\{465CA2B6-98AF-4E77-BE22-A908C34BB9EC}) (Version: 1.0.9 - Hewlett-Packard Company)
Evernote v. 5.2 (HKLM-x32\...\{412F6426-A3C7-11E3-8A71-00163E98E7D6}) (Version: 5.2.0.2951 - Evernote Corp.)
Farm Frenzy (x32 Version: 2.2.0.98 - WildTangent) Hidden
FarmVille 2 (HKU\S-1-5-21-1312067100-3160384092-1139304428-1002\...\Pokki_34e8f5c0c9e5744bf2cdb514283762dd0524776b) (Version: 1.0.4.55785 - Pokki)
Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.110 - WildTangent) Hidden
GPL Ghostscript (HKLM\...\GPL Ghostscript 9.15) (Version: 9.15 - Artifex Software Inc.)
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
Host App Service (HKU\S-1-5-21-1312067100-3160384092-1139304428-1002\...\Pokki) (Version: 0.269.7.638 - Pokki)
HP 3D DriveGuard (HKLM-x32\...\{13133E99-B0D5-4143-B832-AAD55C62A41C}) (Version: 6.0.19.1 - Hewlett-Packard Company)
HP CoolSense (HKLM-x32\...\{ADE2F6A7-E7BD-4955-BD66-30903B223DDF}) (Version: 2.20.41 - Hewlett-Packard Company)
HP Documentation (HKLM-x32\...\{082B1425-0F24-43FA-9B64-E8F617B0AD3B}) (Version: 1.1.0.0 - Hewlett-Packard)
HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.7493.4758 - Hewlett-Packard)
HP SimplePass (HKLM-x32\...\InstallShield_{314FAD12-F785-4471-BCE8-AB506642B9A1}) (Version: 8.01.27 - Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{8C696B4B-6AB1-44BC-9416-96EAC474CABE}) (Version: 7.5.2.12 - Hewlett-Packard Company)
HP System Event Utility (HKLM-x32\...\{3EDAF5B5-0CA9-4967-B103-FBFF1162C336}) (Version: 1.2.10 - Hewlett-Packard Company)
HP Utility Center (HKLM\...\{B7B82520-8ECE-4743-BFD7-93B16C64B277}) (Version: 2.4.2 - Hewlett-Packard Company)
HP Wireless Button Driver (HKLM-x32\...\{30B2D1D8-0A07-4B71-9553-0710C5D31E35}) (Version: 1.1.2.1 - Hewlett-Packard Company)
Inkscape 0.91 (HKLM-x32\...\Inkscape) (Version: 0.91 - )
Inst5675 (Version: 8.01.27 - Softex Inc.) Hidden
Inst5676 (Version: 8.01.27 - Softex Inc.) Hidden
Intel(R) Technology Access (HKLM-x32\...\{efc54997-dfa9-44b1-afac-3a7ac4f45730}) (Version: 1.3.6.1042 - Intel Corporation)
Intel(R) Update Manager (HKLM-x32\...\{43FA4AC8-46F8-423F-96FD-9A7D67048F1C}) (Version: 2.5.1634 - Intel Corporation)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.38 - Irfan Skiljan)
Jewel Match 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Juniper Networks Setup Client (HKU\S-1-5-21-1312067100-3160384092-1139304428-1002\...\Juniper_Setup_Client) (Version: 8.0.7.50111 - Juniper Networks)
Juniper Networks Setup Client 64-bit Activex Control (HKLM\...\Juniper_Setup_Client Activex Control) (Version: 2.1.1.1 - Juniper Networks)
Juniper Networks Setup Client Activex Control (HKLM-x32\...\Juniper_Setup_Client Activex Control) (Version: 2.1.1.1 - Juniper Networks)
Junos Pulse (Version: 5.0.50111 - Ihr Firmenname) Hidden
Junos Pulse 5.0 (HKLM-x32\...\Junos Pulse 5.0) (Version: 5.0.50111 - Juniper Networks, Inc.)
Malwarebytes Anti-Malware Version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
Microsoft HPC Pack 2008 R2 MS-MPI Redistributable Pack (HKLM\...\{D3299935-57F7-403A-9D7B-0B8F9F56F44B}) (Version: 3.0.2369.0 - Microsoft Corporation)
Microsoft Office 365 ProPlus - de-de (HKLM\...\O365ProPlusRetail - de-de) (Version: 15.0.4719.1002 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft Visio Professional 2010 (HKLM-x32\...\Office14.VISIOR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 (HKLM-x32\...\{6e8f74e0-43bd-4dce-8477-6ff6828acc07}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
MiKTeX 2.9 (HKLM-x32\...\MiKTeX 2.9) (Version: 2.9 - MiKTeX.org)
Mozilla Firefox 38.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 38.0.1 (x86 de)) (Version: 38.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 31.4.0 - Mozilla)
Mozilla Thunderbird 31.7.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 31.7.0 (x86 de)) (Version: 31.7.0 - Mozilla)
MP4 Player (HKLM-x32\...\MP4 Player) (Version: - )
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.7.4 - Notepad++ Team)
OEM Application Profile (HKLM-x32\...\{315F1A48-D883-B234-7C79-15873574ACC1}) (Version: 1.00.0000 - Ihr Firmenname)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4719.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4719.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4719.1002 - Microsoft Corporation) Hidden
OpenOffice 4.1.1 (HKLM-x32\...\{ACD0FFF9-6B35-43C1-82DB-9FF6990E8602}) (Version: 4.11.9775 - Apache Software Foundation)
Origin 2015 (HKLM-x32\...\{919C759D-DA8F-4B02-A9F1-75CE8B31CBDB}) (Version: 9.20.00 - OriginLab Corporation)
PDF24 Creator 6.9.2 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version: - PDF24.org)
Plants vs. Zombies - Game of the Year (x32 Version: 3.0.2.51 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
Python 2.7 scipy-0.14.0 (HKLM-x32\...\scipy-py2.7) (Version: - )
Python 2.7.8 (HKLM-x32\...\{61121B12-88BD-4261-A6EE-AB32610A56DD}) (Version: 2.7.8150 - Python Software Foundation)
Ranch Rush 2 - Premium Edition (x32 Version: 2.2.0.98 - WildTangent) Hidden
Readiris Pro 10 (HKLM-x32\...\{14D08502-FEE4-40E5-90D3-8A967A1D8BA2}) (Version: - )
REALTEK Bluetooth Driver (HKLM-x32\...\{9D3D8C60-A5EF-4123-B2B9-172095903AB}) (Version: 1.0.0.24 - REALTEK Semiconductor Corp.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.9600.29075 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.24.1218.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7404 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM-x32\...\{A5107464-AA9B-4177-8129-5FF2F42DD322}) (Version: 1.0.0.38 - REALTEK Semiconductor Corp.)
Samsung CLX-3170 Series (HKLM-x32\...\Samsung CLX-3170 Series) (Version: - Samsung Electronics CO.,LTD)
Secure Download Manager (HKLM-x32\...\{C58626D6-7EBD-460D-8B6C-75B3C3464879}) (Version: 3.1.60 - Kivuto Solutions Inc.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0057-0000-0000-0000000FF1CE}_Office14.VISIOR_{359ADBEC-068A-4CC9-9174-77AB8EDB867A}) (Version: - Microsoft)
SmarThru 4 (HKLM-x32\...\{90F1943D-EA4A-4460-B59F-30023F3BA69A}) (Version: - )
SmarThru PC Fax (HKLM-x32\...\SmarThru PC Fax) (Version: - )
Start Menu (HKU\S-1-5-21-1312067100-3160384092-1139304428-1002\...\Pokki_Start_Menu) (Version: 0.269.7.638 - Pokki)
Startfenster (HKLM-x32\...\Startfenster) (Version: - Startfenster)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 18.1.7.8 - Synaptics Incorporated)
TeXnicCenter Version 2.02 Stable (HKLM\...\TeXnicCenter_is1) (Version: 2.02 Stable - The TeXnicCenter Team)
Trinklit Supreme (x32 Version: 2.2.0.98 - WildTangent) Hidden
Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden
Vacation Quest™ - Australia (x32 Version: 3.0.2.32 - WildTangent) Hidden
Virtual Families (x32 Version: 2.2.0.98 - WildTangent) Hidden
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Wedding Dash (x32 Version: 2.2.0.95 - WildTangent) Hidden
WildTangent Games App für HP (x32 Version: 4.0.11.2 - WildTangent) Hidden
WildTangent-Spiele (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
yEd Graph Editor 3.14 (HKLM\...\3309-7404-0599-8908) (Version: 3.14 - yWorks GmbH)
Youda Jewel Shop (x32 Version: 3.0.2.51 - WildTangent) Hidden
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-1312067100-3160384092-1139304428-1002_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Doppel D\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1312067100-3160384092-1139304428-1002_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Doppel D\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1312067100-3160384092-1139304428-1002_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Doppel D\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1312067100-3160384092-1139304428-1002_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Doppel D\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1312067100-3160384092-1139304428-1002_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Doppel D\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1312067100-3160384092-1139304428-1002_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Doppel D\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1312067100-3160384092-1139304428-1002_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Doppel D\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1312067100-3160384092-1139304428-1002_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Doppel D\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1312067100-3160384092-1139304428-1002_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Doppel D\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1312067100-3160384092-1139304428-1002_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Doppel D\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
==================== Restore Points =========================
17-05-2015 17:42:42 Geplanter Prüfpunkt
21-05-2015 07:32:36 Removed paint.net
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2013-08-22 15:25 - 2015-02-16 09:52 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {0990C75E-EEE2-4B86-8272-EDA7079CE817} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2015-04-14] (Hewlett-Packard)
Task: {1123A072-1BCD-4AF2-BBF1-37CC14219C22} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2014-01-13] (Hewlett-Packard Company)
Task: {2B55C425-F3A3-41D4-BDDB-323B0B29D0CC} - System32\Tasks\HPCeeScheduleForDoppel D => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)
Task: {3B4E5D9E-FB40-4851-B770-7CC81249BC24} - System32\Tasks\Start SimplePass => C:\Program Files\Hewlett-Packard\SimplePass\ClientCore.exe [2014-09-27] (Hewlett-Packard)
Task: {3CA217AF-8BE5-4D18-A55D-E34AB3AA7B15} - System32\Tasks\Start OPBHOBroker => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe [2014-09-27] (Hewlett-Packard)
Task: {40A1ECC5-6AC6-4B58-B6EF-FC7F95D49975} - System32\Tasks\Hewlett-Packard\HP CoolSense\HP CoolSense Start at Logon => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [2014-05-19] (Hewlett-Packard Development Company, L.P.)
Task: {4A8E0D25-B728-4D11-9C3B-D5677A58D476} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-04-14] (Microsoft Corporation)
Task: {5745C80F-E79B-4527-A735-677C3C95D324} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {5E33AB4F-A509-457D-9105-F165B3A35099} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-04-14] (Microsoft Corporation)
Task: {6AE3F81E-FF5D-4FB3-947E-E47F26664DD7} - System32\Tasks\YCMServiceAgent => C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe [2014-10-28] (CyberLink Corp.)
Task: {7552A293-1545-495B-BB57-6BAF739F41CA} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-05-06] (Microsoft Corporation)
Task: {80A420C9-4AA9-4506-9EE0-B0C0A8A71CA6} - System32\Tasks\Microsoft Office 15 Sync Maintenance for Deissler-Doppel D Deissler => C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [2015-05-06] (Microsoft Corporation)
Task: {872EEC8A-4540-4C84-A5E2-BB507ED799BA} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2014-06-09] ()
Task: {87FD31D7-ADC0-4FD4-9C9A-24A08D998A9E} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-05-06] (Microsoft Corporation)
Task: {895DE694-D487-47FB-B416-4A012ACB2F76} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-05-17] (Adobe Systems Incorporated)
Task: {946D500B-08CE-4039-8D57-4B35C8894C1B} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2014-01-13] (Hewlett-Packard Company)
Task: {A4F6685F-D842-4381-BA79-ACE13CFE0211} - System32\Tasks\Start OPBHOBrokerDesktop => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe [2014-09-27] (Hewlett-Packard)
Task: {B0D271CB-EFB6-43F3-A39F-1DEC597FD215} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-05-06] (Microsoft Corporation)
Task: {C2F0E930-53DD-4D5F-9881-79994912ADBE} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-05-06] (Microsoft Corporation)
Task: {C698FEA9-4053-437F-9E22-D26EFA73F12A} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2015-04-14] (Hewlett-Packard)
Task: {C9300309-2256-41D0-B6A6-FB723A098A52} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2015-05-19] (Microsoft Corporation)
Task: {D28A0CE1-FFFA-42CD-8934-BCBEAC933A74} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
Task: {E32BAE91-F6ED-4A31-A84B-3BEF3F188CF2} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2014-06-09] ()
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\HPCeeScheduleForDoppel D.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
==================== Loaded Modules (Whitelisted) ==============
2014-09-27 14:40 - 2014-09-27 14:40 - 02150400 _____ () C:\Program Files\Hewlett-Packard\SimplePass\autheng.dll
2014-09-27 14:39 - 2014-09-27 14:39 - 00021504 _____ () C:\Program Files\Hewlett-Packard\SimplePass\cryptodll.dll
2014-09-27 14:39 - 2014-09-27 14:39 - 00035840 _____ () C:\Program Files\Hewlett-Packard\SimplePass\ssplogon.dll
2014-09-27 14:39 - 2014-09-27 14:39 - 00055296 _____ () C:\Program Files\Hewlett-Packard\SimplePass\RandomPass.dll
2014-09-27 14:48 - 2014-09-27 14:48 - 00420432 _____ () C:\Program Files\Hewlett-Packard\SimplePass\mstrpwd.dll
2014-09-27 14:48 - 2014-09-27 14:48 - 00746064 _____ () C:\Program Files\Hewlett-Packard\SimplePass\GraphicalPwd.dll
2015-01-19 14:34 - 2007-12-27 17:44 - 00082432 _____ () C:\Windows\System32\SamFaxPort64.dll
2015-01-19 14:31 - 2007-08-14 03:03 - 00022016 _____ () C:\Windows\System32\sst1cl6.dll
2014-04-06 22:38 - 2014-04-06 22:38 - 00127488 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2014-08-05 21:36 - 2014-10-11 11:24 - 00098816 _____ () C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe
2015-03-21 15:47 - 2014-05-20 09:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2015-03-17 14:43 - 2015-03-17 14:43 - 00087552 _____ () C:\Program Files\Intel Corporation\Intel(R) Technology Access\libglog.dll
2015-02-08 12:20 - 2015-02-08 12:20 - 01793248 _____ () C:\Program Files\Intel Corporation\Intel(R) Technology Access\cpprest120_1_4.dll
2015-03-17 15:15 - 2015-03-17 15:15 - 00355040 _____ () C:\Program Files\Intel Corporation\Intel(R) Technology Access\JsonCpp.dll
2014-09-27 14:42 - 2014-09-27 14:42 - 00065024 _____ () C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe
2008-11-06 19:23 - 2008-11-06 19:23 - 00772096 _____ () C:\Program Files (x86)\MP4 Player\Mp4Player.exe
2015-01-19 14:35 - 2009-02-27 06:03 - 00552960 _____ () C:\Windows\Samsung\PanelMgr\SSMMgr.exe
2015-01-19 14:35 - 2009-01-30 13:41 - 00503808 _____ () C:\Windows\twain_32\Samsung\CLX3170\Scan2Pc.exe
2015-01-19 14:35 - 2007-08-13 09:18 - 00327168 _____ () C:\Windows\Samsung\PanelMgr\caller64.exe
2014-08-05 22:02 - 2013-02-01 11:16 - 00387984 _____ () C:\Program Files (x86)\Nuance\Dragon Notes\Core\fl_core.dll
2014-08-05 22:02 - 2013-02-01 11:16 - 01165712 _____ () C:\Program Files (x86)\Nuance\Dragon Notes\Core\vocon3200_asr.dll
2014-08-05 22:02 - 2013-02-01 11:16 - 00199056 _____ () C:\Program Files (x86)\Nuance\Dragon Notes\Core\vocon3200_base.dll
2014-08-05 22:02 - 2013-02-01 11:16 - 01132944 _____ () C:\Program Files (x86)\Nuance\Dragon Notes\Core\vocon3200_pron.dll
2014-08-05 22:02 - 2013-02-01 11:16 - 00035216 _____ () C:\Program Files (x86)\Nuance\Dragon Notes\Core\vocon3200_platform.dll
2014-08-05 22:02 - 2013-02-01 11:16 - 00229264 _____ () C:\Program Files (x86)\Nuance\Dragon Notes\Core\sdxg.dll
2014-08-05 22:02 - 2013-02-01 11:15 - 00027136 _____ () C:\Program Files (x86)\Nuance\Dragon Notes\Core\WASAPIResamplingStreamCOMServer.dll
2015-02-11 10:04 - 2014-07-24 05:03 - 00866056 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\UNO.dll
2015-02-11 10:04 - 2013-12-30 03:20 - 01355224 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\Language\DEU\P2GRC.dll
2015-02-11 10:04 - 2014-07-24 05:03 - 00175880 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLVistaAudioMixer.dll
2015-05-24 10:42 - 2015-05-24 10:42 - 00043008 _____ () c:\Users\Doppel D\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpt7vhkr.dll
2015-03-04 23:45 - 2015-03-04 23:45 - 00750080 _____ () C:\Users\Doppel D\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2015-03-04 23:45 - 2015-03-04 23:45 - 00047616 _____ () C:\Users\Doppel D\AppData\Roaming\Dropbox\bin\libEGL.dll
2015-03-04 23:45 - 2015-03-04 23:45 - 00865280 _____ () C:\Users\Doppel D\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll
2015-03-04 23:45 - 2015-03-04 23:45 - 00200704 _____ () C:\Users\Doppel D\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll
2015-01-19 14:35 - 2008-06-26 04:45 - 00155648 _____ () C:\Windows\twain_32\Samsung\CLX3170\IMFilter.dll
2015-01-19 14:35 - 2008-06-26 04:46 - 01384520 _____ () C:\Windows\twain_32\Samsung\CLX3170\ssole.dll
2015-01-19 14:35 - 2008-06-26 04:45 - 00367104 _____ () C:\Windows\twain_32\Samsung\CLX3170\NetModule.dll
2015-04-28 22:15 - 2015-04-28 22:15 - 00569856 _____ () C:\Users\Doppel D\AppData\Local\Pokki\Engine\ppGoogleNaClPluginChrome.dll
2015-04-28 22:15 - 2015-04-28 22:15 - 01400846 _____ () C:\Users\Doppel D\AppData\Local\Pokki\Engine\avcodec-54.dll
2015-04-28 22:15 - 2015-04-28 22:15 - 00151054 _____ () C:\Users\Doppel D\AppData\Local\Pokki\Engine\avutil-51.dll
2015-04-28 22:15 - 2015-04-28 22:15 - 00222734 _____ () C:\Users\Doppel D\AppData\Local\Pokki\Engine\avformat-54.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
==================== Safe Mode (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
==================== EXE Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-1312067100-3160384092-1139304428-1002\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Hewlett-Packard Backgrounds\backgroundDefault.jpg
DNS Servers: 192.168.2.1
==================== MSCONFIG/TASK MANAGER Error getting ==
(Currently there is no automatic fix for this section.)
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{16AD78DD-65F2-47F6-8CDF-CAF8D355BB32}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{D98FA805-30BC-47AA-90C8-4F6D608AA674}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{070CB099-7A71-44FC-8410-7062B6F7E165}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{90CB1EC0-7D89-402F-8372-A4399B92751A}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{1742ECAD-D58F-43A2-A3AD-DA7A6E47458F}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{27B451F7-8A22-4418-8BF0-12082A446104}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDirector10\PDR10.EXE
FirewallRules: [{75F4BDB8-2A9E-4903-9BD7-155A8A99C88A}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{6E779D34-D883-4059-8D0A-1480CF531C17}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{E61C5AA0-59F0-4F7E-A1CB-01FA24E98745}] => (Allow) C:\Windows\twain_32\Samsung\ScanMgr.exe
FirewallRules: [{A170C4FD-9AD1-44FC-A0BB-12074CA67675}] => (Allow) C:\Windows\twain_32\Samsung\ScanMgr.exe
FirewallRules: [{B066D0F2-9EED-4981-9FD3-8DFA25BBE09F}] => (Allow) C:\Windows\twain_32\Samsung\CLX3170\Scan2Pc.exe
FirewallRules: [{5395966C-550B-4A1D-8650-7197EB973A6D}] => (Allow) C:\Windows\twain_32\Samsung\CLX3170\Scan2Pc.exe
FirewallRules: [{022A1CF6-4E7C-4283-95F3-4D065580586C}] => (Allow) C:\Windows\twain_32\Samsung\CLX3170\Sscan2io.exe
FirewallRules: [{8F619BAA-F9A6-4549-9978-43E3888AEF69}] => (Allow) C:\Windows\twain_32\Samsung\CLX3170\Sscan2io.exe
FirewallRules: [{09ACE5EA-0B83-43A5-83AF-6A981068FBCE}] => (Allow) C:\Users\Doppel D\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{842FBF91-D0DE-4479-9C11-E68C9E4868CE}] => (Allow) C:\Users\Doppel D\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{D0E8A705-1DAB-41D4-9947-25B624AF5747}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12.exe
FirewallRules: [{942348C0-30B5-4CDD-B691-48940D5B9B90}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe
FirewallRules: [{169D1166-8C45-4F70-ACC9-85750662CA30}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
FirewallRules: [{A161EE38-2B21-4162-BF14-17DC9803882A}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12Agent.exe
FirewallRules: [{4A971199-06BA-4E38-B49D-C8D6B054ECA9}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12ML.exe
FirewallRules: [{5D6A08F9-926F-4CDC-9641-9D0307D6F56E}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD.exe
FirewallRules: [{DC48C7CC-8C7C-4184-88AB-965555AD6D42}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPSOCKSVC.exe
FirewallRules: [TCP Query User{C34CD7B8-CCA8-4B1F-BC60-E7BFB9C4D642}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{73FB4A7A-346F-490B-9591-722E1BBAE5F1}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [TCP Query User{B3540C81-C0CD-4F4B-8087-9D36FD30D1D3}C:\users\doppel d\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\doppel d\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{5D7F82B1-2281-4C83-A276-BF776EC41961}C:\users\doppel d\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\doppel d\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [TCP Query User{328C5761-B521-4747-93ED-7EFBDAAD7B5C}C:\simulia\abaqus\6.13-5\code\bin\abqcaek.exe] => (Allow) C:\simulia\abaqus\6.13-5\code\bin\abqcaek.exe
FirewallRules: [UDP Query User{F02E9BE4-F2B9-4060-866C-C2A7E507E975}C:\simulia\abaqus\6.13-5\code\bin\abqcaek.exe] => (Allow) C:\simulia\abaqus\6.13-5\code\bin\abqcaek.exe
FirewallRules: [{4226FA3C-C310-4DD6-994F-54F5F87F903E}] => (Block) C:\simulia\abaqus\6.13-5\code\bin\abqcaek.exe
FirewallRules: [{9783FEBE-D1EB-48F1-AFA4-6885C888B7ED}] => (Block) C:\simulia\abaqus\6.13-5\code\bin\abqcaek.exe
FirewallRules: [{D5CFF259-6A4B-46A0-AF54-01A77DB1F732}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe
FirewallRules: [{EB2897EE-AB63-4D50-88B3-004039E2E740}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{CA588A6D-25BF-4CD6-92E0-4CB978107FCA}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [{16ABB144-DF68-4171-8412-A290AC6F1CF4}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPSOCKSVC.exe
FirewallRules: [{F9397BE3-58B2-41BE-8753-335D2EBF8B49}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPSOCKSVC.exe
FirewallRules: [{199F35C6-1460-4C14-9D21-6803BFAA2260}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{5838AB6F-FD65-4111-8A95-28E44BC3A797}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [{99476814-A160-4CC9-83A6-BB2F40F0CCC2}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPDeviceDetection3.exe
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (05/24/2015 01:46:35 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 6250
Error: (05/24/2015 01:46:35 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 6250
Error: (05/24/2015 01:46:35 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (05/24/2015 01:46:31 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1422
Error: (05/24/2015 01:46:31 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1422
Error: (05/24/2015 01:46:31 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (05/24/2015 01:46:22 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 635109
Error: (05/24/2015 01:46:22 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 635109
Error: (05/24/2015 01:46:22 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (05/24/2015 01:35:54 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 6531
System errors:
=============
Error: (05/24/2015 00:33:32 PM) (Source: DCOM) (EventID: 10010) (User: Deissler)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}
Error: (05/24/2015 00:33:02 PM) (Source: DCOM) (EventID: 10010) (User: Deissler)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}
Error: (05/24/2015 00:09:50 PM) (Source: DCOM) (EventID: 10010) (User: Deissler)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}
Error: (05/24/2015 00:09:20 PM) (Source: DCOM) (EventID: 10010) (User: Deissler)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}
Error: (05/24/2015 11:45:43 AM) (Source: DCOM) (EventID: 10010) (User: Deissler)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}
Error: (05/24/2015 11:45:13 AM) (Source: DCOM) (EventID: 10010) (User: Deissler)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}
Error: (05/24/2015 10:40:56 AM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{DCBCA92E-7DBE-4EDA-8B7B-3AAEA4DD412B}{B292921D-AF50-400C-9B75-0C57A7F29BA1}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar
Error: (05/24/2015 10:39:47 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet:
%%20
Error: (05/24/2015 10:38:47 AM) (Source: Microsoft-Windows-Kernel-Boot) (EventID: 29) (User: NT-AUTORITÄT)
Description: 32212256841131952
Error: (05/24/2015 10:39:21 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am 23.05.2015 um 17:40:46 unerwartet heruntergefahren.
Microsoft Office:
=========================
Error: (05/24/2015 01:46:35 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 6250
Error: (05/24/2015 01:46:35 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 6250
Error: (05/24/2015 01:46:35 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (05/24/2015 01:46:31 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1422
Error: (05/24/2015 01:46:31 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1422
Error: (05/24/2015 01:46:31 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (05/24/2015 01:46:22 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 635109
Error: (05/24/2015 01:46:22 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 635109
Error: (05/24/2015 01:46:22 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (05/24/2015 01:35:54 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 6531
==================== Memory info ===========================
Processor: AMD A10-5745M APU with Radeon(tm) HD Graphics
Percentage of memory in use: 22%
Total physical RAM: 11460.65 MB
Available physical RAM: 8913.84 MB
Total Pagefile: 13188.65 MB
Available Pagefile: 10298.74 MB
Total Virtual: 131072 MB
Available Virtual: 131071.79 MB
==================== Drives ================================
Drive c: (Windows) (Fixed) (Total:907.06 GB) (Free:728.23 GB) NTFS
Drive d: (RECOVERY) (Fixed) (Total:23.43 GB) (Free:2.35 GB) NTFS ==>[System with boot components (obtained from reading drive)]
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: CA7DA791)
Partition: GPT Partition Type.
==================== End of log ============================
|
|
| Themen zu Telekom Brief Zeus/Zbot |
| aktiv, antivir, avast, avira, avira antivir, briefkasten, desktop, ebanking, email, fehlermeldung, folge, frage, free, lag, laptop, lubuntu, netzwerk, onlinebanking, passwort, passwörter, problem, rechner, telekom, tool, tracking, trojaner, win7, zeus/zbot telekom abuse warnung, ändern |
Linear-Darstellung
