|
Log-Analyse und Auswertung: PC stürzt regemäßig abWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
25.05.2015, 11:52 | #1 |
| PC stürzt regemäßig ab Hallo zusammen, ich brauche Hilfe. Mein PC hängt sich seit ein paar Tagen regelmäßig nach ca. 5-15 Minuten auf. Alle Programme hören auf zu laufen, ich kann die Fenster nicht mehr schließen, die Windowstaste reagiert nicht mehr und ich kann nicht mal mehr den Task Manager öffnen. Ich kann nur noch den Cursor bewegen. Dies passiert aber nur, wenn ich einen Browser benutze (habe Chrome und Firefox ausprobiert). Wenn ich nicht surfe, bleibt alles in Ordnung. Kann mir jemand helfen? Habe in letzter Zeit keine Veränderungen vorgenommen, außer alle Wiederherstellungspunkte zu löschen, da Laufwerk c: voll war. Bin für jeden Tipp dankbar! Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: 25.05.2015 Suchlauf-Zeit: 09:50:27 Logdatei: malware.txt Administrator: Ja Version: 2.01.6.1022 Malware Datenbank: v2015.05.25.02 Rootkit Datenbank: v2015.05.24.01 Lizenz: Kostenlos Malware Schutz: Deaktiviert Bösartiger Webseiten Schutz: Deaktiviert Selbstschutz: Deaktiviert Betriebssystem: Windows 7 Service Pack 1 CPU: x64 Dateisystem: NTFS Benutzer: Bene Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 415143 Verstrichene Zeit: 32 Min, 39 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Deaktiviert Heuristik: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (Keine schädliche Elemente gefunden) Module: 0 (Keine schädliche Elemente gefunden) Registrierungsschlüssel: 0 (Keine schädliche Elemente gefunden) Registrierungswerte: 0 (Keine schädliche Elemente gefunden) Registrierungsdaten: 0 (Keine schädliche Elemente gefunden) Ordner: 0 (Keine schädliche Elemente gefunden) Dateien: 0 (Keine schädliche Elemente gefunden) Physische Sektoren: 0 (Keine schädliche Elemente gefunden) (end) Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1) Log created at 12:02 on 25/05/2015 Checking for autostart values... HKCU\~\Run values retrieved. HKLM\~\Run values retrieved. Checking for services/drivers... SPTD -> Already disabled -=E.O.F=- Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 24-05-2015 01 Ran by Bene (administrator) on BENE-PC on 25-05-2015 12:03:16 Running from C:\Users\Bene\Desktop\Neuer Ordner (2) Loaded Profiles: Bene (Available Profiles: Bene & Administrator) Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe (AMD) C:\Windows\System32\atiesrxx.exe (AMD) C:\Windows\System32\atieclxx.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe (NEC Electronics Corporation) C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe () C:\Windows\SysWOW64\XSrvSetup.exe (Secunia) C:\Program Files (x86)\Secunia\PSI\psia.exe (SMART Technologies) C:\Program Files (x86)\SMART Technologies\Education Software\SMARTHelperService.exe (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (WDC) C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe () C:\Program Files (x86)\Western Digital\WD Smartware\Front Parlor\WDFME\WDFME.exe () C:\Program Files (x86)\Western Digital\WD Smartware\Front Parlor\WDSC.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe (Piriform Ltd) C:\Program Files (x86)\CCleaner\CCleaner64.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [8306208 2009-10-21] (Realtek Semiconductor) HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1337000 2015-04-30] (Microsoft Corporation) HKLM-x32\...\Run: [JMB36X IDE Setup] => C:\Windows\RaidTool\xInsIDE.exe [36864 2007-03-20] () HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [106496 2009-09-25] (NEC Electronics Corporation) HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-02-02] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [ATICustomerCare] => C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe [307200 2009-06-14] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated) HKU\S-1-5-21-2058888408-2479665750-2358759828-1001\...\Run: [CCleaner Monitoring] => C:\Program Files (x86)\CCleaner\CCleaner64.exe [8204056 2015-04-23] (Piriform Ltd) HKU\S-1-5-21-2058888408-2479665750-2358759828-1001\...\MountPoints2: {4fe03738-51fc-11e4-b408-6cf0490ead50} - F:\autorun.exe HKU\S-1-5-21-2058888408-2479665750-2358759828-1001\...\MountPoints2: {86906f86-6c32-11e0-814c-6cf0490ead50} - H:\LaunchU3.exe -a Startup: C:\Users\Bene\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Firefox.lnk [2010-08-05] ShortcutTarget: Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No File ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No File ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No File ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => No File ShellIconOverlayIdentifiers: [GDriveSharedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => No File CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKU\S-1-5-21-2058888408-2479665750-2358759828-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ HKU\S-1-5-21-2058888408-2479665750-2358759828-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp URLSearchHook: HKU\S-1-5-21-2058888408-2479665750-2358759828-1001 - SearchHook Class - {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll No File SearchScopes: HKU\S-1-5-21-2058888408-2479665750-2358759828-1001 -> {09FC4750-61E6-4F45-9B4F-75C3678F7BB0} URL = hxxp://dict.leo.org/ende?lp=ende&lang=de&searchLoc=0&cmpType=relaxed§Hdr=on&spellToler=on&chinese=both&pinyin=diacritic&search={searchTerms}&relink=on SearchScopes: HKU\S-1-5-21-2058888408-2479665750-2358759828-1001 -> {1ED84690-DA20-4bab-9546-D050FFB40251} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=IEBD SearchScopes: HKU\S-1-5-21-2058888408-2479665750-2358759828-1001 -> {B831271B-F1DD-4d5c-8FAB-5788F642F73C} URL = hxxp://www.google.com/custom?client=pub-3794288947762788&forid=1&channel=1975384696&ie=UTF-8&oe=UTF-8&safe=active&cof=GALT%3A%23008000%3BGL%3A1%3BDIV%3A%23336699%3BVLC%3A663399%3BAH%3Acenter%3BBGC%3AFFFFFF%3BLBGC%3A336699%3BALC%3A0000FF%3BLC%3A0000FF%3BT%3A000000%3BGFNT%3A0000FF%3BGIMP%3A0000FF%3BFORID%3A1&hl=de&q={searchTerms} SearchScopes: HKU\S-1-5-21-2058888408-2479665750-2358759828-1001 -> {E0C19C7C-D92A-403D-BE2B-E4A22BBF8E3B} URL = hxxp://rover.ebay.com/rover/1/707-37276-23097-0/4?satitle={searchTerms} BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.) BHO-x32: SMART Notebook Download Utility -> {67BCF957-85FC-4036-8DC4-D4D80E00A77B} -> C:\Program Files (x86)\SMART Technologies\Education Software\NotebookPlugin.dll [2013-08-22] (SMART Technologies ULC.) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-04-24] (Oracle Corporation) BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.) BHO-x32: QUICKfind BHO Object -> {C08DF07A-3E49-4E25-9AB0-D3882835F153} -> C:\Program Files (x86)\IDM\QUICKfind\PlugIns\IEHelp.dll [2007-02-16] (IDM) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-04-24] (Oracle Corporation) DPF: HKLM-x32 {0D6709DD-4ED8-40CA-B459-2757AEEF7BEE} hxxp://download.gigabyte.com.tw/object/Dldrv.ocx Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - No File Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 FireFox: ======== FF ProfilePath: C:\Users\Bene\AppData\Roaming\Mozilla\Firefox\Profiles\6l2jv7sk.default-1431878520975 FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-04-16] () FF Plugin: @microsoft.com/GENUINE -> disabled No File FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-16] () FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1207148.dll [2013-12-05] (Adobe Systems, Inc.) FF Plugin-x32: @canon.com/MycameraPlugin -> C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll [2008-10-15] (CANON INC.) FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2014-01-06] (Google, Inc.) FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-04-24] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-04-24] (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation) FF Plugin-x32: @pages.tvunetworks.com/WebPlayer -> C:\Program Files (x86)\TVUPlayer\npTVUAx.dll [2010-04-23] (TVU networks) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.) FF Plugin-x32: @veetle.com/vbp;version=0.9.17 -> C:\Program Files (x86)\Veetle\VLCBroadcast\npvbp.dll [2010-03-23] (Veetle Inc) FF Plugin-x32: @veetle.com/veetleCorePlugin,version=0.9.18 -> C:\Program Files (x86)\Veetle\plugins\npVeetle.dll [2011-07-28] (Veetle Inc) FF Plugin-x32: @veetle.com/veetlePlayerPlugin,version=0.9.18 -> C:\Program Files (x86)\Veetle\Player\npvlc.dll [2010-09-21] (Veetle Inc) FF Plugin-x32: @videolan.org/vlc,version=2.1.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2013-11-11] (VideoLAN) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-05-01] (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-2058888408-2479665750-2358759828-1001: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Bene\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [2014-07-24] (Skype Limited) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-05-01] (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2013-12-28] (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2013-12-28] (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2013-12-28] (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2013-12-28] (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2013-12-28] (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll [2012-06-28] (Nullsoft, Inc.) FF Extension: Adblock Plus - C:\Users\Bene\AppData\Roaming\Mozilla\Firefox\Profiles\6l2jv7sk.default-1431878520975\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-05-17] FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0034-ABCDEFFEDCBA} [2015-05-18] FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2015-05-18] FF HKLM-x32\...\Firefox\Extensions: [{1E73965B-8B48-48be-9C8D-68B920ABC1C4}] - C:\Program Files (x86)\AVG\AVG2012\Firefox4 FF HKLM-x32\...\Firefox\Extensions: [{F53C93F1-07D5-430c-86D4-C9531B27DFAF}] - C:\Program Files (x86)\AVG\AVG2012\Firefox\DoNotTrack FF HKLM-x32\...\Thunderbird\Extensions: [avgthb@avg.com] - C:\Program Files (x86)\AVG\AVG2012\Thunderbird Chrome: ======= CHR HKLM-x32\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - No Path Or update_url value ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [5814392 2012-11-06] (AVG Technologies CZ, s.r.o.) S2 avgwd; C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [196664 2012-10-22] (AVG Technologies CZ, s.r.o.) R2 DiagTrack; C:\Windows\system32\diagtrack.dll [1254400 2015-04-27] (Microsoft Corporation) R2 JMB36X; C:\Windows\SysWOW64\XSrvSetup.exe [65536 2009-08-06] () [] S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation) R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2015-04-30] (Microsoft Corporation) R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [366544 2015-04-30] (Microsoft Corporation) R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1229528 2013-12-06] (Secunia) R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [662232 2013-12-06] (Secunia) R2 SMARTHelperService; C:\Program Files (x86)\SMART Technologies\Education Software\SMARTHelperService.exe [539952 2013-10-18] (SMART Technologies) S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [] R2 WDDMService; C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [288256 2010-09-08] (WDC) [] R2 WDFME; C:\Program Files (x86)\Western Digital\WD Smartware\Front Parlor\WDFME\WDFME.exe [1034752 2010-09-08] () [] R2 WDSC; C:\Program Files (x86)\Western Digital\WD Smartware\Front Parlor\WDSC.exe [485376 2010-09-08] () [] S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [314016 2010-12-04] () R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-10-12] (Disc Soft Ltd) R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43680 2010-12-04] () R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation) S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-04-14] (Malwarebytes Corporation) R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [280376 2015-03-04] (Microsoft Corporation) R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124568 2015-03-04] (Microsoft Corporation) R2 npf; C:\Windows\System32\drivers\npf.sys [47632 2010-01-27] (CACE Technologies, Inc.) R3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2013-12-06] (Secunia) R3 SMARTMouseFilterx64; C:\Windows\System32\DRIVERS\SMARTMouseFilterx64.sys [10240 2013-10-18] (SMART Technologies) R3 SMARTVHidMiniVistaAmd64; C:\Windows\System32\DRIVERS\SMARTVHidMiniVistaAmd64.sys [9216 2013-10-18] (SMART Technologies) S3 SMARTVTabletPCx64; C:\Windows\System32\DRIVERS\SMARTVTabletPCx64.sys [22184 2013-10-18] (SMART Technologies ULC) S4 sptd; C:\Windows\System32\Drivers\sptd.sys [564824 2013-04-17] (Duplex Secure Ltd.) S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X] S3 tsusbhub; system32\drivers\tsusbhub.sys [X] S3 VGPU; System32\drivers\rdvgkmd.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-05-25 09:17 - 2015-05-25 09:19 - 00000892 _____ () C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job 2015-05-25 09:17 - 2015-05-25 09:17 - 00003882 _____ () C:\Windows\System32\Tasks\Adobe Flash Player PPAPI Notifier 2015-05-25 09:15 - 2015-05-25 09:15 - 00017231 _____ () C:\Users\Bene\Desktop\Opera 12 Notes.html 2015-05-25 09:14 - 2015-05-25 09:27 - 00003850 _____ () C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1432538089 2015-05-25 09:14 - 2015-05-25 09:14 - 00001133 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera 29.lnk 2015-05-25 09:14 - 2015-05-25 09:14 - 00000000 ____D () C:\Users\Bene\AppData\Roaming\Opera Software 2015-05-25 09:14 - 2015-05-25 09:14 - 00000000 ____D () C:\Users\Bene\AppData\Local\Opera Software 2015-05-24 17:40 - 2015-05-25 12:03 - 00000000 ____D () C:\Users\Bene\Desktop\Neuer Ordner (2) 2015-05-23 09:35 - 2015-05-23 09:35 - 00000995 _____ () C:\Users\Administrator\Desktop\SopCast.lnk 2015-05-20 20:07 - 2015-05-21 15:20 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird 2015-05-19 20:34 - 2015-05-19 20:34 - 00000000 ____D () C:\7368bc0b271974332c0a6287 2015-05-18 17:01 - 2015-05-18 17:01 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2015-05-17 10:14 - 2015-05-17 10:14 - 00000000 ____D () C:\Program Files (x86)\JAM Software 2015-05-17 09:44 - 2015-05-17 09:45 - 04898288 _____ () C:\Windows\system32\FNTCACHE.DAT 2015-05-16 17:56 - 2015-05-16 17:56 - 00082792 _____ () C:\Users\Bene\AppData\Local\GDIPFONTCACHEV1.DAT 2015-05-16 17:54 - 2015-05-25 11:59 - 00004592 _____ () C:\Windows\setupact.log 2015-05-16 17:54 - 2015-05-16 17:54 - 00000000 _____ () C:\Windows\setuperr.log 2015-05-12 20:33 - 2015-05-01 15:17 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll 2015-05-12 20:33 - 2015-05-01 15:16 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll 2015-05-12 20:32 - 2015-05-05 03:29 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2015-05-12 20:32 - 2015-05-05 03:12 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2015-05-12 20:32 - 2015-04-22 04:28 - 00389840 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2015-05-12 20:32 - 2015-04-22 03:48 - 00342736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2015-05-12 20:32 - 2015-04-21 19:14 - 24971776 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2015-05-12 20:32 - 2015-04-21 19:08 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2015-05-12 20:32 - 2015-04-21 19:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2015-05-12 20:32 - 2015-04-21 18:51 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2015-05-12 20:32 - 2015-04-21 18:50 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2015-05-12 20:32 - 2015-04-21 18:50 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec 2015-05-12 20:32 - 2015-04-21 18:50 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2015-05-12 20:32 - 2015-04-21 18:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2015-05-12 20:32 - 2015-04-21 18:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2015-05-12 20:32 - 2015-04-21 18:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2015-05-12 20:32 - 2015-04-21 18:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2015-05-12 20:32 - 2015-04-21 18:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2015-05-12 20:32 - 2015-04-21 18:35 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2015-05-12 20:32 - 2015-04-21 18:35 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2015-05-12 20:32 - 2015-04-21 18:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2015-05-12 20:32 - 2015-04-21 18:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2015-05-12 20:32 - 2015-04-21 18:31 - 06025728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2015-05-12 20:32 - 2015-04-21 18:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2015-05-12 20:32 - 2015-04-21 18:25 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2015-05-12 20:32 - 2015-04-21 18:24 - 19691008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2015-05-12 20:32 - 2015-04-21 18:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2015-05-12 20:32 - 2015-04-21 18:14 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2015-05-12 20:32 - 2015-04-21 18:11 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2015-05-12 20:32 - 2015-04-21 18:11 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2015-05-12 20:32 - 2015-04-21 18:10 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2015-05-12 20:32 - 2015-04-21 18:09 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec 2015-05-12 20:32 - 2015-04-21 18:09 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2015-05-12 20:32 - 2015-04-21 18:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2015-05-12 20:32 - 2015-04-21 18:08 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2015-05-12 20:32 - 2015-04-21 18:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2015-05-12 20:32 - 2015-04-21 18:04 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2015-05-12 20:32 - 2015-04-21 18:03 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2015-05-12 20:32 - 2015-04-21 18:02 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2015-05-12 20:32 - 2015-04-21 18:00 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2015-05-12 20:32 - 2015-04-21 17:58 - 00664576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2015-05-12 20:32 - 2015-04-21 17:58 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2015-05-12 20:32 - 2015-04-21 17:57 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2015-05-12 20:32 - 2015-04-21 17:49 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2015-05-12 20:32 - 2015-04-21 17:49 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2015-05-12 20:32 - 2015-04-21 17:48 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2015-05-12 20:32 - 2015-04-21 17:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2015-05-12 20:32 - 2015-04-21 17:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2015-05-12 20:32 - 2015-04-21 17:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2015-05-12 20:32 - 2015-04-21 17:40 - 14401536 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2015-05-12 20:32 - 2015-04-21 17:39 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2015-05-12 20:32 - 2015-04-21 17:38 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2015-05-12 20:32 - 2015-04-21 17:36 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2015-05-12 20:32 - 2015-04-21 17:31 - 04305920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2015-05-12 20:32 - 2015-04-21 17:27 - 02352128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2015-05-12 20:32 - 2015-04-21 17:26 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2015-05-12 20:32 - 2015-04-21 17:25 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2015-05-12 20:32 - 2015-04-21 17:24 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2015-05-12 20:32 - 2015-04-21 17:17 - 12828672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2015-05-12 20:32 - 2015-04-21 17:15 - 01547264 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2015-05-12 20:32 - 2015-04-21 17:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2015-05-12 20:32 - 2015-04-21 17:02 - 01882112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2015-05-12 20:32 - 2015-04-21 16:58 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2015-05-12 20:32 - 2015-04-21 16:56 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2015-05-12 20:32 - 2015-04-18 05:10 - 00460800 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll 2015-05-12 20:32 - 2015-04-18 04:56 - 00342016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll 2015-05-12 20:32 - 2015-04-13 05:28 - 00328704 _____ (Microsoft Corporation) C:\Windows\system32\services.exe 2015-05-12 20:31 - 2015-04-27 21:28 - 05569984 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2015-05-12 20:31 - 2015-04-27 21:28 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys 2015-05-12 20:31 - 2015-04-27 21:28 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys 2015-05-12 20:31 - 2015-04-27 21:26 - 01728960 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll 2015-05-12 20:31 - 2015-04-27 21:23 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2015-05-12 20:31 - 2015-04-27 21:23 - 01254400 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll 2015-05-12 20:31 - 2015-04-27 21:23 - 01162752 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll 2015-05-12 20:31 - 2015-04-27 21:23 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll 2015-05-12 20:31 - 2015-04-27 21:23 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll 2015-05-12 20:31 - 2015-04-27 21:23 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2015-05-12 20:31 - 2015-04-27 21:23 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll 2015-05-12 20:31 - 2015-04-27 21:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll 2015-05-12 20:31 - 2015-04-27 21:23 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll 2015-05-12 20:31 - 2015-04-27 21:23 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll 2015-05-12 20:31 - 2015-04-27 21:23 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll 2015-05-12 20:31 - 2015-04-27 21:23 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll 2015-05-12 20:31 - 2015-04-27 21:23 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll 2015-05-12 20:31 - 2015-04-27 21:23 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll 2015-05-12 20:31 - 2015-04-27 21:23 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll 2015-05-12 20:31 - 2015-04-27 21:23 - 00113664 _____ (Microsoft Corporation) C:\Windows\system32\sechost.dll 2015-05-12 20:31 - 2015-04-27 21:23 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll 2015-05-12 20:31 - 2015-04-27 21:23 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll 2015-05-12 20:31 - 2015-04-27 21:23 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll 2015-05-12 20:31 - 2015-04-27 21:23 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll 2015-05-12 20:31 - 2015-04-27 21:23 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll 2015-05-12 20:31 - 2015-04-27 21:23 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll 2015-05-12 20:31 - 2015-04-27 21:23 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll 2015-05-12 20:31 - 2015-04-27 21:23 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll 2015-05-12 20:31 - 2015-04-27 21:22 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\tracerpt.exe 2015-05-12 20:31 - 2015-04-27 21:22 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe 2015-05-12 20:31 - 2015-04-27 21:22 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe 2015-05-12 20:31 - 2015-04-27 21:22 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe 2015-05-12 20:31 - 2015-04-27 21:22 - 00104448 _____ (Microsoft Corporation) C:\Windows\system32\logman.exe 2015-05-12 20:31 - 2015-04-27 21:22 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\typeperf.exe 2015-05-12 20:31 - 2015-04-27 21:22 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\relog.exe 2015-05-12 20:31 - 2015-04-27 21:22 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe 2015-05-12 20:31 - 2015-04-27 21:22 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\diskperf.exe 2015-05-12 20:31 - 2015-04-27 21:21 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe 2015-05-12 20:31 - 2015-04-27 21:18 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll 2015-05-12 20:31 - 2015-04-27 21:18 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll 2015-05-12 20:31 - 2015-04-27 21:16 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll 2015-05-12 20:31 - 2015-04-27 21:16 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll 2015-05-12 20:31 - 2015-04-27 21:16 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll 2015-05-12 20:31 - 2015-04-27 21:16 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll 2015-05-12 20:31 - 2015-04-27 21:16 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll 2015-05-12 20:31 - 2015-04-27 21:16 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll 2015-05-12 20:31 - 2015-04-27 21:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll 2015-05-12 20:31 - 2015-04-27 21:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll 2015-05-12 20:31 - 2015-04-27 21:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll 2015-05-12 20:31 - 2015-04-27 21:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll 2015-05-12 20:31 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll 2015-05-12 20:31 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll 2015-05-12 20:31 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll 2015-05-12 20:31 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll 2015-05-12 20:31 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll 2015-05-12 20:31 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll 2015-05-12 20:31 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll 2015-05-12 20:31 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll 2015-05-12 20:31 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll 2015-05-12 20:31 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll 2015-05-12 20:31 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll 2015-05-12 20:31 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll 2015-05-12 20:31 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll 2015-05-12 20:31 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll 2015-05-12 20:31 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll 2015-05-12 20:31 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll 2015-05-12 20:31 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll 2015-05-12 20:31 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll 2015-05-12 20:31 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll 2015-05-12 20:31 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll 2015-05-12 20:31 - 2015-04-27 21:11 - 03989440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe 2015-05-12 20:31 - 2015-04-27 21:11 - 03934144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe 2015-05-12 20:31 - 2015-04-27 21:08 - 01310744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll 2015-05-12 20:31 - 2015-04-27 21:05 - 00635392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll 2015-05-12 20:31 - 2015-04-27 21:05 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll 2015-05-12 20:31 - 2015-04-27 21:05 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll 2015-05-12 20:31 - 2015-04-27 21:05 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll 2015-05-12 20:31 - 2015-04-27 21:05 - 00092160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sechost.dll 2015-05-12 20:31 - 2015-04-27 21:05 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll 2015-05-12 20:31 - 2015-04-27 21:05 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll 2015-05-12 20:31 - 2015-04-27 21:05 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2015-05-12 20:31 - 2015-04-27 21:05 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll 2015-05-12 20:31 - 2015-04-27 21:04 - 00641536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll 2015-05-12 20:31 - 2015-04-27 21:04 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll 2015-05-12 20:31 - 2015-04-27 21:04 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tracerpt.exe 2015-05-12 20:31 - 2015-04-27 21:04 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\logman.exe 2015-05-12 20:31 - 2015-04-27 21:04 - 00040448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\typeperf.exe 2015-05-12 20:31 - 2015-04-27 21:04 - 00037888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\relog.exe 2015-05-12 20:31 - 2015-04-27 21:04 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe 2015-05-12 20:31 - 2015-04-27 21:04 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll 2015-05-12 20:31 - 2015-04-27 21:03 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll 2015-05-12 20:31 - 2015-04-27 21:03 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll 2015-05-12 20:31 - 2015-04-27 21:03 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll 2015-05-12 20:31 - 2015-04-27 21:03 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe 2015-05-12 20:31 - 2015-04-27 21:03 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\diskperf.exe 2015-05-12 20:31 - 2015-04-27 21:03 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll 2015-05-12 20:31 - 2015-04-27 21:01 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll 2015-05-12 20:31 - 2015-04-27 21:01 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll 2015-05-12 20:31 - 2015-04-27 20:59 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll 2015-05-12 20:31 - 2015-04-27 20:59 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll 2015-05-12 20:31 - 2015-04-27 20:59 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll 2015-05-12 20:31 - 2015-04-27 20:59 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll 2015-05-12 20:31 - 2015-04-27 20:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll 2015-05-12 20:31 - 2015-04-27 20:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll 2015-05-12 20:31 - 2015-04-27 20:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll 2015-05-12 20:31 - 2015-04-27 20:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll 2015-05-12 20:31 - 2015-04-27 20:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll 2015-05-12 20:31 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll 2015-05-12 20:31 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll 2015-05-12 20:31 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll 2015-05-12 20:31 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll 2015-05-12 20:31 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll 2015-05-12 20:31 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll 2015-05-12 20:31 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll 2015-05-12 20:31 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll 2015-05-12 20:31 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll 2015-05-12 20:31 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll 2015-05-12 20:31 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll 2015-05-12 20:31 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll 2015-05-12 20:31 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll 2015-05-12 20:31 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll 2015-05-12 20:31 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll 2015-05-12 20:31 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll 2015-05-12 20:31 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll 2015-05-12 20:31 - 2015-04-27 20:06 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll 2015-05-12 20:31 - 2015-04-27 19:57 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe 2015-05-12 20:31 - 2015-04-27 19:57 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe 2015-05-12 20:31 - 2015-04-27 19:55 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll 2015-05-12 20:31 - 2015-04-27 19:55 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll 2015-05-12 20:31 - 2015-04-27 19:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll 2015-05-12 20:31 - 2015-04-27 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll 2015-05-12 20:31 - 2015-04-20 05:17 - 01647104 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll 2015-05-12 20:31 - 2015-04-20 05:17 - 01179136 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll 2015-05-12 20:31 - 2015-04-20 04:56 - 01250816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll 2015-05-12 20:31 - 2015-04-20 04:11 - 03204608 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2015-05-12 20:30 - 2015-04-08 05:29 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll 2015-05-12 20:30 - 2015-04-08 05:29 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll 2015-05-12 20:30 - 2015-04-08 05:14 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll 2015-05-12 20:30 - 2015-03-04 06:41 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\apphelp.dll 2015-05-12 20:30 - 2015-03-04 06:41 - 00072192 _____ (Microsoft Corporation) C:\Windows\system32\aelupsvc.dll 2015-05-12 20:30 - 2015-03-04 06:41 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\sdbinst.exe 2015-05-12 20:30 - 2015-03-04 06:41 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\shimeng.dll 2015-05-12 20:30 - 2015-03-04 06:11 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shimeng.dll 2015-05-12 20:30 - 2015-03-04 06:10 - 00295936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apphelp.dll 2015-05-12 20:30 - 2015-03-04 06:10 - 00020992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sdbinst.exe 2015-05-12 20:30 - 2015-02-18 09:06 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe 2015-05-12 20:30 - 2015-02-18 09:04 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe 2015-05-12 20:30 - 2015-01-29 05:19 - 02543104 _____ (Microsoft Corporation) C:\Windows\system32\wpdshext.dll 2015-05-12 20:30 - 2015-01-29 05:02 - 02311168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wpdshext.dll ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-05-25 12:03 - 2015-02-28 12:53 - 00000000 ___DC () C:\FRST 2015-05-25 11:56 - 2010-04-21 17:31 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-05-25 11:40 - 2012-07-25 17:06 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-05-25 11:15 - 2010-04-15 21:01 - 01190910 _____ () C:\Windows\WindowsUpdate.log 2015-05-25 10:22 - 2012-01-07 18:27 - 00001134 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2058888408-2479665750-2358759828-1001UA.job 2015-05-25 10:22 - 2012-01-07 18:27 - 00001112 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2058888408-2479665750-2358759828-1001Core.job 2015-05-25 09:56 - 2010-04-21 17:31 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-05-25 09:50 - 2015-02-28 13:32 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-05-25 09:35 - 2010-04-15 22:27 - 00000000 ____D () C:\Users\Bene\AppData\Roaming\uTorrent 2015-05-25 09:28 - 2009-07-14 06:45 - 00017168 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-05-25 09:28 - 2009-07-14 06:45 - 00017168 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-05-25 09:27 - 2010-04-15 21:44 - 00000000 ____D () C:\Program Files (x86)\Opera 2015-05-25 09:20 - 2012-07-25 17:06 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2015-05-25 09:19 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2015-05-25 09:17 - 2012-07-25 17:06 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2015-05-25 09:17 - 2011-05-25 07:21 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2015-05-25 09:16 - 2010-04-17 13:45 - 00000000 ____D () C:\Users\Bene\AppData\Local\Adobe 2015-05-24 10:25 - 2009-07-14 19:58 - 28654976 _____ () C:\Windows\system32\perfh007.dat 2015-05-24 10:25 - 2009-07-14 19:58 - 08998272 _____ () C:\Windows\system32\perfc007.dat 2015-05-24 10:25 - 2009-07-14 07:13 - 00006308 _____ () C:\Windows\system32\PerfStringBackup.INI 2015-05-24 09:41 - 2009-07-14 07:08 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2015-05-23 11:58 - 2011-11-12 15:33 - 00000000 ____D () C:\Users\Bene\AppData\Roaming\vlc 2015-05-23 10:11 - 2012-04-30 10:11 - 00000000 ____D () C:\Users\Bene\Documents\Körperstolz 2015-05-23 10:08 - 2010-04-15 21:42 - 00000000 ____D () C:\Program Files (x86)\CCleaner 2015-05-23 09:35 - 2010-05-08 11:56 - 00000000 ____D () C:\Program Files (x86)\SopCast 2015-05-22 09:11 - 2010-05-18 13:09 - 00000432 _____ () C:\Windows\BRWMARK.INI 2015-05-21 18:18 - 2012-05-03 21:47 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2015-05-20 08:16 - 2015-04-05 21:28 - 00000000 ___SD () C:\Windows\SysWOW64\GWX 2015-05-20 08:16 - 2015-04-05 21:28 - 00000000 ___SD () C:\Windows\system32\GWX 2015-05-19 19:41 - 2012-09-16 14:26 - 00000000 ____D () C:\ProgramData\LAT 2.0 Deutsch 2015-05-18 20:32 - 2010-02-25 22:41 - 00000000 ____D () C:\Users\Bene\Documents\Verschiedenes 2015-05-18 08:04 - 2015-02-28 13:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2015-05-18 08:04 - 2015-02-28 13:32 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2015-05-17 10:14 - 2013-12-19 13:49 - 00000000 ____D () C:\Users\Bene\AppData\Roaming\JAM Software 2015-05-17 09:51 - 2010-04-21 17:31 - 00004106 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2015-05-17 09:51 - 2010-04-21 17:31 - 00003854 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2015-05-16 17:42 - 2010-04-15 22:19 - 00000000 ____D () C:\Users\Bene\AppData\Roaming\DAEMON Tools Lite 2015-05-16 17:40 - 2014-10-19 12:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2015-05-16 17:40 - 2014-10-13 12:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Rosetta Stone 2015-05-16 17:40 - 2012-09-23 16:51 - 00000000 ____D () C:\Users\Bene\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FLV Player 2015-05-16 16:15 - 2013-01-02 20:29 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk 2015-05-12 21:47 - 2009-07-14 20:18 - 00000000 ____D () C:\Program Files\Windows Journal 2015-05-12 21:47 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\AdvancedInstallers 2015-05-12 20:44 - 2011-01-25 21:06 - 00001912 _____ () C:\Windows\epplauncher.mif 2015-05-12 20:44 - 2010-04-15 22:16 - 00002117 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk 2015-05-12 20:43 - 2011-01-25 21:06 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client 2015-05-12 20:43 - 2011-01-25 21:05 - 00000000 ____D () C:\Program Files\Microsoft Security Client 2015-05-12 20:42 - 2013-07-23 09:36 - 00000000 ____D () C:\Windows\system32\MRT 2015-05-12 20:36 - 2010-04-17 09:08 - 140425016 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2015-05-12 15:12 - 2012-05-20 00:46 - 00000000 ____D () C:\Users\Bene\Documents\Deutsche Kreditbank DKB ==================== Files in the root of some directories ======= 2010-03-25 18:42 - 2010-03-25 18:42 - 0388096 _____ (Trend Micro Inc.) C:\Program Files (x86)\HiJackThis.exe 2011-12-17 13:34 - 2011-12-17 13:34 - 0000288 _____ () C:\Users\Bene\AppData\Roaming\.backup.dm 2013-08-10 13:14 - 2013-08-10 13:14 - 0000132 _____ () C:\Users\Bene\AppData\Roaming\Adobe BMP Format CS5 Prefs 2010-08-31 16:54 - 2010-08-31 16:54 - 0109248 _____ (Microsoft Corporation) C:\Users\Bene\AppData\Roaming\MSWINSCK.OCX 2011-09-24 22:29 - 2011-09-24 22:29 - 0001456 _____ () C:\Users\Bene\AppData\Local\Adobe Save for Web 12.0 Prefs 2011-06-28 20:27 - 2012-06-30 20:36 - 0019968 _____ () C:\Users\Bene\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2011-01-03 12:13 - 2011-08-06 13:46 - 0007631 _____ () C:\Users\Bene\AppData\Local\Resmon.ResmonCfg 2010-04-17 11:47 - 2010-04-17 11:47 - 0000056 ____H () C:\ProgramData\ezsidmv.dat ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-05-25 11:41 ==================== End of log ============================ |
25.05.2015, 11:53 | #2 |
| PC stürzt regemäßig abCode:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 24-05-2015 01 Ran by at 2015-05-25 12:04:01 Running from C:\Users\Bene\Desktop\Neuer Ordner (2) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-2058888408-2479665750-2358759828-500 - Administrator - Enabled) => C:\Users\Administrator Bene (S-1-5-21-2058888408-2479665750-2358759828-1001 - Administrator - Enabled) => C:\Users\Bene Gast (S-1-5-21-2058888408-2479665750-2358759828-501 - Limited - Enabled) HomeGroupUser$ (S-1-5-21-2058888408-2479665750-2358759828-1014 - Limited - Enabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A} AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7} AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) µTorrent (HKLM-x32\...\uTorrent) (Version: 2.2.1 - ) AbiWord 2.8.6 (HKLM-x32\...\AbiWord2) (Version: 2.8.6 - AbiSource Developers) Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 4.0.0.1390 - Adobe Systems Incorporated) Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.0.0.400 - Adobe Systems Incorporated) Adobe Flash Player 17 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 17.0.0.169 - Adobe Systems Incorporated) Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.169 - Adobe Systems Incorporated) Adobe Flash Player 17 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 17.0.0.188 - Adobe Systems Incorporated) Adobe Media Player (HKLM-x32\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.8 - Adobe Systems Incorporated) Adobe Photoshop CS5 (HKLM-x32\...\{15FEDA5F-141C-4127-8D7E-B962D1742728}) (Version: 12.0 - Adobe Systems Incorporated) Adobe Reader XI (11.0.11) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.11 - Adobe Systems Incorporated) Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.7.148 - Adobe Systems, Inc.) Akamai NetSession Interface (HKU\S-1-5-21-2058888408-2479665750-2358759828-1001\...\Akamai) (Version: - Akamai Technologies, Inc) Allway Sync version 10.5.8 (HKLM-x32\...\Allway Sync_is1) (Version: - Botkind Inc) Apple Application Support (HKLM-x32\...\{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}) (Version: 2.3.4 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{6A76BEAF-6D1F-4273-A79B-DA8410A2E56B}) (Version: 5.2.0.6 - Apple Inc.) Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.) At the Cutting Edge (HKLM-x32\...\At the Cutting Edge_is1) (Version: - ) ATI AVIVO64 Codecs (Version: 10.10.0.40918 - ATI Technologies Inc.) Hidden ATI Catalyst Install Manager (HKLM\...\{857A474F-2485-BC1B-168C-BD396012C30E}) (Version: 3.0.762.0 - ATI Technologies, Inc.) ATI Catalyst Registration (x32 Version: 2.01.0000 - ATI Technologies Inc.) Hidden AVG 2012 (Version: 12.0.1913 - AVG Technologies) Hidden AVG 2012 (Version: 12.0.2178 - AVG Technologies) Hidden AVG 2012 (Version: 12.0.2180 - AVG Technologies) Hidden AVG 2012 (Version: 12.0.2193 - AVG Technologies) Hidden AVG 2012 (Version: 12.0.2195 - AVG Technologies) Hidden AVG 2012 (Version: 12.0.2197 - AVG Technologies) Hidden AVG 2012 (Version: 12.0.2221 - AVG Technologies) Hidden AVG 2013 (HKLM\...\AVG) (Version: 2013.0.2805 - AVG Technologies) AVG 2013 (Version: 13.0.2742 - AVG Technologies) Hidden AVG 2013 (Version: 13.0.2793 - AVG Technologies) Hidden Avidemux 2.6 (32-bit) (HKLM-x32\...\Avidemux 2.6) (Version: 2.6.8.9046 - ) Browser Configuration Utility (HKLM-x32\...\{5B363E1D-8C36-4458-BAE4-D5081999E094}) (Version: 1.1.11.0 - DeviceVM) <==== ATTENTION calibre (HKLM-x32\...\{62B6B7C3-E75B-49E6-A351-6CDD99C39A61}) (Version: 0.9.19 - Kovid Goyal) CANON iMAGE GATEWAY MyCamera Download Plugin (HKLM-x32\...\MyCamera Download Plugin) (Version: 3.1.1.2 - Canon Inc.) CANON iMAGE GATEWAY Task for ZoomBrowser EX (HKLM-x32\...\CANON iMAGE GATEWAY Task) (Version: 1.9.0.9 - Canon Inc.) Canon MOV Decoder (HKLM-x32\...\Canon MOV Decoder) (Version: 1.8.0.7 - Canon Inc.) Canon MOV Encoder (HKLM-x32\...\Canon MOV Encoder) (Version: 1.6.0.1 - Canon Inc.) Canon MovieEdit Task for ZoomBrowser EX (HKLM-x32\...\MovieEditTask) (Version: 3.7.0.4 - Canon Inc.) Canon Utilities Digital Photo Professional 3.10 (HKLM-x32\...\DPP) (Version: 3.10.2.0 - Canon Inc.) Canon Utilities EOS Utility (HKLM-x32\...\EOS Utility) (Version: 2.10.2.0 - Canon Inc.) Canon Utilities EOS Video Snapshot Task for ZoomBrowser EX (HKLM-x32\...\EOS Video Snapshot Task) (Version: 1.0.0.10 - Canon Inc.) Canon Utilities PhotoStitch (HKLM-x32\...\PhotoStitch) (Version: 3.1.22.46 - Canon Inc.) Canon Utilities Picture Style Editor (HKLM-x32\...\Picture Style Editor) (Version: 1.9.0.0 - Canon Inc.) Canon Utilities ZoomBrowser EX (HKLM-x32\...\ZoomBrowser EX) (Version: 6.7.0.24 - Canon Inc.) Canon ZoomBrowser EX Memory Card Utility (HKLM-x32\...\ZoomBrowser EX Memory Card Utility) (Version: 1.5.0.9 - Canon Inc.) ccc-core-static (x32 Version: 2010.0202.2335.42270 - Ihr Firmenname) Hidden CCleaner (HKLM\...\CCleaner) (Version: 5.05 - Piriform) CDex - Open Source Digital Audio CD Extractor (HKLM-x32\...\CDex) (Version: 1.70.4.2009 - Georgy Berdyshev) ComunioCalci 1.5.1 (HKLM-x32\...\{FDA3AF83-4C36-4D9C-89C4-A5C71E2CF997}_is1) (Version: - shagyou) Convert AVI to MP4 1.3 (HKLM-x32\...\{9ECE13D2-C028-44CB-8A96-A65196E7BBE7}_is1) (Version: - convertavitomp3.com) ConvertHelper 2.2 (HKLM-x32\...\{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1) (Version: - DownloadHelper) D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.49.1.0356 - Disc Soft Ltd) Defraggler (HKLM\...\Defraggler) (Version: 2.19 - Piriform) Digitale Schulbücher (HKLM-x32\...\{DE24A5DA-8CE2-4BF8-AE5E-125FBC70BE9B}) (Version: 1.1.0.65 - VBM Service GmbH) ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - ) Facebook Video Calling 3.1.0.521 (HKLM-x32\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited) Free YouTube Download 2.9 (HKLM-x32\...\Free YouTube Download_is1) (Version: - DVDVideoSoft Limited.) Gigabyte Raid Cinfigurer (HKLM-x32\...\{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}) (Version: 1.00.0001 - GIGABYTE Technologies, Inc.) Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden Google+ Auto Backup (HKLM-x32\...\{A50DE037-B5C0-4C8A-8049-B0C576B313D1}) (Version: 1.0.21.81 - Google) Google+ Auto Backup (HKLM-x32\...\{D1D4D7EA-62B8-4665-9FF7-02A91B925CC9}) (Version: 1.0.18.74 - Google) GooReader (HKLM-x32\...\{FF357FB1-41AA-4C8A-BAC3-0B309E9798D2}) (Version: 2.0 - GooReader) HydraVision (x32 Version: 4.2.114.0 - ATI Technologies Inc.) Hidden Java 8 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation) Klett Software Sicher ins Abitur (HKLM-x32\...\Klett Software Sicher ins Abitur) (Version: - ) Lehrer-Software Notting Hill Gate 3B (HKLM-x32\...\Lehrer-Software Notting Hill Gate 3B) (Version: - ) Lyrics Plugin for Winamp (HKLM-x32\...\{75E9A522-65D2-4200-A95F-C3EF89703263}) (Version: 0.4 - Lyrics Plugin) Malwarebytes Anti-Malware Version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation) Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation) Microsoft Office Word Viewer 2003 (HKLM-x32\...\{90850407-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation) Microsoft Office Word Viewer 2003 (HKLM-x32\...\{90850409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation) Microsoft PowerPoint Viewer (HKLM-x32\...\{95140000-00AF-0407-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation) Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.8.204.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation) Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation) Mozilla Firefox 38.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 38.0.1 (x86 de)) (Version: 38.0.1 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla) Mozilla Thunderbird 31.7.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 31.7.0 (x86 de)) (Version: 31.7.0 - Mozilla) MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation) MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation) MyScript HWR (German) (HKLM-x32\...\{415CD877-0970-4CB6-B178-1E72F7DC60E7}) (Version: 4.4.5.1 - SMART Technologies ULC) NEC Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{D7BF9739-8A68-4335-BBEE-37752AD9E86B}) (Version: 1.0.14.0 - NEC Electronics Corporation) NEC Electronics USB 3.0 Host Controller Driver (x32 Version: 1.0.14.0 - NEC Electronics Corporation) Hidden NVIDIA PhysX (HKLM-x32\...\{5DB65884-C963-4454-AABA-4CA3089281FA}) (Version: 9.09.0720 - NVIDIA Corporation) OpenOffice 4.1.1 (HKLM-x32\...\{ACD0FFF9-6B35-43C1-82DB-9FF6990E8602}) (Version: 4.11.9775 - Apache Software Foundation) Opera 12.15 (HKLM-x32\...\Opera 12.15.1748) (Version: 12.15.1748 - Opera Software ASA) Opera Stable 29.0.1795.60 (HKLM-x32\...\Opera 29.0.1795.60) (Version: 29.0.1795.60 - Opera Software ASA) PDF Settings CS5 (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.2.1 - Frank Heindörfer, Philip Chinery) PDFZilla V1.2.11 (HKLM-x32\...\PDFZilla_is1) (Version: - PDFZilla, Inc.) Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.) QUICKfind server v1.1 (HKLM-x32\...\QUICKfind) (Version: - IDM) QuickTime (HKLM-x32\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.) Realtek Ethernet Controller Driver For Windows Vista and Later (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0009 - Realtek) Realtek HDMI Audio Driver for ATI (HKLM-x32\...\{5449FB4F-1802-4D5B-A6D8-087DB1142147}) (Version: 6.0.1.5897 - Realtek Semiconductor Corp.) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5964 - Realtek Semiconductor Corp.) Secunia PSI (3.0.0.9016) (HKLM-x32\...\Secunia PSI) (Version: 3.0.0.9016 - Secunia) SES Driver (HKLM\...\{D8CC254C-C671-4664-9A38-FA368D1E2C97}) (Version: 1.0.0 - Western Digital) SMART Common Files (HKLM-x32\...\{BBA07B40-F7C6-44F7-BF08-767F8835685F}) (Version: 11.4.194.0 - SMART Technologies ULC) SMART German Language Pack (HKLM-x32\...\{603E8F13-20D9-4367-81F2-CF6E22D05DA9}) (Version: 11.3.29.0 - SMART Technologies ULC) SMART Ink (HKLM-x32\...\{5ABC49B5-D0DC-428D-A082-4AEFF6490F04}) (Version: 2.0.723.0 - SMART Technologies ULC) SMART Notebook (HKLM-x32\...\{E57F6C8B-E159-477E-93BF-764759747BC4}) (Version: 11.3.857.0 - SMART Technologies ULC) SMART Product Update (HKLM-x32\...\{8D4B716A-0ABE-4238-9090-D208E5F57A5E}) (Version: 5.0.108.0 - SMART Technologies ULC) SMART Produkttreiber (HKLM-x32\...\{589B09F5-0768-4BE9-B8C0-DD253E6B3643}) (Version: 11.3.550.0 - SMART Technologies ULC) SopCast 3.9.6 (HKLM-x32\...\SopCast) (Version: 3.9.6 - www.sopcast.com) SoulSeek 157 NS 13e (HKLM-x32\...\Soulseek2) (Version: - ) SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version: - ) Spotify (HKU\S-1-5-21-2058888408-2479665750-2358759828-1001\...\Spotify) (Version: 1.0.3.101.gbfa97dfe - Spotify AB) SpywareBlaster 5.0 (HKLM-x32\...\SpywareBlaster_is1) (Version: 5.0.0 - BrightFort LLC) StarCraft II (HKLM-x32\...\StarCraft II) (Version: 1.4.3.21029 - Blizzard Entertainment) Streamripper (Remove only) (HKLM-x32\...\Streamripper) (Version: - ) swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden Tesseract-OCR - open source OCR engine (HKLM-x32\...\Tesseract-OCR) (Version: 3.02.02 - Tesseract-OCR community) The Lord of the Rings FREE Trial (x32 Version: 1.00.0000 - ATI Technologies Inc.) Hidden The Rosetta Stone (HKLM-x32\...\The Rosetta Stone) (Version: - ) TreeSize Free V3.3.2 (HKLM-x32\...\TreeSize Free_is1) (Version: 3.3.2 - JAM Software) TrueCrypt (HKLM-x32\...\TrueCrypt) (Version: 7.1a - TrueCrypt Foundation) TVUPlayer 2.5.3.1 (HKLM-x32\...\TVUPlayer) (Version: 2.5.3.1 - TVU networks) vDownloader Packages (HKU\S-1-5-21-2058888408-2479665750-2358759828-1001\...\vDownloader Packages) (Version: - ) <==== ATTENTION Veetle TV (HKLM-x32\...\Veetle TV) (Version: 0.9.18 - Veetle, Inc) Visual Studio 2008 x64 Redistributables (HKLM-x32\...\{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}) (Version: 10.0.0.2 - AVG Technologies) Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies) VLC media player 2.1.1 (HKLM-x32\...\VLC media player) (Version: 2.1.1 - VideoLAN) Warcraft III (HKLM-x32\...\Warcraft III) (Version: - ) WD SmartWare (HKLM\...\{6F482C75-174D-42EB-A2CF-B00A1F354F7B}) (Version: 1.4.1.1 - Western Digital) Winamp (HKLM-x32\...\Winamp) (Version: 5.63 - Nullsoft, Inc) Winamp Erkennungs-Plug-in (HKU\S-1-5-21-2058888408-2479665750-2358759828-1001\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc) Windows Driver Package - Western Digital Technologies (WDC_SAM) WDC_SAM (03/06/2009 1.0.0008.0) (HKLM\...\422991454CB076E9B856C21BBF99AF2B82317EDA) (Version: 03/06/2009 1.0.0008.0 - Western Digital Technologies) Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation) Windows Live Mesh ActiveX control for remote connections (HKLM-x32\...\{C5398A89-516C-4DAF-BA07-EE7949090E56}) (Version: 15.4.5722.2 - Microsoft Corporation) WinPcap 4.1.1 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.1753 - CACE Technologies) WinRAR 4.01 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 4.01.0 - win.rar GmbH) WinX Free AVI to MP4 Converter 4.0.6 (HKLM-x32\...\WinX Free AVI to MP4 Converter_is1) (Version: - Digiarty Software,Inc.) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== Restore Points ========================= 23-05-2015 21:39:44 Windows Update 24-05-2015 21:07:03 Wiederherstellungsvorgang ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {01FB23D4-0705-4D28-BEC8-4C0FC0FDFEEB} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-2058888408-2479665750-2358759828-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe Task: {113A608B-2F17-4125-9B88-991F7DED31F2} - System32\Tasks\{8B1D292D-2914-4AA3-BCBC-9FE908B6FA97} => pcalua.exe -a "C:\Program Files (x86)\StreamTorrent 1.0\uninstall.exe" Task: {13A015D2-E736-47CF-98C2-29E3B290DBA2} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-05-07] (Microsoft Corporation) Task: {29BB99AA-BFDF-4F7F-B675-A1E89142B939} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-05-25] (Adobe Systems Incorporated) Task: {35BCE82B-89C7-401D-9A0D-EC36EA2155C8} - System32\Tasks\FrontLine Registry Cleaner Scheduled Scan - Bene => C:\Program Files (x86)\Frontline Registry Cleaner\REGCLEANER.exe Task: {39AE87D7-3AE6-4311-89CA-85E8CDAF1831} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2058888408-2479665750-2358759828-1001Core => C:\Users\Bene\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-25] (Facebook Inc.) Task: {46ED0861-2531-458B-8BE3-F19272A99F94} - System32\Tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A} => C:\Windows\Szucia.exe Task: {517E3F93-F287-4CFA-B353-75843DBF4365} - System32\Tasks\CCleanerSkipUAC => C:\Program Files (x86)\CCleaner\CCleaner.exe [2015-04-23] (Piriform Ltd) Task: {5951FCD3-A3A7-40ED-A42F-25256B80229D} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated) Task: {60F5DBFC-77F6-4A86-A579-86FAFF72FEB9} - System32\Tasks\Bene NBAgent 15 0 => C:\Program Files (x86)\Nero\Nero 2014\Nero BackItUp\NBAgent.exe Task: {6AF0D6C0-DEDB-40C3-B2A4-790D8227F473} - System32\Tasks\{A09F4D61-F3DA-4CAE-9D42-1A230292C43C} => pcalua.exe -a C:\Users\Bene\Desktop\template_italien.exe -d C:\Users\Bene\Desktop Task: {8BD55A68-0FF4-4417-8ACF-A0B6B81C65BA} - System32\Tasks\{B7E44C94-1876-437B-8A2E-E746911C8E79} => pcalua.exe -a D:\Downloads\irfanview_plugins_430_setup.exe -d D:\Downloads Task: {99C9EB3C-D579-4ACA-9F3B-0AC31A7B411D} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2058888408-2479665750-2358759828-1001UA => C:\Users\Bene\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-25] (Facebook Inc.) Task: {9A06DA48-887A-4EA4-9939-DE2421B9F645} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_17_0_0_188_pepper.exe [2015-05-25] (Adobe Systems Incorporated) Task: {A4DEBC80-80B3-4C62-8C3F-F5EDB03A4F7A} - System32\Tasks\Opera scheduled Autoupdate 1432538089 => C:\Program Files (x86)\Opera\launcher.exe [2015-05-18] (Opera Software) Task: {B2813C45-2182-438B-8847-21F07446211D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-19] (Google Inc.) Task: {B55F1077-438F-47DB-A40F-C21738F2869D} - System32\Tasks\{FF9EE5E2-1D95-4F78-9EC0-2DFECC036871} => pcalua.exe -a F:\setup.exe -d F:\ Task: {C0FF2D93-882C-4367-AD2D-16D741A30142} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-05-07] (Microsoft Corporation) Task: {CD0E08A7-1647-4472-8F08-6F3D33AE7C78} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-2058888408-2479665750-2358759828-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe Task: {DA3545A3-021B-4E04-9C48-B38C72F60F2E} - System32\Tasks\{0A436A0A-962C-461C-8033-6CF892A2762D} => Firefox.exe hxxp://ui.skype.com/ui/0/6.11.0.102/de/abandoninstall?source=lightinstaller&page=tsBing Task: {F5E9D5F9-50C0-44C5-9B12-8284F8CF8D7B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-19] (Google Inc.) Task: C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_17_0_0_188_pepper.exe Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2058888408-2479665750-2358759828-1001Core.job => C:\Users\Bene\AppData\Local\Facebook\Update\FacebookUpdate.exe Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2058888408-2479665750-2358759828-1001UA.job => C:\Users\Bene\AppData\Local\Facebook\Update\FacebookUpdate.exe Task: C:\Windows\Tasks\FrontLine Registry Cleaner Scheduled Scan - Bene.job => C:\Program Files (x86)\Frontline Registry Cleaner\REGCLEANER.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (Whitelisted) ============== 2011-05-22 12:14 - 2005-03-12 01:07 - 00087040 _____ () C:\Windows\System32\pdfcmnnt.dll 2010-06-19 21:29 - 2011-05-28 22:05 - 00164864 _____ () C:\Program Files\WinRAR\rarext.dll 2010-04-15 21:24 - 2009-08-06 07:51 - 00065536 ____R () C:\Windows\SysWOW64\XSrvSetup.exe 2009-11-24 13:36 - 2009-11-24 13:36 - 00016384 ____R () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll 2010-04-15 21:37 - 2010-04-15 21:37 - 00270336 _____ () C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll 2010-09-08 11:45 - 2010-09-08 11:45 - 01034752 _____ () C:\Program Files (x86)\Western Digital\WD Smartware\Front Parlor\WDFME\WDFME.exe 2010-09-08 11:44 - 2010-09-08 11:44 - 00485376 _____ () C:\Program Files (x86)\Western Digital\WD Smartware\Front Parlor\WDSC.exe 2015-04-08 21:53 - 2015-04-08 21:53 - 00057344 _____ () C:\Program Files (x86)\CCleaner\lang\lang-1031.dll 2012-05-30 20:06 - 2012-05-30 20:06 - 00087912 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll 2012-05-30 20:06 - 2012-05-30 20:06 - 01242512 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll 2010-03-05 11:24 - 2010-03-05 11:24 - 00886272 _____ () C:\Program Files (x86)\Western Digital\WD Smartware\Front Parlor\WDFME\System.Data.SQLite.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) AlternateDataStreams: C:\ProgramData\TEMP:5C321E34 ==================== Safe Mode (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) HKU\S-1-5-21-2058888408-2479665750-2358759828-1001\Software\Classes\.exe: => <===== ATTENTION! ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) IE restricted site: HKU\S-1-5-21-2058888408-2479665750-2358759828-1001\...\008i.com -> 008i.com IE restricted site: HKU\S-1-5-21-2058888408-2479665750-2358759828-1001\...\008k.com -> 008k.com IE restricted site: HKU\S-1-5-21-2058888408-2479665750-2358759828-1001\...\00hq.com -> 00hq.com IE restricted site: HKU\S-1-5-21-2058888408-2479665750-2358759828-1001\...\0190-dialers.com -> 0190-dialers.com IE restricted site: HKU\S-1-5-21-2058888408-2479665750-2358759828-1001\...\01i.info -> 01i.info IE restricted site: HKU\S-1-5-21-2058888408-2479665750-2358759828-1001\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com IE restricted site: HKU\S-1-5-21-2058888408-2479665750-2358759828-1001\...\05p.com -> 05p.com IE restricted site: HKU\S-1-5-21-2058888408-2479665750-2358759828-1001\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com IE restricted site: HKU\S-1-5-21-2058888408-2479665750-2358759828-1001\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com IE restricted site: HKU\S-1-5-21-2058888408-2479665750-2358759828-1001\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com IE restricted site: HKU\S-1-5-21-2058888408-2479665750-2358759828-1001\...\0calories.net -> 0calories.net IE restricted site: HKU\S-1-5-21-2058888408-2479665750-2358759828-1001\...\0cj.net -> 0cj.net IE restricted site: HKU\S-1-5-21-2058888408-2479665750-2358759828-1001\...\0scan.com -> 0scan.com IE restricted site: HKU\S-1-5-21-2058888408-2479665750-2358759828-1001\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com IE restricted site: HKU\S-1-5-21-2058888408-2479665750-2358759828-1001\...\1-domains-registrations.com -> 1-domains-registrations.com IE restricted site: HKU\S-1-5-21-2058888408-2479665750-2358759828-1001\...\1-se.com -> 1-se.com IE restricted site: HKU\S-1-5-21-2058888408-2479665750-2358759828-1001\...\1001movie.com -> 1001movie.com IE restricted site: HKU\S-1-5-21-2058888408-2479665750-2358759828-1001\...\1001night.biz -> 1001night.biz IE restricted site: HKU\S-1-5-21-2058888408-2479665750-2358759828-1001\...\100gal.net -> 100gal.net IE restricted site: HKU\S-1-5-21-2058888408-2479665750-2358759828-1001\...\100sexlinks.com -> 100sexlinks.com There are 5773 more restricted sites. ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-2058888408-2479665750-2358759828-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Bene\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg DNS Servers: 192.168.2.1 ==================== MSCONFIG/TASK MANAGER Error getting == (Currently there is no automatic fix for this section.) MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Secunia PSI Tray.lnk => C:\Windows\pss\Secunia PSI Tray.lnk.CommonStartup MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WDDMStatus.lnk => C:\Windows\pss\WDDMStatus.lnk.CommonStartup MSCONFIG\startupfolder: C:^Users^Bene^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\Windows\pss\Dropbox.lnk.Startup MSCONFIG\startupfolder: C:^Users^Bene^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^EvernoteClipper.lnk => C:\Windows\pss\EvernoteClipper.lnk.Startup MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" MSCONFIG\startupreg: AdobeCS4ServiceManager => "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin MSCONFIG\startupreg: AdobeCS5ServiceManager => "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin MSCONFIG\startupreg: Akamai NetSession Interface => "C:\Users\Bene\AppData\Local\Akamai\netsession_win.exe" MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" MSCONFIG\startupreg: AVG_UI => "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY MSCONFIG\startupreg: BlueStacks Agent => C:\Program Files (x86)\BlueStacks\HD-Agent.exe MSCONFIG\startupreg: DAEMON Tools Lite => "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun MSCONFIG\startupreg: Facebook Update => "C:\Users\Bene\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver MSCONFIG\startupreg: GoogleDriveSync => "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart MSCONFIG\startupreg: KiesAirMessage => C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup MSCONFIG\startupreg: KiesPreload => C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload MSCONFIG\startupreg: KiesTrayAgent => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe MSCONFIG\startupreg: lollipop => "c:\users\bene\appdata\local\lollipop\lollipop.exe" lollipop MSCONFIG\startupreg: PC Speed Maximizer => C:\Program Files (x86)\PC Speed Maximizer\SPMLauncher.exe MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime MSCONFIG\startupreg: sbsdk-server => "C:\Program Files (x86)\SMART Technologies\Education Software\sbsdk-server\NodeLauncher.exe" MSCONFIG\startupreg: SMART Board Service => "C:\Program Files (x86)\SMART Technologies\Education Software\SMARTBoardService.exe" -d MSCONFIG\startupreg: SMART Board Tools => "C:\Program Files (x86)\SMART Technologies\Education Software\SMARTBoardTools.exe" MSCONFIG\startupreg: SMART Floating Tools => "C:\Program Files (x86)\SMART Technologies\Education Software\FloatingTools.exe" MSCONFIG\startupreg: SMART Ink => "C:\Program Files (x86)\SMART Technologies\Education Software\SMARTInk.exe" -a MSCONFIG\startupreg: SMART SNMP Agent => C:\Program Files (x86)\SMART Technologies\SMART Product Drivers\SMARTSNMPAgent.exe -e MSCONFIG\startupreg: SMART Tray Tools => "C:\Program Files (x86)\SMART Technologies\Education Software\SMARTTrayIcon.exe" MSCONFIG\startupreg: SMARTNotification => "C:\Program Files (x86)\SMART Technologies\Education Software\SMARTNotification.exe" MSCONFIG\startupreg: Spotify => "C:\Users\Bene\AppData\Roaming\Spotify\Spotify.exe" -autostart -minimized MSCONFIG\startupreg: Spotify Web Helper => "C:\Users\Bene\AppData\Roaming\Spotify\SpotifyWebHelper.exe" MSCONFIG\startupreg: Steam => "C:\Program Files (x86)\Steam\Steam.exe" -silent MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" MSCONFIG\startupreg: SweetIM => C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe MSCONFIG\startupreg: SwitchBoard => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe MSCONFIG\startupreg: TkBellExe => "C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot MSCONFIG\startupreg: VDownloader => "C:\Program Files\VDownloader\VDownloader.exe" /silent ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [TCP Query User{D843B4D3-5F51-4723-A7C7-E5E2E994191E}C:\program files (x86)\opera\opera.exe] => (Allow) C:\program files (x86)\opera\opera.exe FirewallRules: [UDP Query User{01D36DD1-840C-4670-9D93-14408D1CC43C}C:\program files (x86)\opera\opera.exe] => (Allow) C:\program files (x86)\opera\opera.exe FirewallRules: [{2FEFC434-44D6-48BA-B664-A4459CC4D6CC}] => (Allow) C:\Program Files (x86)\uTorrent\uTorrent.exe FirewallRules: [{29A76C6C-F87D-4498-8707-C4780CF004A7}] => (Allow) C:\Program Files (x86)\uTorrent\uTorrent.exe FirewallRules: [TCP Query User{1BE2B5C4-B2C3-4C52-A81C-A8AF13244F35}C:\program files (x86)\warcraft iii\war3.exe] => (Allow) C:\program files (x86)\warcraft iii\war3.exe FirewallRules: [UDP Query User{14EA8528-3238-4C41-8C52-2284D5F98A5D}C:\program files (x86)\warcraft iii\war3.exe] => (Allow) C:\program files (x86)\warcraft iii\war3.exe FirewallRules: [{2D64331F-6D0F-4841-8584-E081E9E8D5AF}] => (Block) C:\program files (x86)\warcraft iii\war3.exe FirewallRules: [{63A31D00-D2F6-4B94-80DD-99B57FC208CB}] => (Block) C:\program files (x86)\warcraft iii\war3.exe FirewallRules: [TCP Query User{4922841C-3EFB-4FB8-9335-A26ED83E281A}C:\program files (x86)\soulseekns\slsk.exe] => (Allow) C:\program files (x86)\soulseekns\slsk.exe FirewallRules: [UDP Query User{9626D592-5861-4D8B-9439-40154A53F146}C:\program files (x86)\soulseekns\slsk.exe] => (Allow) C:\program files (x86)\soulseekns\slsk.exe FirewallRules: [{8C029300-CE15-4036-8EE6-81E0AF9975E4}] => (Allow) C:\Program Files (x86)\Opera\opera.exe FirewallRules: [{3817DCE6-EC3D-4AA6-B717-2769E87AF47D}] => (Allow) C:\Program Files (x86)\Opera\opera.exe FirewallRules: [TCP Query User{D174D1D8-D6F8-423A-AA7E-AAF6450C1204}C:\program files (x86)\sopcast\adv\sopadver.exe] => (Allow) C:\program files (x86)\sopcast\adv\sopadver.exe FirewallRules: [UDP Query User{F5844998-EA19-41BF-A22E-DEE0D0F377F4}C:\program files (x86)\sopcast\adv\sopadver.exe] => (Allow) C:\program files (x86)\sopcast\adv\sopadver.exe FirewallRules: [TCP Query User{95B24415-5638-4119-9245-89B1FD6642F2}C:\program files (x86)\sopcast\sopcast.exe] => (Allow) C:\program files (x86)\sopcast\sopcast.exe FirewallRules: [UDP Query User{DADB59C9-D4F1-4712-81BB-1018094B74F6}C:\program files (x86)\sopcast\sopcast.exe] => (Allow) C:\program files (x86)\sopcast\sopcast.exe FirewallRules: [{A3E7187E-B034-4E7E-8342-915FF2177883}] => (Block) C:\program files (x86)\sopcast\sopcast.exe FirewallRules: [{8489A0D4-593B-48E4-AC48-FD5C7CFC6E96}] => (Block) C:\program files (x86)\sopcast\sopcast.exe FirewallRules: [{9C66A541-8884-45B7-9DE2-3215162B98AC}] => (Block) C:\program files (x86)\sopcast\adv\sopadver.exe FirewallRules: [{D37085D8-0D25-4D0E-8BF6-42BE12F7CE4B}] => (Block) C:\program files (x86)\sopcast\adv\sopadver.exe FirewallRules: [{85D39ED4-6BDF-4350-9775-BF8211C293AF}] => (Allow) C:\Program Files (x86)\StarCraft II\StarCraft II.exe FirewallRules: [{1F000C96-11C6-4E33-9EE0-6420EC9779D4}] => (Allow) C:\Program Files (x86)\StarCraft II\StarCraft II.exe FirewallRules: [TCP Query User{A98A3B5D-1C68-4EF9-A9ED-4C0BBED70AD6}C:\program files (x86)\starcraft ii\versions\base15405\sc2.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base15405\sc2.exe FirewallRules: [UDP Query User{A29DC7C5-9654-4F44-9705-6A3F2FFBAD02}C:\program files (x86)\starcraft ii\versions\base15405\sc2.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base15405\sc2.exe FirewallRules: [{EB7F6FEC-36B2-48D2-A0A4-1A659283F71C}] => (Allow) C:\program files (x86)\starcraft ii\versions\base15405\sc2.exe FirewallRules: [{F2D3D916-734C-43EE-BD25-4CFC26D43495}] => (Allow) C:\program files (x86)\starcraft ii\versions\base15405\sc2.exe FirewallRules: [TCP Query User{4DF31695-C7C2-4401-B5C9-670FFC8445F1}C:\program files (x86)\starcraft ii\support\blizzarddownloader.exe] => (Allow) C:\program files (x86)\starcraft ii\support\blizzarddownloader.exe FirewallRules: [UDP Query User{F37C5C6E-C590-4593-8E91-036A3EB73AF2}C:\program files (x86)\starcraft ii\support\blizzarddownloader.exe] => (Allow) C:\program files (x86)\starcraft ii\support\blizzarddownloader.exe FirewallRules: [{19A1A3A8-6DEE-4A28-9168-9D44851FDCB0}] => (Block) C:\program files (x86)\starcraft ii\support\blizzarddownloader.exe FirewallRules: [{6C5711FC-0ECF-4B23-A7AA-AF0413BA7410}] => (Block) C:\program files (x86)\starcraft ii\support\blizzarddownloader.exe FirewallRules: [TCP Query User{EC4725F9-CDEE-43E8-8CAB-573E08DEBE0A}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe FirewallRules: [UDP Query User{9C366134-E842-4D7F-8C98-745915390798}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe FirewallRules: [{C27C9CD9-B086-470A-8BCA-6D4BCAAA0066}] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe FirewallRules: [{51E6E2A5-3E21-4F93-9828-152E2EA4F36C}] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe FirewallRules: [TCP Query User{556628F7-71F9-4339-B0C3-6D73591869B1}C:\program files (x86)\internet explorer\iexplore.exe] => (Allow) C:\program files (x86)\internet explorer\iexplore.exe FirewallRules: [UDP Query User{3E5EDDF5-4EAA-41D6-8412-A73C48B130C2}C:\program files (x86)\internet explorer\iexplore.exe] => (Allow) C:\program files (x86)\internet explorer\iexplore.exe FirewallRules: [{6C5A3C64-1033-4362-9985-97CD370F748F}] => (Block) C:\program files (x86)\internet explorer\iexplore.exe FirewallRules: [{6B452E67-C11A-4D06-A818-C0411A01C48B}] => (Block) C:\program files (x86)\internet explorer\iexplore.exe FirewallRules: [TCP Query User{11137FE6-063B-44C2-A3B4-BFE0FB7F4300}C:\program files (x86)\starcraft ii\starcraft ii.exe] => (Allow) C:\program files (x86)\starcraft ii\starcraft ii.exe FirewallRules: [UDP Query User{A1DF2D92-3327-469E-BEC6-F09B8E3D12ED}C:\program files (x86)\starcraft ii\starcraft ii.exe] => (Allow) C:\program files (x86)\starcraft ii\starcraft ii.exe FirewallRules: [TCP Query User{3929C904-04E6-481D-85C0-245FA7DDD957}C:\program files (x86)\starcraft ii\versions\base16939\sc2.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base16939\sc2.exe FirewallRules: [UDP Query User{7F9C1879-020B-4DD6-AE99-2D3CA651BE64}C:\program files (x86)\starcraft ii\versions\base16939\sc2.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base16939\sc2.exe FirewallRules: [{743DE810-FC17-43FF-9069-1A1E4BA33C57}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe FirewallRules: [{3E4CC361-3137-41AE-86CF-17677E3B8DAA}] => (Allow) LPort=2869 FirewallRules: [{A3A2434C-B3E7-4AA3-A4A7-7FE5216EAD7F}] => (Allow) LPort=1900 FirewallRules: [{3CBA40EF-BAB9-4F9A-8740-7A0A1153279C}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe FirewallRules: [TCP Query User{F85D8056-0EA6-4C5E-B4EB-9DC5E4887EBF}C:\program files (x86)\google\google earth\plugin\geplugin.exe] => (Allow) C:\program files (x86)\google\google earth\plugin\geplugin.exe FirewallRules: [UDP Query User{F501DBDC-1876-4447-8B1F-E9058EF39C0E}C:\program files (x86)\google\google earth\plugin\geplugin.exe] => (Allow) C:\program files (x86)\google\google earth\plugin\geplugin.exe FirewallRules: [TCP Query User{91B23A24-FB2C-4C3D-A435-E0AE5F6458B3}C:\program files (x86)\real\realplayer\realplay.exe] => (Allow) C:\program files (x86)\real\realplayer\realplay.exe FirewallRules: [UDP Query User{41343117-962E-41DE-B993-08EA151B4049}C:\program files (x86)\real\realplayer\realplay.exe] => (Allow) C:\program files (x86)\real\realplayer\realplay.exe FirewallRules: [TCP Query User{A5084ECD-78BD-4509-80CA-53DE1D61C7E7}C:\program files (x86)\tvuplayer\tvuplayer.exe] => (Allow) C:\program files (x86)\tvuplayer\tvuplayer.exe FirewallRules: [UDP Query User{79118D6C-885B-449F-A77E-EC3679BBCF34}C:\program files (x86)\tvuplayer\tvuplayer.exe] => (Allow) C:\program files (x86)\tvuplayer\tvuplayer.exe FirewallRules: [{7B213084-906C-4050-A612-84E7140E0648}] => (Block) C:\program files (x86)\tvuplayer\tvuplayer.exe FirewallRules: [{90A5074C-DF15-444B-9868-C56B237B1A16}] => (Block) C:\program files (x86)\tvuplayer\tvuplayer.exe FirewallRules: [TCP Query User{1FA3BEF2-3619-4728-B624-E650CBFABF54}C:\program files (x86)\mozilla firefox\plugin-container.exe] => (Allow) C:\program files (x86)\mozilla firefox\plugin-container.exe FirewallRules: [UDP Query User{6C1647F5-3662-4A5D-99D9-1D2DEFCE15A0}C:\program files (x86)\mozilla firefox\plugin-container.exe] => (Allow) C:\program files (x86)\mozilla firefox\plugin-container.exe FirewallRules: [{33E0AEF5-A4E9-40BD-910F-56310A869485}] => (Allow) E:\AliceSetup.exe FirewallRules: [{FBA11FAE-AF1E-4240-BB7B-1D4A6D306721}] => (Allow) E:\AliceSetup.exe FirewallRules: [TCP Query User{9F9AD9E6-84C6-4910-885C-D3A0B1BF0F38}C:\program files (x86)\google\google earth\client\googleearth.exe] => (Allow) C:\program files (x86)\google\google earth\client\googleearth.exe FirewallRules: [UDP Query User{02194056-7F43-4526-BD6A-E57BE743211D}C:\program files (x86)\google\google earth\client\googleearth.exe] => (Allow) C:\program files (x86)\google\google earth\client\googleearth.exe FirewallRules: [{DBA582D7-776A-4D0F-893F-459703E13CF9}] => (Block) C:\program files (x86)\google\google earth\client\googleearth.exe FirewallRules: [{18BD4D54-1BF4-4EFF-A2CB-3998FCFE1BAB}] => (Block) C:\program files (x86)\google\google earth\client\googleearth.exe FirewallRules: [{2296147F-C3F7-447A-931B-503E0504C28B}] => (Allow) C:\Program Files (x86)\Veetle\Player\VeetleNet.exe FirewallRules: [TCP Query User{555C3EA9-BD0D-4BC1-8F44-2FF02121472D}C:\program files (x86)\starcraft ii\versions\base19679\sc2.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base19679\sc2.exe FirewallRules: [UDP Query User{CD4287EB-0910-4F35-93BA-9876854B1DC8}C:\program files (x86)\starcraft ii\versions\base19679\sc2.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base19679\sc2.exe FirewallRules: [{AB0639C6-D4D2-4782-A7E6-F82559AB305D}] => (Allow) C:\program files (x86)\starcraft ii\versions\base19679\sc2.exe FirewallRules: [{0154113F-98CA-4C3C-A952-09FA731050DD}] => (Allow) C:\program files (x86)\starcraft ii\versions\base19679\sc2.exe FirewallRules: [TCP Query User{9DFDAA12-2210-4C48-8631-9854B17EB237}C:\users\bene\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\bene\appdata\local\akamai\netsession_win.exe FirewallRules: [UDP Query User{D240C1C8-09A4-4435-AC89-B19C1328684F}C:\users\bene\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\bene\appdata\local\akamai\netsession_win.exe FirewallRules: [{37A5E771-C8D2-4B40-9C9B-2C707C1E35D6}] => (Block) C:\users\bene\appdata\local\akamai\netsession_win.exe FirewallRules: [{C6C3660E-A22A-4562-B4B6-1172A5689E8E}] => (Block) C:\users\bene\appdata\local\akamai\netsession_win.exe FirewallRules: [{A8E28D94-D18A-4AA6-9C8A-F8D3EB30B0A0}] => (Allow) C:\Users\Bene\AppData\Local\Facebook\Video\Skype\FacebookVideoCalling.exe FirewallRules: [TCP Query User{1AD82EC3-FE0D-4B8E-A999-7662994A1499}C:\program files (x86)\starcraft ii\versions\base21029\sc2.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base21029\sc2.exe FirewallRules: [UDP Query User{C1C4D5D5-CE9E-42EA-90A5-17F60B762A66}C:\program files (x86)\starcraft ii\versions\base21029\sc2.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base21029\sc2.exe FirewallRules: [{70315441-4063-45CD-9C0C-A3F187EA6185}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe FirewallRules: [{55DF8F9F-2DD3-425B-8164-F35B95BEC065}] => (Allow) C:\Windows\SysWOW64\msiexec.exe FirewallRules: [{FB6492E0-AB67-48D8-8B10-1B92E881E96F}] => (Allow) C:\Windows\SysWOW64\msiexec.exe FirewallRules: [{8C64E472-A5E4-4F46-9AF2-329A91340E69}] => (Allow) C:\Program Files (x86)\AVG\AVG2013\avgmfapx.exe FirewallRules: [{BF486187-EC9A-4B9D-A961-0F2410B16EB4}] => (Allow) C:\Program Files (x86)\AVG\AVG2013\avgmfapx.exe FirewallRules: [{2BA211D1-6493-4872-9ED0-D0E1055EE180}] => (Allow) C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe FirewallRules: [{BA1D4679-9F58-4E31-A677-CE40B6A84885}] => (Allow) C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe FirewallRules: [{99BC6303-8D41-4520-B0C4-ED8606E60375}] => (Allow) C:\Program Files (x86)\AVG\AVG2013\avgdiagex.exe FirewallRules: [{51003424-229C-4664-9B5A-6237322D9BD0}] => (Allow) C:\Program Files (x86)\AVG\AVG2013\avgdiagex.exe FirewallRules: [{473D03B8-6E6D-46FD-970F-2A2B39AAC50D}] => (Allow) C:\Program Files (x86)\AVG\AVG2013\avgemca.exe FirewallRules: [{41E8CB64-1CB8-4A3E-94B7-72A972EA8951}] => (Allow) C:\Program Files (x86)\AVG\AVG2013\avgemca.exe FirewallRules: [{2D093579-5CF6-4371-8466-BEC1AAAB13DC}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe FirewallRules: [{60B106CC-60BD-43E4-9705-6C4C308B924D}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe FirewallRules: [{CBEB99C9-0906-40AE-AF62-370CB48C2418}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\dota.exe FirewallRules: [{1BA72F6F-70E8-4BFB-ACDE-6B967A0E0CD5}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\dota.exe FirewallRules: [TCP Query User{A4221A6F-EED6-429E-B36A-7D477C017D6B}C:\users\bene\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\bene\appdata\roaming\spotify\spotify.exe FirewallRules: [UDP Query User{4E83E4B9-6B0F-4B54-9F90-FB9E674A1B11}C:\users\bene\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\bene\appdata\roaming\spotify\spotify.exe FirewallRules: [{B295299D-1FE1-4386-82DB-D00EF015177C}] => (Block) C:\users\bene\appdata\roaming\spotify\spotify.exe FirewallRules: [{C84B547A-8217-432E-88E6-65D255CDCB82}] => (Block) C:\users\bene\appdata\roaming\spotify\spotify.exe FirewallRules: [{18840E1A-DA1E-4FA7-B12C-716A4614C787}] => (Allow) C:\Windows\SysWOW64\muzapp.exe FirewallRules: [{1E042D43-FA70-4029-90B2-46FE9B1F1909}] => (Allow) C:\Windows\SysWOW64\muzapp.exe FirewallRules: [{9159569B-FC06-4D88-9DC3-8D6E9532DE13}] => (Allow) C:\Program Files (x86)\GoforFiles\goforfilesdl.exe FirewallRules: [{C4D8AC87-8A6C-459D-8415-DB23D0DFD369}] => (Allow) C:\Program Files (x86)\GoforFiles\goforfilesdl.exe FirewallRules: [{54A947F0-795B-4234-98FE-6D196DD758DB}] => (Allow) C:\Program Files (x86)\GoforFiles\GoforFiles.exe FirewallRules: [{C681084F-F226-4CC7-A7A2-15BA3C189345}] => (Allow) C:\Program Files (x86)\GoforFiles\GoforFiles.exe FirewallRules: [{AA17F77C-C65A-46EC-8FCE-404E98B2C64C}] => (Allow) C:\Program Files (x86)\SMART Technologies\Education Software\UCGui.exe FirewallRules: [{831331E4-8EF3-40FC-9B2B-C07DB52AAA51}] => (Allow) C:\Program Files (x86)\SMART Technologies\Education Software\UCGui.exe FirewallRules: [{71969024-C6F0-4F62-8632-5941D4D651E6}] => (Allow) C:\Program Files (x86)\SMART Technologies\Education Software\UCService.exe FirewallRules: [{D1DE3663-1907-4421-98F7-3FFCE678ED95}] => (Allow) C:\Program Files (x86)\SMART Technologies\Education Software\UCService.exe FirewallRules: [{D74F1BA6-7A5B-42EA-9E91-579DE5F0A504}] => (Allow) C:\Program Files (x86)\SMART Technologies\Education Software\SMARTSNMPAgent.exe FirewallRules: [{72AE8C43-3F63-474B-98CB-8DD5BB20D3EB}] => (Allow) C:\Program Files (x86)\SMART Technologies\Education Software\SMARTSNMPAgent.exe FirewallRules: [{14822A7D-7524-4FD0-B7DA-E736757EF09A}] => (Allow) C:\Program Files (x86)\Nero\Nero 2014\Nero BackItUp\NBService\NBService.exe FirewallRules: [{6362272A-DC91-47DB-98A4-220F19FE8EF1}] => (Allow) C:\Program Files (x86)\Nero\Nero 2014\Nero BackItUp\BackItUp.exe FirewallRules: [{A73EA5E3-58C3-4C90-BDA9-DD2942652DAA}] => (Allow) C:\Program Files (x86)\Nero\Nero 2014\Nero BackItUp\BackItUp.exe FirewallRules: [{21FB9A72-A014-4FFD-B037-20D9B1A5909E}] => (Allow) C:\Program Files (x86)\Nero\Nero 2014\Nero BackItUp\NBService\NBService.exe FirewallRules: [{5C125B9C-5EEB-4E54-9FEC-E708DD126769}] => (Allow) C:\Program Files (x86)\Nero\Nero 2014\Nero BackItUp\NBService\NBService.exe FirewallRules: [{66A4650F-74CB-4EB1-B4B1-A60C18DD723D}] => (Allow) C:\Program Files (x86)\Nero\Nero 2014\Nero BackItUp\NBService\NBService.exe FirewallRules: [{8722310E-6001-4F48-8C74-6D22605BD8DD}] => (Allow) C:\Program Files (x86)\Nero\Nero 2014\Nero BackItUp\NBService\NBService.exe FirewallRules: [{5B6D9EE0-2E47-4AD8-951F-B0FBC084998F}] => (Allow) C:\Program Files (x86)\Nero\Nero 2014\Nero BackItUp\NBService\NBService.exe FirewallRules: [{162E11F7-E1A9-412B-B6FF-475F7AA75F41}] => (Allow) C:\Program Files (x86)\Nero\Nero 2014\Nero BackItUp\NBService\NBService.exe FirewallRules: [{5EE5C28F-CD60-4688-9C01-962BB426A169}] => (Allow) C:\Program Files (x86)\Nero\Nero 2014\Nero BackItUp\NBService\NBService.exe FirewallRules: [{9CE6BD1F-95A1-472D-9930-ED77B8225C5E}] => (Allow) C:\Program Files (x86)\Nero\Nero 2014\Nero BackItUp\NBService\NBService.exe FirewallRules: [{71C41DB2-0947-4A1A-9B66-35AF8C20154F}] => (Allow) C:\Program Files (x86)\Nero\Nero 2014\Nero BackItUp\NBService\NBService.exe FirewallRules: [{4A7B3664-5759-44C2-88D4-194609F64A6A}] => (Allow) C:\Program Files (x86)\Nero\Nero 2014\Nero BackItUp\NBService\NBService.exe FirewallRules: [{803A2851-D1B9-4410-99E2-DC8317AAA380}] => (Allow) C:\Program Files (x86)\Nero\Nero 2014\Nero BackItUp\NBService\NBService.exe FirewallRules: [{AEE15BFC-0C24-4E7D-AF6C-B92F9A878EF8}] => (Allow) C:\Program Files (x86)\Nero\Nero 2014\Nero BackItUp\NBService\NBService.exe FirewallRules: [{1162FD64-0784-4C77-8223-0776089A28C4}] => (Allow) C:\Program Files (x86)\Nero\Nero 2014\Nero BackItUp\NBService\NBService.exe FirewallRules: [{E350985C-7F06-4905-B988-A886156F98A7}] => (Allow) C:\Program Files (x86)\Nero\Nero 2014\Nero BackItUp\NBService\NBService.exe FirewallRules: [{B91D171A-B528-4510-A050-E24F3A245C4B}] => (Allow) C:\Program Files (x86)\Nero\Nero 2014\Nero BackItUp\NBService\NBService.exe FirewallRules: [{25144524-EDFE-4DA1-8979-2020CF8CE843}] => (Allow) C:\Program Files (x86)\Nero\Nero 2014\Nero BackItUp\NBService\NBService.exe FirewallRules: [{2DB5963A-D981-4BB3-8B97-9716B298DF70}] => (Allow) C:\Program Files (x86)\Nero\Nero 2014\Nero BackItUp\NBService\NBService.exe FirewallRules: [{1B6E5399-1304-44F5-827B-57BE3B80A087}] => (Allow) C:\Program Files (x86)\Nero\Nero 2014\Nero BackItUp\NBService\NBService.exe FirewallRules: [{21AA41C3-1091-49A6-A3FE-A27ED736A76A}] => (Allow) C:\Program Files (x86)\Nero\Nero 2014\Nero BackItUp\NBService\NBService.exe FirewallRules: [{93EBD48D-5862-4A6E-B080-13FD7FD8D84B}] => (Allow) C:\Program Files (x86)\Nero\Nero 2014\Nero BackItUp\NBService\NBService.exe FirewallRules: [{84BEE9EC-2160-4927-BCE0-901E1D5C4475}] => (Allow) C:\Program Files (x86)\Nero\Nero 2014\Nero BackItUp\NBService\NBService.exe FirewallRules: [{AC3B6AB4-5CDA-4591-B9D7-E1104C80D682}] => (Allow) C:\Program Files (x86)\Nero\Nero 2014\Nero BackItUp\NBService\NBService.exe FirewallRules: [{DF9F5BD2-C461-4C97-9757-8F4E1B5177B9}] => (Allow) C:\Program Files (x86)\Nero\Nero 2014\Nero BackItUp\NBService\NBService.exe FirewallRules: [{B3AFA6C0-FB2F-4559-AD13-2C63160B216E}] => (Allow) C:\Program Files (x86)\Nero\Nero 2014\Nero BackItUp\NBService\NBService.exe FirewallRules: [{A2C8F448-5B52-4C56-A00C-16A6ED1DF324}] => (Allow) C:\Program Files (x86)\Nero\Nero 2014\Nero BackItUp\NBService\NBService.exe FirewallRules: [{3971F6FB-CE5F-40D9-9690-9AC62F49F6C9}] => (Allow) C:\Program Files (x86)\Nero\Nero 2014\Nero BackItUp\NBService\NBService.exe FirewallRules: [{CFB9EE1D-B9BC-4E3B-B8EB-B95AF7F4C8DB}] => (Allow) C:\Program Files (x86)\Nero\Nero 2014\Nero BackItUp\NBService\NBService.exe FirewallRules: [{00965370-B8C7-432A-ACE7-39CF7D5AD4CC}] => (Allow) C:\Program Files (x86)\Nero\Nero 2014\Nero BackItUp\NBService\NBService.exe FirewallRules: [{ADB7FD5D-A5B0-4318-8526-FDC6497A86EF}] => (Allow) C:\Program Files (x86)\Nero\Nero 2014\Nero BackItUp\NBService\NBService.exe FirewallRules: [{4CF4F8AE-E51B-41FD-A677-1AFE18573FC9}] => (Allow) C:\Program Files (x86)\Nero\Nero 2014\Nero BackItUp\NBService\NBService.exe FirewallRules: [{618B9538-7D57-46C1-A755-5AB6BD7C29BF}] => (Allow) C:\Program Files (x86)\Nero\Nero 2014\Nero BackItUp\NBService\NBService.exe FirewallRules: [{3D613248-91B6-4256-B0C4-9DC88A714796}] => (Allow) C:\Program Files (x86)\Nero\Nero 2014\Nero BackItUp\NBService\NBService.exe FirewallRules: [{89B3F129-D75F-4726-A6A0-BB7C9EF9A88F}] => (Allow) C:\Program Files (x86)\Nero\Nero 2014\Nero BackItUp\NBService\NBService.exe FirewallRules: [{0E87771A-832E-4EA3-9159-78BCB1CCA2B6}] => (Allow) C:\Program Files (x86)\Nero\Nero 2014\Nero BackItUp\NBService\NBService.exe FirewallRules: [{5A5E9EE8-2B80-4DC3-8C5A-B0329E13A1D3}] => (Allow) C:\Program Files (x86)\Nero\Nero 2014\Nero BackItUp\NBService\NBService.exe FirewallRules: [{15FC5AF6-3811-42CE-9C3A-9AE3763EF22A}] => (Allow) C:\Program Files (x86)\Nero\Nero 2014\Nero BackItUp\NBService\NBService.exe FirewallRules: [{F21A4CC8-8BDC-438F-A242-0CD1B38B487A}] => (Allow) C:\Program Files (x86)\Nero\Nero 2014\Nero BackItUp\NBService\NBService.exe FirewallRules: [{E97C50CF-4580-410F-8475-CC1CF14A0A64}] => (Allow) C:\Program Files (x86)\Nero\Nero 2014\Nero BackItUp\NBService\NBService.exe FirewallRules: [{423D723C-9BAC-44DD-A28E-B4D294C471F1}] => (Allow) C:\Program Files (x86)\Nero\Nero 2014\Nero BackItUp\NBService\NBService.exe FirewallRules: [{D70982F5-80DA-411F-8B34-22F19EA2338A}] => (Allow) C:\Program Files (x86)\Nero\Nero 2014\Nero BackItUp\NBService\NBService.exe FirewallRules: [{8E7A13F3-4B02-42D0-BC96-45989F4A4F41}] => (Allow) C:\Program Files (x86)\Nero\Nero 2014\Nero BackItUp\NBService\NBService.exe FirewallRules: [{505EAC42-7424-4BF3-9112-70BCF17A94BD}] => (Allow) C:\Program Files (x86)\Nero\Nero 2014\Nero BackItUp\NBService\NBService.exe FirewallRules: [{D70E861A-3872-4B23-B5BD-683A2C794685}] => (Allow) C:\Program Files (x86)\Nero\Nero 2014\Nero BackItUp\NBService\NBService.exe FirewallRules: [{C36790A2-2EE2-4394-981A-4BA5A2F461EA}] => (Allow) C:\Program Files (x86)\Nero\Nero 2014\Nero BackItUp\NBService\NBService.exe FirewallRules: [{8CE952FC-6E0B-471C-9467-2913669E053E}] => (Allow) C:\Program Files (x86)\Nero\Nero 2014\Nero BackItUp\NBService\NBService.exe FirewallRules: [{CC64DEB9-9F94-4C7A-8133-651BE39FED53}] => (Allow) C:\Program Files (x86)\Nero\Nero 2014\Nero BackItUp\NBService\NBService.exe FirewallRules: [{E3CE0D92-53F2-4392-AE79-988B99C2C3E4}] => (Allow) C:\Program Files (x86)\Nero\Nero 2014\Nero BackItUp\NBService\NBService.exe FirewallRules: [{1F4348A6-31B5-4FD4-AC32-079A9526989C}] => (Allow) C:\Program Files (x86)\Nero\Nero 2014\Nero BackItUp\NBService\NBService.exe FirewallRules: [{D91A78E7-08D4-461E-B905-10501C29E3B5}] => (Allow) C:\Program Files (x86)\Nero\Nero 2014\Nero BackItUp\NBService\NBService.exe FirewallRules: [{FBBD0627-5E9D-4121-A6FA-8843BB62B517}] => (Allow) C:\Program Files (x86)\Nero\Nero 2014\Nero BackItUp\NBService\NBService.exe FirewallRules: [{F1FC2B33-9EDE-459F-BF4F-8D80F885426E}] => (Allow) C:\Program Files (x86)\Nero\Nero 2014\Nero BackItUp\NBService\NBService.exe FirewallRules: [{6F17FAC0-4093-4835-A704-3CE2DAD24335}] => (Allow) C:\Program Files (x86)\Nero\Nero 2014\Nero BackItUp\NBService\NBService.exe FirewallRules: [{A43C5DB4-42E0-41ED-BB9F-7CBF17A5B16B}] => (Allow) C:\Program Files (x86)\Nero\Nero 2014\Nero BackItUp\NBService\NBService.exe FirewallRules: [{078500A1-B717-4773-B96E-3788DB42C22A}] => (Allow) C:\Program Files (x86)\Nero\Nero 2014\Nero BackItUp\NBService\NBService.exe FirewallRules: [{1A2654DB-1D87-4F3B-8F04-3F1C49CB4AE1}] => (Allow) C:\Program Files (x86)\Nero\Nero 2014\Nero BackItUp\NBService\NBService.exe FirewallRules: [{2077D459-3348-4A02-ACED-F2C936B54775}] => (Allow) C:\Program Files (x86)\Nero\Nero 2014\Nero BackItUp\NBService\NBService.exe FirewallRules: [{8FDD40B6-0B28-4A18-8E18-AB8149CBF829}] => (Allow) C:\Program Files (x86)\Nero\Nero 2014\Nero BackItUp\NBService\NBService.exe FirewallRules: [{ECE39D3C-4E27-49D3-9869-ADD0EB252C1C}] => (Allow) C:\Program Files (x86)\Nero\Nero 2014\Nero BackItUp\NBService\NBService.exe FirewallRules: [{B0CE7E59-AA63-4520-99C5-209027AC8D5F}] => (Allow) C:\Program Files (x86)\Nero\Nero 2014\Nero BackItUp\NBService\NBService.exe FirewallRules: [{FFF31E17-DC3B-4A4F-B9AB-54F0EBF09EAB}] => (Allow) C:\Program Files (x86)\Nero\Nero 2014\Nero BackItUp\NBService\NBService.exe FirewallRules: [{4066FF01-D83F-487E-BBF2-5437925DFCA3}] => (Allow) C:\Program Files (x86)\Nero\Nero 2014\Nero BackItUp\NBService\NBService.exe FirewallRules: [{61FA4CF5-FC7D-4AC1-84F8-BC87EE0319FF}] => (Allow) C:\Program Files (x86)\Nero\Nero 2014\Nero BackItUp\NBService\NBService.exe FirewallRules: [{DB15DF42-3274-44C5-BC0B-E1EA778BA307}] => (Allow) C:\Program Files (x86)\Nero\Nero 2014\Nero BackItUp\NBService\NBService.exe FirewallRules: [{335E19B5-292B-4024-8A51-6E57C56B7829}] => (Allow) C:\Program Files (x86)\Nero\Nero 2014\Nero BackItUp\NBService\NBService.exe FirewallRules: [{CD52912C-ABFC-474F-92DD-0ECED37F8F4A}] => (Allow) C:\Program Files (x86)\Nero\Nero 2014\Nero BackItUp\NBService\NBService.exe FirewallRules: [{A8FD1575-33E1-4820-9597-DC4FE344D34E}] => (Allow) C:\Program Files (x86)\Nero\Nero 2014\Nero BackItUp\NBService\NBService.exe FirewallRules: [{AEDA11C0-5AB3-4B05-81E0-60844DFBBCDB}] => (Allow) C:\Program Files (x86)\Nero\Nero 2014\Nero BackItUp\NBService\NBService.exe FirewallRules: [{436F3EE7-CB26-4602-B077-349A854E7156}] => (Allow) C:\Program Files (x86)\Nero\Nero 2014\Nero BackItUp\NBService\NBService.exe FirewallRules: [{2619F447-B6DF-442F-9B96-1F69B3EA7F3B}] => (Allow) C:\Program Files (x86)\Nero\Nero 2014\Nero BackItUp\NBService\NBService.exe FirewallRules: [{3CE3A11B-3E2F-41A2-9217-BF6FC1F901C2}] => (Allow) C:\Program Files (x86)\Nero\Nero 2014\Nero BackItUp\NBService\NBService.exe FirewallRules: [{923655CB-2DFE-4A69-883E-0E5264A47C21}] => (Allow) C:\Program Files (x86)\Nero\Nero 2014\Nero BackItUp\NBService\NBService.exe FirewallRules: [{3E147A1D-931F-402E-A583-8D99720AA23F}] => (Allow) C:\Program Files (x86)\Nero\Nero 2014\Nero BackItUp\NBService\NBService.exe FirewallRules: [{E83C0344-B78C-47B9-AFE4-8204830A78A9}] => (Allow) C:\Program Files (x86)\Nero\Nero 2014\Nero BackItUp\NBService\NBService.exe FirewallRules: [{ECADE6E3-0529-4DAE-B635-6FBB05D27A9C}] => (Allow) C:\Program Files (x86)\Nero\Nero 2014\Nero BackItUp\NBService\NBService.exe FirewallRules: [{C7EB8302-53D8-42E2-99B8-A600C1C62377}] => (Allow) C:\Program Files (x86)\Nero\Nero 2014\Nero BackItUp\NBService\NBService.exe FirewallRules: [{2075A672-FDEE-4A64-8900-F808199D5F43}] => (Allow) C:\Program Files (x86)\Nero\Nero 2014\Nero BackItUp\NBService\NBService.exe FirewallRules: [{B10F1986-8F4E-4ABC-8D7B-FE7C7C875536}] => (Allow) C:\Program Files (x86)\Nero\Nero 2014\Nero BackItUp\NBService\NBService.exe FirewallRules: [{7A028AE3-7A0B-4228-86B8-AD1C2D903A17}] => (Allow) C:\Program Files (x86)\Nero\Nero 2014\Nero BackItUp\NBService\NBService.exe FirewallRules: [{5E4AC8F1-F145-4FDB-9267-E9AB14A45432}] => (Allow) C:\Program Files (x86)\Nero\Nero 2014\Nero BackItUp\NBService\NBService.exe FirewallRules: [{4EF2F9DC-70CA-4271-99F8-E90183B16C36}] => (Allow) C:\Program Files (x86)\Nero\Nero 2014\Nero BackItUp\NBService\NBService.exe FirewallRules: [{E33C8EFD-DE24-4F51-9BDF-F84EC2B13800}] => (Allow) C:\Program Files (x86)\Nero\Nero 2014\Nero BackItUp\NBService\NBService.exe FirewallRules: [{147F18DD-893E-46AE-A963-3A07BE0A5062}] => (Allow) C:\Program Files (x86)\Nero\Nero 2014\Nero BackItUp\NBService\NBService.exe FirewallRules: [{CFE79706-AE93-4EC3-A104-ED9B8F440A18}] => (Allow) C:\Program Files (x86)\Nero\Nero 2014\Nero BackItUp\NBService\NBService.exe FirewallRules: [{2DB846ED-7DA4-4AFF-8671-098D8352AF97}] => (Allow) C:\Program Files (x86)\Nero\Nero 2014\Nero BackItUp\NBService\NBService.exe FirewallRules: [{FA6F9E88-165F-41FD-B62A-C45014E8063F}] => (Allow) C:\Program Files (x86)\Nero\Nero 2014\Nero BackItUp\NBService\NBService.exe FirewallRules: [{9A6CDEFD-D2CB-44EE-89FE-E84C8AD0F3AC}] => (Allow) C:\Program Files (x86)\Nero\Nero 2014\Nero BackItUp\NBService\NBService.exe FirewallRules: [{4426E50C-8DC6-4F05-ACBF-250AE2FD2D01}] => (Allow) C:\Program Files (x86)\Nero\Nero 2014\Nero BackItUp\NBService\NBService.exe FirewallRules: [{4BD47A97-A350-49E9-8665-AD024FA52B0D}] => (Allow) C:\Program Files (x86)\Nero\Nero 2014\Nero BackItUp\NBService\NBService.exe FirewallRules: [{1B781CE9-B763-498D-93A7-D68153CB45D4}] => (Allow) C:\Program Files (x86)\Nero\Nero 2014\Nero BackItUp\NBService\NBService.exe FirewallRules: [{B0E1BA6E-C11B-447F-BC9A-943ACBE4371D}] => (Allow) C:\Program Files (x86)\Nero\Nero 2014\Nero BackItUp\NBService\NBService.exe FirewallRules: [{82A8627C-63D5-422D-B80E-0242BE31012B}] => (Allow) C:\Program Files (x86)\Nero\Nero 2014\Nero BackItUp\NBService\NBService.exe FirewallRules: [{1FA50F55-1377-4146-AEDE-F844C5B76434}] => (Allow) C:\Program Files (x86)\Nero\Nero 2014\Nero BackItUp\NBService\NBService.exe FirewallRules: [{AD02F91B-E284-4D93-B138-D0202E15F4CE}] => (Allow) C:\Program Files (x86)\Nero\Nero 2014\Nero BackItUp\NBService\NBService.exe FirewallRules: [{F128269C-A541-492D-81A5-BE0D5E1608D9}] => (Allow) C:\Program Files (x86)\Nero\Nero 2014\Nero BackItUp\NBService\NBService.exe FirewallRules: [{51E45F65-4276-4630-A60E-9C3830A67793}] => (Allow) C:\Program Files (x86)\Nero\Nero 2014\Nero BackItUp\NBService\NBService.exe FirewallRules: [{1E6DC3C4-74A1-4C99-8D93-DBE511F06BCE}] => (Allow) C:\Program Files (x86)\Nero\Nero 2014\Nero BackItUp\NBService\NBService.exe FirewallRules: [{D7901FD4-79DB-47CC-A4DD-A672EDD77C38}] => (Allow) C:\Program Files (x86)\Nero\Nero 2014\Nero BackItUp\NBService\NBService.exe FirewallRules: [{ED54139C-1DD4-4BAC-845D-FF15BA178E57}] => (Allow) C:\Program Files (x86)\Nero\Nero 2014\Nero BackItUp\NBService\NBService.exe FirewallRules: [{5D909E09-76D7-40E0-9681-3ED2EE4BD668}] => (Allow) C:\Program Files (x86)\Nero\Nero 2014\Nero BackItUp\NBService\NBService.exe FirewallRules: [{A5C2F50C-51D4-49E5-BECD-E02E8BEDCCAA}] => (Allow) C:\Program Files (x86)\Nero\Nero 2014\Nero BackItUp\NBService\NBService.exe FirewallRules: [{4AD2D853-EFC4-4DCA-A538-17289290B1D1}] => (Allow) C:\Program Files (x86)\Nero\Nero 2014\Nero BackItUp\NBService\NBService.exe FirewallRules: [{963CC360-606A-4A84-9794-E9302FF33CF4}] => (Allow) C:\Program Files (x86)\Nero\Nero 2014\Nero BackItUp\NBService\NBService.exe FirewallRules: [{5D28F85D-2550-453C-80B2-EADBCCEE6290}] => (Allow) C:\Program Files (x86)\Nero\Nero 2014\Nero BackItUp\NBService\NBService.exe FirewallRules: [{443C10B5-C1E4-41BA-B259-C8EDB36FD088}] => (Allow) C:\Program Files (x86)\Nero\Nero 2014\Nero BackItUp\NBService\NBService.exe FirewallRules: [{7334F4C3-C112-4AE9-AF7D-80ABD06B2626}] => (Allow) C:\Program Files (x86)\Nero\Nero 2014\Nero BackItUp\NBService\NBService.exe FirewallRules: [{0F57633A-6353-4BE2-AEF0-A37D1086DDB5}] => (Allow) C:\Program Files (x86)\Nero\Nero 2014\Nero BackItUp\NBService\NBService.exe FirewallRules: [{E80B998E-C65D-433A-A68F-8ABD78EC1F1F}] => (Allow) C:\Program Files (x86)\Nero\Nero 2014\Nero BackItUp\NBService\NBService.exe FirewallRules: [{C532F21B-D608-46F9-8177-B711AE8FAE8D}] => (Allow) C:\Program Files (x86)\Nero\Nero 2014\Nero BackItUp\NBService\NBService.exe FirewallRules: [{8639BDBE-12BD-43FE-B585-80C0E9741BA8}] => (Allow) C:\Program Files (x86)\Nero\Nero 2014\Nero BackItUp\NBService\NBService.exe FirewallRules: [{01DE4C5F-103A-43EF-A9E0-0F5A92746773}] => (Allow) C:\Program Files (x86)\Nero\Nero 2014\Nero BackItUp\NBService\NBService.exe FirewallRules: [{7C150231-2DCC-40E5-836D-DCAFDA579E10}] => (Allow) C:\Program Files (x86)\Nero\Nero 2014\Nero BackItUp\NBService\NBService.exe FirewallRules: [{CB787287-32D7-42A0-B575-C283BC606B7D}] => (Allow) C:\Program Files (x86)\Nero\Nero 2014\Nero BackItUp\NBService\NBService.exe FirewallRules: [{F6C14CA0-7E1C-4516-B7A9-EB42E6A1BD4E}] => (Allow) C:\Program Files (x86)\Nero\Nero 2014\Nero BackItUp\NBService\NBService.exe FirewallRules: [{CFE70C50-F9F3-48F7-88D3-8BEDFB73E44E}] => (Allow) C:\Program Files (x86)\Nero\Nero 2014\Nero BackItUp\NBService\NBService.exe FirewallRules: [{E4C9FBBA-5638-4AE6-A736-5748D8CA5DF6}] => (Allow) C:\Program Files (x86)\Nero\Nero 2014\Nero BackItUp\NBService\NBService.exe FirewallRules: [{8898AED8-41D4-4351-AB17-1E302517B85D}] => (Allow) C:\Program Files (x86)\Nero\Nero 2014\Nero BackItUp\NBService\NBService.exe FirewallRules: [{0E6DA300-FC29-48EF-B200-477D2D78C30E}] => (Allow) C:\Program Files (x86)\Nero\Nero 2014\Nero BackItUp\NBService\NBService.exe FirewallRules: [{C41C51CA-B658-488A-BF13-3668F1FAF448}] => (Allow) C:\Program Files (x86)\Nero\Nero 2014\Nero BackItUp\NBService\NBService.exe FirewallRules: [{8427F0FF-9607-4DAE-B67A-762372919566}] => (Allow) C:\Program Files (x86)\Nero\Nero 2014\Nero BackItUp\NBService\NBService.exe FirewallRules: [{3AAEA944-77F5-48E4-9FDA-A6B11F4674A0}] => (Allow) C:\Program Files (x86)\Nero\Nero 2014\Nero BackItUp\NBService\NBService.exe FirewallRules: [{3F07A7CB-F74F-4306-B6A5-11C4E8770EF5}] => (Allow) C:\Program Files (x86)\Nero\Nero 2014\Nero BackItUp\NBService\NBService.exe FirewallRules: [{09163CEE-BB05-49F5-806A-B7A67D1C7E3C}] => (Allow) C:\Program Files (x86)\Nero\Nero 2014\Nero BackItUp\NBService\NBService.exe FirewallRules: [{8919816D-1746-4C4F-A9D7-0466C9CD2D33}] => (Allow) C:\Program Files (x86)\Nero\Nero 2014\Nero BackItUp\NBService\NBService.exe FirewallRules: [TCP Query User{8B36116D-B853-4FE1-80A1-F9E305395FC6}D:\downloads\ratiomaster.net.exe] => (Allow) D:\downloads\ratiomaster.net.exe FirewallRules: [UDP Query User{5F6F94A9-06FD-4CAC-AE57-4B4B6F1362B4}D:\downloads\ratiomaster.net.exe] => (Allow) D:\downloads\ratiomaster.net.exe FirewallRules: [TCP Query User{32171C11-C0E9-4F02-9E7A-C2FAEE77CF11}D:\downloads\mratio.exe] => (Allow) D:\downloads\mratio.exe FirewallRules: [UDP Query User{662BB4CE-4360-4590-8748-BEA1EF2C4A8C}D:\downloads\mratio.exe] => (Allow) D:\downloads\mratio.exe FirewallRules: [{48E0A8E8-3645-4610-B759-5EC100BA017B}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{62C75188-603C-49B4-8730-98A3C842D165}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\fotobuch.de\Designer 2.0\Designer.exe] => Designer.exe ==================== Faulty Device Manager Devices ============= Name: Unknown Device Description: Unknown Device Class Guid: {36fc9e60-c465-11cf-8056-444553540000} Manufacturer: (Standard-USB-Hostcontroller) Service: Problem: : Windows has stopped this device because it has reported problems. (Code 43) Resolution: One of the drivers controlling the device notified the operating system that the device failed in some manner. For more information about how to diagnose the problem, see the hardware documentation. Name: SMART Virtual TabletPC Description: SMART Virtual TabletPC Class Guid: {745a17a0-74d3-11d0-b6fe-00a0c90f57da} Manufacturer: SMART Technologies ULC Service: SMARTVTabletPCx64 Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. ==================== Event log errors: ========================= Application errors: ================== Error: (05/25/2015 11:44:06 AM) (Source: SideBySide) (EventID: 80) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_41e554362bd82458.manifest. Error: (05/24/2015 09:12:34 PM) (Source: System Restore) (EventID: 8209) (User: ) Description: Die Systemwiederherstellung wurde nicht ausgeführt, da das System neu gestartet wurde, ein Stromausfall aufgetreten ist oder das System nicht mehr reagiert. Zusätzliche Informationen: (Windows Update). Error: (05/24/2015 09:10:00 PM) (Source: System Restore) (EventID: 8209) (User: ) Description: Die Systemwiederherstellung wurde nicht ausgeführt, da das System neu gestartet wurde, ein Stromausfall aufgetreten ist oder das System nicht mehr reagiert. Zusätzliche Informationen: (Windows Update). Error: (05/24/2015 08:45:20 PM) (Source: Windows Backup) (EventID: 4103) (User: ) Description: Die Sicherung wurde aufgrund eines Fehlers beim Schreiben am Sicherungsspeicherort "I:\" nicht abgeschlossen. Fehler: "Der Sicherungsort wurde nicht gefunden oder ist ungültig. Überprüfen Sie die Sicherungseinstellungen und den Sicherungsort. (0x81000006)" Error: (05/24/2015 05:44:57 PM) (Source: SideBySide) (EventID: 80) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_41e554362bd82458.manifest. Error: (05/24/2015 10:25:07 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT-AUTORITÄT) Description: Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren für Dienst "WmiApRpl" (WmiApRpl). Der Fehlercode ist das erste DWORD im Datenbereich. Error: (05/24/2015 10:25:07 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT) Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich. Error: (05/24/2015 10:25:07 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT) Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich. Error: (05/23/2015 09:33:14 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: Programm uTorrent.exe, Version 2.2.1.25302 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 5d8 Startzeit: 01d0958f0583b089 Endzeit: 0 Anwendungspfad: C:\Program Files (x86)\uTorrent\uTorrent.exe Berichts-ID: 8c4063e9-0182-11e5-b9c4-6cf0490ead50 Error: (05/23/2015 09:31:05 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: Programm uTorrent.exe, Version 2.2.1.25302 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 9b0 Startzeit: 01d0958ee0481f08 Endzeit: 0 Anwendungspfad: C:\Program Files (x86)\uTorrent\uTorrent.exe Berichts-ID: 3f7a2084-0182-11e5-b9c4-6cf0490ead50 System errors: ============= Error: (05/25/2015 09:20:26 AM) (Source: Service Control Manager) (EventID: 7024) (User: ) Description: Der Dienst "AVG WatchDog" wurde mit folgendem dienstspezifischem Fehler beendet: %%-536805315. Error: (05/25/2015 09:19:55 AM) (Source: Service Control Manager) (EventID: 7003) (User: ) Description: Der Dienst "AVGIDSAgent" ist von folgendem Dienst abhängig: AVGIDSDriver. Dieser Dienst ist eventuell nicht installiert. Error: (05/25/2015 09:19:45 AM) (Source: EventLog) (EventID: 6008) (User: ) Description: Das System wurde zuvor am 25.05.2015 um 09:17:21 unerwartet heruntergefahren. Error: (05/25/2015 09:08:28 AM) (Source: Service Control Manager) (EventID: 7024) (User: ) Description: Der Dienst "AVG WatchDog" wurde mit folgendem dienstspezifischem Fehler beendet: %%-536805315. Error: (05/25/2015 09:08:24 AM) (Source: Service Control Manager) (EventID: 7003) (User: ) Description: Der Dienst "AVGIDSAgent" ist von folgendem Dienst abhängig: AVGIDSDriver. Dieser Dienst ist eventuell nicht installiert. Error: (05/24/2015 09:12:45 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error: (05/24/2015 09:12:45 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error: (05/24/2015 09:12:45 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error: (05/24/2015 09:12:45 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error: (05/24/2015 09:12:45 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Microsoft Office: ========================= Error: (05/25/2015 11:44:06 AM) (Source: SideBySide) (EventID: 80) (User: ) Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_41e554362bd82458.manifestc:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe Error: (05/24/2015 09:12:34 PM) (Source: System Restore) (EventID: 8209) (User: ) Description: Windows Update Error: (05/24/2015 09:10:00 PM) (Source: System Restore) (EventID: 8209) (User: ) Description: Windows Update Error: (05/24/2015 08:45:20 PM) (Source: Windows Backup) (EventID: 4103) (User: ) Description: I:\Der Sicherungsort wurde nicht gefunden oder ist ungültig. Überprüfen Sie die Sicherungseinstellungen und den Sicherungsort. (0x81000006) Error: (05/24/2015 05:44:57 PM) (Source: SideBySide) (EventID: 80) (User: ) Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_41e554362bd82458.manifestD:\Downloads\esetsmartinstaller_deu.exe Error: (05/24/2015 10:25:07 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT-AUTORITÄT) Description: WmiApRplWmiApRpl8F20300004D070000 Error: (05/24/2015 10:25:07 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT) Description: Performance1637070000000000000000000009030000 Error: (05/24/2015 10:25:07 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT) Description: Performance1637070000000000000000000009030000 Error: (05/23/2015 09:33:14 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: uTorrent.exe2.2.1.253025d801d0958f0583b0890C:\Program Files (x86)\uTorrent\uTorrent.exe8c4063e9-0182-11e5-b9c4-6cf0490ead50 Error: (05/23/2015 09:31:05 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: uTorrent.exe2.2.1.253029b001d0958ee0481f080C:\Program Files (x86)\uTorrent\uTorrent.exe3f7a2084-0182-11e5-b9c4-6cf0490ead50 CodeIntegrity Errors: =================================== Date: 2010-05-06 18:02:49.131 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\Users\Bene\AppData\Local\Temp\EverestDriver.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2010-05-06 18:02:49.124 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\Users\Bene\AppData\Local\Temp\EverestDriver.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2010-05-06 18:02:48.003 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files (x86)\Lavalys\EVEREST Home Edition\kerneld.amd64" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2010-05-06 18:02:47.996 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files (x86)\Lavalys\EVEREST Home Edition\kerneld.amd64" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. ==================== Memory info =========================== Processor: AMD Phenom(tm) II X4 955 Processor Percentage of memory in use: 35% Total physical RAM: 4094.49 MB Available physical RAM: 2628.65 MB Total Pagefile: 10092.7 MB Available Pagefile: 8047.66 MB Total Virtual: 8192 MB Available Virtual: 8191.84 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:127.99 GB) (Free:2.16 GB) NTFS ==>[Drive with boot components (obtained from BCD)] Drive d: () (Fixed) (Total:337.77 GB) (Free:13.22 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 00000001) Partition 1: (Active) - (Size=128 GB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=337.8 GB) - (Type=07 NTFS) ==================== End of log ============================ Code:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net Rootkit scan 2015-05-25 12:20:22 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2 ST3500418AS rev.CC38 465,76GB Running: y3pt39iz.exe; Driver: C:\Users\Bene\AppData\Local\Temp\kxldqpow.sys ---- User code sections - GMER 2.1 ---- .text C:\Program Files (x86)\Secunia\PSI\PSIA.exe[2964] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000758b1401 2 bytes JMP 755eb21b C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Secunia\PSI\PSIA.exe[2964] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000758b1419 2 bytes JMP 755eb346 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Secunia\PSI\PSIA.exe[2964] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000758b1431 2 bytes JMP 75668f29 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Secunia\PSI\PSIA.exe[2964] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000758b144a 2 bytes CALL 755c489d C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Secunia\PSI\PSIA.exe[2964] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000758b14dd 2 bytes JMP 75668822 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Secunia\PSI\PSIA.exe[2964] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000758b14f5 2 bytes JMP 756689f8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Secunia\PSI\PSIA.exe[2964] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000758b150d 2 bytes JMP 75668718 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Secunia\PSI\PSIA.exe[2964] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000758b1525 2 bytes JMP 75668ae2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Secunia\PSI\PSIA.exe[2964] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000758b153d 2 bytes JMP 755dfca8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Secunia\PSI\PSIA.exe[2964] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000758b1555 2 bytes JMP 755e68ef C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Secunia\PSI\PSIA.exe[2964] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000758b156d 2 bytes JMP 75668fe3 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Secunia\PSI\PSIA.exe[2964] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000758b1585 2 bytes JMP 75668b42 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Secunia\PSI\PSIA.exe[2964] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000758b159d 2 bytes JMP 756686dc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Secunia\PSI\PSIA.exe[2964] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000758b15b5 2 bytes JMP 755dfd41 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Secunia\PSI\PSIA.exe[2964] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000758b15cd 2 bytes JMP 755eb2dc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Secunia\PSI\PSIA.exe[2964] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000758b16b2 2 bytes JMP 75668ea4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Secunia\PSI\PSIA.exe[2964] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000758b16bd 2 bytes JMP 75668671 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Western Digital\WD Smartware\Front Parlor\WDFME\WDFME.exe[2760] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000758b1401 2 bytes JMP 755eb21b C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Western Digital\WD Smartware\Front Parlor\WDFME\WDFME.exe[2760] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000758b1419 2 bytes JMP 755eb346 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Western Digital\WD Smartware\Front Parlor\WDFME\WDFME.exe[2760] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000758b1431 2 bytes JMP 75668f29 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Western Digital\WD Smartware\Front Parlor\WDFME\WDFME.exe[2760] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000758b144a 2 bytes CALL 755c489d C:\Windows\syswow64\KERNEL32.dll .text ... * 9 .text C:\Program Files (x86)\Western Digital\WD Smartware\Front Parlor\WDFME\WDFME.exe[2760] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000758b14dd 2 bytes JMP 75668822 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Western Digital\WD Smartware\Front Parlor\WDFME\WDFME.exe[2760] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000758b14f5 2 bytes JMP 756689f8 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Western Digital\WD Smartware\Front Parlor\WDFME\WDFME.exe[2760] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000758b150d 2 bytes JMP 75668718 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Western Digital\WD Smartware\Front Parlor\WDFME\WDFME.exe[2760] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000758b1525 2 bytes JMP 75668ae2 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Western Digital\WD Smartware\Front Parlor\WDFME\WDFME.exe[2760] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000758b153d 2 bytes JMP 755dfca8 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Western Digital\WD Smartware\Front Parlor\WDFME\WDFME.exe[2760] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000758b1555 2 bytes JMP 755e68ef C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Western Digital\WD Smartware\Front Parlor\WDFME\WDFME.exe[2760] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000758b156d 2 bytes JMP 75668fe3 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Western Digital\WD Smartware\Front Parlor\WDFME\WDFME.exe[2760] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000758b1585 2 bytes JMP 75668b42 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Western Digital\WD Smartware\Front Parlor\WDFME\WDFME.exe[2760] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000758b159d 2 bytes JMP 756686dc C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Western Digital\WD Smartware\Front Parlor\WDFME\WDFME.exe[2760] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000758b15b5 2 bytes JMP 755dfd41 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Western Digital\WD Smartware\Front Parlor\WDFME\WDFME.exe[2760] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000758b15cd 2 bytes JMP 755eb2dc C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Western Digital\WD Smartware\Front Parlor\WDFME\WDFME.exe[2760] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000758b16b2 2 bytes JMP 75668ea4 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Western Digital\WD Smartware\Front Parlor\WDFME\WDFME.exe[2760] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000758b16bd 2 bytes JMP 75668671 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Secunia\PSI\sua.exe[3896] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000758b1401 2 bytes JMP 755eb21b C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Secunia\PSI\sua.exe[3896] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000758b1419 2 bytes JMP 755eb346 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Secunia\PSI\sua.exe[3896] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000758b1431 2 bytes JMP 75668f29 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Secunia\PSI\sua.exe[3896] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000758b144a 2 bytes CALL 755c489d C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Secunia\PSI\sua.exe[3896] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000758b14dd 2 bytes JMP 75668822 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Secunia\PSI\sua.exe[3896] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000758b14f5 2 bytes JMP 756689f8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Secunia\PSI\sua.exe[3896] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000758b150d 2 bytes JMP 75668718 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Secunia\PSI\sua.exe[3896] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000758b1525 2 bytes JMP 75668ae2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Secunia\PSI\sua.exe[3896] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000758b153d 2 bytes JMP 755dfca8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Secunia\PSI\sua.exe[3896] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000758b1555 2 bytes JMP 755e68ef C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Secunia\PSI\sua.exe[3896] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000758b156d 2 bytes JMP 75668fe3 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Secunia\PSI\sua.exe[3896] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000758b1585 2 bytes JMP 75668b42 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Secunia\PSI\sua.exe[3896] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000758b159d 2 bytes JMP 756686dc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Secunia\PSI\sua.exe[3896] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000758b15b5 2 bytes JMP 755dfd41 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Secunia\PSI\sua.exe[3896] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000758b15cd 2 bytes JMP 755eb2dc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Secunia\PSI\sua.exe[3896] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000758b16b2 2 bytes JMP 75668ea4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Secunia\PSI\sua.exe[3896] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000758b16bd 2 bytes JMP 75668671 C:\Windows\syswow64\kernel32.dll ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\ Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xBC 0xE6 0xAD 0x15 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x99 0x35 0x93 0xC1 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xBD 0x4B 0xD6 0x37 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0xF8 0x35 0x81 0x34 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xBC 0xE6 0xAD 0x15 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x99 0x35 0x93 0xC1 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xBD 0x4B 0xD6 0x37 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0xF8 0x35 0x81 0x34 ... ---- EOF - GMER 2.1 ---- |
26.05.2015, 11:56 | #3 |
/// the machine /// TB-Ausbilder | PC stürzt regemäßig ab hi,
__________________Lade Dir bitte von hier Revo Uninstaller (alternativ portable Revo Uninstaller) herunter.
Downloade dir bitte Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers Downloade dir bitte TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ |
27.05.2015, 18:31 | #4 |
| PC stürzt regemäßig ab Vielen, vielen Dank für die Hilfe. Ich habe was gefunden. Freue mich auf weitere Anweisungen: Code:
ATTFilter 19:12:07.0969 0x0d70 TDSS rootkit removing tool 3.0.0.44 Jan 22 2015 08:27:04 19:12:16.0799 0x0d70 ============================================================ 19:12:16.0799 0x0d70 Current date / time: 2015/05/27 19:12:16.0799 19:12:16.0799 0x0d70 SystemInfo: 19:12:16.0799 0x0d70 19:12:16.0799 0x0d70 OS Version: 6.1.7601 ServicePack: 1.0 19:12:16.0799 0x0d70 Product type: Workstation 19:12:16.0799 0x0d70 ComputerName: BENE-PC 19:12:16.0799 0x0d70 UserName: Bene 19:12:16.0799 0x0d70 Windows directory: C:\Windows 19:12:16.0799 0x0d70 System windows directory: C:\Windows 19:12:16.0799 0x0d70 Running under WOW64 19:12:16.0799 0x0d70 Processor architecture: Intel x64 19:12:16.0799 0x0d70 Number of processors: 4 19:12:16.0799 0x0d70 Page size: 0x1000 19:12:16.0799 0x0d70 Boot type: Normal boot 19:12:16.0799 0x0d70 ============================================================ 19:12:18.0952 0x0d70 KLMD registered as C:\Windows\system32\drivers\50995943.sys 19:12:19.0420 0x0d70 System UUID: {A71AE4F3-3B6F-9E23-5156-864346EA4010} 19:12:20.0122 0x0d70 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 ( 465.76 Gb ), SectorSize: 0x200, Cylinders: 0xFC59, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000040 19:12:20.0122 0x0d70 ============================================================ 19:12:20.0122 0x0d70 \Device\Harddisk0\DR0: 19:12:20.0122 0x0d70 MBR partitions: 19:12:20.0122 0x0d70 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xFFF9D41 19:12:20.0122 0x0d70 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0xFFF9D80, BlocksNum 0x2A38AB10 19:12:20.0122 0x0d70 ============================================================ 19:12:20.0137 0x0d70 C: <-> \Device\Harddisk0\DR0\Partition1 19:12:20.0200 0x0d70 D: <-> \Device\Harddisk0\DR0\Partition2 19:12:20.0200 0x0d70 ============================================================ 19:12:20.0200 0x0d70 Initialize success 19:12:20.0200 0x0d70 ============================================================ 19:13:51.0421 0x0d78 ============================================================ 19:13:51.0421 0x0d78 Scan started 19:13:51.0421 0x0d78 Mode: Manual; SigCheck; TDLFS; 19:13:51.0421 0x0d78 ============================================================ 19:13:51.0421 0x0d78 KSN ping started 19:14:02.0742 0x0d78 KSN ping finished: true 19:14:05.0930 0x0d78 ================ Scan system memory ======================== 19:14:05.0930 0x0d78 System memory - ok 19:14:05.0930 0x0d78 ================ Scan services ============================= 19:14:06.0417 0x0d78 [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys 19:14:06.0657 0x0d78 1394ohci - ok 19:14:06.0717 0x0d78 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI C:\Windows\system32\drivers\ACPI.sys 19:14:06.0742 0x0d78 ACPI - ok 19:14:06.0787 0x0d78 [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys 19:14:06.0932 0x0d78 AcpiPmi - ok 19:14:06.0984 0x0d78 [ 2F0683FD2DF1D92E891CACA14B45A8C1, B4A8D6A183FA0B7D642FAD6B51C19FEC998481E1C49480D2B391E5D8B55F5BBD ] adfs C:\Windows\system32\drivers\adfs.sys 19:14:07.0028 0x0d78 adfs - ok 19:14:07.0242 0x0d78 [ FC5B75CA6A1DA31EDD4F8D53F5540B98, CDC445F2790ADFC4C5568C40D4DA8BB95CD71991665B38AEC3D84571C99C3520 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe 19:14:07.0269 0x0d78 AdobeARMservice - ok 19:14:07.0736 0x0d78 [ 7CACE2FDB10EADF21EDFBA7BF7238076, AB4A9CAF8866DBE24520272613F7727360FC7CBE27A43C4E50185B5C18E2E333 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe 19:14:07.0758 0x0d78 AdobeFlashPlayerUpdateSvc - ok 19:14:07.0834 0x0d78 [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys 19:14:07.0864 0x0d78 adp94xx - ok 19:14:07.0955 0x0d78 [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys 19:14:08.0024 0x0d78 adpahci - ok 19:14:08.0067 0x0d78 [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys 19:14:08.0111 0x0d78 adpu320 - ok 19:14:08.0187 0x0d78 [ 83BFCCAC53795E8A5055A93672D0C46C, B2B03473D950A5BA9DE59D81E7B14C1FAFF17B2A4D8A5808588F5CC21D63B291 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll 19:14:08.0287 0x0d78 AeLookupSvc - ok 19:14:08.0389 0x0d78 [ FA886682CFC5D36718D3E436AACF10B9, F80AB4F91AA6B5C7ECCB000D8E1BC2CF776DC3D69B3D9EBC2558C19035A6B3AB ] AFD C:\Windows\system32\drivers\afd.sys 19:14:08.0501 0x0d78 AFD - ok 19:14:08.0537 0x0d78 [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440 C:\Windows\system32\drivers\agp440.sys 19:14:08.0582 0x0d78 agp440 - ok 19:14:08.0628 0x0d78 [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG C:\Windows\System32\alg.exe 19:14:08.0835 0x0d78 ALG - ok 19:14:08.0883 0x0d78 [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide C:\Windows\system32\drivers\aliide.sys 19:14:08.0906 0x0d78 aliide - ok 19:14:08.0970 0x0d78 [ 0D3E12216D6F956F05B0B555D53D7ABB, B640E50E96E709B2413A71A72ECAF7A7420F27FF1264E335187342D75EDF3700 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe 19:14:09.0333 0x0d78 AMD External Events Utility - ok 19:14:09.0392 0x0d78 [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide C:\Windows\system32\drivers\amdide.sys 19:14:09.0426 0x0d78 amdide - ok 19:14:09.0480 0x0d78 [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys 19:14:09.0541 0x0d78 AmdK8 - ok 19:14:09.0565 0x0d78 [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys 19:14:09.0587 0x0d78 AmdPPM - ok 19:14:09.0625 0x0d78 [ D4121AE6D0C0E7E13AA221AA57EF2D49, 626F43C099BD197BE56648C367B711143C2BCCE96496BBDEF19F391D52FA01D0 ] amdsata C:\Windows\system32\drivers\amdsata.sys 19:14:09.0667 0x0d78 amdsata - ok 19:14:09.0724 0x0d78 [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys 19:14:09.0765 0x0d78 amdsbs - ok 19:14:09.0782 0x0d78 [ 540DAF1CEA6094886D72126FD7C33048, 296578572A93F5B74E1AD443E000B79DC99D1CBD25082E02704800F886A3065F ] amdxata C:\Windows\system32\drivers\amdxata.sys 19:14:09.0802 0x0d78 amdxata - ok 19:14:09.0832 0x0d78 [ 90C53BD47979FB8814F465A08B885102, 5EDFC1909FC1FF9133A534DFCC5408CF3A777AC41FB21FAD375436E3D86C02EC ] AppID C:\Windows\system32\drivers\appid.sys 19:14:09.0923 0x0d78 AppID - ok 19:14:09.0968 0x0d78 [ 72D4757510FDA69D729169C00AFC211E, FB9686D0D94EE7C19A3994C29E8331A6EC3020B2980B2CC75F72F3AB25512C15 ] AppIDSvc C:\Windows\System32\appidsvc.dll 19:14:10.0026 0x0d78 AppIDSvc - ok 19:14:10.0068 0x0d78 [ 9D2A2369AB4B08A4905FE72DB104498F, D6FA1705018BABABFA2362E05691A0D6408D14DE7B76129B16D0A1DAD6378E58 ] Appinfo C:\Windows\System32\appinfo.dll 19:14:10.0158 0x0d78 Appinfo - ok 19:14:10.0245 0x0d78 [ F401929EE0CC92BFE7F15161CA535383, 61E1C0630B8BBC65C51121D5DC7F095C59B475F39BB7B0DC68133EF7D9D0A29D ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe 19:14:10.0257 0x0d78 Apple Mobile Device - ok 19:14:10.0312 0x0d78 [ 4ABA3E75A76195A3E38ED2766C962899, E2001ACD44DA270B8289DA362D26416676301773AB22616C211F31CF2E7869AA ] AppMgmt C:\Windows\System32\appmgmts.dll 19:14:10.0384 0x0d78 AppMgmt - ok 19:14:10.0431 0x0d78 [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc C:\Windows\system32\DRIVERS\arc.sys 19:14:10.0455 0x0d78 arc - ok 19:14:10.0477 0x0d78 [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys 19:14:10.0502 0x0d78 arcsas - ok 19:14:10.0713 0x0d78 [ 9A262EDD17F8473B91B333D6B031A901, 05DFBD3A7D83FDE1D062EA719ACA9EC48CB7FD42D17DDD88B82E5D25469ADD23 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe 19:14:10.0753 0x0d78 aspnet_state - ok 19:14:10.0783 0x0d78 [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys 19:14:11.0330 0x0d78 AsyncMac - ok 19:14:11.0374 0x0d78 [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi C:\Windows\system32\drivers\atapi.sys 19:14:11.0405 0x0d78 atapi - ok 19:14:11.0478 0x0d78 [ 506934DF94E3197F4A1BBE8FBEAB0CCD, 678E16DED6767565DFA03397AA49061029351863904712DAED1862F4A606B41B ] AtiHdmiService C:\Windows\system32\drivers\AtiHdmi.sys 19:14:11.0511 0x0d78 AtiHdmiService - ok 19:14:12.0007 0x0d78 [ 79CEB8D4F25CABE69F3762C90F5B06B8, 6E34F1F44A851097EA292FA864AB275226850F92B9C259DC5B89E089223CC15B ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys 19:14:12.0318 0x0d78 atikmdag - ok 19:14:12.0418 0x0d78 [ FC0E8778C000291CAF60EB88C011E931, 09BCCA3DE01021AEF76DFB46F01D21BA6FF409E816FA7547E5C3DFBF3A615ED2 ] atksgt C:\Windows\system32\DRIVERS\atksgt.sys 19:14:12.0468 0x0d78 atksgt - ok 19:14:12.0698 0x0d78 [ 6968D02DC38757C3FBE7ED7C2F9670AA, C8B3115DDB32EFBE8C56C5AA78EEA05BBB77DF3F75CC2A04532EB32327E4735A ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll 19:14:12.0755 0x0d78 AudioEndpointBuilder - ok 19:14:12.0902 0x0d78 [ 6968D02DC38757C3FBE7ED7C2F9670AA, C8B3115DDB32EFBE8C56C5AA78EEA05BBB77DF3F75CC2A04532EB32327E4735A ] AudioSrv C:\Windows\System32\Audiosrv.dll 19:14:12.0934 0x0d78 AudioSrv - ok 19:14:13.0745 0x0d78 [ 56C73C5BC1656656CAC38A23B4310466, 70A9F39D49DE477EE035BDB8BB3555F418019F84DFEEE4F15EB87140F6E01731 ] AVGIDSAgent C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe 19:14:13.0958 0x0d78 AVGIDSAgent - ok 19:14:14.0141 0x0d78 [ 6B72E1E329C4E98C6B6FDD2D265E3BA3, CE726A3D0BE6B287AB32488D377EB10D5C3EB612263D577BD695A9AA5C45E594 ] avgwd C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe 19:14:14.0197 0x0d78 avgwd - ok 19:14:14.0250 0x0d78 [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV C:\Windows\System32\AxInstSV.dll 19:14:14.0631 0x0d78 AxInstSV - ok 19:14:14.0751 0x0d78 [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys 19:14:14.0857 0x0d78 b06bdrv - ok 19:14:14.0922 0x0d78 [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys 19:14:15.0057 0x0d78 b57nd60a - ok 19:14:15.0093 0x0d78 [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC C:\Windows\System32\bdesvc.dll 19:14:15.0133 0x0d78 BDESVC - ok 19:14:15.0156 0x0d78 [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep C:\Windows\system32\drivers\Beep.sys 19:14:15.0257 0x0d78 Beep - ok 19:14:15.0373 0x0d78 [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE C:\Windows\System32\bfe.dll 19:14:15.0441 0x0d78 BFE - ok 19:14:15.0516 0x0d78 [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS C:\Windows\System32\qmgr.dll 19:14:16.0237 0x0d78 BITS - ok 19:14:16.0286 0x0d78 [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys 19:14:16.0348 0x0d78 blbdrive - ok 19:14:16.0375 0x0d78 [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser C:\Windows\system32\DRIVERS\bowser.sys 19:14:16.0458 0x0d78 bowser - ok 19:14:16.0502 0x0d78 [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys 19:14:16.0567 0x0d78 BrFiltLo - ok 19:14:16.0587 0x0d78 [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys 19:14:16.0640 0x0d78 BrFiltUp - ok 19:14:16.0719 0x0d78 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser C:\Windows\System32\browser.dll 19:14:16.0772 0x0d78 Browser - ok 19:14:17.0035 0x0d78 [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid C:\Windows\system32\DRIVERS\BrSerId.sys 19:14:17.0114 0x0d78 Brserid - ok 19:14:17.0174 0x0d78 [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys 19:14:17.0248 0x0d78 BrSerWdm - ok 19:14:17.0270 0x0d78 [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys 19:14:17.0316 0x0d78 BrUsbMdm - ok 19:14:17.0354 0x0d78 [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer C:\Windows\system32\DRIVERS\BrUsbSer.sys 19:14:17.0403 0x0d78 BrUsbSer - ok 19:14:17.0425 0x0d78 [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys 19:14:17.0487 0x0d78 BTHMODEM - ok 19:14:17.0539 0x0d78 [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv C:\Windows\system32\bthserv.dll 19:14:17.0631 0x0d78 bthserv - ok 19:14:17.0656 0x0d78 [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys 19:14:17.0714 0x0d78 cdfs - ok 19:14:17.0783 0x0d78 [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys 19:14:17.0841 0x0d78 cdrom - ok 19:14:17.0891 0x0d78 [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc C:\Windows\System32\certprop.dll 19:14:17.0932 0x0d78 CertPropSvc - ok 19:14:17.0960 0x0d78 [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass C:\Windows\system32\DRIVERS\circlass.sys 19:14:17.0990 0x0d78 circlass - ok 19:14:18.0034 0x0d78 [ 404B7DF9CA4D1CB675045AF220FF3285, 91FFADE2ABE5C48849E63134D5FFD20671FE0D1720F7D486F904391B3D142C96 ] CLFS C:\Windows\system32\CLFS.sys 19:14:18.0051 0x0d78 CLFS - ok 19:14:18.0099 0x0d78 [ F13EC8A783E0CB0D6DC26A3CA848B7B8, 0809E3B71709F1343086EEB6C820543C1A7119E74EEF8AC1AEE1F81093ABEC66 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 19:14:18.0110 0x0d78 clr_optimization_v2.0.50727_32 - ok 19:14:18.0186 0x0d78 [ B4D73F04E9BC076F7CDAC4327DF636BB, 1ADED20D5A0D0A76E2F85CB778FD06BAB814868D35F8532E17D67045FF4770C2 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe 19:14:18.0219 0x0d78 clr_optimization_v2.0.50727_64 - ok 19:14:18.0320 0x0d78 [ E87213F37A13E2B54391E40934F071D0, 7EB221127EFB5BF158FB03D18EFDA2C55FB6CE3D1A1FE69C01D70DBED02C87E5 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 19:14:18.0347 0x0d78 clr_optimization_v4.0.30319_32 - ok 19:14:18.0366 0x0d78 [ 4AEDAB50F83580D0B4D6CF78191F92AA, D113C47013B018B45161911B96E93AF96A2F3B34FA47061BF6E7A71FBA03194A ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe 19:14:18.0398 0x0d78 clr_optimization_v4.0.30319_64 - ok 19:14:18.0435 0x0d78 [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys 19:14:18.0477 0x0d78 CmBatt - ok 19:14:18.0489 0x0d78 [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide C:\Windows\system32\drivers\cmdide.sys 19:14:18.0507 0x0d78 cmdide - ok 19:14:18.0602 0x0d78 [ 27667A788130A7F7A5858DE27572E6D7, 5501D80BCCB7A811ECCED3828DFD0A5D948BBED8504E9BCC4A3BFB840DD41CBC ] CNG C:\Windows\system32\Drivers\cng.sys 19:14:18.0698 0x0d78 CNG - ok 19:14:18.0734 0x0d78 [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys 19:14:18.0753 0x0d78 Compbatt - ok 19:14:18.0784 0x0d78 [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys 19:14:18.0820 0x0d78 CompositeBus - ok 19:14:18.0824 0x0d78 COMSysApp - ok 19:14:18.0843 0x0d78 [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys 19:14:18.0866 0x0d78 crcdisk - ok 19:14:18.0928 0x0d78 [ 1CD76A83B9E8E9A5A3519B39E28354D9, F9931743B99820FFBFB13136DFFD92F86802D543F9D8478648CDC554FB38899D ] CryptSvc C:\Windows\system32\cryptsvc.dll 19:14:19.0040 0x0d78 CryptSvc - ok 19:14:19.0117 0x0d78 [ 54DA3DFD29ED9F1619B6F53F3CE55E49, 9177C6907A983296BF188892A894B668A09FFA058FD56B50FE12940D54B0FA5E ] CSC C:\Windows\system32\drivers\csc.sys 19:14:19.0203 0x0d78 CSC - ok 19:14:19.0259 0x0d78 [ 3AB183AB4D2C79DCF459CD2C1266B043, 72B0187EBA9DC74E61EC5CB3DC24058DDB768843E865801894AAEAA211610C56 ] CscService C:\Windows\System32\cscsvc.dll 19:14:19.0391 0x0d78 CscService - ok 19:14:19.0535 0x0d78 [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] DcomLaunch C:\Windows\system32\rpcss.dll 19:14:19.0687 0x0d78 DcomLaunch - ok 19:14:19.0764 0x0d78 [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc C:\Windows\System32\defragsvc.dll 19:14:20.0029 0x0d78 defragsvc - ok 19:14:20.0094 0x0d78 [ 9BB2EF44EAA163B29C4A4587887A0FE4, 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F ] DfsC C:\Windows\system32\Drivers\dfsc.sys 19:14:20.0212 0x0d78 DfsC - ok 19:14:20.0289 0x0d78 [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp C:\Windows\system32\dhcpcore.dll 19:14:20.0394 0x0d78 Dhcp - ok 19:14:20.0785 0x0d78 [ EA8A3E8C674B03CB4AFA1D344DBD7BC1, 564D9370AE4D12973647997684B9637B2A5A7480F66B87018F789CE4E43C8191 ] DiagTrack C:\Windows\system32\diagtrack.dll 19:14:20.0931 0x0d78 DiagTrack - ok 19:14:20.0986 0x0d78 [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache C:\Windows\system32\drivers\discache.sys 19:14:21.0105 0x0d78 discache - ok 19:14:21.0128 0x0d78 [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk C:\Windows\system32\DRIVERS\disk.sys 19:14:21.0187 0x0d78 Disk - ok 19:14:21.0257 0x0d78 [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache C:\Windows\System32\dnsrslvr.dll 19:14:21.0347 0x0d78 Dnscache - ok 19:14:21.0439 0x0d78 [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc C:\Windows\System32\dot3svc.dll 19:14:21.0505 0x0d78 dot3svc - ok 19:14:21.0595 0x0d78 [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS C:\Windows\system32\dps.dll 19:14:21.0644 0x0d78 DPS - ok 19:14:21.0717 0x0d78 [ 9B19F34400D24DF84C858A421C205754, 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys 19:14:21.0785 0x0d78 drmkaud - ok 19:14:21.0905 0x0d78 [ 33F90B202E9DD9B7D489EB59310FDC34, 6ECF6669433E090E9CF6B1875AF18D2C06F8CDB3901D58BF89C3E2202574ABBD ] dtsoftbus01 C:\Windows\system32\DRIVERS\dtsoftbus01.sys 19:14:21.0942 0x0d78 dtsoftbus01 - ok 19:14:22.0098 0x0d78 [ 87CE5C8965E101CCCED1F4675557E868, 077D98F0F130B2FC710208BA34016EF2B2506EE2BD71740B228145E34A3046F1 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys 19:14:22.0157 0x0d78 DXGKrnl - ok 19:14:22.0192 0x0d78 [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost C:\Windows\System32\eapsvc.dll 19:14:22.0313 0x0d78 EapHost - ok 19:14:22.0674 0x0d78 [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys 19:14:22.0802 0x0d78 ebdrv - ok 19:14:22.0857 0x0d78 [ 9262D6E2C239EDD6D87B080F2BCCEC9F, 4947F2C3DD9D2D08CBB03FCA822C78B24F841464FF52FDBFF7D34AC7EB484104 ] EFS C:\Windows\System32\lsass.exe 19:14:22.0935 0x0d78 EFS - ok 19:14:23.0165 0x0d78 [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr C:\Windows\ehome\ehRecvr.exe 19:14:23.0350 0x0d78 ehRecvr - ok 19:14:23.0430 0x0d78 [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched C:\Windows\ehome\ehsched.exe 19:14:23.0489 0x0d78 ehSched - ok 19:14:23.0559 0x0d78 [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys 19:14:23.0587 0x0d78 elxstor - ok 19:14:23.0664 0x0d78 [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev C:\Windows\system32\drivers\errdev.sys 19:14:23.0725 0x0d78 ErrDev - ok 19:14:23.0925 0x0d78 [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem C:\Windows\system32\es.dll 19:14:24.0070 0x0d78 EventSystem - ok 19:14:24.0110 0x0d78 [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat C:\Windows\system32\drivers\exfat.sys 19:14:24.0158 0x0d78 exfat - ok 19:14:24.0199 0x0d78 [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat C:\Windows\system32\drivers\fastfat.sys 19:14:24.0269 0x0d78 fastfat - ok 19:14:24.0434 0x0d78 [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax C:\Windows\system32\fxssvc.exe 19:14:24.0575 0x0d78 Fax - ok 19:14:24.0596 0x0d78 [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc C:\Windows\system32\DRIVERS\fdc.sys 19:14:24.0630 0x0d78 fdc - ok 19:14:24.0673 0x0d78 [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost C:\Windows\system32\fdPHost.dll 19:14:24.0768 0x0d78 fdPHost - ok 19:14:24.0778 0x0d78 [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub C:\Windows\system32\fdrespub.dll 19:14:24.0832 0x0d78 FDResPub - ok 19:14:24.0888 0x0d78 [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo C:\Windows\system32\drivers\fileinfo.sys 19:14:24.0928 0x0d78 FileInfo - ok 19:14:24.0957 0x0d78 [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace C:\Windows\system32\drivers\filetrace.sys 19:14:25.0013 0x0d78 Filetrace - ok 19:14:25.0276 0x0d78 [ DFADECE1B66095F3F247ACC0EBDC5F8D, 65D8CCCE382554A4DD197AFC323D591B3D0B1C4BF13134ED6A09C9CB843E061F ] FLEXnet Licensing Service C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe 19:14:26.0222 0x0d78 FLEXnet Licensing Service - ok 19:14:26.0267 0x0d78 [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys 19:14:26.0307 0x0d78 flpydisk - ok 19:14:26.0403 0x0d78 [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys 19:14:26.0425 0x0d78 FltMgr - ok 19:14:26.0601 0x0d78 [ E612E86FA15EA1EF9A52433A2743C447, 8A66164541D2EE2334B6DE3995C31138EA85E3A06BC7FD901E60D345E4E1E8A8 ] FontCache C:\Windows\system32\FntCache.dll 19:14:26.0726 0x0d78 FontCache - ok 19:14:26.0806 0x0d78 [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe 19:14:26.0847 0x0d78 FontCache3.0.0.0 - ok 19:14:26.0903 0x0d78 [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends C:\Windows\system32\drivers\FsDepends.sys 19:14:26.0944 0x0d78 FsDepends - ok 19:14:26.0985 0x0d78 [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys 19:14:27.0023 0x0d78 Fs_Rec - ok 19:14:27.0103 0x0d78 [ 8F6322049018354F45F05A2FD2D4E5E0, 73BF0FB4EBD7887E992DDEBB79E906958D6678F8D1107E8C368F5A0514D80359 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys 19:14:27.0134 0x0d78 fvevol - ok 19:14:27.0242 0x0d78 [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys 19:14:27.0276 0x0d78 gagp30kx - ok 19:14:27.0303 0x0d78 [ 7907E14F9BCF3A4689C9A74A1A873CB6, 17927B93B2D6AB4271C158F039CAE2D60591D6A14458F5A5690AEC86F5D54229 ] gdrv C:\Windows\gdrv.sys 19:14:27.0447 0x0d78 gdrv - ok 19:14:27.0615 0x0d78 [ 277BBC7E1AA1EE957F573A10ECA7EF3A, 2EE60B924E583E847CC24E78B401EF95C69DB777A5B74E1EC963E18D47B94D24 ] gpsvc C:\Windows\System32\gpsvc.dll 19:14:27.0682 0x0d78 gpsvc - ok 19:14:27.0794 0x0d78 [ 51508F0C2476177E50C31B0BBFBF1BDB, 3F62A05181D54711180C8727AC66D624AFA7FC816A4ACC4DC0CFCF2D2DBE7F87 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe 19:14:27.0820 0x0d78 gupdate - ok 19:14:27.0873 0x0d78 [ 51508F0C2476177E50C31B0BBFBF1BDB, 3F62A05181D54711180C8727AC66D624AFA7FC816A4ACC4DC0CFCF2D2DBE7F87 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe 19:14:27.0882 0x0d78 gupdatem - ok 19:14:28.0048 0x0d78 [ C1B577B2169900F4CF7190C39F085794, 73E104B96A48F4C80D8C37254ECB0891D15C0D2F0C251B57C168F90D60316447 ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe 19:14:28.0063 0x0d78 gusvc - ok 19:14:28.0102 0x0d78 [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys 19:14:28.0177 0x0d78 hcw85cir - ok 19:14:28.0295 0x0d78 [ 975761C778E33CD22498059B91E7373A, 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys 19:14:28.0321 0x0d78 HdAudAddService - ok 19:14:28.0347 0x0d78 [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys 19:14:28.0438 0x0d78 HDAudBus - ok 19:14:28.0495 0x0d78 [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys 19:14:28.0554 0x0d78 HidBatt - ok 19:14:28.0576 0x0d78 [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys 19:14:28.0597 0x0d78 HidBth - ok 19:14:28.0612 0x0d78 [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr C:\Windows\system32\DRIVERS\hidir.sys 19:14:28.0645 0x0d78 HidIr - ok 19:14:28.0700 0x0d78 [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv C:\Windows\system32\hidserv.dll 19:14:28.0766 0x0d78 hidserv - ok 19:14:28.0798 0x0d78 [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys 19:14:28.0842 0x0d78 HidUsb - ok 19:14:28.0896 0x0d78 [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc C:\Windows\system32\kmsvc.dll 19:14:28.0973 0x0d78 hkmsvc - ok 19:14:29.0054 0x0d78 [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\Windows\system32\ListSvc.dll 19:14:29.0136 0x0d78 HomeGroupListener - ok 19:14:29.0178 0x0d78 [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\Windows\system32\provsvc.dll 19:14:29.0272 0x0d78 HomeGroupProvider - ok 19:14:29.0325 0x0d78 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys 19:14:29.0351 0x0d78 HpSAMD - ok 19:14:29.0473 0x0d78 [ F61634BEC53F73702A10DE69F6DCAF57, BBA7344CF3AB96A46D1A6F1D50F2758EA8D097FE558C38B4EF45C8C334AF96E1 ] HTTP C:\Windows\system32\drivers\HTTP.sys 19:14:29.0584 0x0d78 HTTP - ok 19:14:29.0622 0x0d78 [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys 19:14:29.0635 0x0d78 hwpolicy - ok 19:14:29.0666 0x0d78 [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt C:\Windows\system32\drivers\i8042prt.sys 19:14:29.0709 0x0d78 i8042prt - ok 19:14:29.0852 0x0d78 [ AAAF44DB3BD0B9D1FB6969B23ECC8366, 805AA4A9464002D1AB3832E4106B2AAA1331F4281367E75956062AAE99699385 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys 19:14:29.0898 0x0d78 iaStorV - ok 19:14:30.0046 0x0d78 [ C98A5B9D932430AD8EEBD3EF73756EF7, DF7E1D391A0F3345AD61154363922C27BD557DEEACE395A6A8A8A16BFD1BB9A8 ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe 19:14:30.0103 0x0d78 idsvc - ok 19:14:30.0206 0x0d78 IEEtwCollectorService - ok 19:14:30.0263 0x0d78 [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys 19:14:30.0302 0x0d78 iirsp - ok 19:14:30.0498 0x0d78 [ 344789398EC3EE5A4E00C52B31847946, 3DA5F08E4B46F4E63456AA588D49E39A6A09A97D0509880C00F327623DB6122D ] IKEEXT C:\Windows\System32\ikeext.dll 19:14:30.0574 0x0d78 IKEEXT - ok 19:14:30.0908 0x0d78 [ 59B0BBA422F04467E8C89B7CE6AE95E1, 6C5252A11FDF0B880570A780B7011160893D5D4279A15F3820F7D806B3E089A7 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys 19:14:31.0014 0x0d78 IntcAzAudAddService - ok 19:14:31.0062 0x0d78 [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide C:\Windows\system32\drivers\intelide.sys 19:14:31.0103 0x0d78 intelide - ok 19:14:31.0151 0x0d78 [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys 19:14:31.0215 0x0d78 intelppm - ok 19:14:31.0253 0x0d78 [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum C:\Windows\system32\ipbusenum.dll 19:14:31.0406 0x0d78 IPBusEnum - ok 19:14:31.0445 0x0d78 [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys 19:14:31.0484 0x0d78 IpFilterDriver - ok 19:14:31.0625 0x0d78 [ 08C2957BB30058E663720C5606885653, E13EDF6701512E2A9977A531454932CA5023087CB50E1D2F416B8BCDD92B67BE ] iphlpsvc C:\Windows\System32\iphlpsvc.dll 19:14:31.0749 0x0d78 iphlpsvc - ok 19:14:31.0828 0x0d78 [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys 19:14:31.0865 0x0d78 IPMIDRV - ok 19:14:31.0916 0x0d78 [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT C:\Windows\system32\drivers\ipnat.sys 19:14:31.0975 0x0d78 IPNAT - ok 19:14:31.0992 0x0d78 [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM C:\Windows\system32\drivers\irenum.sys 19:14:32.0052 0x0d78 IRENUM - ok 19:14:32.0090 0x0d78 [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp C:\Windows\system32\drivers\isapnp.sys 19:14:32.0103 0x0d78 isapnp - ok 19:14:32.0192 0x0d78 [ 96BB922A0981BC7432C8CF52B5410FE6, 236C05509B1040059B15021CBBDBDAF3B9C0F00910142BE5887B2C7561BAAFBA ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys 19:14:32.0214 0x0d78 iScsiPrt - ok 19:14:32.0459 0x0d78 [ B4CDA1B4263B53D249AC27A4892DA634, D50CCB5E9C38031B30D0E9734287A3BC128BF422A1C4EAC76485BEFE567E604C ] JMB36X C:\Windows\SysWOW64\XSrvSetup.exe 19:14:32.0520 0x0d78 JMB36X - detected UnsignedFile.Multi.Generic ( 1 ) 19:14:32.0954 0x0d78 Detect skipped due to KSN trusted 19:14:32.0954 0x0d78 JMB36X - ok 19:14:33.0001 0x0d78 [ 6EBE4832B1A7C063FDF87035AFC1E3DC, 8BF8C0C2253832EBB183CF24052769E7984EC4DEBE595471749ECCEB52B29EEC ] JRAID C:\Windows\system32\DRIVERS\jraid.sys 19:14:33.0017 0x0d78 JRAID - ok 19:14:33.0032 0x0d78 [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys 19:14:33.0063 0x0d78 kbdclass - ok 19:14:33.0110 0x0d78 [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys 19:14:33.0141 0x0d78 kbdhid - ok 19:14:33.0157 0x0d78 [ 9262D6E2C239EDD6D87B080F2BCCEC9F, 4947F2C3DD9D2D08CBB03FCA822C78B24F841464FF52FDBFF7D34AC7EB484104 ] KeyIso C:\Windows\system32\lsass.exe 19:14:33.0173 0x0d78 KeyIso - ok 19:14:33.0235 0x0d78 [ F7DFAE6040AC910B7C64EE208A34157D, AEF1100F12391692D9DB78519D843A90C97E199A80DDC4D43E3AF1919A9E8E56 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys 19:14:33.0297 0x0d78 KSecDD - ok 19:14:33.0344 0x0d78 [ 8FE94F2EF9BF444E93E35D87E210D02F, 78E8F6FD7C1EA3556194947707BE6893538A9E25A550C22045866C5B30251D14 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys 19:14:33.0391 0x0d78 KSecPkg - ok 19:14:33.0453 0x0d78 [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk C:\Windows\system32\drivers\ksthunk.sys 19:14:33.0500 0x0d78 ksthunk - ok 19:14:33.0594 0x0d78 [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm C:\Windows\system32\msdtckrm.dll 19:14:33.0687 0x0d78 KtmRm - ok 19:14:33.0765 0x0d78 [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer C:\Windows\system32\srvsvc.dll 19:14:33.0859 0x0d78 LanmanServer - ok 19:14:33.0921 0x0d78 [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll 19:14:33.0999 0x0d78 LanmanWorkstation - ok 19:14:34.0062 0x0d78 [ 156AB2E56DC3CA0B582E3362E07CDED7, 7B03929273861690DC42E4C686E655BE5A1C60136AE5E739D7E62306AFD4AB9A ] lirsgt C:\Windows\system32\DRIVERS\lirsgt.sys 19:14:34.0093 0x0d78 lirsgt - ok 19:14:34.0109 0x0d78 [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys 19:14:34.0155 0x0d78 lltdio - ok 19:14:34.0233 0x0d78 [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc C:\Windows\System32\lltdsvc.dll 19:14:34.0280 0x0d78 lltdsvc - ok 19:14:34.0311 0x0d78 [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts C:\Windows\System32\lmhsvc.dll 19:14:34.0405 0x0d78 lmhosts - ok 19:14:34.0436 0x0d78 [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys 19:14:34.0483 0x0d78 LSI_FC - ok 19:14:34.0514 0x0d78 [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys 19:14:34.0530 0x0d78 LSI_SAS - ok 19:14:34.0561 0x0d78 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys 19:14:34.0577 0x0d78 LSI_SAS2 - ok 19:14:34.0608 0x0d78 [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys 19:14:34.0623 0x0d78 LSI_SCSI - ok 19:14:34.0655 0x0d78 [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv C:\Windows\system32\drivers\luafv.sys 19:14:34.0701 0x0d78 luafv - ok 19:14:34.0842 0x0d78 [ 1E9E32AEC3E1EB1B31B8169F33168B56, 39114585E1FDBBA31E1F781C6A627281907183F94626EB347B08D1F78992ED2A ] MBAMProtector C:\Windows\system32\drivers\mbam.sys 19:14:34.0857 0x0d78 MBAMProtector - ok 19:14:35.0029 0x0d78 [ 2B983F067AEE3F9EB4DF5E97F45D21D1, 0B9ED0E91FF01A5445927650113E320C3C0EA16F1401AA55A509DDBF704DF22F ] MBAMService C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe 19:14:35.0154 0x0d78 MBAMService - ok 19:14:35.0201 0x0d78 [ F49FB3C88E263AE9A246593B0BB29294, FB53D6FA4A98B98334DCFF81E40712265256D31A9E9FF36022887BABD50F39EB ] MBAMWebAccessControl C:\Windows\system32\drivers\mwac.sys 19:14:35.0232 0x0d78 MBAMWebAccessControl - ok 19:14:35.0263 0x0d78 [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll 19:14:35.0310 0x0d78 Mcx2Svc - ok 19:14:35.0357 0x0d78 [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas C:\Windows\system32\DRIVERS\megasas.sys 19:14:35.0388 0x0d78 megasas - ok 19:14:35.0450 0x0d78 [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys 19:14:35.0497 0x0d78 MegaSR - ok 19:14:35.0544 0x0d78 [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS C:\Windows\system32\mmcss.dll 19:14:35.0606 0x0d78 MMCSS - ok 19:14:35.0637 0x0d78 [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem C:\Windows\system32\drivers\modem.sys 19:14:35.0669 0x0d78 Modem - ok 19:14:35.0700 0x0d78 [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor C:\Windows\system32\DRIVERS\monitor.sys 19:14:35.0700 0x0d78 monitor - ok 19:14:35.0747 0x0d78 [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys 19:14:35.0762 0x0d78 mouclass - ok 19:14:35.0778 0x0d78 [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys 19:14:35.0793 0x0d78 mouhid - ok 19:14:35.0840 0x0d78 [ 87BCD1034CBF33537D4D4C251D39BA26, CB9DD235B62B79383F99873D75E26EEA5EE7914CA89E4B75992207F83420437F ] mountmgr C:\Windows\system32\drivers\mountmgr.sys 19:14:35.0856 0x0d78 mountmgr - ok 19:14:36.0059 0x0d78 [ DD370A8148862150BA81A3F5C56A1E40, F56B84297BDC32266CB69D10FB2D66B8B332D60CAB7E64E4E3AC2BB749BBD31B ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe 19:14:36.0059 0x0d78 MozillaMaintenance - ok 19:14:36.0168 0x0d78 [ 73150F67D20270FF95A021A22E64F28A, A8878DEFBE437FB453F8E9243FB5C787D07AC7415A4475388D479C10417C524F ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys 19:14:36.0199 0x0d78 MpFilter - ok 19:14:36.0261 0x0d78 [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio C:\Windows\system32\drivers\mpio.sys 19:14:36.0277 0x0d78 mpio - ok 19:14:36.0324 0x0d78 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys 19:14:36.0355 0x0d78 mpsdrv - ok 19:14:36.0495 0x0d78 [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc C:\Windows\system32\mpssvc.dll 19:14:36.0589 0x0d78 MpsSvc - ok 19:14:36.0636 0x0d78 [ AE3334958D8F631FF14A0AEB3D7EFB3A, F5FD6B61F896104C20DFC43FEE2FCE6930B73F78DF876BD19A333EABB9139C6D ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys 19:14:36.0729 0x0d78 MRxDAV - ok 19:14:36.0792 0x0d78 [ A5D9106A73DC88564C825D317CAC68AC, 0457B2AEA4E05A91D0E43F317894A614434D8CEBE35020785387F307E231FBE4 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys 19:14:36.0963 0x0d78 mrxsmb - ok 19:14:37.0104 0x0d78 [ D711B3C1D5F42C0C2415687BE09FC163, 9B3013AC60BD2D0FF52086658BA5FF486ADE15954A552D7DD590580E8BAE3EFF ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys 19:14:37.0166 0x0d78 mrxsmb10 - ok 19:14:37.0229 0x0d78 [ 9423E9D355C8D303E76B8CFBD8A5C30C, 220B33F120C2DD937FE4D5664F4B581DC0ACF78D62EB56B7720888F67B9644CC ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys 19:14:37.0275 0x0d78 mrxsmb20 - ok 19:14:37.0307 0x0d78 [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci C:\Windows\system32\drivers\msahci.sys 19:14:37.0322 0x0d78 msahci - ok 19:14:37.0385 0x0d78 [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm C:\Windows\system32\drivers\msdsm.sys 19:14:37.0416 0x0d78 msdsm - ok 19:14:37.0447 0x0d78 [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC C:\Windows\System32\msdtc.exe 19:14:37.0494 0x0d78 MSDTC - ok 19:14:37.0572 0x0d78 [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs C:\Windows\system32\drivers\Msfs.sys 19:14:37.0650 0x0d78 Msfs - ok 19:14:37.0681 0x0d78 [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys 19:14:37.0728 0x0d78 mshidkmdf - ok 19:14:37.0775 0x0d78 [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys 19:14:37.0790 0x0d78 msisadrv - ok 19:14:37.0884 0x0d78 [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI C:\Windows\system32\iscsiexe.dll 19:14:37.0977 0x0d78 MSiSCSI - ok 19:14:37.0977 0x0d78 msiserver - ok 19:14:38.0024 0x0d78 [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys 19:14:38.0071 0x0d78 MSKSSRV - ok 19:14:38.0258 0x0d78 [ CE996C1821021ADF8E28E80A54E846A8, 99042E895B6C2EA80F3BA65563A12C8EBA882E3AD6A21DD8E799B0112C75DDD2 ] MsMpSvc C:\Program Files\Microsoft Security Client\MsMpEng.exe 19:14:38.0305 0x0d78 MsMpSvc - ok 19:14:38.0336 0x0d78 [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys 19:14:38.0414 0x0d78 MSPCLOCK - ok 19:14:38.0430 0x0d78 [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM C:\Windows\system32\drivers\MSPQM.sys 19:14:38.0477 0x0d78 MSPQM - ok 19:14:38.0555 0x0d78 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys 19:14:38.0586 0x0d78 MsRPC - ok 19:14:38.0617 0x0d78 [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys 19:14:38.0648 0x0d78 mssmbios - ok 19:14:38.0679 0x0d78 [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE C:\Windows\system32\drivers\MSTEE.sys 19:14:38.0757 0x0d78 MSTEE - ok 19:14:38.0773 0x0d78 [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys 19:14:38.0804 0x0d78 MTConfig - ok 19:14:38.0804 0x0d78 [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup C:\Windows\system32\Drivers\mup.sys 19:14:38.0835 0x0d78 Mup - ok 19:14:38.0929 0x0d78 [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent C:\Windows\system32\qagentRT.dll 19:14:38.0991 0x0d78 napagent - ok 19:14:39.0101 0x0d78 [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys 19:14:39.0163 0x0d78 NativeWifiP - ok 19:14:39.0319 0x0d78 [ 760E38053BF56E501D562B70AD796B88, F856E81A975D44F8684A6F2466549CEEDFAEB3950191698555A93A1206E0A42D ] NDIS C:\Windows\system32\drivers\ndis.sys 19:14:39.0366 0x0d78 NDIS - ok 19:14:39.0397 0x0d78 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys 19:14:39.0428 0x0d78 NdisCap - ok 19:14:39.0459 0x0d78 [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys 19:14:39.0522 0x0d78 NdisTapi - ok 19:14:39.0600 0x0d78 [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys 19:14:39.0662 0x0d78 Ndisuio - ok 19:14:39.0709 0x0d78 [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys 19:14:39.0756 0x0d78 NdisWan - ok 19:14:39.0818 0x0d78 [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys 19:14:39.0896 0x0d78 NDProxy - ok 19:14:39.0927 0x0d78 [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys 19:14:39.0959 0x0d78 NetBIOS - ok 19:14:40.0037 0x0d78 [ 09594D1089C523423B32A4229263F068, 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys 19:14:40.0099 0x0d78 NetBT - ok 19:14:40.0146 0x0d78 [ 9262D6E2C239EDD6D87B080F2BCCEC9F, 4947F2C3DD9D2D08CBB03FCA822C78B24F841464FF52FDBFF7D34AC7EB484104 ] Netlogon C:\Windows\system32\lsass.exe 19:14:40.0177 0x0d78 Netlogon - ok 19:14:40.0271 0x0d78 [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman C:\Windows\System32\netman.dll 19:14:40.0395 0x0d78 Netman - ok 19:14:40.0520 0x0d78 [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 19:14:40.0551 0x0d78 NetMsmqActivator - ok 19:14:40.0614 0x0d78 [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 19:14:40.0661 0x0d78 NetPipeActivator - ok 19:14:40.0723 0x0d78 [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm C:\Windows\System32\netprofm.dll 19:14:40.0801 0x0d78 netprofm - ok 19:14:40.0941 0x0d78 [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 19:14:40.0957 0x0d78 NetTcpActivator - ok 19:14:40.0973 0x0d78 [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 19:14:40.0988 0x0d78 NetTcpPortSharing - ok 19:14:41.0035 0x0d78 [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys 19:14:41.0082 0x0d78 nfrd960 - ok 19:14:41.0175 0x0d78 [ 4774AD83C650001B337B92E5E5DA337B, 138ECC7F556D8A12AE58B78B68F6515BE4C00F9F062596B48B6CA6C010F13035 ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys 19:14:41.0207 0x0d78 NisDrv - ok 19:14:41.0331 0x0d78 [ 96B7D15161A778B359E707796CCEA646, 9E4A25D9848FAECC517474EAD548E7975CBE3F41AAA964E5245E78F2A723925E ] NisSrv C:\Program Files\Microsoft Security Client\NisSrv.exe 19:14:41.0363 0x0d78 NisSrv - ok 19:14:41.0441 0x0d78 [ 8B301D474B478E9A92823BAB50A7BC49, 8181816035F41B1DABEC05E65E4F67BCD785F56760A61F1049E91BA39D42F01D ] NlaSvc C:\Windows\System32\nlasvc.dll 19:14:41.0519 0x0d78 NlaSvc - ok 19:14:41.0675 0x0d78 [ C31FA031335EFF434B2D94278E74BCCE, F5DFD40C16E4013CBAD0E4FB8EF2B4419702B9C215218F69C4A2DD7C4C4C1E2B ] npf C:\Windows\system32\drivers\npf.sys 19:14:41.0721 0x0d78 npf - ok 19:14:41.0768 0x0d78 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs C:\Windows\system32\drivers\Npfs.sys 19:14:41.0815 0x0d78 Npfs - ok 19:14:41.0862 0x0d78 [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi C:\Windows\system32\nsisvc.dll 19:14:41.0971 0x0d78 nsi - ok 19:14:41.0987 0x0d78 [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys 19:14:42.0065 0x0d78 nsiproxy - ok 19:14:42.0361 0x0d78 [ 1A29A59A4C5BA6F8C85062A613B7E2B2, CC137F499A12C724D4166C2D85E9F447413419A0683DAC6F1A802B7F210C77F1 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys 19:14:42.0470 0x0d78 Ntfs - ok 19:14:42.0517 0x0d78 [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null C:\Windows\system32\drivers\Null.sys 19:14:42.0595 0x0d78 Null - ok 19:14:42.0626 0x0d78 [ A61B0AF4D6B934928CFD1140DEEA5C8D, AC0911AAB01FAB450FFFBBF04A61D810E681DE4FCA5C0FEA1A5A6B9020393A32 ] nusb3hub C:\Windows\system32\DRIVERS\nusb3hub.sys 19:14:42.0673 0x0d78 nusb3hub - ok 19:14:42.0735 0x0d78 [ FA4B2F20561BDBCC6B9AC3E3BDCD7E3F, 1E35AF81E31CEC433C6DDB9842323832FB1746FC9993F27333EA751643DF0899 ] nusb3xhc C:\Windows\system32\DRIVERS\nusb3xhc.sys 19:14:42.0782 0x0d78 nusb3xhc - ok 19:14:42.0813 0x0d78 [ 0A92CB65770442ED0DC44834632F66AD, 581327F07A68DBD5CC749214BE5F1211FC2CE41C7A4F0656B680AFB51A35ACE7 ] nvraid C:\Windows\system32\drivers\nvraid.sys 19:14:42.0845 0x0d78 nvraid - ok 19:14:42.0923 0x0d78 [ DAB0E87525C10052BF65F06152F37E4A, AD9BFF0D5FD3FFB95C758B478E1F6A9FE45E7B37AEC71EB5070D292FEAAEDF37 ] nvstor C:\Windows\system32\drivers\nvstor.sys 19:14:42.0938 0x0d78 nvstor - ok 19:14:42.0985 0x0d78 [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp C:\Windows\system32\drivers\nv_agp.sys 19:14:43.0001 0x0d78 nv_agp - ok 19:14:43.0047 0x0d78 [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys 19:14:43.0079 0x0d78 ohci1394 - ok 19:14:43.0250 0x0d78 [ 7A56CF3E3F12E8AF599963B16F50FB6A, 882C82BAE96D263138D4C0D6C425458B770B7B9C8E9C1D28AC918BF6BE94A5C2 ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE 19:14:43.0281 0x0d78 ose - ok 19:14:43.0391 0x0d78 [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc C:\Windows\system32\pnrpsvc.dll 19:14:43.0515 0x0d78 p2pimsvc - ok 19:14:43.0640 0x0d78 [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc C:\Windows\system32\p2psvc.dll 19:14:43.0734 0x0d78 p2psvc - ok 19:14:43.0781 0x0d78 [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport C:\Windows\system32\DRIVERS\parport.sys 19:14:43.0843 0x0d78 Parport - ok 19:14:43.0874 0x0d78 [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr C:\Windows\system32\drivers\partmgr.sys 19:14:43.0905 0x0d78 partmgr - ok 19:14:43.0952 0x0d78 [ DB2D62AA2DF6B1F3D690A9EC9701AA2C, BEAC55E1AA0494565F1547DF5E6FE20FCEA66461764C016FCB68D8BFF0F0C375 ] PcaSvc C:\Windows\System32\pcasvc.dll 19:14:44.0030 0x0d78 PcaSvc - ok 19:14:44.0093 0x0d78 [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci C:\Windows\system32\drivers\pci.sys 19:14:44.0139 0x0d78 pci - ok 19:14:44.0186 0x0d78 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide C:\Windows\system32\drivers\pciide.sys 19:14:44.0233 0x0d78 pciide - ok 19:14:44.0295 0x0d78 [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys 19:14:44.0327 0x0d78 pcmcia - ok 19:14:44.0358 0x0d78 [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw C:\Windows\system32\drivers\pcw.sys 19:14:44.0373 0x0d78 pcw - ok 19:14:44.0498 0x0d78 [ ED6E75158D28D33A2E2A020AC5B2B59D, 0F364D9A88304C45F31318605C417A70A9D0E4CF087D73E949B42C12CC76CD6C ] PEAUTH C:\Windows\system32\drivers\peauth.sys 19:14:44.0529 0x0d78 PEAUTH - ok 19:14:44.0763 0x0d78 [ B9B0A4299DD2D76A4243F75FD54DC680, BBF62E9628131FA396EB08D63B76D2D5FBDD61339E92B759125A066470D1C039 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll 19:14:44.0873 0x0d78 PeerDistSvc - ok 19:14:44.0919 0x0d78 [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost C:\Windows\SysWow64\perfhost.exe 19:14:44.0935 0x0d78 PerfHost - ok 19:14:45.0247 0x0d78 [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla C:\Windows\system32\pla.dll 19:14:45.0341 0x0d78 pla - ok 19:14:45.0497 0x0d78 [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay C:\Windows\system32\umpnpmgr.dll 19:14:45.0590 0x0d78 PlugPlay - ok 19:14:45.0621 0x0d78 [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll 19:14:45.0653 0x0d78 PNRPAutoReg - ok 19:14:45.0684 0x0d78 [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc C:\Windows\system32\pnrpsvc.dll 19:14:45.0715 0x0d78 PNRPsvc - ok 19:14:45.0840 0x0d78 [ 4F15D75ADF6156BF56ECED6D4A55C389, 2ADA3EA69A5D7EC2A4D2DD89178DB94EAFDDF95F07B0070D654D9F7A5C12A044 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll 19:14:45.0902 0x0d78 PolicyAgent - ok 19:14:45.0965 0x0d78 [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power C:\Windows\system32\umpo.dll 19:14:45.0996 0x0d78 Power - ok 19:14:46.0058 0x0d78 [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys 19:14:46.0136 0x0d78 PptpMiniport - ok 19:14:46.0152 0x0d78 [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor C:\Windows\system32\DRIVERS\processr.sys 19:14:46.0230 0x0d78 Processor - ok 19:14:46.0308 0x0d78 [ B6A58491307B4CADA572583D863DC602, 5C44936605E52C9533E4CE22F18FAB8211475877F71EFD88DA4D02FD608C90A3 ] ProfSvc C:\Windows\system32\profsvc.dll 19:14:46.0355 0x0d78 ProfSvc - ok 19:14:46.0370 0x0d78 [ 9262D6E2C239EDD6D87B080F2BCCEC9F, 4947F2C3DD9D2D08CBB03FCA822C78B24F841464FF52FDBFF7D34AC7EB484104 ] ProtectedStorage C:\Windows\system32\lsass.exe 19:14:46.0386 0x0d78 ProtectedStorage - ok 19:14:46.0464 0x0d78 [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched C:\Windows\system32\DRIVERS\pacer.sys 19:14:46.0526 0x0d78 Psched - ok 19:14:46.0620 0x0d78 [ DD3FD48D69F5FBBB21D46D1514C1C2DB, 2B188E3AC4BD9B608D375DD550507717852C2AF7C0F99FFED90098999B9D4F01 ] PSI C:\Windows\system32\DRIVERS\psi_mf_amd64.sys 19:14:46.0667 0x0d78 PSI - ok 19:14:46.0885 0x0d78 [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys 19:14:46.0994 0x0d78 ql2300 - ok 19:14:47.0010 0x0d78 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys 19:14:47.0041 0x0d78 ql40xx - ok 19:14:47.0088 0x0d78 [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE C:\Windows\system32\qwave.dll 19:14:47.0135 0x0d78 QWAVE - ok 19:14:47.0181 0x0d78 [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys 19:14:47.0259 0x0d78 QWAVEdrv - ok 19:14:47.0291 0x0d78 [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys 19:14:47.0369 0x0d78 RasAcd - ok 19:14:47.0431 0x0d78 [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys 19:14:47.0634 0x0d78 RasAgileVpn - ok 19:14:47.0696 0x0d78 [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto C:\Windows\System32\rasauto.dll 19:14:47.0868 0x0d78 RasAuto - ok 19:14:47.0899 0x0d78 [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys 19:14:47.0961 0x0d78 Rasl2tp - ok 19:14:48.0055 0x0d78 [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan C:\Windows\System32\rasmans.dll 19:14:48.0102 0x0d78 RasMan - ok 19:14:48.0164 0x0d78 [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys 19:14:48.0242 0x0d78 RasPppoe - ok 19:14:48.0258 0x0d78 [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys 19:14:48.0305 0x0d78 RasSstp - ok 19:14:48.0383 0x0d78 [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys 19:14:48.0445 0x0d78 rdbss - ok 19:14:48.0476 0x0d78 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys 19:14:48.0539 0x0d78 rdpbus - ok 19:14:48.0570 0x0d78 [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys 19:14:48.0585 0x0d78 RDPCDD - ok 19:14:48.0648 0x0d78 [ 1B6163C503398B23FF8B939C67747683, 339A5AA7970FF34FAAB213B655860C5B0DEC5F983A4A11A088017D849F320ACE ] RDPDR C:\Windows\system32\drivers\rdpdr.sys 19:14:48.0679 0x0d78 RDPDR - ok 19:14:48.0695 0x0d78 [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys 19:14:48.0773 0x0d78 RDPENCDD - ok 19:14:48.0804 0x0d78 [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys 19:14:48.0866 0x0d78 RDPREFMP - ok 19:14:48.0976 0x0d78 [ 76D8CC526512ECAE2AEF63B1A6D018A1, 7281AFEBA5455BB879D4BA2DBADDCF6DAC87C1040605907CC907142609985B17 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys 19:14:49.0069 0x0d78 RdpVideoMiniport - ok 19:14:49.0132 0x0d78 [ FE571E088C2D83619D2D48D4E961BF41, 88C5A2FCB1D0E528657842E39963471A6E42FCA3FCDF37955AEC8258AB4C48EA ] RDPWD C:\Windows\system32\drivers\RDPWD.sys 19:14:49.0256 0x0d78 RDPWD - ok 19:14:49.0350 0x0d78 [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost C:\Windows\system32\drivers\rdyboost.sys 19:14:49.0397 0x0d78 rdyboost - ok 19:14:49.0475 0x0d78 [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess C:\Windows\System32\mprdim.dll 19:14:49.0568 0x0d78 RemoteAccess - ok 19:14:49.0646 0x0d78 [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry C:\Windows\system32\regsvc.dll 19:14:49.0709 0x0d78 RemoteRegistry - ok 19:14:49.0740 0x0d78 [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll 19:14:49.0834 0x0d78 RpcEptMapper - ok 19:14:49.0880 0x0d78 [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator C:\Windows\system32\locator.exe 19:14:49.0927 0x0d78 RpcLocator - ok 19:14:50.0083 0x0d78 [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] RpcSs C:\Windows\system32\rpcss.dll 19:14:50.0114 0x0d78 RpcSs - ok 19:14:50.0161 0x0d78 [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys 19:14:50.0224 0x0d78 rspndr - ok 19:14:50.0286 0x0d78 [ 34F05C417F038FFA3BEF69B798D7D7DD, C9B0CB2B62B1C8DF8F68758945C5C627D9BDECFB60FA7AECCF8048C6538E30E7 ] RTHDMIAzAudService C:\Windows\system32\drivers\RtHDMIVX.sys 19:14:50.0395 0x0d78 RTHDMIAzAudService - ok 19:14:50.0442 0x0d78 [ 3B01789EE4EAEE97F5EB46B711387D5E, 154D6D409E02AAEA8CC34FA70F71630D67A31F033F65EE854448112C45F164B4 ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys 19:14:50.0504 0x0d78 RTL8167 - ok 19:14:50.0551 0x0d78 [ E60C0A09F997826C7627B244195AB581, E8630ED74B38B98BF584E353D992C1311BC36AB7F20A1BB66C9CD65CE1E46F8D ] s3cap C:\Windows\system32\drivers\vms3cap.sys 19:14:50.0582 0x0d78 s3cap - ok 19:14:50.0598 0x0d78 [ 9262D6E2C239EDD6D87B080F2BCCEC9F, 4947F2C3DD9D2D08CBB03FCA822C78B24F841464FF52FDBFF7D34AC7EB484104 ] SamSs C:\Windows\system32\lsass.exe 19:14:50.0598 0x0d78 SamSs - ok 19:14:50.0614 0x0d78 [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys 19:14:50.0629 0x0d78 sbp2port - ok 19:14:50.0707 0x0d78 [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr C:\Windows\System32\SCardSvr.dll 19:14:50.0754 0x0d78 SCardSvr - ok 19:14:50.0801 0x0d78 [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys 19:14:50.0894 0x0d78 scfilter - ok 19:14:51.0128 0x0d78 [ 262F6592C3299C005FD6BEC90FC4463A, 54095E37F0B6CC677A3E9BDD40F4647C713273D197DB341063AA7F342A60C4A7 ] Schedule C:\Windows\system32\schedsvc.dll 19:14:51.0222 0x0d78 Schedule - ok 19:14:51.0269 0x0d78 [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc C:\Windows\System32\certprop.dll 19:14:51.0284 0x0d78 SCPolicySvc - ok 19:14:51.0331 0x0d78 [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC C:\Windows\System32\SDRSVC.dll 19:14:51.0394 0x0d78 SDRSVC - ok 19:14:51.0440 0x0d78 [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv C:\Windows\system32\drivers\secdrv.sys 19:14:51.0503 0x0d78 secdrv - ok 19:14:51.0534 0x0d78 [ BC617A4E1B4FA8DF523A061739A0BD87, 10C4057F6B321EB5237FF619747B74F5401BC17D15A8C7060829E8204A2297F9 ] seclogon C:\Windows\system32\seclogon.dll 19:14:51.0628 0x0d78 seclogon - ok 19:14:51.0877 0x0d78 [ 398A81D590424441B2F5C5C08073CADB, 1E064DFCC49EB0D8A4150276BF796B9DFA030C451570A170EC940F8CBAAD80F3 ] Secunia PSI Agent C:\Program Files (x86)\Secunia\PSI\PSIA.exe 19:14:51.0924 0x0d78 Secunia PSI Agent - ok 19:14:52.0096 0x0d78 [ 8C2D3A80FC90A860F0F24DEB67471481, CE4D17B63149C44B4CD5CB7776FD4705DC675F6D2D077D53BE15578294EBC9D4 ] Secunia Update Agent C:\Program Files (x86)\Secunia\PSI\sua.exe 19:14:52.0127 0x0d78 Secunia Update Agent - ok 19:14:52.0158 0x0d78 [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS C:\Windows\System32\sens.dll 19:14:52.0220 0x0d78 SENS - ok 19:14:52.0236 0x0d78 [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc C:\Windows\system32\sensrsvc.dll 19:14:52.0298 0x0d78 SensrSvc - ok 19:14:52.0314 0x0d78 [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys 19:14:52.0330 0x0d78 Serenum - ok 19:14:52.0376 0x0d78 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial C:\Windows\system32\DRIVERS\serial.sys 19:14:52.0439 0x0d78 Serial - ok 19:14:52.0486 0x0d78 [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys 19:14:52.0548 0x0d78 sermouse - ok 19:14:52.0610 0x0d78 [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv C:\Windows\system32\sessenv.dll 19:14:52.0704 0x0d78 SessionEnv - ok 19:14:52.0735 0x0d78 [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys 19:14:52.0798 0x0d78 sffdisk - ok 19:14:52.0829 0x0d78 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys 19:14:52.0922 0x0d78 sffp_mmc - ok 19:14:52.0969 0x0d78 [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys 19:14:52.0985 0x0d78 sffp_sd - ok 19:14:53.0016 0x0d78 [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys 19:14:53.0047 0x0d78 sfloppy - ok 19:14:53.0203 0x0d78 [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess C:\Windows\System32\ipnathlp.dll 19:14:53.0281 0x0d78 SharedAccess - ok 19:14:53.0375 0x0d78 [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\Windows\System32\shsvcs.dll 19:14:53.0500 0x0d78 ShellHWDetection - ok 19:14:53.0593 0x0d78 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys 19:14:53.0609 0x0d78 SiSRaid2 - ok 19:14:53.0624 0x0d78 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys 19:14:53.0656 0x0d78 SiSRaid4 - ok 19:14:53.0952 0x0d78 [ 8CBD520381A4B139598084BA89B79481, 0D62611C7B77B361F7BC5B5C40346062F4E113060D051D5AC5DA5A2015DB6F40 ] SMARTHelperService C:\Program Files (x86)\SMART Technologies\Education Software\SMARTHelperService.exe 19:14:53.0999 0x0d78 SMARTHelperService - ok 19:14:54.0030 0x0d78 [ BCE703FE67976C57B789F19A77C4C7D1, 6D249386924AA443B3237BF71D9EFDB8C6D2CEE6E40823519694554224FB1538 ] SMARTMouseFilterx64 C:\Windows\system32\DRIVERS\SMARTMouseFilterx64.sys 19:14:54.0108 0x0d78 SMARTMouseFilterx64 - ok 19:14:54.0124 0x0d78 [ C02C2D6EBC48A52C0C2922BD86CCEEDE, 07FB67B4EFEF315E071671884FFCCE5B39B486C8901BF9C8D62AEBF3CACF6937 ] SMARTVHidMiniVistaAmd64 C:\Windows\system32\DRIVERS\SMARTVHidMiniVistaAmd64.sys 19:14:54.0186 0x0d78 SMARTVHidMiniVistaAmd64 - ok 19:14:54.0202 0x0d78 [ 8588412F05C55E397374F97588CC7381, BF8A6AAA4FD0A2208EDE92294095A38337785EA3D5961DD069F2596344772ADD ] SMARTVTabletPCx64 C:\Windows\system32\DRIVERS\SMARTVTabletPCx64.sys 19:14:54.0248 0x0d78 SMARTVTabletPCx64 - ok 19:14:54.0311 0x0d78 [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb C:\Windows\system32\DRIVERS\smb.sys 19:14:54.0373 0x0d78 Smb - ok 19:14:54.0404 0x0d78 [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP C:\Windows\System32\snmptrap.exe 19:14:54.0451 0x0d78 SNMPTRAP - ok 19:14:54.0592 0x0d78 [ 0FFE35F0B0CD5A324BBE22F02569AE3B, F4EE803EEFDB4EAEEDB3024C3516F1F9A202C77F4870D6B74356BBDE32B3B560 ] speedfan C:\Windows\syswow64\speedfan.sys 19:14:54.0607 0x0d78 speedfan - ok 19:14:54.0670 0x0d78 [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr C:\Windows\system32\drivers\spldr.sys 19:14:54.0701 0x0d78 spldr - ok 19:14:54.0794 0x0d78 [ 85DAA09A98C9286D4EA2BA8D0E644377, F9C324E2EF81193FE831C7EECC44A100CA06F82FA731BF555D9EA4D91DA13329 ] Spooler C:\Windows\System32\spoolsv.exe 19:14:54.0904 0x0d78 Spooler - ok 19:14:55.0309 0x0d78 [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc C:\Windows\system32\sppsvc.exe 19:14:55.0481 0x0d78 sppsvc - ok 19:14:55.0559 0x0d78 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify C:\Windows\system32\sppuinotify.dll 19:14:55.0621 0x0d78 sppuinotify - ok 19:14:55.0637 0x0d78 sptd - ok 19:14:55.0715 0x0d78 [ 441FBA48BFF01FDB9D5969EBC1838F0B, 306128F1AD489F87161A089D1BDC1542A4CB742D91A0C12A7CD1863FDB8932C0 ] srv C:\Windows\system32\DRIVERS\srv.sys 19:14:55.0762 0x0d78 srv - ok 19:14:55.0886 0x0d78 [ B4ADEBBF5E3677CCE9651E0F01F7CC28, 726DB2283113AB2A9681E8E9F61132303D6D86E9CD034C40EE4A8C9DB29E87F7 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys 19:14:55.0949 0x0d78 srv2 - ok 19:14:56.0027 0x0d78 [ 27E461F0BE5BFF5FC737328F749538C3, AFA4704ED8FFC1A0BAB40DFB81D3AE3F3D933A3C9BF54DDAF39FF9AF3646D9E6 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys 19:14:56.0074 0x0d78 srvnet - ok 19:14:56.0152 0x0d78 [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll 19:14:56.0230 0x0d78 SSDPSRV - ok 19:14:56.0276 0x0d78 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc C:\Windows\system32\sstpsvc.dll 19:14:56.0339 0x0d78 SstpSvc - ok 19:14:56.0401 0x0d78 [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys 19:14:56.0432 0x0d78 stexstor - ok 19:14:56.0510 0x0d78 [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc C:\Windows\System32\wiaservc.dll 19:14:56.0557 0x0d78 stisvc - ok 19:14:56.0604 0x0d78 [ 7785DC213270D2FC066538DAF94087E7, F09CB2895241719CA5147B2EE9F7ECBD0303AFFB5CD896F06D4D29BAAAFC207B ] storflt C:\Windows\system32\drivers\vmstorfl.sys 19:14:56.0604 0x0d78 storflt - ok 19:14:56.0635 0x0d78 [ D34E4943D5AC096C8EDEEBFD80D76E23, 1DD7F6F97060B5F763A04ACA1F75E59DAB09EF824FD09B83FC3C192837D006DE ] storvsc C:\Windows\system32\drivers\storvsc.sys 19:14:56.0682 0x0d78 storvsc - ok 19:14:56.0729 0x0d78 [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum C:\Windows\system32\drivers\swenum.sys 19:14:56.0760 0x0d78 swenum - ok 19:14:56.0963 0x0d78 [ F577910A133A592234EBAAD3F3AFA258, 36F514740EE2D2B2F7ABFFFA13D575233EC4CE774EB58BF889C09930FEF1F443 ] SwitchBoard C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe 19:14:56.0994 0x0d78 SwitchBoard - detected UnsignedFile.Multi.Generic ( 1 ) 19:14:57.0415 0x0d78 Detect skipped due to KSN trusted 19:14:57.0415 0x0d78 SwitchBoard - ok 19:14:57.0556 0x0d78 [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv C:\Windows\System32\swprv.dll 19:14:57.0665 0x0d78 swprv - ok 19:14:57.0727 0x0d78 Synth3dVsc - ok 19:14:57.0961 0x0d78 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D, 3C13217548BE61F2BDB8BD41F77345CDDA1F97BF0AE17241C335B9807EB3DBB8 ] SysMain C:\Windows\system32\sysmain.dll 19:14:58.0086 0x0d78 SysMain - ok 19:14:58.0148 0x0d78 [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\Windows\System32\TabSvc.dll 19:14:58.0211 0x0d78 TabletInputService - ok 19:14:58.0258 0x0d78 [ BCD6A90D6FD757CE9C29DDC850F7F231, 8E736A42B28BE11EC524C40DFA1C7A88BBE10CBC97320F128BCBE44051BBCC81 ] tap0901 C:\Windows\system32\DRIVERS\tap0901.sys 19:14:58.0320 0x0d78 tap0901 - ok 19:14:58.0460 0x0d78 [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv C:\Windows\System32\tapisrv.dll 19:14:58.0507 0x0d78 TapiSrv - ok 19:14:58.0601 0x0d78 [ 4430E9B4C60AAB672D16E801BAD0555E, 9D9208FD66CF23BE03484C3C335E927D6914A405FED6A8D5B2878BA4F59203DE ] tbhsd C:\Windows\system32\drivers\tbhsd.sys 19:14:58.0632 0x0d78 tbhsd - ok 19:14:58.0694 0x0d78 [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS C:\Windows\System32\tbssvc.dll 19:14:58.0788 0x0d78 TBS - ok 19:14:59.0178 0x0d78 [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] Tcpip C:\Windows\system32\drivers\tcpip.sys 19:14:59.0287 0x0d78 Tcpip - ok 19:14:59.0412 0x0d78 [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys 19:14:59.0459 0x0d78 TCPIP6 - ok 19:14:59.0521 0x0d78 [ 1B16D0BD9841794A6E0CDE0CEF744ABC, 7EB8BA97339199EEE7F2B09DA2DA6279DA64A510D4598D42CF86415D67CD674C ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys 19:14:59.0568 0x0d78 tcpipreg - ok 19:14:59.0630 0x0d78 [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys 19:14:59.0693 0x0d78 TDPIPE - ok 19:14:59.0740 0x0d78 [ 51C5ECEB1CDEE2468A1748BE550CFBC8, 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys 19:14:59.0786 0x0d78 TDTCP - ok 19:14:59.0833 0x0d78 [ 70988118145F5F10EF24720B97F35F65, F80C806417A68047FFB3D63214BC4AE5445315219AC594E043293006B704A63D ] tdx C:\Windows\system32\DRIVERS\tdx.sys 19:14:59.0911 0x0d78 tdx - ok 19:14:59.0974 0x0d78 [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD C:\Windows\system32\drivers\termdd.sys 19:15:00.0005 0x0d78 TermDD - ok 19:15:00.0161 0x0d78 [ 008CD4EBFABCF78D0F19B3778492648C, 9050490EEE0AD86E73F0A82D83E4FC29DF84F6B6FDB389AE135FD712B5F425BE ] TermService C:\Windows\System32\termsrv.dll 19:15:00.0254 0x0d78 TermService - ok 19:15:00.0301 0x0d78 [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes C:\Windows\system32\themeservice.dll 19:15:00.0379 0x0d78 Themes - ok 19:15:00.0410 0x0d78 [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER C:\Windows\system32\mmcss.dll 19:15:00.0473 0x0d78 THREADORDER - ok 19:15:00.0504 0x0d78 [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks C:\Windows\System32\trkwks.dll 19:15:00.0520 0x0d78 TrkWks - ok 19:15:00.0598 0x0d78 [ 370A6907DDF79532A39319492B1FA38A, 46AECC5160F04FC3FFE4D37B404CCBBD1C5DC1501C2CEEE8284FF544DBDF10F8 ] truecrypt C:\Windows\system32\drivers\truecrypt.sys 19:15:00.0629 0x0d78 truecrypt - ok 19:15:00.0722 0x0d78 [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe 19:15:00.0800 0x0d78 TrustedInstaller - ok 19:15:00.0863 0x0d78 [ E232A3B43A894BB327FC161529BD9ED1, F2673DA8C920F21ACCECC25F7C59A05822E5E577D47F126EDF9C94FEB4B30C5F ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys 19:15:00.0894 0x0d78 tssecsrv - ok 19:15:01.0034 0x0d78 [ D11C783E3EF9A3C52C0EBE83CC5000E9, A136C355D4C8945729163D15801364A614E23217B15F9313C85BA45BB71A74EB ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys 19:15:01.0097 0x0d78 TsUsbFlt - ok 19:15:01.0097 0x0d78 tsusbhub - ok 19:15:01.0144 0x0d78 [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys 19:15:01.0206 0x0d78 tunnel - ok 19:15:01.0237 0x0d78 [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys 19:15:01.0253 0x0d78 uagp35 - ok 19:15:01.0331 0x0d78 [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs C:\Windows\system32\DRIVERS\udfs.sys 19:15:01.0393 0x0d78 udfs - ok 19:15:01.0424 0x0d78 [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect C:\Windows\system32\UI0Detect.exe 19:15:01.0487 0x0d78 UI0Detect - ok 19:15:01.0518 0x0d78 [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys 19:15:01.0549 0x0d78 uliagpkx - ok 19:15:01.0580 0x0d78 [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus C:\Windows\system32\drivers\umbus.sys 19:15:01.0627 0x0d78 umbus - ok 19:15:01.0658 0x0d78 [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass C:\Windows\system32\DRIVERS\umpass.sys 19:15:01.0690 0x0d78 UmPass - ok 19:15:01.0768 0x0d78 [ A293DCD756D04D8492A750D03B9A297C, 203600ED0B7F8BA4C6D6F4ED810F4DF5AB70928B06EC4131C5D8ADF628444ED1 ] UmRdpService C:\Windows\System32\umrdp.dll 19:15:01.0799 0x0d78 UmRdpService - ok 19:15:01.0877 0x0d78 [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost C:\Windows\System32\upnphost.dll 19:15:01.0939 0x0d78 upnphost - ok 19:15:02.0080 0x0d78 [ FB251567F41BC61988B26731DEC19E4B, 6A535F5A18EB43DD2E18AF0A05301630A1D1484B7D85DA79A7CD122DA4D018E2 ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys 19:15:02.0142 0x0d78 USBAAPL64 - ok 19:15:02.0204 0x0d78 [ B0435098C81D04CAFFF80DDB746CD3A2, A17B207740382E38729571F0B0BC98FF874E856A7C7CE9EB930328A2AD88F52A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys 19:15:02.0267 0x0d78 usbaudio - ok 19:15:02.0329 0x0d78 [ DCA68B0943D6FA415F0C56C92158A83A, BEE5A5B33B22D1DF50B884D46D89FC3B8286EB16E38AD5A20F0A49E5C6766C57 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys 19:15:02.0392 0x0d78 usbccgp - ok 19:15:02.0423 0x0d78 [ 80B0F7D5CCF86CEB5D402EAAF61FEC31, 140C62116A425DEAD25FE8D82DE283BC92C482A9F643658D512F9F67061F28AD ] usbcir C:\Windows\system32\drivers\usbcir.sys 19:15:02.0454 0x0d78 usbcir - ok 19:15:02.0485 0x0d78 [ 18A85013A3E0F7E1755365D287443965, 811C5EDF38C765BCF71BCE25CB6626FF6988C3699F5EF1846240EA0052F34C33 ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys 19:15:02.0532 0x0d78 usbehci - ok 19:15:02.0563 0x0d78 [ 8D1196CFBB223621F2C67D45710F25BA, B5D7AFE51833B24FC9576F3AED3D8A2B290E5846060E73F9FFFAC1890A8B6003 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys 19:15:02.0610 0x0d78 usbhub - ok 19:15:02.0610 0x0d78 [ 765A92D428A8DB88B960DA5A8D6089DC, 56DE8A2ED58E53B202C399CA7BACB1551136303C2EE0AB426BDBBF880E3C542C ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys 19:15:02.0626 0x0d78 usbohci - ok 19:15:02.0672 0x0d78 [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys 19:15:02.0735 0x0d78 usbprint - ok 19:15:02.0782 0x0d78 [ 9661DA76B4531B2DA272ECCE25A8AF24, FEA93254A21E71A7EB8AD35FCCAD2C1E41F7329EC33B1734F5B41307A34D8637 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys 19:15:02.0860 0x0d78 usbscan - ok 19:15:02.0906 0x0d78 [ FED648B01349A3C8395A5169DB5FB7D6, DC4D7594C24ADD076927B9347F1B50B91CF03A4ABDB284248D5711D9C19DEB96 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS 19:15:02.0969 0x0d78 USBSTOR - ok 19:15:03.0000 0x0d78 [ DD253AFC3BC6CBA412342DE60C3647F3, 146F8613F1057AC054DC3593E84BC52899DA27EA33B0E72ACFB78C3699ADCDE7 ] usbuhci C:\Windows\system32\drivers\usbuhci.sys 19:15:03.0047 0x0d78 usbuhci - ok 19:15:03.0125 0x0d78 [ 1F775DA4CF1A3A1834207E975A72E9D7, 6D3DE5BD3EF3A76E997E5BAF900C51D25308F5A9682D1F62017F577A24095B90 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys 19:15:03.0140 0x0d78 usbvideo - ok 19:15:03.0172 0x0d78 [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms C:\Windows\System32\uxsms.dll 19:15:03.0265 0x0d78 UxSms - ok 19:15:03.0296 0x0d78 [ 9262D6E2C239EDD6D87B080F2BCCEC9F, 4947F2C3DD9D2D08CBB03FCA822C78B24F841464FF52FDBFF7D34AC7EB484104 ] VaultSvc C:\Windows\system32\lsass.exe 19:15:03.0312 0x0d78 VaultSvc - ok 19:15:03.0343 0x0d78 [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys 19:15:03.0359 0x0d78 vdrvroot - ok 19:15:03.0421 0x0d78 [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds C:\Windows\System32\vds.exe 19:15:03.0484 0x0d78 vds - ok 19:15:03.0546 0x0d78 [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys 19:15:03.0593 0x0d78 vga - ok 19:15:03.0624 0x0d78 [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave C:\Windows\System32\drivers\vga.sys 19:15:03.0718 0x0d78 VgaSave - ok 19:15:03.0718 0x0d78 VGPU - ok 19:15:03.0780 0x0d78 [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp C:\Windows\system32\drivers\vhdmp.sys 19:15:03.0827 0x0d78 vhdmp - ok 19:15:03.0874 0x0d78 [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide C:\Windows\system32\drivers\viaide.sys 19:15:03.0905 0x0d78 viaide - ok 19:15:03.0983 0x0d78 [ 86EA3E79AE350FEA5331A1303054005F, 7E7D6027EB41E591633C7383A5D29A3BA8ECFC08C177D2BCF741EE27686B1691 ] vmbus C:\Windows\system32\drivers\vmbus.sys 19:15:04.0014 0x0d78 vmbus - ok 19:15:04.0030 0x0d78 [ 7DE90B48F210D29649380545DB45A187, 09522F84285D62B961868DA98C40B82E746CA4D24A9780905673A2349D6B07F4 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys 19:15:04.0045 0x0d78 VMBusHID - ok 19:15:04.0123 0x0d78 [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr C:\Windows\system32\drivers\volmgr.sys 19:15:04.0154 0x0d78 volmgr - ok 19:15:04.0264 0x0d78 [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx C:\Windows\system32\drivers\volmgrx.sys 19:15:04.0295 0x0d78 volmgrx - ok 19:15:04.0326 0x0d78 [ 0D08D2F3B3FF84E433346669B5E0F639, 3D6716CEC95B8861A7CC5778E91F310528DC6BEE0E57A3C8757FC675154EBDEC ] volsnap C:\Windows\system32\drivers\volsnap.sys 19:15:04.0357 0x0d78 volsnap - ok 19:15:04.0420 0x0d78 [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys 19:15:04.0466 0x0d78 vsmraid - ok 19:15:04.0685 0x0d78 [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS C:\Windows\system32\vssvc.exe 19:15:04.0825 0x0d78 VSS - ok 19:15:04.0872 0x0d78 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys 19:15:04.0934 0x0d78 vwifibus - ok 19:15:05.0028 0x0d78 [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time C:\Windows\system32\w32time.dll 19:15:05.0090 0x0d78 W32Time - ok 19:15:05.0137 0x0d78 [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys 19:15:05.0200 0x0d78 WacomPen - ok 19:15:05.0262 0x0d78 [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys 19:15:05.0340 0x0d78 WANARP - ok 19:15:05.0356 0x0d78 [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys 19:15:05.0371 0x0d78 Wanarpv6 - ok 19:15:05.0590 0x0d78 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C, 4150DAB33E8D61076F1D4767BCAFC9B4ECCCCBD58FD4FB3CFE5B8D27DCDCAB61 ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe 19:15:05.0652 0x0d78 WatAdminSvc - ok 19:15:05.0886 0x0d78 [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine C:\Windows\system32\wbengine.exe 19:15:05.0995 0x0d78 wbengine - ok 19:15:06.0104 0x0d78 [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc C:\Windows\System32\wbiosrvc.dll 19:15:06.0167 0x0d78 WbioSrvc - ok 19:15:06.0260 0x0d78 [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc C:\Windows\System32\wcncsvc.dll 19:15:06.0323 0x0d78 wcncsvc - ok 19:15:06.0370 0x0d78 [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll 19:15:06.0401 0x0d78 WcsPlugInService - ok 19:15:06.0416 0x0d78 [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd C:\Windows\system32\DRIVERS\wd.sys 19:15:06.0432 0x0d78 Wd - ok 19:15:06.0479 0x0d78 [ A3D04EBF5227886029B4532F20D026F7, D90F7B9C176008675DA0B5FD7E4973CBC2A04172CEDF8FB7D3B3B4F27B5440D7 ] WDC_SAM C:\Windows\system32\DRIVERS\wdcsam64.sys 19:15:06.0541 0x0d78 WDC_SAM - ok 19:15:06.0635 0x0d78 [ 6209C98EAA7D003DBEA3EB3245211342, 7AE1B6CBEE5871BB58C3351DC4C772A2BA5AAE26EB69FE4D8F74C473059A1956 ] WDDMService C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe 19:15:06.0650 0x0d78 WDDMService - detected UnsignedFile.Multi.Generic ( 1 ) 19:15:16.0744 0x0d78 WDDMService ( UnsignedFile.Multi.Generic ) - warning 19:15:19.0037 0x0d78 [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys 19:15:19.0052 0x0d78 Wdf01000 - ok 19:15:19.0302 0x0d78 [ A787A567B3470C91C487ECE90CF7509C, FC76F77B7493E525AA7CDEA9011052A813DDF104E3314757D830129352593CB0 ] WDFME C:\Program Files (x86)\Western Digital\WD Smartware\Front Parlor\WDFME\WDFME.exe 19:15:19.0396 0x0d78 WDFME - detected UnsignedFile.Multi.Generic ( 1 ) 19:15:19.0536 0x0d78 Detect skipped due to KSN trusted 19:15:19.0552 0x0d78 WDFME - ok 19:15:19.0598 0x0d78 [ C6F7473B55510F0B93961DA03D8E3B38, 4BAB9274DED8F7AC4A52B8739F501323FFFA0367CAA24BFAFDB5523812E0CE39 ] WdiServiceHost C:\Windows\system32\wdi.dll 19:15:19.0676 0x0d78 WdiServiceHost - ok 19:15:19.0754 0x0d78 [ C6F7473B55510F0B93961DA03D8E3B38, 4BAB9274DED8F7AC4A52B8739F501323FFFA0367CAA24BFAFDB5523812E0CE39 ] WdiSystemHost C:\Windows\system32\wdi.dll 19:15:19.0786 0x0d78 WdiSystemHost - ok 19:15:19.0957 0x0d78 [ 3E2B446BFD98EE3AB236FE9E84F35489, 828C072F0A438EB48784F23E56BD3F42494906403E66802D1AAAFFB3429D14B1 ] WDSC C:\Program Files (x86)\Western Digital\WD Smartware\Front Parlor\WDSC.exe 19:15:19.0988 0x0d78 WDSC - detected UnsignedFile.Multi.Generic ( 1 ) 19:15:20.0176 0x0d78 Detect skipped due to KSN trusted 19:15:20.0176 0x0d78 WDSC - ok 19:15:20.0238 0x0d78 [ 0EB0E5D22B1760F2DBCE632F2DD7A54D, B8A4CC62F88768947FB0A161CF9564DB28FD9C1C037B5475DF192982DE035C22 ] WebClient C:\Windows\System32\webclnt.dll 19:15:20.0316 0x0d78 WebClient - ok 19:15:20.0363 0x0d78 [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc C:\Windows\system32\wecsvc.dll 19:15:20.0410 0x0d78 Wecsvc - ok 19:15:20.0425 0x0d78 [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport C:\Windows\System32\wercplsupport.dll 19:15:20.0472 0x0d78 wercplsupport - ok 19:15:20.0503 0x0d78 [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc C:\Windows\System32\WerSvc.dll 19:15:20.0534 0x0d78 WerSvc - ok 19:15:20.0566 0x0d78 [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys 19:15:20.0628 0x0d78 WfpLwf - ok 19:15:20.0659 0x0d78 [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount C:\Windows\system32\drivers\wimmount.sys 19:15:20.0690 0x0d78 WIMMount - ok 19:15:20.0737 0x0d78 WinDefend - ok 19:15:20.0753 0x0d78 WinHttpAutoProxySvc - ok 19:15:20.0924 0x0d78 [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll 19:15:21.0065 0x0d78 Winmgmt - ok 19:15:21.0455 0x0d78 [ D929ABD465A2DED963DA8B30946A8D5C, DE8DBFB01C11D2AE903CBD6A974D6F995E9813CE2D6484B7DA06EAE4C545842A ] WinRM C:\Windows\system32\WsmSvc.dll 19:15:21.0611 0x0d78 WinRM - ok 19:15:21.0704 0x0d78 [ FE88B288356E7B47B74B13372ADD906D, A16B166F6BB32EF9D2A142F27B9EC54CBC7B3AC915799783CF4C40E525BC9E03 ] WinUsb C:\Windows\system32\drivers\WinUsb.sys 19:15:21.0736 0x0d78 WinUsb - ok 19:15:21.0907 0x0d78 [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc C:\Windows\System32\wlansvc.dll 19:15:21.0970 0x0d78 Wlansvc - ok 19:15:22.0032 0x0d78 [ 06C8FA1CF39DE6A735B54D906BA791C6, D8FEC7DE227781CDA876904701B2AA995268F74DCD6CB34AA0296C557FC283B6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe 19:15:22.0063 0x0d78 wlcrasvc - ok 19:15:22.0484 0x0d78 [ 2BACD71123F42CEA603F4E205E1AE337, 1FEF20554110371D738F462ECFFA999158EFEED02062414C58C1B61C422BF0B9 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE 19:15:22.0531 0x0d78 wlidsvc - ok 19:15:22.0562 0x0d78 [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys 19:15:22.0625 0x0d78 WmiAcpi - ok 19:15:22.0687 0x0d78 [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe 19:15:22.0734 0x0d78 wmiApSrv - ok 19:15:22.0781 0x0d78 WMPNetworkSvc - ok 19:15:22.0828 0x0d78 [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc C:\Windows\System32\wpcsvc.dll 19:15:22.0890 0x0d78 WPCSvc - ok 19:15:22.0921 0x0d78 [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll 19:15:22.0952 0x0d78 WPDBusEnum - ok 19:15:22.0999 0x0d78 [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys 19:15:23.0093 0x0d78 ws2ifsl - ok 19:15:23.0140 0x0d78 [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc C:\Windows\System32\wscsvc.dll 19:15:23.0171 0x0d78 wscsvc - ok 19:15:23.0186 0x0d78 WSearch - ok 19:15:23.0545 0x0d78 [ 0814A74C853F50B354F08F83DDA9F7FB, 0A63BAA8DE451B8C2C71FEF961718E769B9BAC305C76D24048C664CB27D0DF28 ] wuauserv C:\Windows\system32\wuaueng.dll 19:15:23.0701 0x0d78 wuauserv - ok 19:15:23.0732 0x0d78 [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys 19:15:23.0795 0x0d78 WudfPf - ok 19:15:23.0842 0x0d78 [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd C:\Windows\system32\drivers\WUDFRd.sys 19:15:23.0873 0x0d78 WUDFRd - ok 19:15:23.0904 0x0d78 [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc C:\Windows\System32\WUDFSvc.dll 19:15:23.0935 0x0d78 wudfsvc - ok 19:15:23.0998 0x0d78 [ 04F82965C09CBDF646B487E145060301, 2CD8533EDBE24C3E42EB7550E20F8A2EB9E5E345B165DEF543163A6BC1FDD18B ] WwanSvc C:\Windows\System32\wwansvc.dll 19:15:24.0060 0x0d78 WwanSvc - ok 19:15:24.0076 0x0d78 ================ Scan global =============================== 19:15:24.0185 0x0d78 [ BA0CD8C393E8C9F83354106093832C7B, 18D8A4780A2BAA6CEF7FBBBDA0EF6BF2DADF146E1E578A618DD5859E8ADBF1A8 ] C:\Windows\system32\basesrv.dll 19:15:24.0263 0x0d78 [ D17DD01601460F5899E5C154B3FD0BFA, B2FCFDE4B6F87634EA1F6D8AEA6D9B3C641D41D999C68B76F95491539B19D422 ] C:\Windows\system32\winsrv.dll 19:15:24.0294 0x0d78 [ D17DD01601460F5899E5C154B3FD0BFA, B2FCFDE4B6F87634EA1F6D8AEA6D9B3C641D41D999C68B76F95491539B19D422 ] C:\Windows\system32\winsrv.dll 19:15:24.0372 0x0d78 [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\Windows\system32\sxssrv.dll 19:15:24.0419 0x0d78 [ 71C85477DF9347FE8E7BC55768473FCA, A86D6A6D1F5A0EFCD649792A06F3AE9B37158D48493D2ECA7F52DCC1CB9B6536 ] C:\Windows\system32\services.exe 19:15:24.0450 0x0d78 [ Global ] - ok 19:15:24.0450 0x0d78 ================ Scan MBR ================================== 19:15:24.0466 0x0d78 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0 19:15:25.0339 0x0d78 \Device\Harddisk0\DR0 - ok 19:15:25.0339 0x0d78 ================ Scan VBR ================================== 19:15:25.0355 0x0d78 [ BD4F8F2574A9829DD70C8612E8962FC9 ] \Device\Harddisk0\DR0\Partition1 19:15:25.0386 0x0d78 \Device\Harddisk0\DR0\Partition1 - ok 19:15:25.0402 0x0d78 [ D92F2BE22016A4193595938AC869BDA2 ] \Device\Harddisk0\DR0\Partition2 19:15:25.0402 0x0d78 \Device\Harddisk0\DR0\Partition2 - ok 19:15:25.0402 0x0d78 ================ Scan generic autorun ====================== 19:15:26.0119 0x0d78 [ D31E3530A549B3BE3529773643A8FB75, 6E0B978562815739618D96CFEA7F193DEFEB5A362419F69720590C0AC176BE48 ] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe 19:15:26.0275 0x0d78 RtHDVCpl - ok 19:15:26.0369 0x0d78 [ 35BA4E6632BA690EA6421C1E03537D0E, 99D6B4DB12ABE3A7F44AB1B2D626978E85231185AE280D9516986027BC8385CB ] C:\Program Files\Microsoft Security Client\msseces.exe 19:15:26.0416 0x0d78 MSC - ok 19:15:26.0462 0x0d78 [ DB4E2D9C09A5762CB2551222B5E443B2, 318AD09D1821E38B7D7ACC0A06965057B494A752C9E34FD1CA41247DC703F985 ] C:\Windows\RaidTool\xInsIDE.exe 19:15:26.0478 0x0d78 JMB36X IDE Setup - detected UnsignedFile.Multi.Generic ( 1 ) 19:15:26.0930 0x0d78 Detect skipped due to KSN trusted 19:15:26.0930 0x0d78 JMB36X IDE Setup - ok 19:15:26.0993 0x0d78 [ 1A5024838562999647A7E1B6B62F91F4, 7E9FD5D6C3D807280339A4D7F53B69D9208DAFFA102467350E2BB95D288C5E3B ] C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe 19:15:27.0008 0x0d78 NUSB3MON - detected UnsignedFile.Multi.Generic ( 1 ) 19:15:27.0445 0x0d78 Detect skipped due to KSN trusted 19:15:27.0445 0x0d78 NUSB3MON - ok 19:15:27.0570 0x0d78 [ 52B642B30BAD0E7C4D56C5D3EAC76B97, 2DEBACF593826F638EE4FC7743ED981870277376B6742872E79F6FD5D694ADF2 ] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe 19:15:27.0617 0x0d78 StartCCC - detected UnsignedFile.Multi.Generic ( 1 ) 19:15:28.0069 0x0d78 Detect skipped due to KSN trusted 19:15:28.0069 0x0d78 StartCCC - ok 19:15:28.0132 0x0d78 [ C7C5264BAA313E4CC7BDD2955D410302, 31F8211269C8D4644C3077E13484D3E4CE7FB8F5CA6B2272E48E3EAEFE344544 ] C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe 19:15:28.0147 0x0d78 ATICustomerCare - detected UnsignedFile.Multi.Generic ( 1 ) 19:15:28.0568 0x0d78 Detect skipped due to KSN trusted 19:15:28.0568 0x0d78 ATICustomerCare - ok 19:15:28.0724 0x0d78 [ 3E04F1E482357B1FC8B088197C3D9FF8, 85524ADDC27ADC831EBBD24E079B412CFDC69E5F594BD153319087665A28D546 ] C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe 19:15:28.0756 0x0d78 Adobe ARM - ok 19:15:28.0896 0x0d78 [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe 19:15:28.0990 0x0d78 Sidebar - ok 19:15:29.0021 0x0d78 [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe 19:15:29.0052 0x0d78 mctadmin - ok 19:15:29.0099 0x0d78 [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe 19:15:29.0130 0x0d78 Sidebar - ok 19:15:29.0130 0x0d78 [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe 19:15:29.0146 0x0d78 mctadmin - ok 19:15:29.0302 0x0d78 [ E3BF29CED96790CDAAFA981FFDDF53A3, 76CB27EF7B27E5636EDA9D95229519B2A2870729A0BB694F1FD11CD602BAC4DC ] C:\Program Files\Windows Sidebar\sidebar.exe 19:15:29.0364 0x0d78 Sidebar - ok 19:15:29.0692 0x0d78 [ C81F59B7D524FB462F73B27757084618, 6C7DF7257ED0D9C69A53B98F15EAF1B42D302659791EE80F48D06BCA11EA09D8 ] C:\Program Files (x86)\CCleaner\CCleaner64.exe 19:15:29.0848 0x0d78 CCleaner Monitoring - ok 19:15:29.0848 0x0d78 Waiting for KSN requests completion. In queue: 35 19:15:30.0862 0x0d78 AV detected via SS2: Microsoft Security Essentials, C:\Program Files\Microsoft Security Client\msseces.exe ( 4.8.204.0 ), 0x61000 ( enabled : updated ) 19:15:30.0877 0x0d78 Win FW state via NFP2: enabled 19:15:31.0158 0x0d78 ============================================================ 19:15:31.0158 0x0d78 Scan finished 19:15:31.0158 0x0d78 ============================================================ 19:15:31.0158 0x0708 Detected object count: 1 19:15:31.0158 0x0708 Actual detected object count: 1 19:28:14.0659 0x0708 WDDMService ( UnsignedFile.Multi.Generic ) - skipped by user 19:28:14.0659 0x0708 WDDMService ( UnsignedFile.Multi.Generic ) - User select action: Skip Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.09.1.1004 www.malwarebytes.org Database version: main: v2015.05.27.03 rootkit: v2015.05.24.01 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 11.0.9600.17801 Bene :: BENE-PC [administrator] 27.05.2015 17:04:49 mbar-log-2015-05-27 (17-04-49).txt Scan type: Quick scan Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken Scan options disabled: Objects scanned: 416918 Time elapsed: 1 hour(s), 10 minute(s), 2 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) Physical Sectors Detected: 0 (No malicious items detected) (end) |
28.05.2015, 12:21 | #5 |
/// the machine /// TB-Ausbilder | PC stürzt regemäßig ab hi, Scan mit Combofix
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
29.05.2015, 08:28 | #6 |
| PC stürzt regemäßig ab Combofix hat gemeckert, weil Microsoft Security Essentials angeblich noch aktiv war. Hatte es aber eigentlich über den Taskmanager ausgeschaltet. Hier das Logfile: Code:
ATTFilter ComboFix 15-05-28.01 - Bene 29.05.2015 9:01.1.4 - x64 Microsoft Windows 7 Ultimate 6.1.7601.1.1252.49.1031.18.4094.2190 [GMT 2:00] ausgeführt von:: d:\downloads\ComboFix.exe AV: Microsoft Security Essentials *Enabled/Updated* {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A} SP: Microsoft Security Essentials *Enabled/Updated* {0C8D1929-27B2-688D-E114-9117BD2BB1B7} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . (((((((((((((((((((((((((((((((((((( Weitere Löschungen )))))))))))))))))))))))))))))))))))))))))))))))) . . C:\install.exe c:\users\Bene\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Firefox.lnk c:\users\Public\sdelevURL.tmp . . ((((((((((((((((((((((((((((((((((((((( Treiber/Dienste ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Legacy_NPF . . ((((((((((((((((((((((( Dateien erstellt von 2015-04-28 bis 2015-05-29 )))))))))))))))))))))))))))))) . . 2015-05-28 11:50 . 2015-05-28 11:50 -------- d-----w- C:\found.000 2015-05-27 18:00 . 2015-05-27 18:00 -------- d-sh--w- c:\users\Bene\AppData\Local\EmieUserList 2015-05-27 18:00 . 2015-05-27 18:00 -------- d-sh--w- c:\users\Bene\AppData\Local\EmieSiteList 2015-05-27 18:00 . 2015-05-27 18:00 -------- d-sh--w- c:\users\Bene\AppData\Local\EmieBrowserModeList 2015-05-26 21:06 . 2015-05-27 17:11 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable) 2015-05-26 19:54 . 2015-05-26 19:54 -------- d-----w- c:\program files (x86)\VS Revo Group 2015-05-25 07:14 . 2015-05-25 07:14 -------- d-----w- c:\users\Bene\AppData\Local\Opera Software 2015-05-25 07:14 . 2015-05-25 07:14 -------- d-----w- c:\users\Bene\AppData\Roaming\Opera Software 2015-05-20 18:07 . 2015-05-21 13:20 -------- d-----w- c:\program files (x86)\Mozilla Thunderbird 2015-05-19 18:34 . 2015-05-19 18:34 -------- d-----w- C:\7368bc0b271974332c0a6287 2015-05-12 18:33 . 2015-05-01 13:17 124112 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll 2015-05-12 18:33 . 2015-05-01 13:16 102608 ----a-w- c:\windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll 2015-05-12 18:31 . 2015-04-27 19:23 1254400 ----a-w- c:\windows\system32\diagtrack.dll 2015-05-12 18:30 . 2015-04-08 03:29 1736192 ----a-w- c:\program files\Windows Journal\NBDoc.DLL 2015-05-01 18:10 . 2015-05-01 18:10 229608 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\nppdf32.dll . . . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2015-05-27 15:04 . 2015-02-28 11:32 136408 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys 2015-05-27 15:03 . 2015-02-28 11:32 107736 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys 2015-05-25 07:17 . 2012-07-25 15:06 778416 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2015-05-25 07:17 . 2011-05-25 05:21 142512 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2015-05-12 18:36 . 2010-04-17 07:08 140425016 ----a-w- c:\windows\system32\MRT.exe 2015-05-03 03:16 . 2015-05-27 15:23 12214312 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3C2C91AE-2B14-4324-AC84-9DBEC337FD2C}\mpengine.dll 2015-05-03 03:16 . 2015-05-26 14:06 12214312 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2015-04-27 19:04 . 2015-05-12 18:31 44032 ----a-w- c:\windows\apppatch\acwow64.dll 2015-04-24 10:49 . 2014-10-19 10:25 98216 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll 2015-04-14 07:37 . 2015-02-28 11:32 63704 ----a-w- c:\windows\system32\drivers\mwac.sys 2015-04-14 07:37 . 2015-02-28 11:32 25816 ----a-w- c:\windows\system32\drivers\mbam.sys 2015-03-27 08:20 . 2015-05-23 19:41 1187344 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{628D11D7-670D-467F-9FDC-35ADBD400F35}\gapaengine.dll 2015-03-27 08:20 . 2011-03-25 17:10 1187344 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll 2015-03-25 03:24 . 2015-04-15 05:52 98304 ----a-w- c:\windows\system32\wudriver.dll 2015-03-25 03:24 . 2015-04-15 05:52 37376 ----a-w- c:\windows\system32\wups2.dll 2015-03-25 03:24 . 2015-04-15 05:52 35328 ----a-w- c:\windows\system32\wups.dll 2015-03-25 03:24 . 2015-04-15 05:52 3298816 ----a-w- c:\windows\system32\wucltux.dll 2015-03-25 03:24 . 2015-04-15 05:52 191488 ----a-w- c:\windows\system32\wuwebv.dll 2015-03-25 03:24 . 2015-04-15 05:52 2553856 ----a-w- c:\windows\system32\wuaueng.dll 2015-03-25 03:24 . 2015-04-15 05:52 696320 ----a-w- c:\windows\system32\wuapi.dll 2015-03-25 03:24 . 2015-04-15 05:52 60416 ----a-w- c:\windows\system32\WinSetupUI.dll 2015-03-25 03:23 . 2015-04-15 05:52 12288 ----a-w- c:\windows\system32\wu.upgrade.ps.dll 2015-03-25 03:23 . 2015-04-15 05:52 36864 ----a-w- c:\windows\system32\wuapp.exe 2015-03-25 03:23 . 2015-04-15 05:52 135168 ----a-w- c:\windows\system32\wuauclt.exe 2015-03-25 03:00 . 2015-04-15 05:52 92672 ----a-w- c:\windows\SysWow64\wudriver.dll 2015-03-25 03:00 . 2015-04-15 05:52 566784 ----a-w- c:\windows\SysWow64\wuapi.dll 2015-03-25 03:00 . 2015-04-15 05:52 29696 ----a-w- c:\windows\SysWow64\wups.dll 2015-03-25 03:00 . 2015-04-15 05:52 173056 ----a-w- c:\windows\SysWow64\wuwebv.dll 2015-03-25 03:00 . 2015-04-15 05:52 33792 ----a-w- c:\windows\SysWow64\wuapp.exe 2015-03-23 03:25 . 2015-04-15 05:51 726528 ----a-w- c:\windows\system32\generaltel.dll 2015-03-23 03:25 . 2015-04-15 05:51 769536 ----a-w- c:\windows\system32\invagent.dll 2015-03-23 03:24 . 2015-04-15 05:51 419840 ----a-w- c:\windows\system32\devinv.dll 2015-03-23 03:24 . 2015-04-15 05:51 957952 ----a-w- c:\windows\system32\appraiser.dll 2015-03-23 03:24 . 2015-04-15 05:51 30720 ----a-w- c:\windows\system32\acmigration.dll 2015-03-23 03:24 . 2015-04-15 05:51 192000 ----a-w- c:\windows\system32\aepic.dll 2015-03-23 03:24 . 2015-04-15 05:51 227328 ----a-w- c:\windows\system32\aepdu.dll 2015-03-23 03:17 . 2015-04-15 05:51 1111552 ----a-w- c:\windows\system32\aeinv.dll 2015-03-10 03:25 . 2015-04-15 05:51 1882624 ----a-w- c:\windows\system32\msxml3.dll 2015-03-10 03:21 . 2015-04-15 05:51 2048 ----a-w- c:\windows\system32\msxml3r.dll 2015-03-10 03:08 . 2015-04-15 05:51 1237504 ----a-w- c:\windows\SysWow64\msxml3.dll 2015-03-10 03:05 . 2015-04-15 05:51 2048 ----a-w- c:\windows\SysWow64\msxml3r.dll 2015-03-05 05:12 . 2015-04-15 05:51 404480 ----a-w- c:\windows\system32\gdi32.dll 2015-03-05 04:05 . 2015-04-15 05:51 311808 ----a-w- c:\windows\SysWow64\gdi32.dll 2015-03-04 17:34 . 2015-03-04 17:34 280376 ----a-w- c:\windows\system32\drivers\MpFilter.sys 2015-03-04 17:34 . 2010-10-24 20:25 124568 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys 2015-03-04 04:55 . 2015-04-15 05:48 367552 ----a-w- c:\windows\system32\clfs.sys 2015-03-04 04:41 . 2015-04-15 05:48 79360 ----a-w- c:\windows\system32\clfsw32.dll 2015-03-04 04:41 . 2015-05-12 18:30 309248 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll 2015-03-04 04:41 . 2015-05-12 18:30 103424 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll 2015-03-04 04:10 . 2015-04-15 05:48 58880 ----a-w- c:\windows\SysWow64\clfsw32.dll 2015-03-04 04:10 . 2015-05-12 18:30 470528 ----a-w- c:\windows\apppatch\AcSpecfc.dll 2015-03-04 04:10 . 2015-05-12 18:30 2178560 ----a-w- c:\windows\apppatch\AcGenral.dll 2015-03-04 04:06 . 2015-05-12 18:30 2560 ----a-w- c:\windows\apppatch\AcRes.dll 2015-03-03 13:17 . 2010-04-15 20:19 295552 ------w- c:\windows\system32\MpSigStub.exe 2010-03-25 16:42 . 2010-03-25 16:42 388096 ----a-w- c:\program files (x86)\HiJackThis.exe . . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584] "CCleaner Monitoring"="c:\program files (x86)\CCleaner\CCleaner64.exe" [2015-04-23 8204056] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2007-03-20 36864] "NUSB3MON"="c:\program files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2009-09-25 106496] "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-02-02 98304] "ATICustomerCare"="c:\program files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe" [2009-06-14 307200] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-12-19 1022152] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "aux6"=wdmaud.drv . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2013\avgidsagent.exe;c:\program files (x86)\AVG\AVG2013\avgidsagent.exe [x] R2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2013\avgwdsvc.exe;c:\program files (x86)\AVG\AVG2013\avgwdsvc.exe [x] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x] R2 MBAMService;MBAMService;c:\program files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe;c:\program files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [x] R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x] R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x] R3 SMARTVTabletPCx64;SMART Virtual TabletPC;c:\windows\system32\DRIVERS\SMARTVTabletPCx64.sys;c:\windows\SYSNATIVE\DRIVERS\SMARTVTabletPCx64.sys [x] R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x] R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x] R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x] R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x] R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x] R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys;c:\windows\SYSNATIVE\DRIVERS\wdcsam64.sys [x] R4 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x] S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x] S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x] S2 JMB36X;JMB36X;c:\windows\SysWOW64\XSrvSetup.exe;c:\windows\SysWOW64\XSrvSetup.exe [x] S2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x] S2 Secunia PSI Agent;Secunia PSI Agent;c:\program files (x86)\Secunia\PSI\PSIA.exe;c:\program files (x86)\Secunia\PSI\PSIA.exe [x] S2 Secunia Update Agent;Secunia Update Agent;c:\program files (x86)\Secunia\PSI\sua.exe;c:\program files (x86)\Secunia\PSI\sua.exe [x] S2 SMARTHelperService;SMART Helper Service;c:\program files (x86)\SMART Technologies\Education Software\SMARTHelperService.exe;c:\program files (x86)\SMART Technologies\Education Software\SMARTHelperService.exe [x] S2 WDDMService;WDDMService;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [x] S2 WDFME;WD File Management Engine;c:\program files (x86)\Western Digital\WD Smartware\Front Parlor\WDFME\WDFME.exe;c:\program files (x86)\Western Digital\WD Smartware\Front Parlor\WDFME\WDFME.exe [x] S2 WDSC;WD File Management Shadow Engine;c:\program files (x86)\Western Digital\WD Smartware\Front Parlor\WDSC.exe;c:\program files (x86)\Western Digital\WD Smartware\Front Parlor\WDSC.exe [x] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x] S3 NisSrv;Microsoft-Netzwerkinspektion;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x] S3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3hub.sys [x] S3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3xhc.sys [x] S3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf_amd64.sys;c:\windows\SYSNATIVE\DRIVERS\psi_mf_amd64.sys [x] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x] S3 SMARTMouseFilterx64;HID-compliant mouse;c:\windows\system32\DRIVERS\SMARTMouseFilterx64.sys;c:\windows\SYSNATIVE\DRIVERS\SMARTMouseFilterx64.sys [x] S3 SMARTVHidMiniVistaAmd64;SMART HID Device;c:\windows\system32\DRIVERS\SMARTVHidMiniVistaAmd64.sys;c:\windows\SYSNATIVE\DRIVERS\SMARTVHidMiniVistaAmd64.sys [x] . . --- Andere Dienste/Treiber im Speicher --- . *NewlyCreated* - WS2IFSL . Inhalt des "geplante Tasks" Ordners . 2015-05-25 c:\windows\Tasks\Adobe Flash Player PPAPI Notifier.job - c:\windows\SysWOW64\Macromed\Flash\FlashUtil32_17_0_0_188_pepper.exe [2015-05-25 07:17] . 2015-05-28 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-25 07:17] . 2015-05-28 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2058888408-2479665750-2358759828-1001Core.job - c:\users\Bene\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-01-07 08:17] . 2015-05-28 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2058888408-2479665750-2358759828-1001UA.job - c:\users\Bene\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-01-07 08:17] . 2015-05-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-04-21 10:14] . 2015-05-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-04-21 10:14] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-10-21 8306208] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2015-04-29 1337000] . ------- Zusätzlicher Suchlauf ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://www.google.de/ mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = <local> IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: Free YouTube to MP3 Converter - c:\users\Bene\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm TCP: DhcpNameServer = 192.168.2.1 FF - ProfilePath - c:\users\Bene\AppData\Roaming\Mozilla\Firefox\Profiles\6l2jv7sk.default-1431878520975\ . - - - - Entfernte verwaiste Registrierungseinträge - - - - . HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file) ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file) ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file) ShellIconOverlayIdentifiers-{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} - (no file) ShellIconOverlayIdentifiers-{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} - (no file) . . . --------------------- Gesperrte Registrierungsschluessel --------------------- . [HKEY_USERS\S-1-5-21-2058888408-2479665750-2358759828-1001\Software\SecuROM\License information*] "datasecu"=hex:21,69,e6,ac,ca,08,a4,fa,75,2e,d7,ef,39,1b,f7,b8,f0,bc,b1,d1,22, 8e,0c,13,54,21,2c,b4,57,b4,8c,91,f6,d8,86,50,3d,86,5f,a3,1f,e2,20,01,cb,41,\ "rkeysecu"=hex:44,c8,b9,9f,32,57,3b,cb,d1,4b,2e,c3,b7,6d,88,b1 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_17_0_0_169_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_17_0_0_169_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}] @Denied: (A 2) (Everyone) @="IFlashBroker6" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_17_0_0_169_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_17_0_0_169_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_17_0_0_169.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.17" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_17_0_0_169.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_17_0_0_169.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_17_0_0_169.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}] @Denied: (A 2) (Everyone) @="IFlashBroker6" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Weitere laufende Prozesse ------------------------ . c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe . ************************************************************************** . Zeit der Fertigstellung: 2015-05-29 09:23:40 - PC wurde neu gestartet ComboFix-quarantined-files.txt 2015-05-29 07:23 . Vor Suchlauf: 20 Verzeichnis(se), 11.259.678.720 Bytes frei Nach Suchlauf: 27 Verzeichnis(se), 10.592.264.192 Bytes frei . - - End Of File - - 6043523F24E3B462F629CA1802FFE46F A36C5E4F47E84449FF07ED3517B43A31 |
30.05.2015, 08:27 | #7 |
/// the machine /// TB-Ausbilder | PC stürzt regemäßig ab Downloade Dir bitte Malwarebytes Anti-Malware
Downloade Dir bitte AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
30.05.2015, 12:28 | #8 |
| PC stürzt regemäßig abCode:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Error, 30.05.2015 09:34:18, SYSTEM, BENE-PC, Protection, IsLicensed, 13, Protection, 30.05.2015 09:34:18, SYSTEM, BENE-PC, Protection, Malware Protection, Stopping, Protection, 30.05.2015 09:34:18, SYSTEM, BENE-PC, Protection, Malware Protection, Stopped, Update, 30.05.2015 09:49:47, SYSTEM, BENE-PC, Manual, Rootkit Database, 2015.2.25.1, 2015.5.24.1, Update, 30.05.2015 09:49:48, SYSTEM, BENE-PC, Manual, Remediation Database, 2015.3.9.1, 2015.5.13.1, Update, 30.05.2015 09:49:56, SYSTEM, BENE-PC, Manual, Malware Database, 2015.3.9.5, 2015.5.29.7, Error, 30.05.2015 09:56:19, SYSTEM, BENE-PC, Protection, IsLicensed, 13, Protection, 30.05.2015 09:56:19, SYSTEM, BENE-PC, Protection, Malware Protection, Stopping, Protection, 30.05.2015 09:56:19, SYSTEM, BENE-PC, Protection, Malware Protection, Stopped, Error, 30.05.2015 10:04:24, SYSTEM, BENE-PC, Protection, IsLicensed, 13, Protection, 30.05.2015 10:04:25, SYSTEM, BENE-PC, Protection, Malware Protection, Stopping, Protection, 30.05.2015 10:04:25, SYSTEM, BENE-PC, Protection, Malware Protection, Stopped, Error, 30.05.2015 10:20:42, SYSTEM, BENE-PC, Protection, IsLicensed, 13, Protection, 30.05.2015 10:20:42, SYSTEM, BENE-PC, Protection, Malware Protection, Stopping, Protection, 30.05.2015 10:20:42, SYSTEM, BENE-PC, Protection, Malware Protection, Stopped, Protection, 30.05.2015 10:23:56, SYSTEM, BENE-PC, Protection, Malware Protection, Starting, Protection, 30.05.2015 10:23:56, SYSTEM, BENE-PC, Protection, Malware Protection, Started, Protection, 30.05.2015 10:23:56, SYSTEM, BENE-PC, Protection, Malicious Website Protection, Starting, Protection, 30.05.2015 10:23:56, SYSTEM, BENE-PC, Protection, Malicious Website Protection, Started, Update, 30.05.2015 10:24:09, SYSTEM, BENE-PC, Manual, Rootkit Database, 2015.2.25.1, 2015.5.24.1, Update, 30.05.2015 10:24:09, SYSTEM, BENE-PC, Manual, Remediation Database, 2015.3.9.1, 2015.5.13.1, Update, 30.05.2015 10:24:19, SYSTEM, BENE-PC, Manual, Malware Database, 2015.3.9.5, 2015.5.29.7, Protection, 30.05.2015 10:24:19, SYSTEM, BENE-PC, Protection, Refresh, Starting, Protection, 30.05.2015 10:24:19, SYSTEM, BENE-PC, Protection, Malicious Website Protection, Stopping, Protection, 30.05.2015 10:24:19, SYSTEM, BENE-PC, Protection, Malicious Website Protection, Stopped, Protection, 30.05.2015 10:24:25, SYSTEM, BENE-PC, Protection, Refresh, Success, Protection, 30.05.2015 10:24:25, SYSTEM, BENE-PC, Protection, Malicious Website Protection, Starting, Protection, 30.05.2015 10:24:25, SYSTEM, BENE-PC, Protection, Malicious Website Protection, Started, Scan, 30.05.2015 11:16:37, SYSTEM, BENE-PC, Manual, Start: 30.05.2015 10:24:37, Dauer: 51 Minuten 59 Sekunden, Bedrohungs-Suchlauf, Abgeschlossen, 0 Malwareerkennung, "0" nicht-Malwareerkennung, Update, 30.05.2015 11:37:53, SYSTEM, BENE-PC, Scheduler, Malware Database, 2015.5.29.7, 2015.5.30.1, Protection, 30.05.2015 11:37:53, SYSTEM, BENE-PC, Protection, Refresh, Starting, Protection, 30.05.2015 11:37:53, SYSTEM, BENE-PC, Protection, Malicious Website Protection, Stopping, Protection, 30.05.2015 11:37:53, SYSTEM, BENE-PC, Protection, Malicious Website Protection, Stopped, Protection, 30.05.2015 11:38:01, SYSTEM, BENE-PC, Protection, Refresh, Success, Protection, 30.05.2015 11:38:01, SYSTEM, BENE-PC, Protection, Malicious Website Protection, Starting, Protection, 30.05.2015 11:38:01, SYSTEM, BENE-PC, Protection, Malicious Website Protection, Started, Protection, 30.05.2015 12:49:07, SYSTEM, BENE-PC, Protection, Malware Protection, Starting, Protection, 30.05.2015 12:49:07, SYSTEM, BENE-PC, Protection, Malware Protection, Started, Protection, 30.05.2015 12:49:07, SYSTEM, BENE-PC, Protection, Malicious Website Protection, Starting, Protection, 30.05.2015 12:49:33, SYSTEM, BENE-PC, Protection, Malicious Website Protection, Started, (end) AdwCleaner Logfile: Code:
ATTFilter # AdwCleaner v4.205 - Bericht erstellt 30/05/2015 um 12:57:03 # Aktualisiert 21/05/2015 von Xplode # Datenbank : 2015-05-25.3 [Server] # Betriebssystem : Windows 7 Ultimate Service Pack 1 (x64) # Benutzername : Bene - BENE-PC # Gestarted von : C:\Users\Bene\Desktop\j\AdwCleaner_4.205.exe # Option : Lˆschen ***** [ Dienste ] ***** ***** [ Dateien / Ordner ] ***** Ordner Gelˆscht : C:\Program Files (x86)\foxydeal Ordner Gelˆscht : C:\Users\Bene\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FLV Player Datei Gelˆscht : C:\Users\Bene\AppData\Roaming\MSWINSCK.OCX ***** [ Geplante Tasks ] ***** ***** [ Verkn¸pfungen ] ***** ***** [ Registrierungsdatenbank ] ***** Schl¸ssel Gelˆscht : HKLM\SOFTWARE\Classes\CLSID\{459DD0F7-0D55-D3DC-67BC-E6BE37E9D762} Schl¸ssel Gelˆscht : HKCU\Software\OCS Schl¸ssel Gelˆscht : HKCU\Software\foxydeal Schl¸ssel Gelˆscht : HKCU\Software\AppDataLow\foxydeal Schl¸ssel Gelˆscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\02F47BF73B948514FAACADD8CBBDF37D Schl¸ssel Gelˆscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\07D5290CDBDAE4242926B8E6CA650501 Schl¸ssel Gelˆscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\080D9F5E1E95FEE4794CE438E635239E Schl¸ssel Gelˆscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08E33F7B61DEFF24BB9673ED7D467636 Schl¸ssel Gelˆscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E3D8A5B48622A445A7DF73FEFF32C3F Schl¸ssel Gelˆscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1E264E0A5959A1C46BA9175A878B12EA Schl¸ssel Gelˆscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2E6768B6932D112438F047C54D180635 Schl¸ssel Gelˆscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\34EDDB1BFB3A2D448845F3EFD0F15A43 Schl¸ssel Gelˆscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\351716A953E21214898904032EAE2E81 Schl¸ssel Gelˆscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\397C771A7BCAC904697C3EC629ED33ED Schl¸ssel Gelˆscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\427EA997C413D1D47907CBFC7B2DB432 Schl¸ssel Gelˆscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4318DF19719275242801CBE292063A4C Schl¸ssel Gelˆscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\45FC115D1FEAEF849A4E1610D6EC8BF0 Schl¸ssel Gelˆscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\46A5861A389ADB844AF89E31BC9DF0A1 Schl¸ssel Gelˆscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49B0E1A6FF50BBE4289E4E23DE6EA0C7 Schl¸ssel Gelˆscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4CCCAC049F34D0540AAC13011398BEDB Schl¸ssel Gelˆscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5C4389D0BFB302C479DE4178BD5D9EBA Schl¸ssel Gelˆscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5D2B09BDEF4FE54418E6F3373CDBC7AC Schl¸ssel Gelˆscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\61B65D3397A1FBF4CB1571B5E4F6B5B0 Schl¸ssel Gelˆscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\68E8A05C60DD9254591DBD16C94EDDBF Schl¸ssel Gelˆscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\697E782CF574CC34CBB9566440BA12BC Schl¸ssel Gelˆscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\69D6A6B2ED56AF24EA6335EAD6E91CA4 Schl¸ssel Gelˆscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AE27A8613CF7EA4782F2886F67295E5 Schl¸ssel Gelˆscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\75D5168E5E176C24981B4E5DBD991078 Schl¸ssel Gelˆscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7CE172051F585E04187BCB97570BFA74 Schl¸ssel Gelˆscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7FFA128C2B0FF414D805FC5627883401 Schl¸ssel Gelˆscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\86A901BA5265452499DCBF719C378EE3 Schl¸ssel Gelˆscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\86EDC790504E1834DBC20C9A04328FD2 Schl¸ssel Gelˆscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8724E58E6C7D00C48A0D4F3345EB2C26 Schl¸ssel Gelˆscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\88ABD1CD5C40EC84789A7F6EF86DAC5E Schl¸ssel Gelˆscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\97C3D0F82E712E241A2F969F45E3351C Schl¸ssel Gelˆscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\980289C22F80A7C4BB9323DC61255E4E Schl¸ssel Gelˆscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\98CC8BF5A4A6E6C4ABF7051DDAB8B058 Schl¸ssel Gelˆscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9A4B7EF3789F871419D9302583B20C15 Schl¸ssel Gelˆscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9E7F556BF224D804D96A96F0F6344789 Schl¸ssel Gelˆscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A189D17A469616C4688D23E192996267 Schl¸ssel Gelˆscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A6C53B0F76C44004A8F36716213017DB Schl¸ssel Gelˆscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AB676B0E1B9EFA049B9F7DDDA9645734 Schl¸ssel Gelˆscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B31BBB0B825EDEF45AB0FE7099C68C81 Schl¸ssel Gelˆscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B471D8D7319336B4CA89374ED0D7B806 Schl¸ssel Gelˆscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B59F2D8189784CC46A4597F2842480B0 Schl¸ssel Gelˆscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BC30043663AA2CA4DA1DAA9CA5FDCC75 Schl¸ssel Gelˆscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BD746FB95FB8E5B45BF66BE54D5FD91F Schl¸ssel Gelˆscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BF4F885EDEE45644EB1E0C99E0162399 Schl¸ssel Gelˆscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CCF399FCD6D2D3F46BF02A1378654FC9 Schl¸ssel Gelˆscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CE21F3FD57B244142880EF15A165A156 Schl¸ssel Gelˆscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D149C1355C98DE24E82CEFBD996FE06A Schl¸ssel Gelˆscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D15DAF33C220F91468A1D7D57C31ACD7 Schl¸ssel Gelˆscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D3BA76A44C779424889063D5098ED2D6 Schl¸ssel Gelˆscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D6D0EB9FDBD90C04D92A7E729058F10D Schl¸ssel Gelˆscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DB59FDB786388EA4D897F3EE715683AC Schl¸ssel Gelˆscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DB8DAD19CFBCC2049A4477183787E8C5 Schl¸ssel Gelˆscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E1C820A74ED67374BA048B52CB3C3804 Schl¸ssel Gelˆscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E4748F9A4181FCE46A23C13B517B9420 Schl¸ssel Gelˆscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EC65F200D112357449C8B1BC3CFA03D0 Schl¸ssel Gelˆscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F327D0C73C0973644A21E8CC852267A0 Schl¸ssel Gelˆscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F754C503375A13344B22388E18DFE87E Schl¸ssel Gelˆscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FA96423FE2B98E248A3B23548D1E22D9 Schl¸ssel Gelˆscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FDC83385E6C239F4C876A77A37DF581D Schl¸ssel Gelˆscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\4340C4778499EED41AE496DC3D613EC6 Schl¸ssel Gelˆscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\547B38670606DF14AA57B0BB83F3AE4D Schl¸ssel Gelˆscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\789034A89BAC50E4782F0A7BDBF75632 Schl¸ssel Gelˆscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\A97CEC23332751B47BA4B95BAA50C9D0 Daten Gelˆscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - <local> ***** [ Internetbrowser ] ***** -\\ Internet Explorer v11.0.9600.17801 -\\ Mozilla Firefox v38.0.1 (x86 de) -\\ Opera v29.0.1795.60 # AdwCleaner v4.205 - Bericht erstellt 30/05/2015 um 13:07:53 # Aktualisiert 21/05/2015 von Xplode # Datenbank : 2015-05-25.3 [Server] # Betriebssystem : Windows 7 Ultimate Service Pack 1 (x64) # Benutzername : Bene - BENE-PC # Gestarted von : D:\Downloads\AdwCleaner_4.205.exe # Option : Lˆschen ***** [ Dienste ] ***** ***** [ Dateien / Ordner ] ***** ***** [ Geplante Tasks ] ***** ***** [ Verkn¸pfungen ] ***** ***** [ Registrierungsdatenbank ] ***** Schl¸ssel Gelˆscht : HKLM\SOFTWARE\Classes\CLSID\{459DD0F7-0D55-D3DC-67BC-E6BE37E9D762} Schl¸ssel Gelˆscht : HKCU\Software\OCS Schl¸ssel Gelˆscht : HKCU\Software\foxydeal Schl¸ssel Gelˆscht : HKCU\Software\AppDataLow\foxydeal Schl¸ssel Gelˆscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\02F47BF73B948514FAACADD8CBBDF37D Schl¸ssel Gelˆscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\07D5290CDBDAE4242926B8E6CA650501 Schl¸ssel Gelˆscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\080D9F5E1E95FEE4794CE438E635239E Schl¸ssel Gelˆscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08E33F7B61DEFF24BB9673ED7D467636 Schl¸ssel Gelˆscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E3D8A5B48622A445A7DF73FEFF32C3F Schl¸ssel Gelˆscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1E264E0A5959A1C46BA9175A878B12EA Schl¸ssel Gelˆscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2E6768B6932D112438F047C54D180635 Schl¸ssel Gelˆscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\34EDDB1BFB3A2D448845F3EFD0F15A43 Schl¸ssel Gelˆscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\351716A953E21214898904032EAE2E81 Schl¸ssel Gelˆscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\397C771A7BCAC904697C3EC629ED33ED Schl¸ssel Gelˆscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\427EA997C413D1D47907CBFC7B2DB432 Schl¸ssel Gelˆscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4318DF19719275242801CBE292063A4C Schl¸ssel Gelˆscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\45FC115D1FEAEF849A4E1610D6EC8BF0 Schl¸ssel Gelˆscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\46A5861A389ADB844AF89E31BC9DF0A1 Schl¸ssel Gelˆscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49B0E1A6FF50BBE4289E4E23DE6EA0C7 Schl¸ssel Gelˆscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4CCCAC049F34D0540AAC13011398BEDB Schl¸ssel Gelˆscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5C4389D0BFB302C479DE4178BD5D9EBA Schl¸ssel Gelˆscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5D2B09BDEF4FE54418E6F3373CDBC7AC Schl¸ssel Gelˆscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\61B65D3397A1FBF4CB1571B5E4F6B5B0 Schl¸ssel Gelˆscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\68E8A05C60DD9254591DBD16C94EDDBF Schl¸ssel Gelˆscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\697E782CF574CC34CBB9566440BA12BC Schl¸ssel Gelˆscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\69D6A6B2ED56AF24EA6335EAD6E91CA4 Schl¸ssel Gelˆscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AE27A8613CF7EA4782F2886F67295E5 Schl¸ssel Gelˆscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\75D5168E5E176C24981B4E5DBD991078 Schl¸ssel Gelˆscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7CE172051F585E04187BCB97570BFA74 Schl¸ssel Gelˆscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7FFA128C2B0FF414D805FC5627883401 Schl¸ssel Gelˆscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\86A901BA5265452499DCBF719C378EE3 Schl¸ssel Gelˆscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\86EDC790504E1834DBC20C9A04328FD2 Schl¸ssel Gelˆscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8724E58E6C7D00C48A0D4F3345EB2C26 Schl¸ssel Gelˆscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\88ABD1CD5C40EC84789A7F6EF86DAC5E Schl¸ssel Gelˆscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\97C3D0F82E712E241A2F969F45E3351C Schl¸ssel Gelˆscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\980289C22F80A7C4BB9323DC61255E4E Schl¸ssel Gelˆscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\98CC8BF5A4A6E6C4ABF7051DDAB8B058 Schl¸ssel Gelˆscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9A4B7EF3789F871419D9302583B20C15 Schl¸ssel Gelˆscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9E7F556BF224D804D96A96F0F6344789 Schl¸ssel Gelˆscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A189D17A469616C4688D23E192996267 Schl¸ssel Gelˆscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A6C53B0F76C44004A8F36716213017DB Schl¸ssel Gelˆscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AB676B0E1B9EFA049B9F7DDDA9645734 Schl¸ssel Gelˆscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B31BBB0B825EDEF45AB0FE7099C68C81 Schl¸ssel Gelˆscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B471D8D7319336B4CA89374ED0D7B806 Schl¸ssel Gelˆscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B59F2D8189784CC46A4597F2842480B0 Schl¸ssel Gelˆscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BC30043663AA2CA4DA1DAA9CA5FDCC75 Schl¸ssel Gelˆscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BD746FB95FB8E5B45BF66BE54D5FD91F Schl¸ssel Gelˆscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BF4F885EDEE45644EB1E0C99E0162399 Schl¸ssel Gelˆscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CCF399FCD6D2D3F46BF02A1378654FC9 Schl¸ssel Gelˆscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CE21F3FD57B244142880EF15A165A156 Schl¸ssel Gelˆscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D149C1355C98DE24E82CEFBD996FE06A Schl¸ssel Gelˆscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D15DAF33C220F91468A1D7D57C31ACD7 Schl¸ssel Gelˆscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D3BA76A44C779424889063D5098ED2D6 Schl¸ssel Gelˆscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D6D0EB9FDBD90C04D92A7E729058F10D Schl¸ssel Gelˆscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DB59FDB786388EA4D897F3EE715683AC Schl¸ssel Gelˆscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DB8DAD19CFBCC2049A4477183787E8C5 Schl¸ssel Gelˆscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E1C820A74ED67374BA048B52CB3C3804 Schl¸ssel Gelˆscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E4748F9A4181FCE46A23C13B517B9420 Schl¸ssel Gelˆscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EC65F200D112357449C8B1BC3CFA03D0 Schl¸ssel Gelˆscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F327D0C73C0973644A21E8CC852267A0 Schl¸ssel Gelˆscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F754C503375A13344B22388E18DFE87E Schl¸ssel Gelˆscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FA96423FE2B98E248A3B23548D1E22D9 Schl¸ssel Gelˆscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FDC83385E6C239F4C876A77A37DF581D Schl¸ssel Gelˆscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\4340C4778499EED41AE496DC3D613EC6 Schl¸ssel Gelˆscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\547B38670606DF14AA57B0BB83F3AE4D Schl¸ssel Gelˆscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\789034A89BAC50E4782F0A7BDBF75632 Schl¸ssel Gelˆscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\A97CEC23332751B47BA4B95BAA50C9D0 Daten Gelˆscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - <local> ***** [ Internetbrowser ] ***** -\\ Internet Explorer v11.0.9600.17801 -\\ Mozilla Firefox v38.0.1 (x86 de) -\\ Opera v29.0.1795.60 ************************* AdwCleaner[R0].txt - [1861 Bytes] - [06/08/2014 12:21:29] AdwCleaner[R1].txt - [21457 Bytes] - [30/05/2015 12:52:15] AdwCleaner[S0].txt - [1876 Bytes] - [06/08/2014 12:26:12] AdwCleaner[S1].txt - [20328 Bytes] - [30/05/2015 12:57:03] ########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [20388 Bytes] ########## --- --- --- --- --- --- Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 6.8.4 (05.29.2015:1) OS: Windows 7 Ultimate x64 Ran by Bene on 30.05.2015 at 13:11:11,26 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Tasks ~~~ Registry Values ~~~ Registry Keys ~~~ Files ~~~ Folders Successfully deleted: [Empty Folder] C:\Users\Bene\appdata\local\{36ECF4C7-FAAB-4E79-95B0-E2100E0CCA52} Successfully deleted: [Folder] C:\Users\Bene\appdata\local\crashrpt ~~~ FireFox Emptied folder: C:\Users\Bene\AppData\Roaming\mozilla\firefox\profiles\6l2jv7sk.default-1431878520975\minidumps [1 files] ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on 30.05.2015 at 13:13:21,58 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 29-05-2015 Ran by Bene (administrator) on BENE-PC on 30-05-2015 13:15:19 Running from C:\Users\Bene\Desktop\Neuer Ordner (2) Loaded Profiles: Bene (Available Profiles: Bene & Administrator) Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe (Piriform Ltd) C:\Program Files (x86)\CCleaner\CCleaner64.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [8306208 2009-10-21] (Realtek Semiconductor) HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1337000 2015-04-30] (Microsoft Corporation) HKLM-x32\...\Run: [JMB36X IDE Setup] => C:\Windows\RaidTool\xInsIDE.exe [36864 2007-03-20] () HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [106496 2009-09-25] (NEC Electronics Corporation) HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-02-02] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [ATICustomerCare] => C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe [307200 2009-06-14] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated) HKU\S-1-5-21-2058888408-2479665750-2358759828-1001\...\Run: [CCleaner Monitoring] => C:\Program Files (x86)\CCleaner\CCleaner64.exe [8204056 2015-04-23] (Piriform Ltd) ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No File ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No File ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No File ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => No File ShellIconOverlayIdentifiers: [GDriveSharedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => No File CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKU\S-1-5-21-2058888408-2479665750-2358759828-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome HKU\S-1-5-21-2058888408-2479665750-2358759828-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\S-1-5-21-2058888408-2479665750-2358759828-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-2058888408-2479665750-2358759828-1001 -> {09FC4750-61E6-4F45-9B4F-75C3678F7BB0} URL = hxxp://dict.leo.org/ende?lp=ende&lang=de&searchLoc=0&cmpType=relaxed§Hdr=on&spellToler=on&chinese=both&pinyin=diacritic&search={searchTerms}&relink=on SearchScopes: HKU\S-1-5-21-2058888408-2479665750-2358759828-1001 -> {E0C19C7C-D92A-403D-BE2B-E4A22BBF8E3B} URL = hxxp://rover.ebay.com/rover/1/707-37276-23097-0/4?satitle={searchTerms} BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.) BHO-x32: SMART Notebook Download Utility -> {67BCF957-85FC-4036-8DC4-D4D80E00A77B} -> C:\Program Files (x86)\SMART Technologies\Education Software\NotebookPlugin.dll [2013-08-22] (SMART Technologies ULC.) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-04-24] (Oracle Corporation) BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-04-24] (Oracle Corporation) DPF: HKLM-x32 {0D6709DD-4ED8-40CA-B459-2757AEEF7BEE} hxxp://download.gigabyte.com.tw/object/Dldrv.ocx Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - No File Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 FireFox: ======== FF ProfilePath: C:\Users\Bene\AppData\Roaming\Mozilla\Firefox\Profiles\6l2jv7sk.default-1431878520975 FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-04-16] () FF Plugin: @microsoft.com/GENUINE -> disabled No File FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-16] () FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1207148.dll [2013-12-05] (Adobe Systems, Inc.) FF Plugin-x32: @canon.com/MycameraPlugin -> C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll [2008-10-15] (CANON INC.) FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2014-01-06] (Google, Inc.) FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-04-24] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-04-24] (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation) FF Plugin-x32: @pages.tvunetworks.com/WebPlayer -> C:\Program Files (x86)\TVUPlayer\npTVUAx.dll No File FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.) FF Plugin-x32: @veetle.com/vbp;version=0.9.17 -> C:\Program Files (x86)\Veetle\VLCBroadcast\npvbp.dll No File FF Plugin-x32: @videolan.org/vlc,version=2.1.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2013-11-11] (VideoLAN) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-05-01] (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-2058888408-2479665750-2358759828-1001: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Bene\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [2014-07-24] (Skype Limited) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-05-01] (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2013-12-28] (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2013-12-28] (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2013-12-28] (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2013-12-28] (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2013-12-28] (Apple Inc.) FF Extension: Adblock Plus - C:\Users\Bene\AppData\Roaming\Mozilla\Firefox\Profiles\6l2jv7sk.default-1431878520975\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-05-17] FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0034-ABCDEFFEDCBA} [2015-05-18] FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2015-05-18] FF HKLM-x32\...\Firefox\Extensions: [{1E73965B-8B48-48be-9C8D-68B920ABC1C4}] - C:\Program Files (x86)\AVG\AVG2012\Firefox4 FF HKLM-x32\...\Firefox\Extensions: [{F53C93F1-07D5-430c-86D4-C9531B27DFAF}] - C:\Program Files (x86)\AVG\AVG2012\Firefox\DoNotTrack FF HKLM-x32\...\Thunderbird\Extensions: [avgthb@avg.com] - C:\Program Files (x86)\AVG\AVG2012\Thunderbird Chrome: ======= CHR HKLM-x32\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - No Path Or update_url value ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [5814392 2012-11-06] (AVG Technologies CZ, s.r.o.) S2 avgwd; C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [196664 2012-10-22] (AVG Technologies CZ, s.r.o.) S2 JMB36X; C:\Windows\SysWOW64\XSrvSetup.exe [65536 2009-08-06] () [File not signed] S2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2015-04-14] (Malwarebytes Corporation) S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation) R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2015-04-30] (Microsoft Corporation) R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [366544 2015-04-30] (Microsoft Corporation) S2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1229528 2013-12-06] (Secunia) S2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [662232 2013-12-06] (Secunia) S2 SMARTHelperService; C:\Program Files (x86)\SMART Technologies\Education Software\SMARTHelperService.exe [539952 2013-10-18] (SMART Technologies) S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed] S2 WDDMService; C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [288256 2010-09-08] (WDC) [File not signed] S2 WDFME; C:\Program Files (x86)\Western Digital\WD Smartware\Front Parlor\WDFME\WDFME.exe [1034752 2010-09-08] () [File not signed] S2 WDSC; C:\Program Files (x86)\Western Digital\WD Smartware\Front Parlor\WDSC.exe [485376 2010-09-08] () [File not signed] S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [314016 2010-12-04] () R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-10-12] (Disc Soft Ltd) R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43680 2010-12-04] () R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [136408 2015-05-30] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-04-14] (Malwarebytes Corporation) R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [280376 2015-03-04] (Microsoft Corporation) R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124568 2015-03-04] (Microsoft Corporation) R3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2013-12-06] (Secunia) R3 SMARTMouseFilterx64; C:\Windows\System32\DRIVERS\SMARTMouseFilterx64.sys [10240 2013-10-18] (SMART Technologies) R3 SMARTVHidMiniVistaAmd64; C:\Windows\System32\DRIVERS\SMARTVHidMiniVistaAmd64.sys [9216 2013-10-18] (SMART Technologies) S3 SMARTVTabletPCx64; C:\Windows\System32\DRIVERS\SMARTVTabletPCx64.sys [22184 2013-10-18] (SMART Technologies ULC) S4 sptd; C:\Windows\System32\Drivers\sptd.sys [564824 2013-04-17] (Duplex Secure Ltd.) S3 catchme; \??\C:\ComboFix\catchme.sys [X] S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X] S3 tsusbhub; system32\drivers\tsusbhub.sys [X] S3 VGPU; System32\drivers\rdvgkmd.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-05-30 13:13 - 2015-05-30 13:14 - 00000915 _____ () C:\Users\Bene\Desktop\JRT.txt 2015-05-30 13:11 - 2015-05-30 13:11 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-BENE-PC-Windows-7-Ultimate-(64-bit).dat 2015-05-30 13:11 - 2015-05-30 13:11 - 00000000 ____D () C:\RegBackup 2015-05-30 13:10 - 2015-05-30 13:10 - 00020973 _____ () C:\Users\Bene\Desktop\AdwCleaner[S1].txt 2015-05-30 12:51 - 2015-05-30 12:51 - 00003958 _____ () C:\Users\Bene\Desktop\mbam.txt 2015-05-30 10:21 - 2015-05-30 10:21 - 00000000 ____D () C:\Users\Bene\Desktop\j 2015-05-29 20:17 - 2015-05-29 20:17 - 00000000 ____D () C:\Users\Bene\Desktop\Bloodline.S01E08.WEBRip.x264-2HD 2015-05-29 15:54 - 2015-05-30 10:07 - 00000000 ____D () C:\ProgramData\Rosetta Stone 2015-05-29 15:51 - 2015-05-29 15:51 - 00000000 ____D () C:\ProgramData\QuickTime 2015-05-29 09:23 - 2015-05-29 09:23 - 00022802 _____ () C:\ComboFix.txt 2015-05-29 09:16 - 2015-05-29 09:16 - 00000546 _____ () C:\Windows\PFRO.log 2015-05-29 08:59 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe 2015-05-29 08:59 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe 2015-05-29 08:59 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe 2015-05-29 08:59 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe 2015-05-29 08:59 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe 2015-05-29 08:59 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe 2015-05-29 08:59 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe 2015-05-29 08:59 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe 2015-05-29 08:58 - 2015-05-29 09:23 - 00000000 ____D () C:\Qoobox 2015-05-29 08:57 - 2015-05-29 09:22 - 00000000 ____D () C:\Windows\erdnt 2015-05-28 13:57 - 2015-05-28 13:58 - 04898240 _____ () C:\Windows\system32\FNTCACHE.DAT 2015-05-28 13:56 - 2015-05-28 13:56 - 00003272 ____N () C:\bootsqm.dat 2015-05-28 13:50 - 2015-05-28 13:50 - 00000000 ____D () C:\found.000 2015-05-28 09:20 - 2015-05-30 13:09 - 00001400 _____ () C:\Windows\setupact.log 2015-05-28 09:20 - 2015-05-28 09:20 - 00000000 _____ () C:\Windows\setuperr.log 2015-05-28 08:58 - 2015-05-28 08:58 - 00082408 _____ () C:\Users\Bene\AppData\Local\GDIPFONTCACHEV1.DAT 2015-05-27 20:00 - 2015-05-27 20:00 - 00000000 __SHD () C:\Users\Bene\AppData\Local\EmieUserList 2015-05-27 20:00 - 2015-05-27 20:00 - 00000000 __SHD () C:\Users\Bene\AppData\Local\EmieSiteList 2015-05-27 20:00 - 2015-05-27 20:00 - 00000000 __SHD () C:\Users\Bene\AppData\Local\EmieBrowserModeList 2015-05-26 23:06 - 2015-05-27 19:11 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable) 2015-05-26 21:54 - 2015-05-26 21:54 - 00001268 _____ () C:\Users\Bene\Desktop\Revo Uninstaller.lnk 2015-05-26 21:54 - 2015-05-26 21:54 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group 2015-05-25 09:17 - 2015-05-30 12:00 - 00000892 _____ () C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job 2015-05-25 09:17 - 2015-05-25 09:17 - 00003882 _____ () C:\Windows\System32\Tasks\Adobe Flash Player PPAPI Notifier 2015-05-25 09:14 - 2015-05-25 09:27 - 00003850 _____ () C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1432538089 2015-05-25 09:14 - 2015-05-25 09:14 - 00001133 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera 29.lnk 2015-05-25 09:14 - 2015-05-25 09:14 - 00000000 ____D () C:\Users\Bene\AppData\Roaming\Opera Software 2015-05-25 09:14 - 2015-05-25 09:14 - 00000000 ____D () C:\Users\Bene\AppData\Local\Opera Software 2015-05-24 17:40 - 2015-05-30 13:15 - 00000000 ____D () C:\Users\Bene\Desktop\Neuer Ordner (2) 2015-05-23 09:35 - 2015-05-23 09:35 - 00000995 _____ () C:\Users\Administrator\Desktop\SopCast.lnk 2015-05-20 20:07 - 2015-05-21 15:20 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird 2015-05-19 20:34 - 2015-05-19 20:34 - 00000000 ____D () C:\7368bc0b271974332c0a6287 2015-05-18 17:01 - 2015-05-18 17:01 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2015-05-12 20:33 - 2015-05-01 15:17 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll 2015-05-12 20:33 - 2015-05-01 15:16 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll 2015-05-12 20:32 - 2015-05-05 03:29 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2015-05-12 20:32 - 2015-05-05 03:12 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2015-05-12 20:32 - 2015-04-22 04:28 - 00389840 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2015-05-12 20:32 - 2015-04-22 03:48 - 00342736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2015-05-12 20:32 - 2015-04-21 19:14 - 24971776 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2015-05-12 20:32 - 2015-04-21 19:08 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2015-05-12 20:32 - 2015-04-21 19:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2015-05-12 20:32 - 2015-04-21 18:51 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2015-05-12 20:32 - 2015-04-21 18:50 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2015-05-12 20:32 - 2015-04-21 18:50 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec 2015-05-12 20:32 - 2015-04-21 18:50 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2015-05-12 20:32 - 2015-04-21 18:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2015-05-12 20:32 - 2015-04-21 18:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2015-05-12 20:32 - 2015-04-21 18:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2015-05-12 20:32 - 2015-04-21 18:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2015-05-12 20:32 - 2015-04-21 18:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2015-05-12 20:32 - 2015-04-21 18:35 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2015-05-12 20:32 - 2015-04-21 18:35 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2015-05-12 20:32 - 2015-04-21 18:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2015-05-12 20:32 - 2015-04-21 18:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2015-05-12 20:32 - 2015-04-21 18:31 - 06025728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2015-05-12 20:32 - 2015-04-21 18:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2015-05-12 20:32 - 2015-04-21 18:25 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2015-05-12 20:32 - 2015-04-21 18:24 - 19691008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2015-05-12 20:32 - 2015-04-21 18:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2015-05-12 20:32 - 2015-04-21 18:14 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2015-05-12 20:32 - 2015-04-21 18:11 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2015-05-12 20:32 - 2015-04-21 18:11 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2015-05-12 20:32 - 2015-04-21 18:10 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2015-05-12 20:32 - 2015-04-21 18:09 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec 2015-05-12 20:32 - 2015-04-21 18:09 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2015-05-12 20:32 - 2015-04-21 18:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2015-05-12 20:32 - 2015-04-21 18:08 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2015-05-12 20:32 - 2015-04-21 18:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2015-05-12 20:32 - 2015-04-21 18:04 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2015-05-12 20:32 - 2015-04-21 18:03 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2015-05-12 20:32 - 2015-04-21 18:02 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2015-05-12 20:32 - 2015-04-21 18:00 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2015-05-12 20:32 - 2015-04-21 17:58 - 00664576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2015-05-12 20:32 - 2015-04-21 17:58 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2015-05-12 20:32 - 2015-04-21 17:57 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2015-05-12 20:32 - 2015-04-21 17:49 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2015-05-12 20:32 - 2015-04-21 17:49 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2015-05-12 20:32 - 2015-04-21 17:48 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2015-05-12 20:32 - 2015-04-21 17:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2015-05-12 20:32 - 2015-04-21 17:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2015-05-12 20:32 - 2015-04-21 17:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2015-05-12 20:32 - 2015-04-21 17:40 - 14401536 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2015-05-12 20:32 - 2015-04-21 17:39 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2015-05-12 20:32 - 2015-04-21 17:38 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2015-05-12 20:32 - 2015-04-21 17:36 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2015-05-12 20:32 - 2015-04-21 17:31 - 04305920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2015-05-12 20:32 - 2015-04-21 17:27 - 02352128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2015-05-12 20:32 - 2015-04-21 17:26 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2015-05-12 20:32 - 2015-04-21 17:25 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2015-05-12 20:32 - 2015-04-21 17:24 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2015-05-12 20:32 - 2015-04-21 17:17 - 12828672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2015-05-12 20:32 - 2015-04-21 17:15 - 01547264 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2015-05-12 20:32 - 2015-04-21 17:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2015-05-12 20:32 - 2015-04-21 17:02 - 01882112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2015-05-12 20:32 - 2015-04-21 16:58 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2015-05-12 20:32 - 2015-04-21 16:56 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2015-05-12 20:32 - 2015-04-18 05:10 - 00460800 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll 2015-05-12 20:32 - 2015-04-18 04:56 - 00342016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll 2015-05-12 20:32 - 2015-04-13 05:28 - 00328704 _____ (Microsoft Corporation) C:\Windows\system32\services.exe 2015-05-12 20:31 - 2015-04-27 21:28 - 05569984 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2015-05-12 20:31 - 2015-04-27 21:28 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys 2015-05-12 20:31 - 2015-04-27 21:28 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys 2015-05-12 20:31 - 2015-04-27 21:26 - 01728960 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll 2015-05-12 20:31 - 2015-04-27 21:23 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2015-05-12 20:31 - 2015-04-27 21:23 - 01254400 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll 2015-05-12 20:31 - 2015-04-27 21:23 - 01162752 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll 2015-05-12 20:31 - 2015-04-27 21:23 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll 2015-05-12 20:31 - 2015-04-27 21:23 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll 2015-05-12 20:31 - 2015-04-27 21:23 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2015-05-12 20:31 - 2015-04-27 21:23 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll 2015-05-12 20:31 - 2015-04-27 21:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll 2015-05-12 20:31 - 2015-04-27 21:23 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll 2015-05-12 20:31 - 2015-04-27 21:23 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll 2015-05-12 20:31 - 2015-04-27 21:23 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll 2015-05-12 20:31 - 2015-04-27 21:23 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll 2015-05-12 20:31 - 2015-04-27 21:23 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll 2015-05-12 20:31 - 2015-04-27 21:23 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll 2015-05-12 20:31 - 2015-04-27 21:23 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll 2015-05-12 20:31 - 2015-04-27 21:23 - 00113664 _____ (Microsoft Corporation) C:\Windows\system32\sechost.dll 2015-05-12 20:31 - 2015-04-27 21:23 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll 2015-05-12 20:31 - 2015-04-27 21:23 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll 2015-05-12 20:31 - 2015-04-27 21:23 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll 2015-05-12 20:31 - 2015-04-27 21:23 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll 2015-05-12 20:31 - 2015-04-27 21:23 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll 2015-05-12 20:31 - 2015-04-27 21:23 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll 2015-05-12 20:31 - 2015-04-27 21:23 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll 2015-05-12 20:31 - 2015-04-27 21:23 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll 2015-05-12 20:31 - 2015-04-27 21:22 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\tracerpt.exe 2015-05-12 20:31 - 2015-04-27 21:22 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe 2015-05-12 20:31 - 2015-04-27 21:22 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe 2015-05-12 20:31 - 2015-04-27 21:22 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe 2015-05-12 20:31 - 2015-04-27 21:22 - 00104448 _____ (Microsoft Corporation) C:\Windows\system32\logman.exe 2015-05-12 20:31 - 2015-04-27 21:22 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\typeperf.exe 2015-05-12 20:31 - 2015-04-27 21:22 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\relog.exe 2015-05-12 20:31 - 2015-04-27 21:22 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe 2015-05-12 20:31 - 2015-04-27 21:22 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\diskperf.exe 2015-05-12 20:31 - 2015-04-27 21:21 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe 2015-05-12 20:31 - 2015-04-27 21:18 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll 2015-05-12 20:31 - 2015-04-27 21:18 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll 2015-05-12 20:31 - 2015-04-27 21:16 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll 2015-05-12 20:31 - 2015-04-27 21:16 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll 2015-05-12 20:31 - 2015-04-27 21:16 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll 2015-05-12 20:31 - 2015-04-27 21:16 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll 2015-05-12 20:31 - 2015-04-27 21:16 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll 2015-05-12 20:31 - 2015-04-27 21:16 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll 2015-05-12 20:31 - 2015-04-27 21:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll 2015-05-12 20:31 - 2015-04-27 21:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll 2015-05-12 20:31 - 2015-04-27 21:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll 2015-05-12 20:31 - 2015-04-27 21:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll 2015-05-12 20:31 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll 2015-05-12 20:31 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll 2015-05-12 20:31 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll 2015-05-12 20:31 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll 2015-05-12 20:31 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll 2015-05-12 20:31 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll 2015-05-12 20:31 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll 2015-05-12 20:31 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll 2015-05-12 20:31 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll 2015-05-12 20:31 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll 2015-05-12 20:31 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll 2015-05-12 20:31 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll 2015-05-12 20:31 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll 2015-05-12 20:31 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll 2015-05-12 20:31 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll 2015-05-12 20:31 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll 2015-05-12 20:31 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll 2015-05-12 20:31 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll 2015-05-12 20:31 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll 2015-05-12 20:31 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll 2015-05-12 20:31 - 2015-04-27 21:11 - 03989440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe 2015-05-12 20:31 - 2015-04-27 21:11 - 03934144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe 2015-05-12 20:31 - 2015-04-27 21:08 - 01310744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll 2015-05-12 20:31 - 2015-04-27 21:05 - 00635392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll 2015-05-12 20:31 - 2015-04-27 21:05 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll 2015-05-12 20:31 - 2015-04-27 21:05 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll 2015-05-12 20:31 - 2015-04-27 21:05 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll 2015-05-12 20:31 - 2015-04-27 21:05 - 00092160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sechost.dll 2015-05-12 20:31 - 2015-04-27 21:05 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll 2015-05-12 20:31 - 2015-04-27 21:05 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll 2015-05-12 20:31 - 2015-04-27 21:05 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2015-05-12 20:31 - 2015-04-27 21:05 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll 2015-05-12 20:31 - 2015-04-27 21:04 - 00641536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll 2015-05-12 20:31 - 2015-04-27 21:04 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll 2015-05-12 20:31 - 2015-04-27 21:04 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tracerpt.exe 2015-05-12 20:31 - 2015-04-27 21:04 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\logman.exe 2015-05-12 20:31 - 2015-04-27 21:04 - 00040448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\typeperf.exe 2015-05-12 20:31 - 2015-04-27 21:04 - 00037888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\relog.exe 2015-05-12 20:31 - 2015-04-27 21:04 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe 2015-05-12 20:31 - 2015-04-27 21:04 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll 2015-05-12 20:31 - 2015-04-27 21:03 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll 2015-05-12 20:31 - 2015-04-27 21:03 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll 2015-05-12 20:31 - 2015-04-27 21:03 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll 2015-05-12 20:31 - 2015-04-27 21:03 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe 2015-05-12 20:31 - 2015-04-27 21:03 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\diskperf.exe 2015-05-12 20:31 - 2015-04-27 21:03 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll 2015-05-12 20:31 - 2015-04-27 21:01 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll 2015-05-12 20:31 - 2015-04-27 21:01 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll 2015-05-12 20:31 - 2015-04-27 20:59 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll 2015-05-12 20:31 - 2015-04-27 20:59 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll 2015-05-12 20:31 - 2015-04-27 20:59 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll 2015-05-12 20:31 - 2015-04-27 20:59 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll 2015-05-12 20:31 - 2015-04-27 20:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll 2015-05-12 20:31 - 2015-04-27 20:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll 2015-05-12 20:31 - 2015-04-27 20:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll 2015-05-12 20:31 - 2015-04-27 20:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll 2015-05-12 20:31 - 2015-04-27 20:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll 2015-05-12 20:31 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll 2015-05-12 20:31 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll 2015-05-12 20:31 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll 2015-05-12 20:31 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll 2015-05-12 20:31 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll 2015-05-12 20:31 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll 2015-05-12 20:31 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll 2015-05-12 20:31 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll 2015-05-12 20:31 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll 2015-05-12 20:31 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll 2015-05-12 20:31 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll 2015-05-12 20:31 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll 2015-05-12 20:31 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll 2015-05-12 20:31 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll 2015-05-12 20:31 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll 2015-05-12 20:31 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll 2015-05-12 20:31 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll 2015-05-12 20:31 - 2015-04-27 20:06 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll 2015-05-12 20:31 - 2015-04-27 19:57 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe 2015-05-12 20:31 - 2015-04-27 19:57 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe 2015-05-12 20:31 - 2015-04-27 19:55 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll 2015-05-12 20:31 - 2015-04-27 19:55 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll 2015-05-12 20:31 - 2015-04-27 19:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll 2015-05-12 20:31 - 2015-04-27 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll 2015-05-12 20:31 - 2015-04-20 05:17 - 01647104 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll 2015-05-12 20:31 - 2015-04-20 05:17 - 01179136 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll 2015-05-12 20:31 - 2015-04-20 04:56 - 01250816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll 2015-05-12 20:31 - 2015-04-20 04:11 - 03204608 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2015-05-12 20:30 - 2015-04-08 05:29 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll 2015-05-12 20:30 - 2015-04-08 05:29 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll 2015-05-12 20:30 - 2015-04-08 05:14 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll 2015-05-12 20:30 - 2015-03-04 06:41 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\apphelp.dll 2015-05-12 20:30 - 2015-03-04 06:41 - 00072192 _____ (Microsoft Corporation) C:\Windows\system32\aelupsvc.dll 2015-05-12 20:30 - 2015-03-04 06:41 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\sdbinst.exe 2015-05-12 20:30 - 2015-03-04 06:41 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\shimeng.dll 2015-05-12 20:30 - 2015-03-04 06:11 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shimeng.dll 2015-05-12 20:30 - 2015-03-04 06:10 - 00295936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apphelp.dll 2015-05-12 20:30 - 2015-03-04 06:10 - 00020992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sdbinst.exe 2015-05-12 20:30 - 2015-02-18 09:06 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe 2015-05-12 20:30 - 2015-02-18 09:04 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe 2015-05-12 20:30 - 2015-01-29 05:19 - 02543104 _____ (Microsoft Corporation) C:\Windows\system32\wpdshext.dll 2015-05-12 20:30 - 2015-01-29 05:02 - 02311168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wpdshext.dll ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-05-30 13:15 - 2015-02-28 12:53 - 00000000 ___DC () C:\FRST 2015-05-30 13:12 - 2010-04-15 21:01 - 01701437 _____ () C:\Windows\WindowsUpdate.log 2015-05-30 13:11 - 2009-07-14 06:45 - 00017168 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-05-30 13:11 - 2009-07-14 06:45 - 00017168 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-05-30 13:09 - 2015-02-28 13:32 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-05-30 13:09 - 2010-04-21 17:31 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-05-30 13:09 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2015-05-30 13:07 - 2014-08-06 12:21 - 00000000 ____D () C:\AdwCleaner 2015-05-30 12:56 - 2010-04-21 17:31 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-05-30 12:40 - 2012-07-25 17:06 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-05-30 10:26 - 2009-07-14 19:58 - 28875626 _____ () C:\Windows\system32\perfh007.dat 2015-05-30 10:26 - 2009-07-14 19:58 - 09068562 _____ () C:\Windows\system32\perfc007.dat 2015-05-30 10:26 - 2009-07-14 07:13 - 00006308 _____ () C:\Windows\system32\PerfStringBackup.INI 2015-05-30 10:23 - 2015-02-28 13:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2015-05-30 10:23 - 2015-02-28 13:32 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2015-05-30 10:22 - 2012-01-07 18:27 - 00001134 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2058888408-2479665750-2358759828-1001UA.job 2015-05-30 10:22 - 2012-01-07 18:27 - 00001112 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2058888408-2479665750-2358759828-1001Core.job 2015-05-30 10:20 - 2010-04-15 21:12 - 00000000 ____D () C:\Users\Bene 2015-05-29 20:04 - 2010-04-15 22:27 - 00000000 ____D () C:\Users\Bene\AppData\Roaming\uTorrent 2015-05-29 19:58 - 2011-11-12 15:33 - 00000000 ____D () C:\Users\Bene\AppData\Roaming\vlc 2015-05-29 15:31 - 2010-04-15 22:19 - 00000000 ____D () C:\Users\Bene\AppData\Roaming\DAEMON Tools Lite 2015-05-29 09:23 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Default 2015-05-29 09:17 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini 2015-05-29 09:16 - 2009-07-14 04:34 - 78643200 _____ () C:\Windows\system32\config\software.bak 2015-05-29 09:16 - 2009-07-14 04:34 - 27525120 _____ () C:\Windows\system32\config\system.bak 2015-05-29 09:16 - 2009-07-14 04:34 - 00786432 _____ () C:\Windows\system32\config\default.bak 2015-05-29 09:16 - 2009-07-14 04:34 - 00262144 _____ () C:\Windows\system32\config\security.bak 2015-05-29 09:16 - 2009-07-14 04:34 - 00061440 _____ () C:\Windows\system32\config\sam.bak 2015-05-29 09:15 - 2009-07-14 04:34 - 39583744 _____ () C:\Windows\system32\config\components.bak 2015-05-27 20:01 - 2013-03-20 22:32 - 00000000 ____D () C:\Program Files (x86)\Digiarty 2015-05-27 20:01 - 2010-12-01 18:39 - 00000000 ____D () C:\Program Files (x86)\DVDVideoSoft 2015-05-27 19:56 - 2013-12-19 13:49 - 00000000 ____D () C:\Users\Bene\AppData\Roaming\JAM Software 2015-05-27 19:54 - 2012-05-30 15:10 - 00000000 ____D () C:\Users\Bene\AppData\Roaming\streamripper 2015-05-27 19:53 - 2010-07-28 10:25 - 00000000 ____D () C:\ProgramData\Blizzard Entertainment 2015-05-27 19:48 - 2011-11-16 20:24 - 00000000 ____D () C:\Program Files (x86)\IDM 2015-05-27 19:48 - 2010-04-15 21:20 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information 2015-05-27 19:45 - 2010-11-29 17:39 - 00000000 ____D () C:\Program Files (x86)\Diesterweg 2015-05-27 19:44 - 2012-09-04 09:30 - 00000000 ____D () C:\Program Files (x86)\Klett 2015-05-27 19:44 - 2010-11-29 17:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lehrer-Software 2015-05-27 19:36 - 2013-09-26 19:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AbiWord Word Processor 2015-05-27 17:09 - 2010-02-25 22:41 - 00000000 ____D () C:\Users\Bene\Documents\Verschiedenes 2015-05-25 16:15 - 2010-05-18 13:09 - 00000432 _____ () C:\Windows\BRWMARK.INI 2015-05-25 12:27 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF 2015-05-25 09:27 - 2010-04-15 21:44 - 00000000 ____D () C:\Program Files (x86)\Opera 2015-05-25 09:20 - 2012-07-25 17:06 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2015-05-25 09:17 - 2012-07-25 17:06 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2015-05-25 09:17 - 2011-05-25 07:21 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2015-05-25 09:16 - 2010-04-17 13:45 - 00000000 ____D () C:\Users\Bene\AppData\Local\Adobe 2015-05-24 09:41 - 2009-07-14 07:08 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2015-05-23 10:11 - 2012-04-30 10:11 - 00000000 ____D () C:\Users\Bene\Documents\Körperstolz 2015-05-23 10:08 - 2010-04-15 21:42 - 00000000 ____D () C:\Program Files (x86)\CCleaner 2015-05-21 18:18 - 2012-05-03 21:47 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2015-05-20 08:16 - 2015-04-05 21:28 - 00000000 ___SD () C:\Windows\SysWOW64\GWX 2015-05-20 08:16 - 2015-04-05 21:28 - 00000000 ___SD () C:\Windows\system32\GWX 2015-05-19 19:41 - 2012-09-16 14:26 - 00000000 ____D () C:\ProgramData\LAT 2.0 Deutsch 2015-05-17 09:51 - 2010-04-21 17:31 - 00004106 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2015-05-17 09:51 - 2010-04-21 17:31 - 00003854 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2015-05-16 17:40 - 2014-10-19 12:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2015-05-16 16:15 - 2013-01-02 20:29 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk 2015-05-12 21:47 - 2009-07-14 20:18 - 00000000 ____D () C:\Program Files\Windows Journal 2015-05-12 21:47 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\AdvancedInstallers 2015-05-12 20:44 - 2011-01-25 21:06 - 00001912 _____ () C:\Windows\epplauncher.mif 2015-05-12 20:44 - 2010-04-15 22:16 - 00002117 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk 2015-05-12 20:43 - 2011-01-25 21:06 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client 2015-05-12 20:43 - 2011-01-25 21:05 - 00000000 ____D () C:\Program Files\Microsoft Security Client 2015-05-12 20:42 - 2013-07-23 09:36 - 00000000 ____D () C:\Windows\system32\MRT 2015-05-12 20:36 - 2010-04-17 09:08 - 140425016 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2015-05-12 15:12 - 2012-05-20 00:46 - 00000000 ____D () C:\Users\Bene\Documents\Deutsche Kreditbank DKB ==================== Files in the root of some directories ======= 2010-03-25 18:42 - 2010-03-25 18:42 - 0388096 _____ (Trend Micro Inc.) C:\Program Files (x86)\HiJackThis.exe 2011-12-17 13:34 - 2011-12-17 13:34 - 0000288 _____ () C:\Users\Bene\AppData\Roaming\.backup.dm 2013-08-10 13:14 - 2013-08-10 13:14 - 0000132 _____ () C:\Users\Bene\AppData\Roaming\Adobe BMP Format CS5 Prefs 2011-09-24 22:29 - 2011-09-24 22:29 - 0001456 _____ () C:\Users\Bene\AppData\Local\Adobe Save for Web 12.0 Prefs 2011-06-28 20:27 - 2012-06-30 20:36 - 0019968 _____ () C:\Users\Bene\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2011-01-03 12:13 - 2011-08-06 13:46 - 0007631 _____ () C:\Users\Bene\AppData\Local\Resmon.ResmonCfg 2010-04-17 11:47 - 2010-04-17 11:47 - 0000056 ____H () C:\ProgramData\ezsidmv.dat Some files in TEMP: ==================== C:\Users\Bene\AppData\Local\Temp\Quarantine.exe C:\Users\Bene\AppData\Local\Temp\sqlite3.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-05-25 11:41 ==================== End of log ============================ |
30.05.2015, 12:30 | #9 |
| PC stürzt regemäßig abCode:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 29-05-2015 Ran by Bene at 2015-05-30 13:16:19 Running from C:\Users\Bene\Desktop\Neuer Ordner (2) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-2058888408-2479665750-2358759828-500 - Administrator - Enabled) => C:\Users\Administrator Bene (S-1-5-21-2058888408-2479665750-2358759828-1001 - Administrator - Enabled) => C:\Users\Bene Gast (S-1-5-21-2058888408-2479665750-2358759828-501 - Limited - Enabled) HomeGroupUser$ (S-1-5-21-2058888408-2479665750-2358759828-1014 - Limited - Enabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A} AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7} AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) µTorrent (HKLM-x32\...\uTorrent) (Version: 2.2.1 - ) Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 4.0.0.1390 - Adobe Systems Incorporated) Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.0.0.400 - Adobe Systems Incorporated) Adobe Flash Player 17 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 17.0.0.169 - Adobe Systems Incorporated) Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.169 - Adobe Systems Incorporated) Adobe Flash Player 17 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 17.0.0.188 - Adobe Systems Incorporated) Adobe Media Player (HKLM-x32\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.8 - Adobe Systems Incorporated) Adobe Photoshop CS5 (HKLM-x32\...\{15FEDA5F-141C-4127-8D7E-B962D1742728}) (Version: 12.0 - Adobe Systems Incorporated) Adobe Reader XI (11.0.11) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.11 - Adobe Systems Incorporated) Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.7.148 - Adobe Systems, Inc.) Allway Sync version 10.5.8 (HKLM-x32\...\Allway Sync_is1) (Version: - Botkind Inc) Apple Mobile Device Support (HKLM\...\{6A76BEAF-6D1F-4273-A79B-DA8410A2E56B}) (Version: 5.2.0.6 - Apple Inc.) ATI AVIVO64 Codecs (Version: 10.10.0.40918 - ATI Technologies Inc.) Hidden ATI Catalyst Install Manager (HKLM\...\{857A474F-2485-BC1B-168C-BD396012C30E}) (Version: 3.0.762.0 - ATI Technologies, Inc.) ATI Catalyst Registration (x32 Version: 2.01.0000 - ATI Technologies Inc.) Hidden AVG 2012 (Version: 12.0.1913 - AVG Technologies) Hidden AVG 2012 (Version: 12.0.2178 - AVG Technologies) Hidden AVG 2012 (Version: 12.0.2180 - AVG Technologies) Hidden AVG 2012 (Version: 12.0.2193 - AVG Technologies) Hidden AVG 2012 (Version: 12.0.2195 - AVG Technologies) Hidden AVG 2012 (Version: 12.0.2197 - AVG Technologies) Hidden AVG 2012 (Version: 12.0.2221 - AVG Technologies) Hidden AVG 2013 (HKLM\...\AVG) (Version: 2013.0.2805 - AVG Technologies) AVG 2013 (Version: 13.0.2742 - AVG Technologies) Hidden AVG 2013 (Version: 13.0.2793 - AVG Technologies) Hidden calibre (HKLM-x32\...\{62B6B7C3-E75B-49E6-A351-6CDD99C39A61}) (Version: 0.9.19 - Kovid Goyal) CANON iMAGE GATEWAY MyCamera Download Plugin (HKLM-x32\...\MyCamera Download Plugin) (Version: 3.1.1.2 - Canon Inc.) CANON iMAGE GATEWAY Task for ZoomBrowser EX (HKLM-x32\...\CANON iMAGE GATEWAY Task) (Version: 1.9.0.9 - Canon Inc.) Canon MOV Decoder (HKLM-x32\...\Canon MOV Decoder) (Version: 1.8.0.7 - Canon Inc.) Canon MOV Encoder (HKLM-x32\...\Canon MOV Encoder) (Version: 1.6.0.1 - Canon Inc.) Canon MovieEdit Task for ZoomBrowser EX (HKLM-x32\...\MovieEditTask) (Version: 3.7.0.4 - Canon Inc.) Canon Utilities Digital Photo Professional 3.10 (HKLM-x32\...\DPP) (Version: 3.10.2.0 - Canon Inc.) Canon Utilities EOS Utility (HKLM-x32\...\EOS Utility) (Version: 2.10.2.0 - Canon Inc.) Canon Utilities EOS Video Snapshot Task for ZoomBrowser EX (HKLM-x32\...\EOS Video Snapshot Task) (Version: 1.0.0.10 - Canon Inc.) Canon Utilities PhotoStitch (HKLM-x32\...\PhotoStitch) (Version: 3.1.22.46 - Canon Inc.) Canon Utilities Picture Style Editor (HKLM-x32\...\Picture Style Editor) (Version: 1.9.0.0 - Canon Inc.) Canon Utilities ZoomBrowser EX (HKLM-x32\...\ZoomBrowser EX) (Version: 6.7.0.24 - Canon Inc.) Canon ZoomBrowser EX Memory Card Utility (HKLM-x32\...\ZoomBrowser EX Memory Card Utility) (Version: 1.5.0.9 - Canon Inc.) ccc-core-static (x32 Version: 2010.0202.2335.42270 - Ihr Firmenname) Hidden CCleaner (HKLM\...\CCleaner) (Version: 5.05 - Piriform) CDex - Open Source Digital Audio CD Extractor (HKLM-x32\...\CDex) (Version: 1.70.4.2009 - Georgy Berdyshev) D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.49.1.0356 - Disc Soft Ltd) Defraggler (HKLM\...\Defraggler) (Version: 2.19 - Piriform) ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - ) Facebook Video Calling 3.1.0.521 (HKLM-x32\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited) Gigabyte Raid Cinfigurer (HKLM-x32\...\{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}) (Version: 1.00.0001 - GIGABYTE Technologies, Inc.) Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden Google+ Auto Backup (HKLM-x32\...\{A50DE037-B5C0-4C8A-8049-B0C576B313D1}) (Version: 1.0.21.81 - Google) Google+ Auto Backup (HKLM-x32\...\{D1D4D7EA-62B8-4665-9FF7-02A91B925CC9}) (Version: 1.0.18.74 - Google) GooReader (HKLM-x32\...\{FF357FB1-41AA-4C8A-BAC3-0B309E9798D2}) (Version: 2.0 - GooReader) HydraVision (x32 Version: 4.2.114.0 - ATI Technologies Inc.) Hidden Java 8 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation) Malwarebytes Anti-Malware Version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation) Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation) Microsoft Office Word Viewer 2003 (HKLM-x32\...\{90850407-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation) Microsoft Office Word Viewer 2003 (HKLM-x32\...\{90850409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation) Microsoft PowerPoint Viewer (HKLM-x32\...\{95140000-00AF-0407-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation) Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.8.204.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation) Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation) Mozilla Firefox 38.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 38.0.1 (x86 de)) (Version: 38.0.1 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla) Mozilla Thunderbird 31.7.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 31.7.0 (x86 de)) (Version: 31.7.0 - Mozilla) MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation) MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation) MyScript HWR (German) (HKLM-x32\...\{415CD877-0970-4CB6-B178-1E72F7DC60E7}) (Version: 4.4.5.1 - SMART Technologies ULC) NEC Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{D7BF9739-8A68-4335-BBEE-37752AD9E86B}) (Version: 1.0.14.0 - NEC Electronics Corporation) NEC Electronics USB 3.0 Host Controller Driver (x32 Version: 1.0.14.0 - NEC Electronics Corporation) Hidden NVIDIA PhysX (HKLM-x32\...\{5DB65884-C963-4454-AABA-4CA3089281FA}) (Version: 9.09.0720 - NVIDIA Corporation) OpenOffice 4.1.1 (HKLM-x32\...\{ACD0FFF9-6B35-43C1-82DB-9FF6990E8602}) (Version: 4.11.9775 - Apache Software Foundation) Opera 12.15 (HKLM-x32\...\Opera 12.15.1748) (Version: 12.15.1748 - Opera Software ASA) Opera Stable 29.0.1795.60 (HKLM-x32\...\Opera 29.0.1795.60) (Version: 29.0.1795.60 - Opera Software ASA) PDF Settings CS5 (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.2.1 - Frank Heindörfer, Philip Chinery) PDFZilla V1.2.11 (HKLM-x32\...\PDFZilla_is1) (Version: - PDFZilla, Inc.) Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.) QuickTime (HKLM-x32\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.) Realtek Ethernet Controller Driver For Windows Vista and Later (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0009 - Realtek) Realtek HDMI Audio Driver for ATI (HKLM-x32\...\{5449FB4F-1802-4D5B-A6D8-087DB1142147}) (Version: 6.0.1.5897 - Realtek Semiconductor Corp.) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5964 - Realtek Semiconductor Corp.) Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group) Secunia PSI (3.0.0.9016) (HKLM-x32\...\Secunia PSI) (Version: 3.0.0.9016 - Secunia) SES Driver (HKLM\...\{D8CC254C-C671-4664-9A38-FA368D1E2C97}) (Version: 1.0.0 - Western Digital) SMART Common Files (HKLM-x32\...\{BBA07B40-F7C6-44F7-BF08-767F8835685F}) (Version: 11.4.194.0 - SMART Technologies ULC) SMART German Language Pack (HKLM-x32\...\{603E8F13-20D9-4367-81F2-CF6E22D05DA9}) (Version: 11.3.29.0 - SMART Technologies ULC) SMART Ink (HKLM-x32\...\{5ABC49B5-D0DC-428D-A082-4AEFF6490F04}) (Version: 2.0.723.0 - SMART Technologies ULC) SMART Notebook (HKLM-x32\...\{E57F6C8B-E159-477E-93BF-764759747BC4}) (Version: 11.3.857.0 - SMART Technologies ULC) SMART Product Update (HKLM-x32\...\{8D4B716A-0ABE-4238-9090-D208E5F57A5E}) (Version: 5.0.108.0 - SMART Technologies ULC) SMART Produkttreiber (HKLM-x32\...\{589B09F5-0768-4BE9-B8C0-DD253E6B3643}) (Version: 11.3.550.0 - SMART Technologies ULC) Spotify (HKU\S-1-5-21-2058888408-2479665750-2358759828-1001\...\Spotify) (Version: 1.0.3.101.gbfa97dfe - Spotify AB) swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden The Lord of the Rings FREE Trial (x32 Version: 1.00.0000 - ATI Technologies Inc.) Hidden TrueCrypt (HKLM-x32\...\TrueCrypt) (Version: 7.1a - TrueCrypt Foundation) Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies) VLC media player 2.1.1 (HKLM-x32\...\VLC media player) (Version: 2.1.1 - VideoLAN) Warcraft III (HKLM-x32\...\Warcraft III) (Version: - ) WD SmartWare (HKLM\...\{6F482C75-174D-42EB-A2CF-B00A1F354F7B}) (Version: 1.4.1.1 - Western Digital) Windows Driver Package - Western Digital Technologies (WDC_SAM) WDC_SAM (03/06/2009 1.0.0008.0) (HKLM\...\422991454CB076E9B856C21BBF99AF2B82317EDA) (Version: 03/06/2009 1.0.0008.0 - Western Digital Technologies) Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation) Windows Live Mesh ActiveX control for remote connections (HKLM-x32\...\{C5398A89-516C-4DAF-BA07-EE7949090E56}) (Version: 15.4.5722.2 - Microsoft Corporation) WinRAR 4.01 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 4.01.0 - win.rar GmbH) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== Restore Points ========================= 27-05-2015 19:54:23 Revo Uninstaller's restore point - Tesseract-OCR - open source OCR engine 27-05-2015 19:55:11 Revo Uninstaller's restore point - Visual Studio 2008 x64 Redistributables 27-05-2015 19:55:44 Revo Uninstaller's restore point - SpeedFan (remove only) 27-05-2015 19:56:27 Revo Uninstaller's restore point - TreeSize Free V3.3.2 27-05-2015 19:57:11 Revo Uninstaller's restore point - TVUPlayer 2.5.3.1 27-05-2015 19:58:01 Revo Uninstaller's restore point - Veetle TV 27-05-2015 19:58:45 Revo Uninstaller's restore point - Winamp 27-05-2015 19:59:57 Revo Uninstaller's restore point - WinPcap 4.1.1 27-05-2015 20:00:33 Revo Uninstaller's restore point - WinX Free AVI to MP4 Converter 4.0.6 27-05-2015 20:01:28 Revo Uninstaller's restore point - Free YouTube Download 2.9 27-05-2015 20:02:26 Revo Uninstaller's restore point - ConvertHelper 2.2 29-05-2015 08:59:28 ComboFix created restore point 29-05-2015 15:44:53 Revo Uninstaller's restore point - The Rosetta Stone 29-05-2015 15:54:43 Installed Rosetta Stone Version 3 30-05-2015 10:05:26 Revo Uninstaller's restore point - Rosetta Stone Version 3 30-05-2015 10:06:24 Removed Rosetta Stone Version 3 ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-14 04:34 - 2015-05-29 09:17 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 localhost ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {01FB23D4-0705-4D28-BEC8-4C0FC0FDFEEB} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-2058888408-2479665750-2358759828-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe Task: {113A608B-2F17-4125-9B88-991F7DED31F2} - System32\Tasks\{8B1D292D-2914-4AA3-BCBC-9FE908B6FA97} => pcalua.exe -a "C:\Program Files (x86)\StreamTorrent 1.0\uninstall.exe" Task: {13A015D2-E736-47CF-98C2-29E3B290DBA2} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-05-07] (Microsoft Corporation) Task: {29BB99AA-BFDF-4F7F-B675-A1E89142B939} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-05-25] (Adobe Systems Incorporated) Task: {39AE87D7-3AE6-4311-89CA-85E8CDAF1831} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2058888408-2479665750-2358759828-1001Core => C:\Users\Bene\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-25] (Facebook Inc.) Task: {46ED0861-2531-458B-8BE3-F19272A99F94} - System32\Tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A} => C:\Windows\Szucia.exe Task: {517E3F93-F287-4CFA-B353-75843DBF4365} - System32\Tasks\CCleanerSkipUAC => C:\Program Files (x86)\CCleaner\CCleaner.exe [2015-04-23] (Piriform Ltd) Task: {5951FCD3-A3A7-40ED-A42F-25256B80229D} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated) Task: {5D1CAB1C-92A4-4A7E-9F61-9D7A583CE8DE} - System32\Tasks\Microsoft\Windows\Windows Activation Technologies\ValidationTask => C:\Windows\system32\Wat\WatAdminSvc.exe [2012-03-10] (Microsoft Corporation) Task: {60F5DBFC-77F6-4A86-A579-86FAFF72FEB9} - System32\Tasks\Bene NBAgent 15 0 => C:\Program Files (x86)\Nero\Nero 2014\Nero BackItUp\NBAgent.exe Task: {6AF0D6C0-DEDB-40C3-B2A4-790D8227F473} - System32\Tasks\{A09F4D61-F3DA-4CAE-9D42-1A230292C43C} => pcalua.exe -a C:\Users\Bene\Desktop\template_italien.exe -d C:\Users\Bene\Desktop Task: {8BD55A68-0FF4-4417-8ACF-A0B6B81C65BA} - System32\Tasks\{B7E44C94-1876-437B-8A2E-E746911C8E79} => pcalua.exe -a D:\Downloads\irfanview_plugins_430_setup.exe -d D:\Downloads Task: {99C9EB3C-D579-4ACA-9F3B-0AC31A7B411D} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2058888408-2479665750-2358759828-1001UA => C:\Users\Bene\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-25] (Facebook Inc.) Task: {9A06DA48-887A-4EA4-9939-DE2421B9F645} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_17_0_0_188_pepper.exe [2015-05-25] (Adobe Systems Incorporated) Task: {A4DEBC80-80B3-4C62-8C3F-F5EDB03A4F7A} - System32\Tasks\Opera scheduled Autoupdate 1432538089 => C:\Program Files (x86)\Opera\launcher.exe [2015-05-18] (Opera Software) Task: {B2813C45-2182-438B-8847-21F07446211D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-19] (Google Inc.) Task: {B55F1077-438F-47DB-A40F-C21738F2869D} - System32\Tasks\{FF9EE5E2-1D95-4F78-9EC0-2DFECC036871} => pcalua.exe -a F:\setup.exe -d F:\ Task: {C0FF2D93-882C-4367-AD2D-16D741A30142} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-05-07] (Microsoft Corporation) Task: {CD0E08A7-1647-4472-8F08-6F3D33AE7C78} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-2058888408-2479665750-2358759828-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe Task: {DA3545A3-021B-4E04-9C48-B38C72F60F2E} - System32\Tasks\{0A436A0A-962C-461C-8033-6CF892A2762D} => Firefox.exe hxxp://ui.skype.com/ui/0/6.11.0.102/de/abandoninstall?source=lightinstaller&page=tsBing Task: {F5E9D5F9-50C0-44C5-9B12-8284F8CF8D7B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-19] (Google Inc.) Task: C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_17_0_0_188_pepper.exe Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2058888408-2479665750-2358759828-1001Core.job => C:\Users\Bene\AppData\Local\Facebook\Update\FacebookUpdate.exe Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2058888408-2479665750-2358759828-1001UA.job => C:\Users\Bene\AppData\Local\Facebook\Update\FacebookUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (Whitelisted) ============== 2015-04-08 21:53 - 2015-04-08 21:53 - 00057344 _____ () C:\Program Files (x86)\CCleaner\lang\lang-1031.dll 2011-05-22 12:14 - 2005-03-12 01:07 - 00087040 _____ () C:\Windows\System32\pdfcmnnt.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) AlternateDataStreams: C:\ProgramData\TEMP:5C321E34 ==================== Safe Mode (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) IE restricted site: HKU\S-1-5-21-2058888408-2479665750-2358759828-1001\...\008i.com -> 008i.com IE restricted site: HKU\S-1-5-21-2058888408-2479665750-2358759828-1001\...\008k.com -> 008k.com IE restricted site: HKU\S-1-5-21-2058888408-2479665750-2358759828-1001\...\00hq.com -> 00hq.com IE restricted site: HKU\S-1-5-21-2058888408-2479665750-2358759828-1001\...\0190-dialers.com -> 0190-dialers.com IE restricted site: HKU\S-1-5-21-2058888408-2479665750-2358759828-1001\...\01i.info -> 01i.info IE restricted site: HKU\S-1-5-21-2058888408-2479665750-2358759828-1001\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com IE restricted site: HKU\S-1-5-21-2058888408-2479665750-2358759828-1001\...\05p.com -> 05p.com IE restricted site: HKU\S-1-5-21-2058888408-2479665750-2358759828-1001\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com IE restricted site: HKU\S-1-5-21-2058888408-2479665750-2358759828-1001\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com IE restricted site: HKU\S-1-5-21-2058888408-2479665750-2358759828-1001\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com IE restricted site: HKU\S-1-5-21-2058888408-2479665750-2358759828-1001\...\0calories.net -> 0calories.net IE restricted site: HKU\S-1-5-21-2058888408-2479665750-2358759828-1001\...\0cj.net -> 0cj.net IE restricted site: HKU\S-1-5-21-2058888408-2479665750-2358759828-1001\...\0scan.com -> 0scan.com IE restricted site: HKU\S-1-5-21-2058888408-2479665750-2358759828-1001\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com IE restricted site: HKU\S-1-5-21-2058888408-2479665750-2358759828-1001\...\1-domains-registrations.com -> 1-domains-registrations.com IE restricted site: HKU\S-1-5-21-2058888408-2479665750-2358759828-1001\...\1-se.com -> 1-se.com IE restricted site: HKU\S-1-5-21-2058888408-2479665750-2358759828-1001\...\1001movie.com -> 1001movie.com IE restricted site: HKU\S-1-5-21-2058888408-2479665750-2358759828-1001\...\1001night.biz -> 1001night.biz IE restricted site: HKU\S-1-5-21-2058888408-2479665750-2358759828-1001\...\100gal.net -> 100gal.net IE restricted site: HKU\S-1-5-21-2058888408-2479665750-2358759828-1001\...\100sexlinks.com -> 100sexlinks.com There are 5773 more restricted sites. ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-2058888408-2479665750-2358759828-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Bene\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg DNS Servers: 192.168.2.1 ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Secunia PSI Tray.lnk => C:\Windows\pss\Secunia PSI Tray.lnk.CommonStartup MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WDDMStatus.lnk => C:\Windows\pss\WDDMStatus.lnk.CommonStartup MSCONFIG\startupfolder: C:^Users^Bene^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\Windows\pss\Dropbox.lnk.Startup MSCONFIG\startupfolder: C:^Users^Bene^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^EvernoteClipper.lnk => C:\Windows\pss\EvernoteClipper.lnk.Startup MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" MSCONFIG\startupreg: AdobeCS4ServiceManager => "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin MSCONFIG\startupreg: AdobeCS5ServiceManager => "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin MSCONFIG\startupreg: Akamai NetSession Interface => "C:\Users\Bene\AppData\Local\Akamai\netsession_win.exe" MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" MSCONFIG\startupreg: AVG_UI => "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY MSCONFIG\startupreg: BlueStacks Agent => C:\Program Files (x86)\BlueStacks\HD-Agent.exe MSCONFIG\startupreg: DAEMON Tools Lite => "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun MSCONFIG\startupreg: Facebook Update => "C:\Users\Bene\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver MSCONFIG\startupreg: GoogleDriveSync => "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart MSCONFIG\startupreg: KiesAirMessage => C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup MSCONFIG\startupreg: KiesPreload => C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload MSCONFIG\startupreg: KiesTrayAgent => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe MSCONFIG\startupreg: lollipop => "c:\users\bene\appdata\local\lollipop\lollipop.exe" lollipop MSCONFIG\startupreg: PC Speed Maximizer => C:\Program Files (x86)\PC Speed Maximizer\SPMLauncher.exe MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime MSCONFIG\startupreg: sbsdk-server => "C:\Program Files (x86)\SMART Technologies\Education Software\sbsdk-server\NodeLauncher.exe" MSCONFIG\startupreg: SMART Board Service => "C:\Program Files (x86)\SMART Technologies\Education Software\SMARTBoardService.exe" -d MSCONFIG\startupreg: SMART Board Tools => "C:\Program Files (x86)\SMART Technologies\Education Software\SMARTBoardTools.exe" MSCONFIG\startupreg: SMART Floating Tools => "C:\Program Files (x86)\SMART Technologies\Education Software\FloatingTools.exe" MSCONFIG\startupreg: SMART Ink => "C:\Program Files (x86)\SMART Technologies\Education Software\SMARTInk.exe" -a MSCONFIG\startupreg: SMART SNMP Agent => C:\Program Files (x86)\SMART Technologies\SMART Product Drivers\SMARTSNMPAgent.exe -e MSCONFIG\startupreg: SMART Tray Tools => "C:\Program Files (x86)\SMART Technologies\Education Software\SMARTTrayIcon.exe" MSCONFIG\startupreg: SMARTNotification => "C:\Program Files (x86)\SMART Technologies\Education Software\SMARTNotification.exe" MSCONFIG\startupreg: Spotify => "C:\Users\Bene\AppData\Roaming\Spotify\Spotify.exe" -autostart -minimized MSCONFIG\startupreg: Spotify Web Helper => "C:\Users\Bene\AppData\Roaming\Spotify\SpotifyWebHelper.exe" MSCONFIG\startupreg: Steam => "C:\Program Files (x86)\Steam\Steam.exe" -silent MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" MSCONFIG\startupreg: SweetIM => C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe MSCONFIG\startupreg: SwitchBoard => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe MSCONFIG\startupreg: TkBellExe => "C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot MSCONFIG\startupreg: VDownloader => "C:\Program Files\VDownloader\VDownloader.exe" /silent ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [TCP Query User{D843B4D3-5F51-4723-A7C7-E5E2E994191E}C:\program files (x86)\opera\opera.exe] => (Allow) C:\program files (x86)\opera\opera.exe FirewallRules: [UDP Query User{01D36DD1-840C-4670-9D93-14408D1CC43C}C:\program files (x86)\opera\opera.exe] => (Allow) C:\program files (x86)\opera\opera.exe FirewallRules: [{2FEFC434-44D6-48BA-B664-A4459CC4D6CC}] => (Allow) C:\Program Files (x86)\uTorrent\uTorrent.exe FirewallRules: [{29A76C6C-F87D-4498-8707-C4780CF004A7}] => (Allow) C:\Program Files (x86)\uTorrent\uTorrent.exe FirewallRules: [TCP Query User{1BE2B5C4-B2C3-4C52-A81C-A8AF13244F35}C:\program files (x86)\warcraft iii\war3.exe] => (Allow) C:\program files (x86)\warcraft iii\war3.exe FirewallRules: [UDP Query User{14EA8528-3238-4C41-8C52-2284D5F98A5D}C:\program files (x86)\warcraft iii\war3.exe] => (Allow) C:\program files (x86)\warcraft iii\war3.exe FirewallRules: [{2D64331F-6D0F-4841-8584-E081E9E8D5AF}] => (Block) C:\program files (x86)\warcraft iii\war3.exe FirewallRules: [{63A31D00-D2F6-4B94-80DD-99B57FC208CB}] => (Block) C:\program files (x86)\warcraft iii\war3.exe FirewallRules: [{8C029300-CE15-4036-8EE6-81E0AF9975E4}] => (Allow) C:\Program Files (x86)\Opera\opera.exe FirewallRules: [{3817DCE6-EC3D-4AA6-B717-2769E87AF47D}] => (Allow) C:\Program Files (x86)\Opera\opera.exe FirewallRules: [TCP Query User{EC4725F9-CDEE-43E8-8CAB-573E08DEBE0A}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe FirewallRules: [UDP Query User{9C366134-E842-4D7F-8C98-745915390798}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe FirewallRules: [{C27C9CD9-B086-470A-8BCA-6D4BCAAA0066}] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe FirewallRules: [{51E6E2A5-3E21-4F93-9828-152E2EA4F36C}] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe FirewallRules: [TCP Query User{556628F7-71F9-4339-B0C3-6D73591869B1}C:\program files (x86)\internet explorer\iexplore.exe] => (Allow) C:\program files (x86)\internet explorer\iexplore.exe FirewallRules: [UDP Query User{3E5EDDF5-4EAA-41D6-8412-A73C48B130C2}C:\program files (x86)\internet explorer\iexplore.exe] => (Allow) C:\program files (x86)\internet explorer\iexplore.exe FirewallRules: [{6C5A3C64-1033-4362-9985-97CD370F748F}] => (Block) C:\program files (x86)\internet explorer\iexplore.exe FirewallRules: [{6B452E67-C11A-4D06-A818-C0411A01C48B}] => (Block) C:\program files (x86)\internet explorer\iexplore.exe FirewallRules: [{743DE810-FC17-43FF-9069-1A1E4BA33C57}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe FirewallRules: [{3E4CC361-3137-41AE-86CF-17677E3B8DAA}] => (Allow) LPort=2869 FirewallRules: [{A3A2434C-B3E7-4AA3-A4A7-7FE5216EAD7F}] => (Allow) LPort=1900 FirewallRules: [{3CBA40EF-BAB9-4F9A-8740-7A0A1153279C}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe FirewallRules: [TCP Query User{F85D8056-0EA6-4C5E-B4EB-9DC5E4887EBF}C:\program files (x86)\google\google earth\plugin\geplugin.exe] => (Allow) C:\program files (x86)\google\google earth\plugin\geplugin.exe FirewallRules: [UDP Query User{F501DBDC-1876-4447-8B1F-E9058EF39C0E}C:\program files (x86)\google\google earth\plugin\geplugin.exe] => (Allow) C:\program files (x86)\google\google earth\plugin\geplugin.exe FirewallRules: [TCP Query User{91B23A24-FB2C-4C3D-A435-E0AE5F6458B3}C:\program files (x86)\real\realplayer\realplay.exe] => (Allow) C:\program files (x86)\real\realplayer\realplay.exe FirewallRules: [UDP Query User{41343117-962E-41DE-B993-08EA151B4049}C:\program files (x86)\real\realplayer\realplay.exe] => (Allow) C:\program files (x86)\real\realplayer\realplay.exe FirewallRules: [TCP Query User{1FA3BEF2-3619-4728-B624-E650CBFABF54}C:\program files (x86)\mozilla firefox\plugin-container.exe] => (Allow) C:\program files (x86)\mozilla firefox\plugin-container.exe FirewallRules: [UDP Query User{6C1647F5-3662-4A5D-99D9-1D2DEFCE15A0}C:\program files (x86)\mozilla firefox\plugin-container.exe] => (Allow) C:\program files (x86)\mozilla firefox\plugin-container.exe FirewallRules: [{33E0AEF5-A4E9-40BD-910F-56310A869485}] => (Allow) E:\AliceSetup.exe FirewallRules: [{FBA11FAE-AF1E-4240-BB7B-1D4A6D306721}] => (Allow) E:\AliceSetup.exe FirewallRules: [TCP Query User{9F9AD9E6-84C6-4910-885C-D3A0B1BF0F38}C:\program files (x86)\google\google earth\client\googleearth.exe] => (Allow) C:\program files (x86)\google\google earth\client\googleearth.exe FirewallRules: [UDP Query User{02194056-7F43-4526-BD6A-E57BE743211D}C:\program files (x86)\google\google earth\client\googleearth.exe] => (Allow) C:\program files (x86)\google\google earth\client\googleearth.exe FirewallRules: [{DBA582D7-776A-4D0F-893F-459703E13CF9}] => (Block) C:\program files (x86)\google\google earth\client\googleearth.exe FirewallRules: [{18BD4D54-1BF4-4EFF-A2CB-3998FCFE1BAB}] => (Block) C:\program files (x86)\google\google earth\client\googleearth.exe FirewallRules: [{A8E28D94-D18A-4AA6-9C8A-F8D3EB30B0A0}] => (Allow) C:\Users\Bene\AppData\Local\Facebook\Video\Skype\FacebookVideoCalling.exe FirewallRules: [{55DF8F9F-2DD3-425B-8164-F35B95BEC065}] => (Allow) C:\Windows\SysWOW64\msiexec.exe FirewallRules: [{FB6492E0-AB67-48D8-8B10-1B92E881E96F}] => (Allow) C:\Windows\SysWOW64\msiexec.exe FirewallRules: [{8C64E472-A5E4-4F46-9AF2-329A91340E69}] => (Allow) C:\Program Files (x86)\AVG\AVG2013\avgmfapx.exe FirewallRules: [{BF486187-EC9A-4B9D-A961-0F2410B16EB4}] => (Allow) C:\Program Files (x86)\AVG\AVG2013\avgmfapx.exe FirewallRules: [{2BA211D1-6493-4872-9ED0-D0E1055EE180}] => (Allow) C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe FirewallRules: [{BA1D4679-9F58-4E31-A677-CE40B6A84885}] => (Allow) C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe FirewallRules: [{99BC6303-8D41-4520-B0C4-ED8606E60375}] => (Allow) C:\Program Files (x86)\AVG\AVG2013\avgdiagex.exe FirewallRules: [{51003424-229C-4664-9B5A-6237322D9BD0}] => (Allow) C:\Program Files (x86)\AVG\AVG2013\avgdiagex.exe FirewallRules: [{473D03B8-6E6D-46FD-970F-2A2B39AAC50D}] => (Allow) C:\Program Files (x86)\AVG\AVG2013\avgemca.exe FirewallRules: [{41E8CB64-1CB8-4A3E-94B7-72A972EA8951}] => (Allow) C:\Program Files (x86)\AVG\AVG2013\avgemca.exe FirewallRules: [{2D093579-5CF6-4371-8466-BEC1AAAB13DC}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe FirewallRules: [{60B106CC-60BD-43E4-9705-6C4C308B924D}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe FirewallRules: [{CBEB99C9-0906-40AE-AF62-370CB48C2418}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\dota.exe FirewallRules: [{1BA72F6F-70E8-4BFB-ACDE-6B967A0E0CD5}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\dota.exe FirewallRules: [TCP Query User{A4221A6F-EED6-429E-B36A-7D477C017D6B}C:\users\bene\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\bene\appdata\roaming\spotify\spotify.exe FirewallRules: [UDP Query User{4E83E4B9-6B0F-4B54-9F90-FB9E674A1B11}C:\users\bene\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\bene\appdata\roaming\spotify\spotify.exe FirewallRules: [{B295299D-1FE1-4386-82DB-D00EF015177C}] => (Block) C:\users\bene\appdata\roaming\spotify\spotify.exe FirewallRules: [{C84B547A-8217-432E-88E6-65D255CDCB82}] => (Block) C:\users\bene\appdata\roaming\spotify\spotify.exe FirewallRules: [{18840E1A-DA1E-4FA7-B12C-716A4614C787}] => (Allow) C:\Windows\SysWOW64\muzapp.exe FirewallRules: [{1E042D43-FA70-4029-90B2-46FE9B1F1909}] => (Allow) C:\Windows\SysWOW64\muzapp.exe FirewallRules: [{9159569B-FC06-4D88-9DC3-8D6E9532DE13}] => (Allow) C:\Program Files (x86)\GoforFiles\goforfilesdl.exe FirewallRules: [{C4D8AC87-8A6C-459D-8415-DB23D0DFD369}] => (Allow) C:\Program Files (x86)\GoforFiles\goforfilesdl.exe FirewallRules: [{54A947F0-795B-4234-98FE-6D196DD758DB}] => (Allow) C:\Program Files (x86)\GoforFiles\GoforFiles.exe FirewallRules: [{C681084F-F226-4CC7-A7A2-15BA3C189345}] => (Allow) C:\Program Files (x86)\GoforFiles\GoforFiles.exe FirewallRules: [{AA17F77C-C65A-46EC-8FCE-404E98B2C64C}] => (Allow) C:\Program Files (x86)\SMART Technologies\Education Software\UCGui.exe FirewallRules: [{831331E4-8EF3-40FC-9B2B-C07DB52AAA51}] => (Allow) C:\Program Files (x86)\SMART Technologies\Education Software\UCGui.exe FirewallRules: [{71969024-C6F0-4F62-8632-5941D4D651E6}] => (Allow) C:\Program Files (x86)\SMART Technologies\Education Software\UCService.exe FirewallRules: [{D1DE3663-1907-4421-98F7-3FFCE678ED95}] => (Allow) C:\Program Files (x86)\SMART Technologies\Education Software\UCService.exe FirewallRules: [{D74F1BA6-7A5B-42EA-9E91-579DE5F0A504}] => (Allow) C:\Program Files (x86)\SMART Technologies\Education Software\SMARTSNMPAgent.exe FirewallRules: [{72AE8C43-3F63-474B-98CB-8DD5BB20D3EB}] => (Allow) C:\Program Files (x86)\SMART Technologies\Education Software\SMARTSNMPAgent.exe FirewallRules: [{14822A7D-7524-4FD0-B7DA-E736757EF09A}] => (Allow) C:\Program Files (x86)\Nero\Nero 2014\Nero BackItUp\NBService\NBService.exe FirewallRules: [{6362272A-DC91-47DB-98A4-220F19FE8EF1}] => (Allow) C:\Program Files (x86)\Nero\Nero 2014\Nero BackItUp\BackItUp.exe FirewallRules: [{A73EA5E3-58C3-4C90-BDA9-DD2942652DAA}] => (Allow) C:\Program Files (x86)\Nero\Nero 2014\Nero BackItUp\BackItUp.exe FirewallRules: [{21FB9A72-A014-4FFD-B037-20D9B1A5909E}] => (Allow) C:\Program Files (x86)\Nero\Nero 2014\Nero BackItUp\NBService\NBService.exe FirewallRules: [{5C125B9C-5EEB-4E54-9FEC-E708DD126769}] => (Allow) C:\Program Files (x86)\Nero\Nero 2014\Nero BackItUp\NBService\NBService.exe FirewallRules: [{66A4650F-74CB-4EB1-B4B1-A60C18DD723D}] => (Allow) C:\Program Files (x86)\Nero\Nero 2014\Nero BackItUp\NBService\NBService.exe FirewallRules: [{8722310E-6001-4F48-8C74-6D22605BD8DD}] => (Allow) C:\Program Files (x86)\Nero\Nero 2014\Nero BackItUp\NBService\NBService.exe FirewallRules: [{5B6D9EE0-2E47-4AD8-951F-B0FBC084998F}] => (Allow) C:\Program Files (x86)\Nero\Nero 2014\Nero BackItUp\NBService\NBService.exe FirewallRules: [{162E11F7-E1A9-412B-B6FF-475F7AA75F41}] => (Allow) C:\Program Files (x86)\Nero\Nero 2014\Nero BackItUp\NBService\NBService.exe FirewallRules: [{5EE5C28F-CD60-4688-9C01-962BB426A169}] => (Allow) C:\Program Files (x86)\Nero\Nero 2014\Nero BackItUp\NBService\NBService.exe FirewallRules: [{9CE6BD1F-95A1-472D-9930-ED77B8225C5E}] => (Allow) C:\Program Files (x86)\Nero\Nero 2014\Nero BackItUp\NBService\NBService.exe FirewallRules: [{71C41DB2-0947-4A1A-9B66-35AF8C20154F}] => (Allow) C:\Program Files (x86)\Nero\Nero 2014\Nero BackItUp\NBService\NBService.exe FirewallRules: [{4A7B3664-5759-44C2-88D4-194609F64A6A}] => (Allow) C:\Program Files (x86)\Nero\Nero 2014\Nero BackItUp\NBService\NBService.exe FirewallRules: [{803A2851-D1B9-4410-99E2-DC8317AAA380}] => (Allow) C:\Program Files (x86)\Nero\Nero 2014\Nero BackItUp\NBService\NBService.exe FirewallRules: [{AEE15BFC-0C24-4E7D-AF6C-B92F9A878EF8}] => (Allow) C:\Program Files (x86)\Nero\Nero 2014\Nero BackItUp\NBService\NBService.exe FirewallRules: [{1162FD64-0784-4C77-8223-0776089A28C4}] => (Allow) C:\Program Files (x86)\Nero\Nero 2014\Nero BackItUp\NBService\NBService.exe FirewallRules: [{E350985C-7F06-4905-B988-A886156F98A7}] => (Allow) C:\Program Files (x86)\Nero\Nero 2014\Nero BackItUp\NBService\NBService.exe FirewallRules: [{B91D171A-B528-4510-A050-E24F3A245C4B}] => (Allow) C:\Program Files (x86)\Nero\Nero 2014\Nero BackItUp\NBService\NBService.exe FirewallRules: [{25144524-EDFE-4DA1-8979-2020CF8CE843}] => (Allow) C:\Program Files (x86)\Nero\Nero 2014\Nero BackItUp\NBService\NBService.exe FirewallRules: [{2DB5963A-D981-4BB3-8B97-9716B298DF70}] => (Allow) C:\Program Files (x86)\Nero\Nero 2014\Nero BackItUp\NBService\NBService.exe FirewallRules: [{1B6E5399-1304-44F5-827B-57BE3B80A087}] => (Allow) C:\Program Files (x86)\Nero\Nero 2014\Nero BackItUp\NBService\NBService.exe FirewallRules: [{21AA41C3-1091-49A6-A3FE-A27ED736A76A}] => (Allow) C:\Program Files (x86)\Nero\Nero 2014\Nero BackItUp\NBService\NBService.exe FirewallRules: [{93EBD48D-5862-4A6E-B080-13FD7FD8D84B}] => (Allow) C:\Program Files (x86)\Nero\Nero 2014\Nero BackItUp\NBService\NBService.exe FirewallRules: [{84BEE9EC-2160-4927-BCE0-901E1D5C4475}] => (Allow) C:\Program Files (x86)\Nero\Nero 2014\Nero BackItUp\NBService\NBService.exe FirewallRules: [{AC3B6AB4-5CDA-4591-B9D7-E1104C80D682}] => (Allow) C:\Program Files (x86)\Nero\Nero 2014\Nero BackItUp\NBService\NBService.exe FirewallRules: [{DF9F5BD2-C461-4C97-9757-8F4E1B5177B9}] => (Allow) C:\Program Files (x86)\Nero\Nero 2014\Nero BackItUp\NBService\NBService.exe FirewallRules: [{B3AFA6C0-FB2F-4559-AD13-2C63160B216E}] => (Allow) C:\Program Files (x86)\Nero\Nero 2014\Nero BackItUp\NBService\NBService.exe FirewallRules: [{A2C8F448-5B52-4C56-A00C-16A6ED1DF324}] => (Allow) C:\Program Files (x86)\Nero\Nero 2014\Nero BackItUp\NBService\NBService.exe FirewallRules: [{3971F6FB-CE5F-40D9-9690-9AC62F49F6C9}] => (Allow) C:\Program Files (x86)\Nero\Nero 2014\Nero BackItUp\NBService\NBService.exe FirewallRules: [{CFB9EE1D-B9BC-4E3B-B8EB-B95AF7F4C8DB}] => (Allow) C:\Program Files (x86)\Nero\Nero 2014\Nero BackItUp\NBService\NBService.exe FirewallRules: [{00965370-B8C7-432A-ACE7-39CF7D5AD4CC}] => (Allow) C:\Program Files (x86)\Nero\Nero 2014\Nero BackItUp\NBService\NBService.exe FirewallRules: [{ADB7FD5D-A5B0-4318-8526-FDC6497A86EF}] => (Allow) C:\Program Files (x86)\Nero\Nero 2014\Nero BackItUp\NBService\NBService.exe FirewallRules: [{4CF4F8AE-E51B-41FD-A677-1AFE18573FC9}] => (Allow) C:\Program Files (x86)\Nero\Nero 2014\Nero BackItUp\NBService\NBService.exe FirewallRules: [{618B9538-7D57-46C1-A755-5AB6BD7C29BF}] => (Allow) C:\Program Files (x86)\Nero\Nero 2014\Nero BackItUp\NBService\NBService.exe FirewallRules: [{3D613248-91B6-4256-B0C4-9DC88A714796}] => (Allow) C:\Program Files (x86)\Nero\Nero 2014\Nero BackItUp\NBService\NBService.exe FirewallRules: [{89B3F129-D75F-4726-A6A0-BB7C9EF9A88F}] => (Allow) C:\Program Files (x86)\Nero\Nero 2014\Nero BackItUp\NBService\NBService.exe FirewallRules: [{0E87771A-832E-4EA3-9159-78BCB1CCA2B6}] => (Allow) C:\Program Files (x86)\Nero\Nero 2014\Nero BackItUp\NBService\NBService.exe FirewallRules: [{5A5E9EE8-2B80-4DC3-8C5A-B0329E13A1D3}] => (Allow) C:\Program Files (x86)\Nero\Nero 2014\Nero BackItUp\NBService\NBService.exe FirewallRules: [{15FC5AF6-3811-42CE-9C3A-9AE3763EF22A}] => (Allow) C:\Program Files (x86)\Nero\Nero 2014\Nero BackItUp\NBService\NBService.exe FirewallRules: [{F21A4CC8-8BDC-438F-A242-0CD1B38B487A}] => (Allow) C:\Program Files (x86)\Nero\Nero 2014\Nero BackItUp\NBService\NBService.exe FirewallRules: [{E97C50CF-4580-410F-8475-CC1CF14A0A64}] => (Allow) C:\Program Files (x86)\Nero\Nero 2014\Nero BackItUp\NBService\NBService.exe FirewallRules: [{423D723C-9BAC-44DD-A28E-B4D294C471F1}] => (Allow) C:\Program Files (x86)\Nero\Nero 2014\Nero BackItUp\NBService\NBService.exe FirewallRules: [{D70982F5-80DA-411F-8B34-22F19EA2338A}] => (Allow) C:\Program Files (x86)\Nero\Nero 2014\Nero BackItUp\NBService\NBService.exe FirewallRules: [{8E7A13F3-4B02-42D0-BC96-45989F4A4F41}] => (Allow) C:\Program Files (x86)\Nero\Nero 2014\Nero BackItUp\NBService\NBService.exe FirewallRules: [{505EAC42-7424-4BF3-9112-70BCF17A94BD}] => (Allow) C:\Program Files (x86)\Nero\Nero 2014\Nero BackItUp\NBService\NBService.exe FirewallRules: [{D70E861A-3872-4B23-B5BD-683A2C794685}] => (Allow) C:\Program Files (x86)\Nero\Nero 2014\Nero BackItUp\NBService\NBService.exe FirewallRules: [{C36790A2-2EE2-4394-981A-4BA5A2F461EA}] => (Allow) C:\Program Files (x86)\Nero\Nero 2014\Nero BackItUp\NBService\NBService.exe FirewallRules: [{8CE952FC-6E0B-471C-9467-2913669E053E}] => (Allow) C:\Program Files (x86)\Nero\Nero 2014\Nero BackItUp\NBService\NBService.exe FirewallRules: [{CC64DEB9-9F94-4C7A-8133-651BE39FED53}] => (Allow) C:\Program Files (x86)\Nero\Nero 2014\Nero BackItUp\NBService\NBService.exe FirewallRules: [{E3CE0D92-53F2-4392-AE79-988B99C2C3E4}] => (Allow) C:\Program Files (x86)\Nero\Nero 2014\Nero BackItUp\NBService\NBService.exe FirewallRules: [{1F4348A6-31B5-4FD4-AC32-079A9526989C}] => (Allow) C:\Program Files (x86)\Nero\Nero 2014\Nero BackItUp\NBService\NBService.exe FirewallRules: [{D91A78E7-08D4-461E-B905-10501C29E3B5}] => (Allow) C:\Program Files (x86)\Nero\Nero 2014\Nero BackItUp\NBService\NBService.exe FirewallRules: [{FBBD0627-5E9D-4121-A6FA-8843BB62B517}] => (Allow) C:\Program Files (x86)\Nero\Nero 2014\Nero BackItUp\NBService\NBService.exe FirewallRules: [{F1FC2B33-9EDE-459F-BF4F-8D80F885426E}] => (Allow) C:\Program Files (x86)\Nero\Nero 2014\Nero BackItUp\NBService\NBService.exe FirewallRules: [{6F17FAC0-4093-4835-A704-3CE2DAD24335}] => (Allow) C:\Program Files (x86)\Nero\Nero 2014\Nero BackItUp\NBService\NBService.exe FirewallRules: [{A43C5DB4-42E0-41ED-BB9F-7CBF17A5B16B}] => (Allow) C:\Program Files (x86)\Nero\Nero 2014\Nero BackItUp\NBService\NBService.exe FirewallRules: [{078500A1-B717-4773-B96E-3788DB42C22A}] => (Allow) C:\Program Files (x86)\Nero\Nero 2014\Nero BackItUp\NBService\NBService.exe FirewallRules: [{1A2654DB-1D87-4F3B-8F04-3F1C49CB4AE1}] => (Allow) C:\Program Files (x86)\Nero\Nero 2014\Nero BackItUp\NBService\NBService.exe FirewallRules: [{2077D459-3348-4A02-ACED-F2C936B54775}] => (Allow) C:\Program Files (x86)\Nero\Nero 2014\Nero BackItUp\NBService\NBService.exe FirewallRules: [{8FDD40B6-0B28-4A18-8E18-AB8149CBF829}] => (Allow) C:\Program Files (x86)\Nero\Nero 2014\Nero BackItUp\NBService\NBService.exe FirewallRules: [{ECE39D3C-4E27-49D3-9869-ADD0EB252C1C}] => (Allow) C:\Program Files (x86)\Nero\Nero 2014\Nero BackItUp\NBService\NBService.exe FirewallRules: [{B0CE7E59-AA63-4520-99C5-209027AC8D5F}] => (Allow) C:\Program Files (x86)\Nero\Nero 2014\Nero BackItUp\NBService\NBService.exe FirewallRules: [{FFF31E17-DC3B-4A4F-B9AB-54F0EBF09EAB}] => (Allow) C:\Program Files (x86)\Nero\Nero 2014\Nero BackItUp\NBService\NBService.exe FirewallRules: [{4066FF01-D83F-487E-BBF2-5437925DFCA3}] => (Allow) C:\Program Files (x86)\Nero\Nero 2014\Nero BackItUp\NBService\NBService.exe FirewallRules: [{61FA4CF5-FC7D-4AC1-84F8-BC87EE0319FF}] => (Allow) C:\Program Files (x86)\Nero\Nero 2014\Nero BackItUp\NBService\NBService.exe FirewallRules: [{DB15DF42-3274-44C5-BC0B-E1EA778BA307}] => (Allow) C:\Program Files (x86)\Nero\Nero 2014\Nero BackItUp\NBService\NBService.exe FirewallRules: [{335E19B5-292B-4024-8A51-6E57C56B7829}] => (Allow) C:\Program Files (x86)\Nero\Nero 2014\Nero BackItUp\NBService\NBService.exe FirewallRules: [{CD52912C-ABFC-474F-92DD-0ECED37F8F4A}] => (Allow) C:\Program Files (x86)\Nero\Nero 2014\Nero BackItUp\NBService\NBService.exe FirewallRules: [{A8FD1575-33E1-4820-9597-DC4FE344D34E}] => (Allow) C:\Program Files (x86)\Nero\Nero 2014\Nero BackItUp\NBService\NBService.exe FirewallRules: [{AEDA11C0-5AB3-4B05-81E0-60844DFBBCDB}] => (Allow) C:\Program Files (x86)\Nero\Nero 2014\Nero BackItUp\NBService\NBService.exe FirewallRules: [{436F3EE7-CB26-4602-B077-349A854E7156}] => (Allow) C:\Program Files (x86)\Nero\Nero 2014\Nero BackItUp\NBService\NBService.exe FirewallRules: [{2619F447-B6DF-442F-9B96-1F69B3EA7F3B}] => (Allow) C:\Program Files (x86)\Nero\Nero 2014\Nero BackItUp\NBService\NBService.exe FirewallRules: [{3CE3A11B-3E2F-41A2-9217-BF6FC1F901C2}] => (Allow) C:\Program Files (x86)\Nero\Nero 2014\Nero BackItUp\NBService\NBService.exe FirewallRules: [{923655CB-2DFE-4A69-883E-0E5264A47C21}] => (Allow) C:\Program Files (x86)\Nero\Nero 2014\Nero BackItUp\NBService\NBService.exe FirewallRules: [{3E147A1D-931F-402E-A583-8D99720AA23F}] => (Allow) C:\Program Files (x86)\Nero\Nero 2014\Nero BackItUp\NBService\NBService.exe FirewallRules: [{E83C0344-B78C-47B9-AFE4-8204830A78A9}] => (Allow) C:\Program Files (x86)\Nero\Nero 2014\Nero BackItUp\NBService\NBService.exe FirewallRules: [{ECADE6E3-0529-4DAE-B635-6FBB05D27A9C}] => (Allow) C:\Program Files (x86)\Nero\Nero 2014\Nero BackItUp\NBService\NBService.exe FirewallRules: [{C7EB8302-53D8-42E2-99B8-A600C1C62377}] => (Allow) C:\Program Files (x86)\Nero\Nero 2014\Nero BackItUp\NBService\NBService.exe FirewallRules: [{2075A672-FDEE-4A64-8900-F808199D5F43}] => (Allow) C:\Program Files (x86)\Nero\Nero 2014\Nero BackItUp\NBService\NBService.exe FirewallRules: [{B10F1986-8F4E-4ABC-8D7B-FE7C7C875536}] => (Allow) C:\Program Files (x86)\Nero\Nero 2014\Nero BackItUp\NBService\NBService.exe FirewallRules: [{7A028AE3-7A0B-4228-86B8-AD1C2D903A17}] => (Allow) C:\Program Files (x86)\Nero\Nero 2014\Nero BackItUp\NBService\NBService.exe FirewallRules: [{5E4AC8F1-F145-4FDB-9267-E9AB14A45432}] => (Allow) C:\Program Files (x86)\Nero\Nero 2014\Nero BackItUp\NBService\NBService.exe FirewallRules: [{4EF2F9DC-70CA-4271-99F8-E90183B16C36}] => (Allow) C:\Program Files (x86)\Nero\Nero 2014\Nero BackItUp\NBService\NBService.exe FirewallRules: [{E33C8EFD-DE24-4F51-9BDF-F84EC2B13800}] => (Allow) C:\Program Files (x86)\Nero\Nero 2014\Nero BackItUp\NBService\NBService.exe FirewallRules: [{147F18DD-893E-46AE-A963-3A07BE0A5062}] => (Allow) C:\Program Files (x86)\Nero\Nero 2014\Nero BackItUp\NBService\NBService.exe FirewallRules: [{CFE79706-AE93-4EC3-A104-ED9B8F440A18}] => (Allow) C:\Program Files (x86)\Nero\Nero 2014\Nero BackItUp\NBService\NBService.exe FirewallRules: [{2DB846ED-7DA4-4AFF-8671-098D8352AF97}] => (Allow) C:\Program Files (x86)\Nero\Nero 2014\Nero BackItUp\NBService\NBService.exe FirewallRules: [{FA6F9E88-165F-41FD-B62A-C45014E8063F}] => (Allow) C:\Program Files (x86)\Nero\Nero 2014\Nero BackItUp\NBService\NBService.exe FirewallRules: [{9A6CDEFD-D2CB-44EE-89FE-E84C8AD0F3AC}] => (Allow) C:\Program Files (x86)\Nero\Nero 2014\Nero BackItUp\NBService\NBService.exe FirewallRules: [{4426E50C-8DC6-4F05-ACBF-250AE2FD2D01}] => (Allow) C:\Program Files (x86)\Nero\Nero 2014\Nero BackItUp\NBService\NBService.exe FirewallRules: [{4BD47A97-A350-49E9-8665-AD024FA52B0D}] => (Allow) C:\Program Files (x86)\Nero\Nero 2014\Nero BackItUp\NBService\NBService.exe FirewallRules: [{1B781CE9-B763-498D-93A7-D68153CB45D4}] => (Allow) C:\Program Files (x86)\Nero\Nero 2014\Nero BackItUp\NBService\NBService.exe FirewallRules: [{B0E1BA6E-C11B-447F-BC9A-943ACBE4371D}] => (Allow) C:\Program Files (x86)\Nero\Nero 2014\Nero BackItUp\NBService\NBService.exe FirewallRules: [{82A8627C-63D5-422D-B80E-0242BE31012B}] => (Allow) C:\Program Files (x86)\Nero\Nero 2014\Nero BackItUp\NBService\NBService.exe FirewallRules: [{1FA50F55-1377-4146-AEDE-F844C5B76434}] => (Allow) C:\Program Files (x86)\Nero\Nero 2014\Nero BackItUp\NBService\NBService.exe FirewallRules: [{AD02F91B-E284-4D93-B138-D0202E15F4CE}] => (Allow) C:\Program Files (x86)\Nero\Nero 2014\Nero BackItUp\NBService\NBService.exe FirewallRules: [{F128269C-A541-492D-81A5-BE0D5E1608D9}] => (Allow) C:\Program Files (x86)\Nero\Nero 2014\Nero BackItUp\NBService\NBService.exe FirewallRules: [{51E45F65-4276-4630-A60E-9C3830A67793}] => (Allow) C:\Program Files (x86)\Nero\Nero 2014\Nero BackItUp\NBService\NBService.exe FirewallRules: [{1E6DC3C4-74A1-4C99-8D93-DBE511F06BCE}] => (Allow) C:\Program Files (x86)\Nero\Nero 2014\Nero BackItUp\NBService\NBService.exe FirewallRules: [{D7901FD4-79DB-47CC-A4DD-A672EDD77C38}] => (Allow) C:\Program Files (x86)\Nero\Nero 2014\Nero BackItUp\NBService\NBService.exe FirewallRules: [{ED54139C-1DD4-4BAC-845D-FF15BA178E57}] => (Allow) C:\Program Files (x86)\Nero\Nero 2014\Nero BackItUp\NBService\NBService.exe FirewallRules: [{5D909E09-76D7-40E0-9681-3ED2EE4BD668}] => (Allow) C:\Program Files (x86)\Nero\Nero 2014\Nero BackItUp\NBService\NBService.exe FirewallRules: [{A5C2F50C-51D4-49E5-BECD-E02E8BEDCCAA}] => (Allow) C:\Program Files (x86)\Nero\Nero 2014\Nero BackItUp\NBService\NBService.exe FirewallRules: [{4AD2D853-EFC4-4DCA-A538-17289290B1D1}] => (Allow) C:\Program Files (x86)\Nero\Nero 2014\Nero BackItUp\NBService\NBService.exe FirewallRules: [{963CC360-606A-4A84-9794-E9302FF33CF4}] => (Allow) C:\Program Files (x86)\Nero\Nero 2014\Nero BackItUp\NBService\NBService.exe FirewallRules: [{5D28F85D-2550-453C-80B2-EADBCCEE6290}] => (Allow) C:\Program Files (x86)\Nero\Nero 2014\Nero BackItUp\NBService\NBService.exe FirewallRules: [{443C10B5-C1E4-41BA-B259-C8EDB36FD088}] => (Allow) C:\Program Files (x86)\Nero\Nero 2014\Nero BackItUp\NBService\NBService.exe FirewallRules: [{7334F4C3-C112-4AE9-AF7D-80ABD06B2626}] => (Allow) C:\Program Files (x86)\Nero\Nero 2014\Nero BackItUp\NBService\NBService.exe FirewallRules: [{0F57633A-6353-4BE2-AEF0-A37D1086DDB5}] => (Allow) C:\Program Files (x86)\Nero\Nero 2014\Nero BackItUp\NBService\NBService.exe FirewallRules: [{E80B998E-C65D-433A-A68F-8ABD78EC1F1F}] => (Allow) C:\Program Files (x86)\Nero\Nero 2014\Nero BackItUp\NBService\NBService.exe FirewallRules: [{C532F21B-D608-46F9-8177-B711AE8FAE8D}] => (Allow) C:\Program Files (x86)\Nero\Nero 2014\Nero BackItUp\NBService\NBService.exe FirewallRules: [{8639BDBE-12BD-43FE-B585-80C0E9741BA8}] => (Allow) C:\Program Files (x86)\Nero\Nero 2014\Nero BackItUp\NBService\NBService.exe FirewallRules: [{01DE4C5F-103A-43EF-A9E0-0F5A92746773}] => (Allow) C:\Program Files (x86)\Nero\Nero 2014\Nero BackItUp\NBService\NBService.exe FirewallRules: [{7C150231-2DCC-40E5-836D-DCAFDA579E10}] => (Allow) C:\Program Files (x86)\Nero\Nero 2014\Nero BackItUp\NBService\NBService.exe FirewallRules: [{CB787287-32D7-42A0-B575-C283BC606B7D}] => (Allow) C:\Program Files (x86)\Nero\Nero 2014\Nero BackItUp\NBService\NBService.exe FirewallRules: [{F6C14CA0-7E1C-4516-B7A9-EB42E6A1BD4E}] => (Allow) C:\Program Files (x86)\Nero\Nero 2014\Nero BackItUp\NBService\NBService.exe FirewallRules: [{CFE70C50-F9F3-48F7-88D3-8BEDFB73E44E}] => (Allow) C:\Program Files (x86)\Nero\Nero 2014\Nero BackItUp\NBService\NBService.exe FirewallRules: [{E4C9FBBA-5638-4AE6-A736-5748D8CA5DF6}] => (Allow) C:\Program Files (x86)\Nero\Nero 2014\Nero BackItUp\NBService\NBService.exe FirewallRules: [{8898AED8-41D4-4351-AB17-1E302517B85D}] => (Allow) C:\Program Files (x86)\Nero\Nero 2014\Nero BackItUp\NBService\NBService.exe FirewallRules: [{0E6DA300-FC29-48EF-B200-477D2D78C30E}] => (Allow) C:\Program Files (x86)\Nero\Nero 2014\Nero BackItUp\NBService\NBService.exe FirewallRules: [{C41C51CA-B658-488A-BF13-3668F1FAF448}] => (Allow) C:\Program Files (x86)\Nero\Nero 2014\Nero BackItUp\NBService\NBService.exe FirewallRules: [{8427F0FF-9607-4DAE-B67A-762372919566}] => (Allow) C:\Program Files (x86)\Nero\Nero 2014\Nero BackItUp\NBService\NBService.exe FirewallRules: [{3AAEA944-77F5-48E4-9FDA-A6B11F4674A0}] => (Allow) C:\Program Files (x86)\Nero\Nero 2014\Nero BackItUp\NBService\NBService.exe FirewallRules: [{3F07A7CB-F74F-4306-B6A5-11C4E8770EF5}] => (Allow) C:\Program Files (x86)\Nero\Nero 2014\Nero BackItUp\NBService\NBService.exe FirewallRules: [{09163CEE-BB05-49F5-806A-B7A67D1C7E3C}] => (Allow) C:\Program Files (x86)\Nero\Nero 2014\Nero BackItUp\NBService\NBService.exe FirewallRules: [{8919816D-1746-4C4F-A9D7-0466C9CD2D33}] => (Allow) C:\Program Files (x86)\Nero\Nero 2014\Nero BackItUp\NBService\NBService.exe FirewallRules: [TCP Query User{8B36116D-B853-4FE1-80A1-F9E305395FC6}D:\downloads\ratiomaster.net.exe] => (Allow) D:\downloads\ratiomaster.net.exe FirewallRules: [UDP Query User{5F6F94A9-06FD-4CAC-AE57-4B4B6F1362B4}D:\downloads\ratiomaster.net.exe] => (Allow) D:\downloads\ratiomaster.net.exe FirewallRules: [TCP Query User{32171C11-C0E9-4F02-9E7A-C2FAEE77CF11}D:\downloads\mratio.exe] => (Allow) D:\downloads\mratio.exe FirewallRules: [UDP Query User{662BB4CE-4360-4590-8748-BEA1EF2C4A8C}D:\downloads\mratio.exe] => (Allow) D:\downloads\mratio.exe FirewallRules: [{48E0A8E8-3645-4610-B759-5EC100BA017B}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{62C75188-603C-49B4-8730-98A3C842D165}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\fotobuch.de\Designer 2.0\Designer.exe] => Designer.exe ==================== Faulty Device Manager Devices ============= Name: SMART Virtual TabletPC Description: SMART Virtual TabletPC Class Guid: {745a17a0-74d3-11d0-b6fe-00a0c90f57da} Manufacturer: SMART Technologies ULC Service: SMARTVTabletPCx64 Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: Unknown Device Description: Unknown Device Class Guid: {36fc9e60-c465-11cf-8056-444553540000} Manufacturer: (Standard-USB-Hostcontroller) Service: Problem: : Windows has stopped this device because it has reported problems. (Code 43) Resolution: One of the drivers controlling the device notified the operating system that the device failed in some manner. For more information about how to diagnose the problem, see the hardware documentation. ==================== Event log errors: ========================= Application errors: ================== Error: (05/30/2015 00:44:52 PM) (Source: SideBySide) (EventID: 80) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_41e554362bd82458.manifest. Error: (05/30/2015 10:26:30 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT-AUTORITÄT) Description: Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren für Dienst "WmiApRpl" (WmiApRpl). Der Fehlercode ist das erste DWORD im Datenbereich. Error: (05/30/2015 10:26:30 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT) Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich. Error: (05/30/2015 10:26:30 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT) Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich. Error: (05/30/2015 09:45:51 AM) (Source: SideBySide) (EventID: 80) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_41e554362bd82458.manifest. Error: (05/29/2015 08:19:14 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT-AUTORITÄT) Description: Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren für Dienst "WmiApRpl" (WmiApRpl). Der Fehlercode ist das erste DWORD im Datenbereich. Error: (05/29/2015 08:19:14 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT) Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich. Error: (05/29/2015 08:19:14 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT) Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich. Error: (05/29/2015 03:51:43 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: setup.exe_unknown, Version: 0.0.0.0, Zeitstempel: 0x375ee349 Name des fehlerhaften Moduls: QuickTime.qts_unloaded, Version: 0.0.0.0, Zeitstempel: 0x5180f322 Ausnahmecode: 0xc0000005 Fehleroffset: 0x65accc49 ID des fehlerhaften Prozesses: 0x588 Startzeit der fehlerhaften Anwendung: 0xsetup.exe_unknown0 Pfad der fehlerhaften Anwendung: setup.exe_unknown1 Pfad des fehlerhaften Moduls: setup.exe_unknown2 Berichtskennung: setup.exe_unknown3 Error: (05/29/2015 03:51:32 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: QT32.exe, Version: 0.0.0.0, Zeitstempel: 0x36b88abd Name des fehlerhaften Moduls: QuickTime.qts_unloaded, Version: 0.0.0.0, Zeitstempel: 0x5180f322 Ausnahmecode: 0xc0000005 Fehleroffset: 0x65accc49 ID des fehlerhaften Prozesses: 0x1284 Startzeit der fehlerhaften Anwendung: 0xQT32.exe0 Pfad der fehlerhaften Anwendung: QT32.exe1 Pfad des fehlerhaften Moduls: QT32.exe2 Berichtskennung: QT32.exe3 System errors: ============= Error: (05/30/2015 01:13:47 PM) (Source: Service Control Manager) (EventID: 7032) (User: ) Description: Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden des Dienstes "Software Protection" Korrekturmaßnahmen (Neustart des Diensts) durchzuführen, ist fehlgeschlagen. Fehler: %%1056 Error: (05/30/2015 01:11:47 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: Der Dienst "Windows Media Player-Netzwerkfreigabedienst" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts. Error: (05/30/2015 01:11:47 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: Der Dienst "Software Protection" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 120000 Millisekunden durchgeführt: Neustart des Diensts. Error: (05/30/2015 01:11:47 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: Dienst "Secunia Update Agent" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. Error: (05/30/2015 01:11:46 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: Dienst "WD File Management Shadow Engine" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. Error: (05/30/2015 01:11:46 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: Dienst "WD File Management Engine" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. Error: (05/30/2015 01:11:46 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: Dienst "WDDMService" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. Error: (05/30/2015 01:11:46 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: Dienst "SMART Helper Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. Error: (05/30/2015 01:11:46 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: Dienst "Secunia PSI Agent" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. Error: (05/30/2015 01:11:46 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: Dienst "MBAMService" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. Microsoft Office: ========================= Error: (05/30/2015 00:44:52 PM) (Source: SideBySide) (EventID: 80) (User: ) Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_41e554362bd82458.manifestc:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe Error: (05/30/2015 10:26:30 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT-AUTORITÄT) Description: WmiApRplWmiApRpl8F20300004D070000 Error: (05/30/2015 10:26:30 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT) Description: Performance1637070000000000000000000009030000 Error: (05/30/2015 10:26:30 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT) Description: Performance1637070000000000000000000009030000 Error: (05/30/2015 09:45:51 AM) (Source: SideBySide) (EventID: 80) (User: ) Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_41e554362bd82458.manifestc:\program files (x86)\eset\eset online scanner\ESETSmartInstaller.exe Error: (05/29/2015 08:19:14 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT-AUTORITÄT) Description: WmiApRplWmiApRpl8F20300004D070000 Error: (05/29/2015 08:19:14 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT) Description: Performance1637070000000000000000000009030000 Error: (05/29/2015 08:19:14 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT) Description: Performance1637070000000000000000000009030000 Error: (05/29/2015 03:51:43 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: setup.exe_unknown0.0.0.0375ee349QuickTime.qts_unloaded0.0.0.05180f322c000000565accc4958801d09a167d262666F:\setup.exeQuickTime.qtsd671449d-0609-11e5-af2a-6cf0490ead50 Error: (05/29/2015 03:51:32 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: QT32.exe0.0.0.036b88abdQuickTime.qts_unloaded0.0.0.05180f322c000000565accc49128401d09a168b947e0cF:\Support\QT32.exeQuickTime.qtscf973ae8-0609-11e5-af2a-6cf0490ead50 CodeIntegrity Errors: =================================== Date: 2015-05-29 09:14:26.562 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2015-05-29 09:14:26.531 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2010-05-06 18:02:49.131 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\Users\Bene\AppData\Local\Temp\EverestDriver.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2010-05-06 18:02:49.124 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\Users\Bene\AppData\Local\Temp\EverestDriver.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2010-05-06 18:02:48.003 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files (x86)\Lavalys\EVEREST Home Edition\kerneld.amd64" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2010-05-06 18:02:47.996 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files (x86)\Lavalys\EVEREST Home Edition\kerneld.amd64" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. ==================== Memory info =========================== Processor: AMD Phenom(tm) II X4 955 Processor Percentage of memory in use: 33% Total physical RAM: 4094.49 MB Available physical RAM: 2717.21 MB Total Pagefile: 10092.7 MB Available Pagefile: 8643.92 MB Total Virtual: 8192 MB Available Virtual: 8191.83 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:127.99 GB) (Free:7.13 GB) NTFS ==>[Drive with boot components (obtained from BCD)] Drive d: () (Fixed) (Total:337.77 GB) (Free:23.09 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 00000001) Partition 1: (Active) - (Size=128 GB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=337.8 GB) - (Type=07 NTFS) ==================== End of log ============================ |
31.05.2015, 05:40 | #10 |
/// the machine /// TB-Ausbilder | PC stürzt regemäßig ab Lade Dir bitte Bluescreenview und installiere es: BlueScreenView - Download - Filepony Öffnen und den aktuellsten Dump analysieren lassen (macht das Tool automatisch). Output hier posten.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
31.05.2015, 09:06 | #11 |
| PC stürzt regemäßig ab Bei Bluescreenview gabs keine Funde. Hatte auch keine Abstürze mit Bluescreen. Was nun? |
31.05.2015, 14:40 | #12 |
/// the machine /// TB-Ausbilder | PC stürzt regemäßig ab der Rechner stürzt ab ohne Bluescreen? Stürzt er wirklich ab? Sprich geh aus?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
31.05.2015, 18:52 | #13 | |
| PC stürzt regemäßig ab Der PC hängt sich auf, ohne Blue Screen: Zitat:
|
01.06.2015, 17:10 | #14 |
/// the machine /// TB-Ausbilder | PC stürzt regemäßig ab Festplatte testen: Zustand der Festplatte herausfinden - so gehts - Anleitungen
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
01.06.2015, 18:52 | #15 |
| PC stürzt regemäßig abCode:
ATTFilter ---------------------------------------------------------------------------- CrystalDiskInfo 6.3.2 (C) 2008-2015 hiyohiyo Crystal Dew World : hxxp://crystalmark.info/ ---------------------------------------------------------------------------- OS : Windows 7 Ultimate SP1 [6.1 Build 7601] (x64) Date : 2015/06/01 18:21:22 -- Controller Map ---------------------------------------------------------- + ATA Channel 1 (1) [ATA] - Marvell 91xx Config Device + Standard-Zweikanal-PCI-IDE-Controller [ATA] - ATA Channel 0 (0) - ATA Channel 1 (1) + Standard-Zweikanal-PCI-IDE-Controller [ATA] - ATA Channel 0 (0) - ATA Channel 1 (1) + Standard-Zweikanal-PCI-IDE-Controller [ATA] + ATA Channel 0 (0) - _NEC DVD_RW ND-3500AG ATA Device - ST3500418AS ATA Device - ATA Channel 1 (1) - GIGABYTE GBB36X Controller [SCSI] -- Disk List --------------------------------------------------------------- (1) ST3500418AS : 500,1 GB [0/3/0, pd1] - st ---------------------------------------------------------------------------- (1) ST3500418AS ---------------------------------------------------------------------------- Model : ST3500418AS Firmware : CC38 Serial Number : 6VMBC3DZ Disk Size : 500,1 GB (8,4/137,4/500,1/500,1) Buffer Size : 16384 KB Queue Depth : 32 # of Sectors : 976773168 Rotation Rate : 7200 RPM Interface : Serial ATA Major Version : ATA8-ACS Minor Version : ATA8-ACS version 4 Transfer Mode : ---- | SATA/300 Power On Hours : 8236 Std. Power On Count : 5187 mal Temperature : 28 C (82 F) Health Status : Gut Features : S.M.A.R.T., AAM, 48bit LBA, NCQ APM Level : ---- AAM Level : FE00h [ON] -- S.M.A.R.T. -------------------------------------------------------------- ID Cur Wor Thr RawValues(6) Attribute Name 01 117 _99 __6 00000017BC67 Lesefehlerrate 03 _98 _97 __0 000000000000 Mittlere Anlaufzeit 04 _90 _90 _20 00000000287F Start/Stopp-Zyklen der Spindel 05 100 100 _36 000000000000 Wiederzugewiesene Sektoren 07 _87 _60 _30 0000206B0D84 Suchfehler 09 _91 _91 __0 00000000202C Betriebsstunden 0A 100 100 _97 000000000000 Misslungene Spindelanläufe 0C _95 _95 _20 000000001443 Geräte-Einschaltvorgänge B7 100 100 __0 000000000000 Herstellerspezifisch B8 100 100 _99 000000000000 Ende-zu-Ende-Fehler BB 100 100 __0 000000000000 Gemeldete unkorrigierbare Fehler BC 100 _99 __0 00000000002C Befehlszeitüberschreitung BD 100 100 __0 000000000000 Übergeordnete Schreibvorgänge BE _72 _62 _45 00001C14001C Luftstromtemperatur C2 _28 _40 __0 00100000001C Temperatur C3 _50 _33 __0 00000017BC67 Hardware-ECC wiederhergestellt C5 100 100 __0 000000000000 Aktuell ausstehende Sektoren C6 100 100 __0 000000000000 Nicht korrigierbare Sektoren C7 200 200 __0 000000000000 UltraDMA-CRC-Fehler F0 100 253 __0 EED70000538F Kopfpositionierungszeit F1 100 253 __0 0000A05112FA LBA geschrieben (gesamt) F2 100 253 __0 00002EE9AB3A LBA gelesen (gesamt) -- IDENTIFY_DEVICE --------------------------------------------------------- 0 1 2 3 4 5 6 7 8 9 000: 0C5A 3FFF C837 0010 0000 0000 003F 0000 0000 0000 010: 2020 2020 2020 2020 2020 2020 3656 4D42 4333 445A 020: 0000 8000 0004 4343 3338 2020 2020 5354 3335 3030 030: 3431 3841 5320 2020 2020 2020 2020 2020 2020 2020 040: 2020 2020 2020 2020 2020 2020 2020 8010 0000 2F00 050: 4000 0200 0200 0007 3FFF 0010 003F FC10 00FB 0110 060: FFFF 0FFF 0000 0007 0003 0078 0078 0078 0078 0000 070: 0000 0000 0000 0000 0000 001F 0506 0000 0048 0040 080: 01F0 0029 346B 7F01 4163 3469 BE01 4163 407F 0028 090: 0028 0000 FFFE 0000 FE00 0000 0000 0000 0000 0000 100: 6030 3A38 0000 0000 0000 0000 0000 0000 5000 C500 110: 1F3D 9B75 0000 0000 0000 0000 0000 0000 0000 401E 120: 401C 0000 0000 0000 0000 0000 0000 0000 0029 6030 130: 3A38 6030 3A38 2020 0002 0140 0100 5000 3C06 3C0A 140: 0000 003C 0000 0008 0000 0000 004F 0280 0000 0000 150: 0008 0000 0000 0000 0000 0000 0000 0000 3F00 9800 160: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 170: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 180: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 190: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 200: 0000 0000 0000 0000 0000 0000 103F 0000 0000 0000 210: 0000 0000 0000 0000 0000 0000 0000 1C20 0000 0000 220: 0000 0000 1010 0000 0000 0000 0000 0000 0000 0000 230: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 240: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 250: 0000 0000 0000 0000 0000 E2A5 -- SMART_READ_DATA --------------------------------------------------------- +0 +1 +2 +3 +4 +5 +6 +7 +8 +9 +A +B +C +D +E +F 000: 0A 00 01 0F 00 75 63 67 BC 17 00 00 00 00 03 03 010: 00 62 61 00 00 00 00 00 00 00 04 32 00 5A 5A 7F 020: 28 00 00 00 00 00 05 33 00 64 64 00 00 00 00 00 030: 00 00 07 0F 00 57 3C 84 0D 6B 20 00 00 00 09 32 040: 00 5B 5B 2C 20 00 00 00 00 00 0A 13 00 64 64 00 050: 00 00 00 00 00 00 0C 32 00 5F 5F 43 14 00 00 00 060: 00 00 B7 32 00 64 64 00 00 00 00 00 00 00 B8 32 070: 00 64 64 00 00 00 00 00 00 00 BB 32 00 64 64 00 080: 00 00 00 00 00 00 BC 32 00 64 63 2C 00 00 00 00 090: 00 00 BD 3A 00 64 64 00 00 00 00 00 00 00 BE 22 0A0: 00 48 3E 1C 00 14 1C 00 00 00 C2 22 00 1C 28 1C 0B0: 00 00 00 10 00 00 C3 1A 00 32 21 67 BC 17 00 00 0C0: 00 00 C5 12 00 64 64 00 00 00 00 00 00 00 C6 10 0D0: 00 64 64 00 00 00 00 00 00 00 C7 3E 00 C8 C8 00 0E0: 00 00 00 00 00 00 F0 00 00 64 FD 8F 53 00 00 D7 0F0: EE 17 F1 00 00 64 FD FA 12 51 A0 00 00 00 F2 00 100: 00 64 FD 3A AB E9 2E 00 00 00 00 00 00 00 00 00 110: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 120: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 130: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 140: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 150: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 160: 00 00 00 00 00 00 00 00 00 00 82 00 58 02 00 7B 170: 03 00 01 00 01 56 02 00 00 00 00 00 00 00 00 00 180: 00 00 00 00 98 02 00 00 02 03 03 02 03 02 03 03 190: 03 00 00 00 00 00 00 00 00 01 00 00 00 00 00 00 1A0: 00 00 00 00 00 00 00 00 29 49 D9 D1 FA 1A 00 00 1B0: 00 00 00 00 01 00 3F 00 FA 12 51 A0 72 00 00 00 1C0: 3A AB E9 2E DF 0F 00 00 00 00 00 00 47 8F 00 00 1D0: 00 00 00 02 00 00 00 00 67 1D 00 00 25 00 03 00 1E0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0A 1F0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 DB -- SMART_READ_THRESHOLD ---------------------------------------------------- +0 +1 +2 +3 +4 +5 +6 +7 +8 +9 +A +B +C +D +E +F 000: 01 00 01 06 00 00 00 00 00 00 00 00 00 00 03 00 010: 00 00 00 00 00 00 00 00 00 00 04 14 00 00 00 00 020: 00 00 00 00 00 00 05 24 00 00 00 00 00 00 00 00 030: 00 00 07 1E 00 00 00 00 00 00 00 00 00 00 09 00 040: 00 00 00 00 00 00 00 00 00 00 0A 61 00 00 00 00 050: 00 00 00 00 00 00 0C 14 00 00 00 00 00 00 00 00 060: 00 00 B7 00 00 00 00 00 00 00 00 00 00 00 B8 63 070: 00 00 00 00 00 00 00 00 00 00 BB 00 00 00 00 00 080: 00 00 00 00 00 00 BC 00 00 00 00 00 00 00 00 00 090: 00 00 BD 00 00 00 00 00 00 00 00 00 00 00 BE 2D 0A0: 00 00 00 00 00 00 00 00 00 00 C2 00 00 00 00 00 0B0: 00 00 00 00 00 00 C3 00 00 00 00 00 00 00 00 00 0C0: 00 00 C5 00 00 00 00 00 00 00 00 00 00 00 C6 00 0D0: 00 00 00 00 00 00 00 00 00 00 C7 00 00 00 00 00 0E0: 00 00 00 00 00 00 F0 00 00 00 00 00 00 00 00 00 0F0: 00 00 F1 00 00 00 00 00 00 00 00 00 00 00 F2 00 100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 110: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 120: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 130: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 140: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 150: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 160: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 170: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 180: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 190: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 1A0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 1B0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 1C0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 1D0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 1E0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 1F0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 60 |
Themen zu PC stürzt regemäßig ab |
adobe, avg, browser, cursor, defender, desktop, explorer, firefox, flash player, format, google, hijack, hängt, mozilla, object, realtek, registry, scan, schutz, security, software, svchost.exe, usb, windows, windowstaste, winlogon.exe |