|
Plagegeister aller Art und deren Bekämpfung: Compatiybilitycheck.exeWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
28.05.2015, 12:24 | #1 |
| Compatiybilitycheck.exe Hallo liebes Trojanerboard- Team, ich hoffe Ihr könnt mir helfen. Ich habe seit geraumer Zeit Probleme mit der Datei Compatibilitycheck.exe. Sie taucht mehrfach im Task Manager auf und verschlingt meinen Arbeitsspeicher. Zudem scheint mein Internet grob verlangsamt und ich kann keine anderen Programme ausführen, weil neben dem Geschwindigkeitsproblem alles Geöffnete ständig minimiert wird. Ich habe den Thread hier im Forum gefunden und bereits alle Schritte (bis auf das posten der Log Dateien) durchgeführt aber ohne Ergebnis. Vielleichzt schaffen wir das ja zusammen, ich stehe echt auf dem Schlauch und das obwohl ich nicht wenig Ahnung von der Materie habe. LG und Danke schonmal Sep |
28.05.2015, 12:36 | #2 |
/// the machine /// TB-Ausbilder | Compatiybilitycheck.exe hi,
__________________Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST 32-Bit | FRST 64-Bit (Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ |
28.05.2015, 12:52 | #3 |
| Compatiybilitycheck.exe Wow, das ging fix
__________________So hier die FRST.txt Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 27-05-2015 01 Ran by Nutzer (administrator) on LUCYNDE on 28-05-2015 13:43:59 Running from C:\Users\Nutzer\Desktop Loaded Profiles: Nutzer (Available Profiles: Nutzer & Helena) Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AMD) C:\Windows\System32\atiesrxx.exe (Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe (AMD) C:\Windows\System32\atieclxx.exe (Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (Foxit Software Inc.) C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe (Hi-Rez Studios) D:\GameDIR\SMITE\HiPatchService.exe () C:\Windows\SysWOW64\PnkBstrA.exe (Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe (Sophos Limited) C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe (Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe (Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe () C:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitychecksvc.exe (VIA Technologies, Inc.) C:\Windows\System32\ViakaraokeSrv.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe (Sophos Limited) C:\Program Files (x86)\Sophos\AutoUpdate\ALMon.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe () C:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe () C:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe () C:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe () C:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe (Opera Software) C:\Program Files (x86)\Opera\launcher.exe () C:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe () C:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe () C:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe () C:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe () C:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe () C:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe () C:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe () C:\Program Files (x86)\Opera\29.0.1795.60\opera_autoupdate.exe () C:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe () C:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642808 2012-12-19] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [Sophos AutoUpdate Monitor] => C:\Program Files (x86)\Sophos\AutoUpdate\almon.exe [1593640 2015-05-07] (Sophos Limited) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated) HKLM\...\Winlogon: [Userinit] C:\Windows\SysWOW64\userinit.exe, Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X] HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox] C:\$Recycle.Bin\S-1-5-18\$0960991a520af2ec4086eba6cdaf280d\n. ATTENTION! ====> ZeroAccess? HKU\S-1-5-21-3323010747-2788445057-3376602549-1000\...\Policies\system: [EnableLUA] 1 HKU\S-1-5-21-3323010747-2788445057-3376602549-1000\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1 HKU\S-1-5-21-3323010747-2788445057-3376602549-1000\...\Policies\Explorer: [HideSCAHealth] 1 HKU\S-1-5-21-3323010747-2788445057-3376602549-1000\...\Policies\Explorer: [DisallowRun] 1 HKU\S-1-5-21-3323010747-2788445057-3376602549-1000\...\Policies\Explorer: [1 compatibilitycheck.exe] HKU\S-1-5-21-3323010747-2788445057-3376602549-1000\...\Policies\Explorer: [2 db88.exe] HKU\S-1-5-21-3323010747-2788445057-3376602549-1000\...\Policies\Explorer: [3 UCV.exe] HKU\S-1-5-21-3323010747-2788445057-3376602549-1000\...\Policies\Explorer: [4 UCV.tmp] HKU\S-1-5-21-3323010747-2788445057-3376602549-1000\...\Policies\Explorer: [5 vcredist_x86.exe] HKU\S-1-5-21-3323010747-2788445057-3376602549-1000\...\MountPoints2: {0e33761e-a32b-11e1-aac6-0017ad12cbe8} - H:\Startme.exe HKU\S-1-5-21-3323010747-2788445057-3376602549-1000\...\MountPoints2: {62e96948-c0f8-11e0-84bc-002522a104df} - I:\ZTE_Handset_USB_Driver.exe HKU\S-1-5-21-3323010747-2788445057-3376602549-1000\...\MountPoints2: {99ae0261-c59c-11e0-8ef6-0016383a2a6e} - F:\SETUP.EXE HKU\S-1-5-21-3323010747-2788445057-3376602549-1000\...\MountPoints2: {bdf4d765-a930-11e2-9b99-0017ad12cbe8} - H:\HTC_Sync_Manager_PC.exe HKU\S-1-5-21-3323010747-2788445057-3376602549-1000\...\Winlogon: [Shell] explorer.exe, "C:\Users\Nutzer\AppData\Roaming\Microsoft\Windows\msshell.exe" <==== ATTENTION HKU\S-1-5-21-3323010747-2788445057-3376602549-1000\...409d6c4515e9\InprocServer32: [Default-shell32] <==== ATTENTION! AppInit_DLLs: C:\PROGRA~2\Sophos\SOPHOS~1\SOPHOS~2.DLL => C:\Program Files (x86)\Sophos\Sophos Anti-Virus\sophos_detoured_x64.dll [217672 2015-05-07] (Sophos Limited) AppInit_DLLs-x32: C:\PROGRA~2\Sophos\SOPHOS~1\SOPHOS~1.DLL => C:\Program Files (x86)\Sophos\Sophos Anti-Virus\sophos_detoured.dll [275352 2015-05-07] (Sophos Limited) Lsa: [Notification Packages] scecli C:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll BootExecute: autocheck autochk * sdnclean64.exe ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com HKU\S-1-5-21-3323010747-2788445057-3376602549-1000\Software\Microsoft\Internet Explorer\Main,Start Page = HKU\S-1-5-21-3323010747-2788445057-3376602549-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll [2012-02-13] (Advanced Micro Devices) BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation) BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation) BHO-x32: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll [2012-02-13] (Advanced Micro Devices) BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-01-26] (Oracle Corporation) BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-26] (Oracle Corporation) Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-07] (Advanced Micro Devices) Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll [2011-06-07] (Advanced Micro Devices) Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-07] (Advanced Micro Devices) Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll [2011-06-07] (Advanced Micro Devices) Winsock: Catalog9 01 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [126760 2012-10-04] (Sophos Limited) Winsock: Catalog9 02 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [126760 2012-10-04] (Sophos Limited) Winsock: Catalog9 03 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [126760 2012-10-04] (Sophos Limited) Winsock: Catalog9 04 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [126760 2012-10-04] (Sophos Limited) Winsock: Catalog9 05 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [126760 2012-10-04] (Sophos Limited) Winsock: Catalog9 06 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [126760 2012-10-04] (Sophos Limited) Winsock: Catalog9 07 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [126760 2012-10-04] (Sophos Limited) Winsock: Catalog9 08 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [126760 2012-10-04] (Sophos Limited) Winsock: Catalog9 22 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [126760 2012-10-04] (Sophos Limited) Winsock: Catalog9-x64 01 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [173864 2012-10-04] (Sophos Limited) Winsock: Catalog9-x64 02 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [173864 2012-10-04] (Sophos Limited) Winsock: Catalog9-x64 03 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [173864 2012-10-04] (Sophos Limited) Winsock: Catalog9-x64 04 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [173864 2012-10-04] (Sophos Limited) Winsock: Catalog9-x64 05 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [173864 2012-10-04] (Sophos Limited) Winsock: Catalog9-x64 06 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [173864 2012-10-04] (Sophos Limited) Winsock: Catalog9-x64 07 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [173864 2012-10-04] (Sophos Limited) Winsock: Catalog9-x64 08 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [173864 2012-10-04] (Sophos Limited) Winsock: Catalog9-x64 22 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [173864 2012-10-04] (Sophos Limited) Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 FireFox: ======== FF ProfilePath: C:\Users\Nutzer\AppData\Roaming\Mozilla\Firefox\Profiles\aipr1e7v.default-1347110546619 FF NewTab: chrome://unitedtb/content/newtab/newtab-page.xhtml FF Homepage: hxxp://www.google.de FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-04-15] () FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll No File FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-15] () FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2014-11-18] (Foxit Corporation) FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-01-26] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-26] (Oracle Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation) FF Plugin-x32: @nexon.net/NxGame -> C:\ProgramData\NexonUS\NGM\npNxGameUS.dll [2014-02-06] (Nexon) FF Plugin-x32: @ngm.nexoneu.com/NxGame -> C:\ProgramData\NexonEU\NGM\npNxGameEU.dll [2014-02-06] (Nexon) FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [2013-03-26] (Pando Networks) FF Plugin-x32: @SonyCreativeSoftware.com/Media Go,version=1.0 -> C:\Program Files (x86)\Sony\Media Go\npmediago.dll [2012-02-03] (Sony Network Entertainment International LLC) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-18] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-18] (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=1.1.11 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2011-07-14] (the VideoLAN Team) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-05-01] (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-3323010747-2788445057-3376602549-1000: pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [2013-03-26] (Pando Networks) FF Plugin HKU\S-1-5-21-3323010747-2788445057-3376602549-1000: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll No File FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-05-01] (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2011-09-17] (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2011-09-17] (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2011-09-17] (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2011-09-17] (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2011-09-17] (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll [2011-09-17] (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll [2011-09-17] (Apple Inc.) FF Extension: Ghostery - C:\Users\Nutzer\AppData\Roaming\Mozilla\Firefox\Profiles\aipr1e7v.default-1347110546619\Extensions\firefox@ghostery.com.xpi [2015-01-23] FF Extension: Video DownloadHelper - C:\Users\Nutzer\AppData\Roaming\Mozilla\Firefox\Profiles\aipr1e7v.default-1347110546619\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2015-03-14] FF Extension: {c2255ecc-6835-4084-8f2b-08ccd0ac4e73} - C:\Users\Nutzer\AppData\Roaming\Mozilla\Firefox\Profiles\aipr1e7v.default-1347110546619\Extensions\{c2255ecc-6835-4084-8f2b-08ccd0ac4e73}.xpi [2015-03-10] FF Extension: skype converter - C:\Users\Nutzer\AppData\Roaming\Mozilla\Firefox\Profiles\aipr1e7v.default-1347110546619\Extensions\{cc6cc534-0a92-464a-91be-f27f39fe75fa}.xpi [2015-04-29] FF Extension: Adblock Plus - C:\Users\Nutzer\AppData\Roaming\Mozilla\Firefox\Profiles\aipr1e7v.default-1347110546619\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-01-17] FF Extension: UITBAutoInstaller - C:\Program Files (x86)\Mozilla Firefox\distribution\bundles\{edd7fc99-d65c-4979-85c2-ddeed30c50c7} [2015-05-26] Chrome: ======= CHR StartupUrls: Default -> "hxxp://www.google.com/" CHR Profile: C:\Users\Nutzer\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Drive) - C:\Users\Nutzer\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-07-05] CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Nutzer\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-24] CHR Extension: (YouTube) - C:\Users\Nutzer\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-07-05] CHR Extension: (Google Search) - C:\Users\Nutzer\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-07-05] CHR Extension: (Google Wallet) - C:\Users\Nutzer\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-07-08] CHR Extension: (Gmail) - C:\Users\Nutzer\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-07-05] CHR HKLM-x32\...\Chrome\Extension: [ocbnpbkmjpgbdcgiflkgkpnkinifpgpj] - C:\Users\Nutzer\ChromeExtensions\ocbnpbkmjpgbdcgiflkgkpnkinifpgpj\amazon-icon-2.crx [2015-03-10] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-12-19] (Advanced Micro Devices, Inc.) [File not signed] R2 DiagTrack; C:\Windows\system32\diagtrack.dll [1254400 2015-04-27] (Microsoft Corporation) S3 EasyAntiCheat; C:\Windows\SysWOW64\EasyAntiCheat.exe [237864 2015-03-20] (EasyAntiCheat Ltd) R2 FoxitCloudUpdateService; C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\Foxit Cloud\FCUpdateService.exe [243880 2015-02-13] (Foxit Software Inc.) R2 HiPatchService; D:\GameDIR\SMITE\HiPatchService.exe [9216 2015-02-24] (Hi-Rez Studios) [File not signed] S2 KMService; C:\Windows\SysWOW64\srvany.exe [8192 2003-04-18] () [File not signed] S3 OpenVPNService; C:\Program Files (x86)\OpenVPN\bin\openvpnserv.exe [36352 2010-11-08] () [File not signed] R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [75136 2013-12-29] () R2 SAVAdminService; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe [288552 2015-05-07] (Sophos Limited) R2 SAVService; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe [208168 2015-05-07] (Sophos Limited) R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.) R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.) S2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.) R2 Sophos AutoUpdate Service; C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe [340776 2015-05-07] (Sophos Limited) R2 Sophos Web Control Service; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe [341800 2015-05-07] (Sophos Limited) R2 swi_service; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe [3278632 2015-05-07] (Sophos Limited) S2 swi_update_64; C:\ProgramData\Sophos\Web Intelligence\swi_update_64.exe [2081064 2015-05-07] (Sophos Limited) S3 TunngleService; C:\Program Files (x86)\Tunngle\TnglCtrl.exe [762320 2015-01-17] (Tunngle.net GmbH) R2 Verifies software is compatible; C:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitychecksvc.exe [99496 2015-04-20] () [File not signed] R2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27768 2012-12-12] (VIA Technologies, Inc.) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R3 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-10-31] (Disc Soft Ltd) R3 SaiK0CD5; C:\Windows\System32\DRIVERS\SaiK0CD5.sys [183104 2011-09-20] (Saitek) R3 SaiMini; C:\Windows\System32\DRIVERS\SaiMini.sys [24680 2012-06-26] (Saitek) R3 SaiNtBus; C:\Windows\System32\drivers\SaiBus.sys [52200 2012-06-26] (Saitek) R3 SaiU0CD5; C:\Windows\System32\DRIVERS\SaiU0CD5.sys [47168 2011-09-20] (Saitek) R1 SAVOnAccess; C:\Windows\System32\DRIVERS\savonaccess.sys [158976 2015-05-07] (Sophos Limited) S3 sdcfilter; C:\Windows\System32\DRIVERS\sdcfilter.sys [38144 2015-05-07] (Sophos Limited) S4 SophosBootDriver; C:\Windows\System32\DRIVERS\SophosBootDriver.sys [27904 2015-05-07] (Sophos Limited) S4 sptd; C:\Windows\System32\Drivers\sptd.sys [386680 2014-08-10] (Duplex Secure Ltd.) S2 tandpl; C:\Windows\SysWOW64\drivers\tandpl.sys [4736 2003-04-19] () [File not signed] R3 tap0901t; C:\Windows\System32\DRIVERS\tap0901t.sys [31232 2009-09-16] (Tunngle.net) S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [51712 2011-05-10] (Apple, Inc.) [File not signed] S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X] S3 pccsmcfd; system32\DRIVERS\pccsmcfdx64.sys [X] S3 usj; \??\D:\GameDIR\EdenEternal\avital\ussjcs64.sys [X] U2 wscsvc; No ImagePath S3 xhunter1; \??\C:\Windows\xhunter1.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-05-28 13:43 - 2015-05-28 13:47 - 00023839 _____ () C:\Users\Nutzer\Desktop\FRST.txt 2015-05-28 13:43 - 2015-05-28 13:44 - 00000000 ____D () C:\FRST 2015-05-28 13:35 - 2015-05-28 13:35 - 00000654 _____ () C:\Users\Nutzer\Desktop\defogger_disable.log 2015-05-28 13:35 - 2015-05-28 13:35 - 00000188 _____ () C:\Users\Nutzer\defogger_reenable 2015-05-28 13:33 - 2015-05-28 13:33 - 00050477 _____ () C:\Users\Nutzer\Desktop\Defogger.exe 2015-05-28 13:31 - 2015-05-28 13:31 - 02108928 _____ (Farbar) C:\Users\Nutzer\Desktop\FRST64.exe 2015-05-27 20:13 - 2015-05-27 20:13 - 00002104 _____ () C:\Windows\DPINST.LOG 2015-05-27 17:11 - 2015-05-27 17:11 - 00001947 _____ () C:\Users\Nutzer\Desktop\JRT.txt 2015-05-27 17:08 - 2015-05-27 17:08 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-LUCYNDE-Windows-7-Home-Premium-(64-bit).dat 2015-05-27 17:08 - 2015-05-27 17:08 - 00000000 ____D () C:\RegBackup 2015-05-27 17:05 - 2015-05-27 17:05 - 02946603 _____ (Thisisu) C:\Users\Nutzer\Downloads\JRT.exe 2015-05-27 17:05 - 2015-03-02 14:21 - 00000000 ____D () C:\Users\Nutzer\Desktop\VA-Future_Trance_Vol.71-3CD-2015-VOiCE 2015-05-27 16:55 - 2015-05-27 16:57 - 00000000 ____D () C:\Users\Nutzer\Desktop\Games 2015-05-27 16:45 - 2015-05-28 13:37 - 00001016 _____ () C:\Windows\PFRO.log 2015-05-27 16:28 - 2015-05-27 16:29 - 02223104 _____ () C:\Users\Nutzer\Downloads\adwcleaner_4.205.exe 2015-05-26 14:13 - 2015-05-26 14:14 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2015-05-24 13:12 - 2015-05-27 16:44 - 00000000 ____D () C:\AdwCleaner 2015-05-18 07:55 - 2015-05-18 07:55 - 00000000 ____D () C:\Windows\SysWOW64\%LOCALAPPDATA% 2015-05-17 12:01 - 2015-05-28 13:37 - 00001680 _____ () C:\Windows\setupact.log 2015-05-17 12:01 - 2015-05-17 12:01 - 00000000 _____ () C:\Windows\setuperr.log 2015-05-16 13:32 - 2015-05-28 13:48 - 00000112 _____ () C:\ProgramData\QUX80go.dat 2015-05-16 13:30 - 2015-05-16 13:30 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Adobe 2015-05-16 13:30 - 2015-05-16 13:30 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Adobe 2015-05-16 13:27 - 2015-05-28 13:42 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Compatibility Verifier 2015-05-16 13:27 - 2015-05-28 13:42 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Compatibility Verifier 2015-05-16 13:11 - 2015-05-16 13:11 - 00000000 ____D () C:\DAEMON Tools Lite 2015-05-13 16:46 - 2015-05-01 15:17 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll 2015-05-13 16:46 - 2015-05-01 15:16 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll 2015-05-13 12:24 - 2015-05-05 05:43 - 00342528 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2015-05-13 12:24 - 2015-05-05 05:27 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2015-05-13 12:24 - 2015-04-22 04:28 - 00389840 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2015-05-13 12:24 - 2015-04-22 03:48 - 00342736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2015-05-13 12:24 - 2015-04-21 19:14 - 24971776 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2015-05-13 12:24 - 2015-04-21 19:08 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2015-05-13 12:24 - 2015-04-21 19:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2015-05-13 12:24 - 2015-04-21 18:51 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2015-05-13 12:24 - 2015-04-21 18:50 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2015-05-13 12:24 - 2015-04-21 18:50 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec 2015-05-13 12:24 - 2015-04-21 18:50 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2015-05-13 12:24 - 2015-04-21 18:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2015-05-13 12:24 - 2015-04-21 18:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2015-05-13 12:24 - 2015-04-21 18:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2015-05-13 12:24 - 2015-04-21 18:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2015-05-13 12:24 - 2015-04-21 18:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2015-05-13 12:24 - 2015-04-21 18:35 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2015-05-13 12:24 - 2015-04-21 18:35 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2015-05-13 12:24 - 2015-04-21 18:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2015-05-13 12:24 - 2015-04-21 18:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2015-05-13 12:24 - 2015-04-21 18:31 - 06025728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2015-05-13 12:24 - 2015-04-21 18:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2015-05-13 12:24 - 2015-04-21 18:25 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2015-05-13 12:24 - 2015-04-21 18:24 - 19691008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2015-05-13 12:24 - 2015-04-21 18:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2015-05-13 12:24 - 2015-04-21 18:14 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2015-05-13 12:24 - 2015-04-21 18:11 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2015-05-13 12:24 - 2015-04-21 18:11 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2015-05-13 12:24 - 2015-04-21 18:10 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2015-05-13 12:24 - 2015-04-21 18:09 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec 2015-05-13 12:24 - 2015-04-21 18:09 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2015-05-13 12:24 - 2015-04-21 18:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2015-05-13 12:24 - 2015-04-21 18:08 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2015-05-13 12:24 - 2015-04-21 18:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2015-05-13 12:24 - 2015-04-21 18:04 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2015-05-13 12:24 - 2015-04-21 18:03 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2015-05-13 12:24 - 2015-04-21 18:02 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2015-05-13 12:24 - 2015-04-21 18:00 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2015-05-13 12:24 - 2015-04-21 17:58 - 00664576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2015-05-13 12:24 - 2015-04-21 17:58 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2015-05-13 12:24 - 2015-04-21 17:57 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2015-05-13 12:24 - 2015-04-21 17:49 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2015-05-13 12:24 - 2015-04-21 17:49 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2015-05-13 12:24 - 2015-04-21 17:48 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2015-05-13 12:24 - 2015-04-21 17:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2015-05-13 12:24 - 2015-04-21 17:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2015-05-13 12:24 - 2015-04-21 17:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2015-05-13 12:24 - 2015-04-21 17:40 - 14401536 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2015-05-13 12:24 - 2015-04-21 17:39 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2015-05-13 12:24 - 2015-04-21 17:38 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2015-05-13 12:24 - 2015-04-21 17:36 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2015-05-13 12:24 - 2015-04-21 17:31 - 04305920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2015-05-13 12:24 - 2015-04-21 17:27 - 02352128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2015-05-13 12:24 - 2015-04-21 17:26 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2015-05-13 12:24 - 2015-04-21 17:25 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2015-05-13 12:24 - 2015-04-21 17:24 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2015-05-13 12:24 - 2015-04-21 17:17 - 12828672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2015-05-13 12:24 - 2015-04-21 17:15 - 01547264 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2015-05-13 12:24 - 2015-04-21 17:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2015-05-13 12:24 - 2015-04-21 17:02 - 01882112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2015-05-13 12:24 - 2015-04-21 16:58 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2015-05-13 12:24 - 2015-04-21 16:56 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2015-05-13 12:23 - 2015-04-27 21:23 - 01254400 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll 2015-05-13 12:23 - 2015-04-27 21:23 - 00113664 _____ (Microsoft Corporation) C:\Windows\system32\sechost.dll 2015-05-13 12:23 - 2015-04-27 21:22 - 05550016 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2015-05-13 12:23 - 2015-04-27 21:22 - 00706496 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi 2015-05-13 12:23 - 2015-04-27 21:22 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\tracerpt.exe 2015-05-13 12:23 - 2015-04-27 21:22 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys 2015-05-13 12:23 - 2015-04-27 21:22 - 00104448 _____ (Microsoft Corporation) C:\Windows\system32\logman.exe 2015-05-13 12:23 - 2015-04-27 21:22 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys 2015-05-13 12:23 - 2015-04-27 21:22 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\typeperf.exe 2015-05-13 12:23 - 2015-04-27 21:22 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\relog.exe 2015-05-13 12:23 - 2015-04-27 21:22 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\diskperf.exe 2015-05-13 12:23 - 2015-04-27 21:20 - 01728960 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll 2015-05-13 12:23 - 2015-04-27 21:20 - 00631384 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi 2015-05-13 12:23 - 2015-04-27 21:18 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll 2015-05-13 12:23 - 2015-04-27 21:18 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll 2015-05-13 12:23 - 2015-04-27 21:18 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll 2015-05-13 12:23 - 2015-04-27 21:17 - 01464832 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2015-05-13 12:23 - 2015-04-27 21:17 - 01163776 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll 2015-05-13 12:23 - 2015-04-27 21:17 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll 2015-05-13 12:23 - 2015-04-27 21:17 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll 2015-05-13 12:23 - 2015-04-27 21:17 - 00729600 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2015-05-13 12:23 - 2015-04-27 21:17 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll 2015-05-13 12:23 - 2015-04-27 21:17 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll 2015-05-13 12:23 - 2015-04-27 21:17 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll 2015-05-13 12:23 - 2015-04-27 21:17 - 00316416 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll 2015-05-13 12:23 - 2015-04-27 21:17 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll 2015-05-13 12:23 - 2015-04-27 21:17 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe 2015-05-13 12:23 - 2015-04-27 21:17 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll 2015-05-13 12:23 - 2015-04-27 21:17 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll 2015-05-13 12:23 - 2015-04-27 21:17 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll 2015-05-13 12:23 - 2015-04-27 21:17 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe 2015-05-13 12:23 - 2015-04-27 21:17 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll 2015-05-13 12:23 - 2015-04-27 21:17 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll 2015-05-13 12:23 - 2015-04-27 21:17 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll 2015-05-13 12:23 - 2015-04-27 21:17 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll 2015-05-13 12:23 - 2015-04-27 21:17 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll 2015-05-13 12:23 - 2015-04-27 21:17 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll 2015-05-13 12:23 - 2015-04-27 21:17 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll 2015-05-13 12:23 - 2015-04-27 21:17 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll 2015-05-13 12:23 - 2015-04-27 21:17 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll 2015-05-13 12:23 - 2015-04-27 21:17 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll 2015-05-13 12:23 - 2015-04-27 21:16 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe 2015-05-13 12:23 - 2015-04-27 21:16 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe 2015-05-13 12:23 - 2015-04-27 21:16 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe 2015-05-13 12:23 - 2015-04-27 21:16 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe 2015-05-13 12:23 - 2015-04-27 21:16 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe 2015-05-13 12:23 - 2015-04-27 21:13 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll 2015-05-13 12:23 - 2015-04-27 21:12 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll 2015-05-13 12:23 - 2015-04-27 21:10 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll 2015-05-13 12:23 - 2015-04-27 21:10 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll 2015-05-13 12:23 - 2015-04-27 21:10 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll 2015-05-13 12:23 - 2015-04-27 21:10 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll 2015-05-13 12:23 - 2015-04-27 21:10 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll 2015-05-13 12:23 - 2015-04-27 21:10 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll 2015-05-13 12:23 - 2015-04-27 21:10 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll 2015-05-13 12:23 - 2015-04-27 21:10 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll 2015-05-13 12:23 - 2015-04-27 21:10 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll 2015-05-13 12:23 - 2015-04-27 21:10 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll 2015-05-13 12:23 - 2015-04-27 21:10 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll 2015-05-13 12:23 - 2015-04-27 21:10 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll 2015-05-13 12:23 - 2015-04-27 21:10 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll 2015-05-13 12:23 - 2015-04-27 21:10 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll 2015-05-13 12:23 - 2015-04-27 21:10 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll 2015-05-13 12:23 - 2015-04-27 21:10 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll 2015-05-13 12:23 - 2015-04-27 21:10 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll 2015-05-13 12:23 - 2015-04-27 21:10 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll 2015-05-13 12:23 - 2015-04-27 21:10 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll 2015-05-13 12:23 - 2015-04-27 21:10 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll 2015-05-13 12:23 - 2015-04-27 21:10 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll 2015-05-13 12:23 - 2015-04-27 21:10 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll 2015-05-13 12:23 - 2015-04-27 21:10 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll 2015-05-13 12:23 - 2015-04-27 21:10 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll 2015-05-13 12:23 - 2015-04-27 21:10 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll 2015-05-13 12:23 - 2015-04-27 21:10 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll 2015-05-13 12:23 - 2015-04-27 21:10 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll 2015-05-13 12:23 - 2015-04-27 21:10 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll 2015-05-13 12:23 - 2015-04-27 21:10 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll 2015-05-13 12:23 - 2015-04-27 21:10 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll 2015-05-13 12:23 - 2015-04-27 21:05 - 00092160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sechost.dll 2015-05-13 12:23 - 2015-04-27 21:04 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tracerpt.exe 2015-05-13 12:23 - 2015-04-27 21:04 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\logman.exe 2015-05-13 12:23 - 2015-04-27 21:04 - 00040448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\typeperf.exe 2015-05-13 12:23 - 2015-04-27 21:04 - 00037888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\relog.exe 2015-05-13 12:23 - 2015-04-27 21:03 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\diskperf.exe 2015-05-13 12:23 - 2015-04-27 21:01 - 03994560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe 2015-05-13 12:23 - 2015-04-27 21:01 - 03939264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe 2015-05-13 12:23 - 2015-04-27 20:58 - 01311256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll 2015-05-13 12:23 - 2015-04-27 20:56 - 00635392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll 2015-05-13 12:23 - 2015-04-27 20:56 - 00260096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll 2015-05-13 12:23 - 2015-04-27 20:56 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll 2015-05-13 12:23 - 2015-04-27 20:56 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll 2015-05-13 12:23 - 2015-04-27 20:56 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll 2015-05-13 12:23 - 2015-04-27 20:56 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll 2015-05-13 12:23 - 2015-04-27 20:56 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2015-05-13 12:23 - 2015-04-27 20:56 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll 2015-05-13 12:23 - 2015-04-27 20:55 - 00643072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll 2015-05-13 12:23 - 2015-04-27 20:55 - 00551424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll 2015-05-13 12:23 - 2015-04-27 20:55 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll 2015-05-13 12:23 - 2015-04-27 20:55 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll 2015-05-13 12:23 - 2015-04-27 20:55 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe 2015-05-13 12:23 - 2015-04-27 20:55 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe 2015-05-13 12:23 - 2015-04-27 20:55 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll 2015-05-13 12:23 - 2015-04-27 20:54 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll 2015-05-13 12:23 - 2015-04-27 20:54 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll 2015-05-13 12:23 - 2015-04-27 20:54 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll 2015-05-13 12:23 - 2015-04-27 20:54 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll 2015-05-13 12:23 - 2015-04-27 20:53 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll 2015-05-13 12:23 - 2015-04-27 20:53 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll 2015-05-13 12:23 - 2015-04-27 20:52 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll 2015-05-13 12:23 - 2015-04-27 20:52 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll 2015-05-13 12:23 - 2015-04-27 20:52 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll 2015-05-13 12:23 - 2015-04-27 20:52 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll 2015-05-13 12:23 - 2015-04-27 20:52 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll 2015-05-13 12:23 - 2015-04-27 20:52 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll 2015-05-13 12:23 - 2015-04-27 20:52 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll 2015-05-13 12:23 - 2015-04-27 20:52 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll 2015-05-13 12:23 - 2015-04-27 20:52 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll 2015-05-13 12:23 - 2015-04-27 20:52 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll 2015-05-13 12:23 - 2015-04-27 20:52 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll 2015-05-13 12:23 - 2015-04-27 20:52 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll 2015-05-13 12:23 - 2015-04-27 20:52 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll 2015-05-13 12:23 - 2015-04-27 20:52 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll 2015-05-13 12:23 - 2015-04-27 20:52 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll 2015-05-13 12:23 - 2015-04-27 20:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll 2015-05-13 12:23 - 2015-04-27 20:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll 2015-05-13 12:23 - 2015-04-27 20:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll 2015-05-13 12:23 - 2015-04-27 20:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll 2015-05-13 12:23 - 2015-04-27 20:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll 2015-05-13 12:23 - 2015-04-27 20:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll 2015-05-13 12:23 - 2015-04-27 20:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll 2015-05-13 12:23 - 2015-04-27 20:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll 2015-05-13 12:23 - 2015-04-27 20:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll 2015-05-13 12:23 - 2015-04-27 20:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll 2015-05-13 12:23 - 2015-04-27 20:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll 2015-05-13 12:23 - 2015-04-27 20:14 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys 2015-05-13 12:23 - 2015-04-27 20:06 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll 2015-05-13 12:23 - 2015-04-27 19:54 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe 2015-05-13 12:23 - 2015-04-27 19:54 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe 2015-05-13 12:23 - 2015-04-27 19:51 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll 2015-05-13 12:23 - 2015-04-27 19:51 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll 2015-05-13 12:23 - 2015-04-27 19:51 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll 2015-05-13 12:23 - 2015-04-27 19:51 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll 2015-05-13 12:23 - 2015-04-20 05:17 - 01647104 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll 2015-05-13 12:23 - 2015-04-20 05:17 - 01179136 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll 2015-05-13 12:23 - 2015-04-20 04:56 - 01250816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll 2015-05-13 12:23 - 2015-04-20 04:11 - 03204608 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2015-05-13 12:23 - 2015-04-13 05:28 - 00328704 _____ (Microsoft Corporation) C:\Windows\system32\services.exe 2015-05-13 12:23 - 2015-04-08 05:29 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll 2015-05-13 12:23 - 2015-04-08 05:29 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll 2015-05-13 12:23 - 2015-04-08 05:14 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll 2015-05-13 12:23 - 2015-03-19 01:39 - 00632984 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe 2015-05-13 12:23 - 2015-03-19 01:39 - 00546656 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe 2015-05-13 12:23 - 2015-01-29 05:19 - 02543104 _____ (Microsoft Corporation) C:\Windows\system32\wpdshext.dll 2015-05-13 12:23 - 2015-01-29 05:02 - 02311168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wpdshext.dll 2015-05-13 12:22 - 2015-03-04 06:41 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\apphelp.dll 2015-05-13 12:22 - 2015-03-04 06:41 - 00072192 _____ (Microsoft Corporation) C:\Windows\system32\aelupsvc.dll 2015-05-13 12:22 - 2015-03-04 06:41 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\sdbinst.exe 2015-05-13 12:22 - 2015-03-04 06:41 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\shimeng.dll 2015-05-13 12:22 - 2015-03-04 06:11 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shimeng.dll 2015-05-13 12:22 - 2015-03-04 06:10 - 00295936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apphelp.dll 2015-05-13 12:22 - 2015-03-04 06:10 - 00020992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sdbinst.exe 2015-05-13 12:22 - 2015-02-18 09:06 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe 2015-05-13 12:22 - 2015-02-18 09:04 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe 2015-05-07 16:04 - 2015-05-07 16:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos 2015-05-07 16:03 - 2015-05-07 16:00 - 00035624 _____ (Sophos Limited) C:\Windows\system32\SophosBootTasks.exe 2015-05-07 16:01 - 2015-05-07 16:01 - 00038144 _____ (Sophos Limited) C:\Windows\system32\Drivers\sdcfilter.sys 2015-05-07 16:01 - 2015-05-07 16:01 - 00027904 _____ (Sophos Limited) C:\Windows\system32\Drivers\SophosBootDriver.sys 2015-05-07 16:00 - 2015-05-07 16:00 - 00176120 _____ (Sophos Limited) C:\Windows\system32\sdccoinstaller.dll 2015-05-07 16:00 - 2015-05-07 16:00 - 00158976 _____ (Sophos Limited) C:\Windows\system32\Drivers\savonaccess.sys ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-05-28 13:45 - 2009-07-14 06:45 - 00028912 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-05-28 13:45 - 2009-07-14 06:45 - 00028912 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-05-28 13:41 - 2011-08-04 07:34 - 01528498 _____ () C:\Windows\WindowsUpdate.log 2015-05-28 13:40 - 2014-07-02 20:51 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-05-28 13:37 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2015-05-28 13:35 - 2011-08-04 07:44 - 00000000 ____D () C:\Users\Nutzer 2015-05-28 13:31 - 2012-03-30 10:49 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-05-28 13:30 - 2014-07-02 20:51 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-05-27 20:14 - 2012-06-29 00:35 - 00000000 ____D () C:\ProgramData\TEMP 2015-05-27 20:12 - 2014-12-17 19:34 - 00000000 ____D () C:\Users\Nutzer\Desktop\Coarce 2015-05-27 16:45 - 2012-05-26 23:29 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2015-05-27 16:30 - 2011-08-17 11:26 - 00000000 ____D () C:\Users\Nutzer\dwhelper 2015-05-27 14:50 - 2015-04-24 11:01 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox.bak 2015-05-27 14:42 - 2011-08-09 23:39 - 00000000 ____D () C:\Users\Nutzer\AppData\Local\CrashDumps 2015-05-26 12:45 - 2013-04-15 15:00 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk 2015-05-24 13:14 - 2012-05-26 23:29 - 00001072 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2015-05-24 13:14 - 2011-08-04 07:45 - 00001004 _____ () C:\Users\Nutzer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2015-05-20 15:31 - 2015-04-07 19:49 - 00000000 ___SD () C:\Windows\SysWOW64\GWX 2015-05-20 15:31 - 2015-04-07 19:49 - 00000000 ___SD () C:\Windows\system32\GWX 2015-05-20 12:27 - 2014-06-09 14:14 - 00003850 _____ () C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1379773154 2015-05-20 12:27 - 2013-09-21 16:19 - 00000000 ____D () C:\Program Files (x86)\Opera 2015-05-18 07:25 - 2014-07-02 20:51 - 00004106 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2015-05-18 07:25 - 2014-07-02 20:51 - 00003854 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2015-05-17 11:50 - 2014-11-21 17:45 - 00000000 ____D () C:\Users\Nutzer\AppData\Roaming\BitTorrent 2015-05-17 11:46 - 2014-08-17 23:41 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2 2015-05-17 10:50 - 2010-11-21 08:50 - 00710518 _____ () C:\Windows\system32\perfh007.dat 2015-05-17 10:50 - 2010-11-21 08:50 - 00154848 _____ () C:\Windows\system32\perfc007.dat 2015-05-17 10:50 - 2009-07-14 07:13 - 01651822 _____ () C:\Windows\system32\PerfStringBackup.INI 2015-05-16 13:28 - 2013-12-16 00:13 - 00000000 ____D () C:\ProgramData\Package Cache 2015-05-14 20:43 - 2011-08-12 20:57 - 00000000 ____D () C:\Users\Nutzer\Documents\My Games 2015-05-14 19:55 - 2014-08-11 17:37 - 00000000 ____D () C:\Users\Nutzer\AppData\Local\Battle.net 2015-05-14 18:51 - 2013-01-17 15:56 - 00412528 _____ () C:\Windows\system32\FNTCACHE.DAT 2015-05-14 18:47 - 2010-11-21 09:00 - 00000000 ____D () C:\Program Files\Windows Journal 2015-05-14 18:47 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\AdvancedInstallers 2015-05-13 17:04 - 2011-09-04 15:06 - 00000000 ____D () C:\ProgramData\Microsoft Help 2015-05-13 17:00 - 2013-07-16 17:37 - 00000000 ____D () C:\Windows\system32\MRT 2015-05-13 16:52 - 2011-08-06 13:21 - 140425016 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2015-05-13 16:46 - 2013-12-14 16:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight 2015-05-13 16:45 - 2013-12-14 16:50 - 00000000 ____D () C:\Program Files\Microsoft Silverlight 2015-05-13 16:45 - 2013-12-14 16:50 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight 2015-05-12 14:24 - 2014-08-11 17:37 - 00000000 ____D () C:\Program Files (x86)\Battle.net 2015-05-11 14:39 - 2015-03-29 15:34 - 00000000 ____D () C:\Users\Nutzer\AppData\Local\Songr 2015-05-08 12:28 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache 2015-05-07 16:05 - 2012-10-04 13:11 - 00000000 ____D () C:\Program Files (x86)\Sophos 2015-05-07 16:04 - 2012-10-04 13:11 - 00000000 ____D () C:\ProgramData\Sophos 2015-04-29 17:56 - 2014-11-23 20:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Final Fantasy VII 2015-04-29 17:56 - 2012-05-14 18:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diablo III 2015-04-29 11:06 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\AppCompat ==================== Files in the root of some directories ======= 2012-02-08 00:28 - 2012-02-29 00:33 - 0000065 _____ () C:\Users\Nutzer\AppData\Roaming\AcroIEHelpe.txt 2012-02-08 00:27 - 2012-02-29 00:33 - 0000080 _____ () C:\Users\Nutzer\AppData\Roaming\blckdom.res 2011-10-11 16:35 - 2011-10-11 16:35 - 0000000 _____ () C:\Users\Nutzer\AppData\Roaming\chrtmp 2013-12-09 18:45 - 2013-12-16 00:15 - 0016384 _____ (Sikandar's Lab) C:\Users\Nutzer\AppData\Roaming\ctfmon.exe 2011-08-07 15:09 - 2015-02-14 04:30 - 0015360 _____ () C:\Users\Nutzer\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2012-11-14 18:03 - 2012-11-14 18:03 - 0000094 _____ () C:\Users\Nutzer\AppData\Local\fusioncache.dat 2011-08-07 15:30 - 2011-08-07 15:30 - 0000017 _____ () C:\Users\Nutzer\AppData\Local\resmon.resmoncfg 2013-09-20 12:03 - 2013-09-20 12:03 - 0005082 _____ () C:\ProgramData\iqrjmdeq.fak 2015-05-16 13:32 - 2015-05-28 13:49 - 0000112 _____ () C:\ProgramData\QUX80go.dat ZeroAccess: C:\$Recycle.Bin\S-1-5-18\$0960991a520af2ec4086eba6cdaf280d ZeroAccess: C:\$Recycle.Bin\S-1-5-21-3323010747-2788445057-3376602549-1000\$0960991a520af2ec4086eba6cdaf280d Files to move or delete: ==================== C:\ProgramData\QUX80go.dat C:\Users\Nutzer\ecm.exe C:\Users\Nutzer\F.bat C:\Users\Nutzer\unecm.exe Some files in TEMP: ==================== C:\Users\Helena\AppData\Local\Temp\AskSLib.dll C:\Users\Helena\AppData\Local\Temp\Foxit Reader Updater.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-05-08 12:19 ==================== End of log ============================ Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 27-05-2015 01 Ran by Nutzer at 2015-05-28 13:50:12 Running from C:\Users\Nutzer\Desktop Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-3323010747-2788445057-3376602549-500 - Administrator - Disabled) ASPNET (S-1-5-21-3323010747-2788445057-3376602549-1020 - Limited - Enabled) Gast (S-1-5-21-3323010747-2788445057-3376602549-501 - Limited - Enabled) Helena (S-1-5-21-3323010747-2788445057-3376602549-1004 - Limited - Enabled) => C:\Users\Helena HomeGroupUser$ (S-1-5-21-3323010747-2788445057-3376602549-1003 - Limited - Enabled) Nutzer (S-1-5-21-3323010747-2788445057-3376602549-1000 - Administrator - Enabled) => C:\Users\Nutzer SophosSAULUCYNDE0 (S-1-5-21-3323010747-2788445057-3376602549-1017 - Limited - Enabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Avira Desktop (Enabled - Up to date) {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C} AS: Avira Desktop (Enabled - Up to date) {4D1AAC01-E68E-63B1-344F-57F1C6DA4691} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) „Der Herr der Ringe Online™“ v03.08.00.8025 (HKLM-x32\...\12bbe590-c890-11d9-9669-0800200c9a66_is1) (Version: 03.08.00.8025 - Turbine, Inc.) µTorrent (HKU\S-1-5-21-3323010747-2788445057-3376602549-1000\...\uTorrent) (Version: 3.4.2.34944 - BitTorrent Inc.) Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 13.0.0.83 - Adobe Systems Incorporated) Adobe Flash Player 17 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 17.0.0.169 - Adobe Systems Incorporated) Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.169 - Adobe Systems Incorporated) Adobe Reader XI (11.0.11) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.11 - Adobe Systems Incorporated) Advertising Center (x32 Version: 0.0.0.1 - Nero AG) Hidden Age of Empires II: HD Edition (HKLM-x32\...\Steam App 221380) (Version: - Hidden Path Entertainment, Ensemble Studios) Akamai NetSession Interface (HKU\S-1-5-21-3323010747-2788445057-3376602549-1000\...\Akamai) (Version: - Akamai Technologies, Inc) AMD Catalyst Install Manager (HKLM\...\{5E03A267-415E-5383-FA8F-3CE4145663B9}) (Version: 8.0.903.0 - Advanced Micro Devices, Inc.) ANSTOSS 3 (HKLM-x32\...\ANSTOSS 3_is1) (Version: - ) Apple Application Support (HKLM-x32\...\{B3575D00-27EF-49C2-B9E0-14B3D954E992}) (Version: 1.5.2 - Apple Inc.) Ashampoo Burning Studio FREE v.1.14.5 (HKLM-x32\...\{91B33C97-91F8-FFB3-581B-BC952C901685}_is1) (Version: 1.14.5 - Ashampoo GmbH & Co. KG) ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.10 - Michael Tippach) Assassin's Creed (HKLM-x32\...\{8CFA9151-6404-409A-AF22-4632D04582FD}) (Version: 1.00 - Ubisoft) Assassin's Creed (R) III (HKLM-x32\...\{9D15E813-0C26-41E7-ABC5-3EB06FF1B3CF}) (Version: 1.01 - Ubisoft) Assassin's Creed Brotherhood (HKLM-x32\...\{BE4BA698-8533-4F77-9559-C7F3F78C0B05}) (Version: 1.03 - Ubisoft) Assassin's Creed II (HKLM-x32\...\{8570BEE8-0CA3-4977-9AB1-80ED93F0513C}) (Version: 1.01 - Ubisoft) Assassin's Creed Revelations 1.03 (HKLM-x32\...\{33A22B2D-55BA-4508-B767-BF2E9C21A73F}) (Version: 1.03 - Ubisoft) Audacity 1.3.13 (Unicode) (HKLM-x32\...\Audacity 1.3 Beta (Unicode)_is1) (Version: - Audacity Team) Auslogics BoostSpeed (HKLM-x32\...\{7216871F-869E-437C-B9BF-2A13F2DCE63F}_is1) (Version: 5.2 - Auslogics Software Pty Ltd) Bandisoft MPEG-1 Decoder (HKLM-x32\...\BandiMPEG1) (Version: - ) Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment) Battlefield 1942 (HKLM-x32\...\{698D7E61-E4BF-4CA6-8A09-CF6BDBFDEF65}) (Version: - ) BitTorrent (HKU\S-1-5-21-3323010747-2788445057-3376602549-1000\...\BitTorrent) (Version: 7.9.3.40299 - BitTorrent Inc.) Borderlands 2 (HKLM-x32\...\Borderlands 2_is1) (Version: 1.8.0 - 2K Games) Brother MFL-Pro Suite DCP-7065DN (HKLM-x32\...\{3ACCCFB3-7B17-4E9F-ACB0-46868FCD4487}) (Version: 1.1.3.0 - Brother Industries, Ltd.) CCleaner (HKLM\...\CCleaner) (Version: 4.16 - Piriform) CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.4.4852 - CDBurnerXP) CDRWIN 9 (HKLM-x32\...\{23D4A973-14FF-474E-0001-6529DDC11226}) (Version: 9.0.11.304 - Engelmann Media GmbH) D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.49.1.0356 - Disc Soft Ltd) Dawn of War - Soulstorm (HKLM-x32\...\{20533183-D42D-4261-A125-956736FBEA8C}) (Version: 1.00.0000 - THQ) Dawn of War - Soulstorm (x32 Version: 1.00.0000 - THQ) Hidden DawnOfWar (HKLM-x32\...\InstallShield_{362D5167-9716-44BE-89FD-BF9EB6EF814B}) (Version: 1.00.00000 - THQ) DawnOfWar (x32 Version: 1.00.00000 - THQ) Hidden Diablo II (HKLM-x32\...\Diablo II) (Version: - ) Diablo III (HKLM-x32\...\Diablo III) (Version: - Blizzard Entertainment) DiRT 3 (x32 Version: 1.0.0001.130 - Codemasters) Hidden DolbyFiles (x32 Version: 2.0 - Nero AG) Hidden Dragon's Prophet (EU) (HKLM-x32\...\Steam App 259020) (Version: - ) EVEREST Home Edition v2.20 (HKLM-x32\...\EVEREST Home Edition_is1) (Version: 2.20 - Lavalys Inc) F.E.A.R. Online (HKLM-x32\...\Steam App 223650) (Version: - InPlay Interactive) Facebook Messenger 2.1.4814.0 (HKLM-x32\...\{7204BDEE-1A48-4D95-A964-44A9250B439E}) (Version: 2.1.4814.0 - Facebook) FIFA 13 (HKLM-x32\...\{A29E18C2-7AB1-4b6b-848C-5D5E2C85F0C0}) (Version: 1.1.0.0 - Electronic Arts) Final Fantasy VII (HKLM-x32\...\Final Fantasy VII) (Version: - ) FINAL FANTASY XIII (HKLM-x32\...\Steam App 292120) (Version: - SQUARE ENIX) FINAL FANTASY XIII-2 (HKLM-x32\...\Steam App 292140) (Version: - SQUARE ENIX) Fistful of Frags (HKLM-x32\...\Steam App 265630) (Version: - Fistful of Frags Team) FL Studio 10 (HKLM-x32\...\FL Studio 10) (Version: - Image-Line) Flixster (HKLM-x32\...\com.wb.DC2) (Version: 2.2.0 - Warner Bros. Entertainment, Inc.) Flixster (x32 Version: 2.2.0 - Warner Bros. Entertainment, Inc.) Hidden Fotogalerie (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Foxit Cloud (HKLM-x32\...\{41914D8B-9D6E-4764-A1F9-BC43FB6782C1}_is1) (Version: 2.8.49.213 - Foxit Software Inc.) Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 7.0.6.1126 - Foxit Software Inc.) Free Mp3 Wma Converter V 2.2 (HKLM-x32\...\Free Mp3 Wma Converter_is1) (Version: 2.2.0.0 - Koyote Soft) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 43.0.2357.81 - Google Inc.) Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden Hearthstone (HKLM-x32\...\Hearthstone) (Version: - Blizzard Entertainment) Hero Editor V0.96 (HKLM-x32\...\ST6UNST #1) (Version: - ) Hi-Rez Studios Authenticate and Update Service (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}) (Version: 3.0.0.0 - Hi-Rez Studios) Hydra VSTi/DXi v1.2 (HKLM-x32\...\SynapseHydra_is1) (Version: 1.2 - Synapse Audio Software) IBM SPSS Statistics 19 (HKLM\...\{06C43FAA-7226-41EF-A05E-9AE0AA849FFE}) (Version: 19.0.0 - SPSS Inc., an IBM Company) IL Download Manager (HKLM-x32\...\IL Download Manager) (Version: - Image-Line) ImagXpress (x32 Version: 7.0.74.0 - Nero AG) Hidden IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.35 - Irfan Skiljan) Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation) Java(TM) 6 Update 26 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216026FF}) (Version: 6.0.260 - Oracle) JavaFX 2.1.1 (HKLM-x32\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation) Kyocera Product Library (HKLM\...\Kyocera Product Library) (Version: 2.0.0713 - Kyocera Mita Corporation) LAME v3.98.3 for Audacity (HKLM-x32\...\LAME for Audacity_is1) (Version: - ) LameXP v4.07 (HKLM-x32\...\{FBD7A67D-D700-4043-B54F-DD106D00F308}) (Version: 4.07 Final-1 [Build #1286] - LoRd_MuldeR <mulder2@gmx.de>) League of Legends (HKLM-x32\...\{92606477-9366-4D3B-8AE3-6BE4B29727AB}) (Version: 1.3 - Riot Games) Left 4 Dead 2 (HKLM-x32\...\Steam App 550) (Version: - Valve) Media Go (HKLM-x32\...\{DBF1AE39-DA30-4B89-A7EB-3BDA675C5D9E}) (Version: 2.1.392 - Sony) Menu Templates - Starter Kit (x32 Version: 9.0.4.0 - Nero AG) Hidden Microsoft .NET Framework 1.1 (HKLM-x32\...\Microsoft .NET Framework 1.1 (1033)) (Version: - ) Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation) Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{F2508213-9989-4E85-A078-72BE483917EF}) (Version: 3.5.88.0 - Microsoft Corporation) Microsoft Games for Windows Marketplace (HKLM-x32\...\{4CB0307C-565E-4441-86BE-0DF2E4FB828C}) (Version: 3.5.50.0 - Microsoft Corporation) Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation) Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation) Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-007A-0407-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation) Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-3323010747-2788445057-3376602549-1000\...\OneDriveSetup.exe) (Version: 17.0.4035.0328 - Microsoft Corporation) Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit (HKLM-x32\...\{95140000-007D-0409-0000-0000000FF1CE}) (Version: 14.0.5120.5000 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable - KB2467175 (HKLM-x32\...\{a0fe116e-9a8a-466f-aee0-625cb7c207e3}) (Version: 8.0.51011 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{527BBE2F-1FED-3D8B-91CB-4DB0F838E69E}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{b341426f-8543-4e0d-96c3-e976f8ec5ab6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation) Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation) Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation) mini-KMS Activator 1.0.5.2 (HKLM-x32\...\mini-KMS Activator 1.0.5.2) (Version: - ) Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Mozilla Firefox 38.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 38.0.1 (x86 de)) (Version: 38.0.1 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla) Mozilla Thunderbird 31.4.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 31.4.0 (x86 de)) (Version: 31.4.0 - Mozilla) MSVC80_x64 (Version: 1.0.1.0 - Nokia) Hidden MSVC80_x64_v2 (Version: 1.0.3.0 - Nokia) Hidden MSVC80_x86 (x32 Version: 1.0.1.0 - Nokia) Hidden MSVC80_x86_v2 (x32 Version: 1.0.3.0 - Nokia) Hidden MSVC90_x64 (Version: 1.0.1.2 - Nokia) Hidden MSVC90_x86 (x32 Version: 1.0.1.2 - Nokia) Hidden MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) Nexon Game Manager (HKLM-x32\...\{EA2DB6E0-72C5-4ef9-A3A0-E6705F4A6A9E}) (Version: - ) Norton Bootable Recovery Tool Wizard (HKLM-x32\...\NBRTWizard) (Version: 4.5.0.34 - Symantec Corporation) NPC-Reconstruction Models Mod (HKLM-x32\...\{8F2FE985-BCA2-44B1-9D05-9853DF8DFE52}) (Version: 0.6 - United ODC Corporation) NVIDIA PhysX (HKLM-x32\...\{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}) (Version: 9.12.1031 - NVIDIA Corporation) NVIDIA WDM Drivers (HKLM-x32\...\{B023185F-F1EF-4F97-B0BD-AE6D802226D1}) (Version: - ) Ohm Force - Ohmicide VST (HKLM-x32\...\Ohmicide VST) (Version: - ) OpenAL (HKLM-x32\...\OpenAL) (Version: - ) OpenVPN 2.1.4 (HKLM-x32\...\OpenVPN) (Version: 2.1.4 - ) Opera Stable 29.0.1795.60 (HKLM-x32\...\Opera 29.0.1795.60) (Version: 29.0.1795.60 - Opera Software ASA) Pando Media Booster (HKLM-x32\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.6.0.9 - Pando Networks Inc.) PAYDAY 2 (HKLM-x32\...\Steam App 218620) (Version: - OVERKILL - a Starbreeze Studio.) PDF24 Creator 5.6.0 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version: - PDF24.org) PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.991 - Even Balance, Inc.) QuickTime (HKLM-x32\...\{C9E14402-3631-4182-B377-6B0DFB1C0339}) (Version: 7.70.80.34 - Apple Inc.) Ragnarok Online 2 (HKLM-x32\...\{717BD14A-BE61-40A4-9865-17AACF611FE0}) (Version: 1.0.0 - Gravity Interactive, Inc.) reFX Nexus 1.0.0 (HKLM-x32\...\{84D04D4F-2201-4AED-BE9A-FFA62069CA19}_is1) (Version: 1.0.0 - reFX) reFX Nexus 1.0.9 (HKLM-x32\...\reFX Nexus 1.0.9_is1) (Version: - ) Robocraft (HKLM-x32\...\Steam App 301520) (Version: - Freejam) ROCCAT Isku FX Keyboard Driver (HKLM-x32\...\{DC69933C-E7B0-455D-8E54-FAC1EEF046FF}) (Version: - Roccat GmbH) Roccat Talk (HKLM-x32\...\{605D671E-1D1E-4840-84D9-BFACE17F160D}) (Version: 1.00.0002 - Roccat GmbH) Rust (HKLM-x32\...\Steam App 252490) (Version: - Facepunch Studios) Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft) Smite (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF017}) (Version: 2.1.2598.3 - Hi-Rez Studios) Smokin' Guns version 1.1 (HKLM-x32\...\{C0F2B168-5C5C-4B55-B76E-035813CC559E}_is1) (Version: 1.1 - Smokin' Guns Productions) Songr (HKU\S-1-5-21-3323010747-2788445057-3376602549-1000\...\Songr) (Version: 2.0.2343 - Xamasoft) Sonic Charge µTonic VSTi v2.0.1 (HKLM-x32\...\Sonic Charge µTonic VSTi v2.0.1) (Version: - ) Sony Ericsson Update Engine (HKLM-x32\...\Update Engine) (Version: 2.13.6.201305161305 - Sony Ericsson Communications AB) Sony PC Companion 2.10.155 (HKLM-x32\...\{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}) (Version: 2.10.155 - Sony) SopCast 3.5.0 (HKLM-x32\...\SopCast) (Version: 3.5.0 - www.sopcast.com) Sophos Anti-Virus (HKLM-x32\...\{D929B3B5-56C6-46CC-B3A3-A1A784CBB8E4}) (Version: 10.3.13 - Sophos Limited) Sophos AutoUpdate (HKLM-x32\...\{7CD26A0C-9B59-4E84-B5EE-B386B2F7AA16}) (Version: 4.1.0.273 - Sophos Limited) Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.) Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation) TeamSpeak 3 Client (HKLM-x32\...\TeamSpeak 3 Client) (Version: 3.0.9.2 - TeamSpeak Systems GmbH) TERA (HKLM-x32\...\{A2F166A0-F031-4E27-A057-C69733219434}_is1) (Version: 7 - Gameforge Productions GmbH) Titan Quest (HKLM-x32\...\{412B69AF-C352-4F6F-A318-B92B3CB9ACC6}) (Version: 1.00.0000 - Iron Lore) Titan Quest Immortal Throne (HKLM-x32\...\{B5C5C17E-FEF6-4062-8151-A427AE8AF9D7}) (Version: 1.00.0000 - Iron Lore) TmNationsForever (HKLM-x32\...\TmNationsForever_is1) (Version: - Nadeo) Toxic Biohazard (HKLM-x32\...\Toxic Biohazard) (Version: - Image-Line bvba) Tunngle (HKLM-x32\...\Tunngle_is1) (Version: Tunngle - Tunngle.net GmbH) VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden Ventrilo Client for Windows x64 (HKLM\...\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}) (Version: 3.0.8.0 - Flagship Industries, Inc.) Virtual DJ - Atomix Productions (HKLM-x32\...\Virtual DJ - Atomix Productions) (Version: - ) Virtual DJ Pro Full - Atomix Productions (HKLM-x32\...\Virtual DJ Pro Full - Atomix Productions) (Version: - ) VLC media player 1.1.11 (HKLM-x32\...\VLC media player) (Version: 1.1.11 - VideoLAN) VueScan (HKLM\...\VueScan) (Version: - ) Waves Diamond Bundle v5.2 (HKLM-x32\...\Waves Diamond Bundle v5.2) (Version: - ) WEB.DE MailCheck für Mozilla Firefox (HKLM-x32\...\1&1 Mail & Media GmbH Toolbar FF) (Version: 3.0.2.1739 - 1&1 Mail & Media GmbH) WIDCOMM Bluetooth Software (HKLM\...\{A1439D4F-FD46-47F2-A1D3-FEE097C29A09}) (Version: 6.5.1.2700 - Broadcom Corporation) Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation) Windows-Treiberpaket - Advanced Micro Devices, Inc System (03/16/2011 5.12.0.0015) (HKLM\...\A3A37EC031F134EDD1E9DB40819B1EAD0DB7C844) (Version: 03/16/2011 5.12.0.0015 - Advanced Micro Devices, Inc) Windows-Treiberpaket - Advanced Micro Devices, Inc. (amdkmdap) Display (04/27/2013 13.100.0.0000) (HKLM\...\F8F0B13FDB7725B9538C9C18B3562F3F189A87D0) (Version: 04/27/2013 13.100.0.0000 - Advanced Micro Devices, Inc.) Windows-Treiberpaket - VIA Technologies, Inc. (VIAHdAudAddService) MEDIA (05/10/2013 6.0.10.1900) (HKLM\...\185DAE5F7B07C55192F4D2FBD9690DDE3C0A181E) (Version: 05/10/2013 6.0.10.1900 - VIA Technologies, Inc.) Windows-Treiberpaket - VIA Technologies, Inc. (VIAHdAudAddService) MEDIA (05/10/2013 6.0.10.1900) (HKLM\...\594FF2EA687138898144DD89BA5BAE020851C470) (Version: 05/10/2013 6.0.10.1900 - VIA Technologies, Inc.) WinRAR 4.01 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 4.01.0 - win.rar GmbH) You Don't Know Jack 4 1.00 (HKLM-x32\...\You Don't Know Jack 4) (Version: 1.00 - Take 2 Interactive) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-3323010747-2788445057-3376602549-1000_Classes\CLSID\{55839D91-467F-4be1-9DC1-8ADBBCC794F6}\InprocServer32 -> C:\Windows\SYSTEM32\mscoree.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-3323010747-2788445057-3376602549-1000_Classes\CLSID\{97D17A04-4438-4C8E-BAC7-BC21B8B9E999}\InprocServer32 -> C:\Windows\SYSTEM32\mscoree.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-3323010747-2788445057-3376602549-1000_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Nutzer\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-3323010747-2788445057-3376602549-1000_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Nutzer\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-3323010747-2788445057-3376602549-1000_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\Nutzer\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-3323010747-2788445057-3376602549-1000_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Nutzer\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-3323010747-2788445057-3376602549-1000_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Nutzer\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\FileSyncApi64.dll (Microsoft Corporation) ==================== Restore Points ========================= ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-14 04:34 - 2013-12-11 20:06 - 00001038 ____A C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 serial.alcohol-soft.com 127.0.0.1 www.alcohol-soft.com 127.0.0.1 images.alcohol-soft.com 127.0.0.1 trial.alcohol-soft.com 127.0.0.1 alcohol-soft.com 127.0.0.1 www.driver-soft.com 127.0.0.1 www.driver-soft.com ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {07E3524A-5796-47B3-AB1B-4DCCAF0B2559} - System32\Tasks\{040617CC-357D-430D-9D0F-AB21426C3A9F} => pcalua.exe -a C:\Users\Nutzer\Downloads\Saitek_Cyborg_Pad_For_XBox_SD6_64_Vista_Drivers(1).exe -d C:\Users\Nutzer\Downloads Task: {15AD936A-63E0-4409-BEC3-ED0D6D7EC89D} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2014-06-27] (Safer-Networking Ltd.) Task: {200925A9-0DBA-4434-B108-DA6A2AA155D5} - System32\Tasks\{8050F89F-78D9-4359-9D9B-77F9A4DD3FB2} => pcalua.exe -a "C:\Program Files (x86)\Common Files\Nero\Nero ProductInstaller 4\SetupX.exe" -c REMOVESERIALNUMBER="9M03-01A1-PCX7-K31A-8A94-98PT-KT2E-522A" Task: {24C54EDE-0AAF-4ABB-A73B-91209146E3BD} - System32\Tasks\{66BAA13C-637C-44ED-874C-9AF4449C00F4} => pcalua.exe -a F:\1Setup.exe -d F:\ Task: {3D51AE01-3307-400A-B1E3-A501F6242CBA} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-07-23] (Piriform Ltd) Task: {4A8C1BC7-EA41-4DFB-8F47-9FB905C1135A} - System32\Tasks\Adobe-Online-Aktualisierungsprogramm => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated) Task: {5013B958-27EC-4E54-B017-A9B7F04D420C} - System32\Tasks\{C0D28A93-F1CC-4474-ADFC-2E63CC26360F} => pcalua.exe -a "D:\GameDIR\TQIT\TQIT 1.17 UNinstaller.exe" -d D:\GameDIR\TQIT Task: {72A12628-67C1-4371-8A0D-50DB9F497D91} - System32\Tasks\{581AA96B-715F-404F-A45D-E4A880956113} => pcalua.exe -a C:\Users\Nutzer\Downloads\fantomcd1.2.1.1960_enu.exe -d "C:\Program Files (x86)\Mozilla Firefox" Task: {7DC170EE-E1E6-4272-8369-C5453ECC373F} - System32\Tasks\{8E777ECF-C4DA-4745-B114-A627C4712E75} => pcalua.exe -a C:\Users\Nutzer\Downloads\ASIO4ALL_2_10_Deutsch(2).exe -d "C:\Program Files (x86)\Mozilla Firefox" Task: {7DD84BA6-B9F7-4713-BCA2-AD98E0C79F88} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2014-06-24] (Safer-Networking Ltd.) Task: {9EF4C86C-C34E-4300-9491-96FAEAF67AF0} - System32\Tasks\{ADC77504-F806-46B5-B5B8-B179EC21A303} => pcalua.exe -a D:\GameDIR\Savage\Uninstall.exe -d D:\GameDIR\Savage Task: {A1385A0D-D6D3-4F2C-8781-973A8D40C3A8} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2014-12-17] (Oracle Corporation) Task: {A4D23114-E8ED-4BE4-AF78-D9404AE64843} - System32\Tasks\Opera scheduled Autoupdate 1379773154 => C:\Program Files (x86)\Opera\launcher.exe [2015-05-18] (Opera Software) Task: {B3A6090D-8AD8-477C-9C24-43B260AEAC89} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-05-07] (Microsoft Corporation) Task: {BDC1894E-4373-4774-9DDD-3E0EABCE2EB8} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-04-15] (Adobe Systems Incorporated) Task: {D0595654-1C6B-4701-9C58-D0835E3DB391} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2014-06-24] (Safer-Networking Ltd.) Task: {D1F693A8-FE88-47C0-8AB7-D72DAEC7914D} - System32\Tasks\{C0CD93BC-4BDB-48DF-BE69-C21BCFB68138} => pcalua.exe -a "D:\GameDIR\TQIT\TQIT 1.17a installer.exe" -d D:\GameDIR\TQIT Task: {D346DA35-8D2B-477E-9BE7-164917D2ACCC} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-07-02] (Google Inc.) Task: {E2E7F2C9-C573-4EB1-A7E7-6ADB5A3F0661} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-07-02] (Google Inc.) Task: {E7821201-C950-4B88-9F62-1EA08B6420D7} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-05-07] (Microsoft Corporation) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (Whitelisted) ============== 2013-12-09 18:34 - 2013-12-29 20:36 - 00075136 _____ () C:\Windows\SysWOW64\PnkBstrA.exe 2015-05-16 13:27 - 2015-04-20 20:52 - 00099496 _____ () C:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitychecksvc.exe 2013-09-05 01:17 - 2013-09-05 01:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF 2011-08-06 16:57 - 2011-05-28 22:05 - 00164864 _____ () C:\Program Files\WinRAR\rarext.dll 2015-05-16 13:27 - 2015-04-20 20:48 - 51332776 _____ () C:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe 2015-05-20 12:27 - 2015-05-20 12:27 - 01958008 _____ () C:\Program Files (x86)\Opera\29.0.1795.60\opera_autoupdate.exe 2014-08-17 23:41 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl 2014-08-17 23:41 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl 2014-08-17 23:41 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl 2014-08-17 23:41 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll 2014-08-17 23:41 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll 2015-05-16 13:27 - 2015-04-20 20:48 - 01360552 _____ () C:\Users\Default\AppData\Roaming\Compatibility Verifier\libglesv2.dll 2015-05-16 13:27 - 2015-04-20 20:48 - 00214184 _____ () C:\Users\Default\AppData\Roaming\Compatibility Verifier\libegl.dll 2015-05-16 13:27 - 2015-04-20 20:48 - 00985768 _____ () C:\Users\Default\AppData\Roaming\Compatibility Verifier\ffmpegsumo.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) AlternateDataStreams: C:\ProgramData\TEMP:07BF512B AlternateDataStreams: C:\ProgramData\TEMP:B2AA1B61 AlternateDataStreams: C:\Users\Nutzer\Anwendungsdaten:NT AlternateDataStreams: C:\Users\Nutzer\AppData\Roaming:NT ==================== Safe Mode (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SAVService => ""="service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SAVService => ""="service" ==================== EXE Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) IE trusted site: HKU\.DEFAULT\...\clonewarsadventures.com -> clonewarsadventures.com IE trusted site: HKU\.DEFAULT\...\freerealms.com -> freerealms.com IE trusted site: HKU\.DEFAULT\...\soe.com -> soe.com IE trusted site: HKU\.DEFAULT\...\sony.com -> sony.com ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-3323010747-2788445057-3376602549-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Nutzer\AppData\Roaming\Mozilla\Firefox\Desktop-Hintergrund.bmp DNS Servers: 192.168.1.1 ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk => C:\Windows\pss\Bluetooth.lnk.CommonStartup MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Roccat Talk.lnk => C:\Windows\pss\Roccat Talk.lnk.CommonStartup MSCONFIG\startupfolder: C:^Users^Nutzer^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^ctfmon.lnk => C:\Windows\pss\ctfmon.lnk.Startup MSCONFIG\startupfolder: C:^Users^Nutzer^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^yr0.09649393655489957.exe.lnk => C:\Windows\pss\yr0.09649393655489957.exe.lnk.Startup MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" MSCONFIG\startupreg: Aeria Ignite => "C:\Program Files (x86)\Aeria Games\Ignite\aeriaignite.exe" silent MSCONFIG\startupreg: Akamai NetSession Interface => "C:\Users\Nutzer\AppData\Local\Akamai\netsession_win.exe" MSCONFIG\startupreg: AlcoholAutomount => "C:\Program Files (x86)\Alcohol Soft\Alcohol 120\axcmd.exe" /automount MSCONFIG\startupreg: ApnUpdater => "C:\Program Files (x86)\Ask.com\Updater\Updater.exe" MSCONFIG\startupreg: BCSSync => "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices MSCONFIG\startupreg: CloneCDTray => "C:\Program Files (x86)\SlySoft\CloneCD\CloneCDTray.exe" /s MSCONFIG\startupreg: DivXUpdate => "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW MSCONFIG\startupreg: Facebook Update => "C:\Users\Nutzer\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver MSCONFIG\startupreg: Google Update => "C:\Users\Nutzer\AppData\Local\Google\Update\GoogleUpdate.exe" /c MSCONFIG\startupreg: IDMan => C:\Program Files (x86)\Internet Download Manager\IDMan.exe /onboot MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe" MSCONFIG\startupreg: ltfhqdrlteqqeiv => C:\ProgramData\ltfhqdrl.exe MSCONFIG\startupreg: Makro => "C:\Users\Nutzer\AppData\Local\Temp\Rar$EX59.184\Makro.exe" /D:3000 MSCONFIG\startupreg: msnmsgr => "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background MSCONFIG\startupreg: NokiaMServer => C:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup MSCONFIG\startupreg: NokiaOviSuite2 => C:\Program Files (x86)\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe -tray MSCONFIG\startupreg: olipra => rundll32.exe "C:\Users\Nutzer\AppData\Roaming\olipra.dll",CreateContext MSCONFIG\startupreg: ProfilerU => C:\Program Files\SmartTechnology\Software\ProfilerU.exe MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime MSCONFIG\startupreg: RMActivate_ssp => C:\Users\Nutzer\AppData\Local\Microsoft\Windows\1997\RMActivate_ssp.exe MSCONFIG\startupreg: RoccatIskuFX => "C:\Program Files (x86)\ROCCAT\Isku FX Keyboard\IskuFXMonitor.exe" MSCONFIG\startupreg: S60 PC Suite Tray => "C:\Program Files (x86)\Samsung\Samsung PC Studio 7\PCSuite.exe" -onlytray MSCONFIG\startupreg: SaiMfd => C:\Program Files\SmartTechnology\Software\SaiMfd.exe MSCONFIG\startupreg: SDTray => "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun MSCONFIG\startupreg: StartCCC => "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun MSCONFIG\startupreg: Steam => "D:\ProgDir\Steam\Steam.exe" -silent MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" MSCONFIG\startupreg: uTorrent => "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED MSCONFIG\startupreg: vasja => C:\Users\Nutzer\AppData\Local\Temp\mor.exe MSCONFIG\startupreg: WinampAgent => "C:\Program Files (x86)\Winamp\winampa.exe" MSCONFIG\startupreg: {4D075306-E134-2F4F-D6C9-84A2DE9D71EA} => C:\Users\Nutzer\AppData\Roaming\Kuocti\ywywcy.exe ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service ==================== Faulty Device Manager Devices ============= Name: Microsoft-ISATAP-Adapter Description: Microsoft-ISATAP-Adapter Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: tunnel Problem: : This device cannot start. (Code10) Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device. On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard. Name: Microsoft-ISATAP-Adapter #2 Description: Microsoft-ISATAP-Adapter Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: tunnel Problem: : This device cannot start. (Code10) Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device. On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard. Name: Microsoft-ISATAP-Adapter #3 Description: Microsoft-ISATAP-Adapter Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: tunnel Problem: : This device cannot start. (Code10) Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device. On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard. Name: Teredo Tunneling Pseudo-Interface Description: Microsoft-Teredo-Tunneling-Adapter Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: tunnel Problem: : This device cannot start. (Code10) Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device. On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard. ==================== Event log errors: ========================= Application errors: ================== Error: (05/28/2015 01:38:51 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (05/28/2015 11:44:16 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (05/27/2015 06:03:59 PM) (Source: VSS) (EventID: 8193) (User: ) Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "CoCreateInstance" ist ein unerwarteter Fehler aufgetreten. hr = 0x80040154, Klasse nicht registriert . Vorgang: VSS-Server wird instanziiert Error: (05/27/2015 06:03:59 PM) (Source: VSS) (EventID: 22) (User: ) Description: Fehler im Volumenschattenkopie-Dienst: Eine vom Volumenschattenkopie-Dienst benötigte kritische Komponente ist nicht registriert. Dies kann geschehen, wenn bei der Windows-Installation oder bei der Installation eines Schattenkopieanbieters ein Fehler aufgetreten ist. Der von CoCreateInstance für die Klasse mit CLSID "{e579ab5f-1cc4-44b4-bed9-de0991ff0623}" und dem Namen "IVssCoordinatorEx2" zurückgegebene Fehler ist [0x80040154, Klasse nicht registriert ]. Vorgang: VSS-Server wird instanziiert Error: (05/27/2015 04:51:04 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: compatibilitycheck.exe, Version: 0.0.0.0, Zeitstempel: 0x55359d95 Name des fehlerhaften Moduls: compatibilitycheck.exe, Version: 0.0.0.0, Zeitstempel: 0x55359d95 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0006d2bc ID des fehlerhaften Prozesses: 0xbec Startzeit der fehlerhaften Anwendung: 0xcompatibilitycheck.exe0 Pfad der fehlerhaften Anwendung: compatibilitycheck.exe1 Pfad des fehlerhaften Moduls: compatibilitycheck.exe2 Berichtskennung: compatibilitycheck.exe3 Error: (05/27/2015 04:47:47 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (05/27/2015 02:42:57 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: compatibilitycheck.exe, Version: 0.0.0.0, Zeitstempel: 0x55359d95 Name des fehlerhaften Moduls: compatibilitycheck.exe, Version: 0.0.0.0, Zeitstempel: 0x55359d95 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0006d2bc ID des fehlerhaften Prozesses: 0x7c4 Startzeit der fehlerhaften Anwendung: 0xcompatibilitycheck.exe0 Pfad der fehlerhaften Anwendung: compatibilitycheck.exe1 Pfad des fehlerhaften Moduls: compatibilitycheck.exe2 Berichtskennung: compatibilitycheck.exe3 Error: (05/27/2015 02:37:55 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: compatibilitycheck.exe, Version: 0.0.0.0, Zeitstempel: 0x55359d95 Name des fehlerhaften Moduls: compatibilitycheck.exe, Version: 0.0.0.0, Zeitstempel: 0x55359d95 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0006d2bc ID des fehlerhaften Prozesses: 0x868 Startzeit der fehlerhaften Anwendung: 0xcompatibilitycheck.exe0 Pfad der fehlerhaften Anwendung: compatibilitycheck.exe1 Pfad des fehlerhaften Moduls: compatibilitycheck.exe2 Berichtskennung: compatibilitycheck.exe3 Error: (05/27/2015 02:32:53 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: compatibilitycheck.exe, Version: 0.0.0.0, Zeitstempel: 0x55359d95 Name des fehlerhaften Moduls: compatibilitycheck.exe, Version: 0.0.0.0, Zeitstempel: 0x55359d95 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0006d2bc ID des fehlerhaften Prozesses: 0x1098 Startzeit der fehlerhaften Anwendung: 0xcompatibilitycheck.exe0 Pfad der fehlerhaften Anwendung: compatibilitycheck.exe1 Pfad des fehlerhaften Moduls: compatibilitycheck.exe2 Berichtskennung: compatibilitycheck.exe3 Error: (05/27/2015 02:27:51 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: compatibilitycheck.exe, Version: 0.0.0.0, Zeitstempel: 0x55359d95 Name des fehlerhaften Moduls: compatibilitycheck.exe, Version: 0.0.0.0, Zeitstempel: 0x55359d95 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0006d2bc ID des fehlerhaften Prozesses: 0x1198 Startzeit der fehlerhaften Anwendung: 0xcompatibilitycheck.exe0 Pfad der fehlerhaften Anwendung: compatibilitycheck.exe1 Pfad des fehlerhaften Moduls: compatibilitycheck.exe2 Berichtskennung: compatibilitycheck.exe3 System errors: ============= Error: (05/28/2015 01:40:39 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuche-Ressourcenveröffentlichung" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%-2147024891 Error: (05/28/2015 01:40:39 PM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: Der Dienst "Funktionssuche-Ressourcenveröffentlichung" wurde mit folgendem Fehler beendet: %%-2147024891 Error: (05/28/2015 01:39:33 PM) (Source: WMPNetworkSvc) (EventID: 14338) (User: ) Description: 0x80070422 Error: (05/28/2015 01:39:33 PM) (Source: WMPNetworkSvc) (EventID: 14338) (User: ) Description: 0x80070422 Error: (05/28/2015 01:39:33 PM) (Source: WMPNetworkSvc) (EventID: 14338) (User: ) Description: 0x80070422 Error: (05/28/2015 01:39:33 PM) (Source: WMPNetworkSvc) (EventID: 14338) (User: ) Description: 0x80070422 Error: (05/28/2015 01:37:30 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "AODDriver4.2" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error: (05/28/2015 01:37:28 PM) (Source: Application Popup) (EventID: 1060) (User: ) Description: Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\drivers\tandpl.sys nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten. Error: (05/28/2015 01:37:28 PM) (Source: Service Control Manager) (EventID: 7003) (User: ) Description: Der Dienst "Spybot-S&D 2 Security Center Service" ist von folgendem Dienst abhängig: wscsvc. Dieser Dienst ist eventuell nicht installiert. Error: (05/28/2015 01:37:26 PM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: Der Dienst "Computerbrowser" wurde mit folgendem Fehler beendet: %%1060 Microsoft Office: ========================= Error: (05/28/2015 01:38:51 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (05/28/2015 11:44:16 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (05/27/2015 06:03:59 PM) (Source: VSS) (EventID: 8193) (User: ) Description: CoCreateInstance0x80040154, Klasse nicht registriert Vorgang: VSS-Server wird instanziiert Error: (05/27/2015 06:03:59 PM) (Source: VSS) (EventID: 22) (User: ) Description: {e579ab5f-1cc4-44b4-bed9-de0991ff0623}IVssCoordinatorEx20x80040154, Klasse nicht registriert Vorgang: VSS-Server wird instanziiert Error: (05/27/2015 04:51:04 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: compatibilitycheck.exe0.0.0.055359d95compatibilitycheck.exe0.0.0.055359d95c00000050006d2bcbec01d0988c8695ee22C:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exeC:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitycheck.execc4742ae-047f-11e5-9249-0017ad12cbe8 Error: (05/27/2015 04:47:47 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (05/27/2015 02:42:57 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: compatibilitycheck.exe0.0.0.055359d95compatibilitycheck.exe0.0.0.055359d95c00000050006d2bc7c401d0987aa1778af2C:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exeC:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exee65546ca-046d-11e5-8a41-0017ad12cbe8 Error: (05/27/2015 02:37:55 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: compatibilitycheck.exe0.0.0.055359d95compatibilitycheck.exe0.0.0.055359d95c00000050006d2bc86801d09879ed52fb68C:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exeC:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe322eed7d-046d-11e5-8a41-0017ad12cbe8 Error: (05/27/2015 02:32:53 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: compatibilitycheck.exe0.0.0.055359d95compatibilitycheck.exe0.0.0.055359d95c00000050006d2bc109801d09879392e1f93C:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exeC:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe7e0b68fa-046c-11e5-8a41-0017ad12cbe8 Error: (05/27/2015 02:27:51 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: compatibilitycheck.exe0.0.0.055359d95compatibilitycheck.exe0.0.0.055359d95c00000050006d2bc119801d09878850b0d81C:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exeC:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exec9e6d970-046b-11e5-8a41-0017ad12cbe8 CodeIntegrity Errors: =================================== Date: 2013-11-27 17:18:33.909 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Users\Nutzer\AppData\Local\Temp\EverestDriver.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2013-11-27 17:18:33.779 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Users\Nutzer\AppData\Local\Temp\EverestDriver.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2013-11-27 17:18:31.394 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Lavalys\EVEREST Home Edition\kerneld.amd64" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2013-11-27 17:18:31.259 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Lavalys\EVEREST Home Edition\kerneld.amd64" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. ==================== Memory info =========================== Processor: AMD Phenom(tm) II X6 1055T Processor Percentage of memory in use: 51% Total physical RAM: 4095.24 MB Available physical RAM: 2006.12 MB Total Pagefile: 8188.67 MB Available Pagefile: 5288.81 MB Total Virtual: 8192 MB Available Virtual: 8191.84 MB ==================== Drives ================================ Drive c: (Windows) (Fixed) (Total:97.56 GB) (Free:28.46 GB) NTFS Drive d: (Daten) (Fixed) (Total:833.86 GB) (Free:417.45 GB) NTFS Drive f: (PHILIPS UFD) (Removable) (Total:3.76 GB) (Free:2.32 GB) FAT32 ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 7BC0D4B0) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=97.6 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=833.9 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (Size: 3.8 GB) (Disk ID: 2C6B7369) No partition Table on disk 1. ==================== End of log ============================ |
29.05.2015, 06:35 | #4 |
/// the machine /// TB-Ausbilder | Compatiybilitycheck.exe hi, Downloade dir bitte Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers Downloade dir bitte TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
29.05.2015, 11:11 | #5 |
| Compatiybilitycheck.exe Oh Mann, mein Rechner scheint ja noch mehr Probleme zu haben als nur das im Thread erwähnte Hier das Malwarebytes Log nach Durchlauf 1: Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.09.1.1004 www.malwarebytes.org Database version: main: v2015.05.29.01 rootkit: v2015.05.24.01 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 11.0.9600.17801 Nutzer :: LUCYNDE [administrator] 29.05.2015 11:47:13 mbar-log-2015-05-29 (11-47-13).txt Scan type: Quick scan Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken Scan options disabled: Objects scanned: 434392 Time elapsed: 16 minute(s), 22 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 6 HKU\S-1-5-21-3323010747-2788445057-3376602549-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{975670D0-7EFB-4fa8-90FA-3AE575B9FB77} (Trojan.Banker) -> Delete on reboot. [bda81b7e474389adca60d0a52fd436ca] HKU\S-1-5-21-3323010747-2788445057-3376602549-1004\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{975670D0-7EFB-4FA8-90FA-3AE575B9FB77} (Trojan.Banker) -> Delete on reboot. [bda81b7e474389adca60d0a52fd436ca] HKU\S-1-5-21-3323010747-2788445057-3376602549-1000_Classes\linkrdr.AIEbho (Trojan.Banker) -> Delete on reboot. [bda81b7e474389adca60d0a52fd436ca] HKU\S-1-5-21-3323010747-2788445057-3376602549-1000_Classes\linkrdr.AIEbho.1 (Trojan.Banker) -> Delete on reboot. [bda81b7e474389adca60d0a52fd436ca] HKU\S-1-5-21-3323010747-2788445057-3376602549-1000_Classes\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9} (Hijack.Trojan.Siredef.C) -> Delete on reboot. [b9acfb9e33574fe733f1e31ef20e12ee] HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{FBEB8A05-BEEE-4442-804E-409D6C4515E9} (Hijack.Trojan.Siredef.C) -> Delete on reboot. [b9acfb9e33574fe733f1e31ef20e12ee] Registry Values Detected: 4 HKU\S-1-5-21-3323010747-2788445057-3376602549-1000\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON|Shell (Hijack.ShellA.Gen) -> Data: explorer.exe, "C:\Users\Nutzer\AppData\Roaming\Microsoft\Windows\msshell.exe" -> Delete on reboot. [4a1b8217becc88ae6531559909faba46] HKU\S-1-5-21-3323010747-2788445057-3376602549-1004\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON|Shell (Hijack.ShellA.Gen) -> Data: explorer.exe, "C:\Users\Nutzer\AppData\Roaming\Microsoft\Windows\msshell.exe" -> Delete on reboot. [96cf2a6fc4c667cfe9ad2dc1dc2725db] HKU\S-1-5-21-3323010747-2788445057-3376602549-1004\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|Microsoft Corporation Search Indexer (Trojan.Agent) -> Data: "C:\Users\Nutzer\AppData\Roaming\lsass.exe" -> Delete on reboot. [f1748d0ce9a1f442649dc591fa0acf31] HKU\S-1-5-21-3323010747-2788445057-3376602549-1004\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|MicroUpdate (Backdoor.Agent.DCEGen) -> Data: C:\Users\Helena\Documents\MSDCSC\msdcsc.exe -> Delete on reboot. [0f56f3a69bef75c1d46c52df7c8822de] Registry Data Items Detected: 2 HKLM\SOFTWARE\CLASSES\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\INPROCSERVER32| (Trojan.0Access) -> Bad: (C:\$Recycle.Bin\S-1-5-18\$0960991a520af2ec4086eba6cdaf280d\n.) Good: (fastprox.dll) -> Replace on reboot. [79ec039696f41521c5ed9c905aac1ee2] HKU\S-1-5-21-3323010747-2788445057-3376602549-1004\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Page_URL (Hijack.StartPage) -> Bad: (hxxp://start.qone8.com/?type=hp&ts=1396999526&from=vtt&uid=ST31000524AS_9VPCQ4FYXXXX9VPCQ4FY) Good: (www.google.com) -> Replace on reboot. [dd882871b6d40531b72045df9472df21] Folders Detected: 7 C:\Users\Nutzer\AppData\Roaming\hellomoto (Trojan.Ransom.FGen) -> Delete on reboot. [3431e1b8f69473c3146e36de957054ac] C:\$Recycle.Bin\S-1-5-18\$0960991a520af2ec4086eba6cdaf280d\U (Trojan.Siredef.C) -> Delete on reboot. [aeb7edace3a748ee021505fcec14738d] C:\$Recycle.Bin\S-1-5-21-3323010747-2788445057-3376602549-1000\$0960991a520af2ec4086eba6cdaf280d\U (Trojan.Siredef.C) -> Delete on reboot. [095cb7e26921290dac6b31d027d9eb15] C:\$Recycle.Bin\S-1-5-18\$0960991a520af2ec4086eba6cdaf280d\L (Trojan.Siredef.C) -> Delete on reboot. [afb63e5bc1c9c3730811ea17738d8977] C:\$Recycle.Bin\S-1-5-21-3323010747-2788445057-3376602549-1000\$0960991a520af2ec4086eba6cdaf280d\L (Trojan.Siredef.C) -> Delete on reboot. [40256336117912246cad50b1a65ab947] C:\$Recycle.Bin\S-1-5-18\$0960991a520af2ec4086eba6cdaf280d (Trojan.Siredef.C) -> Delete on reboot. [d392fc9df7937eb8ab6f16ebfc04de22] C:\$Recycle.Bin\S-1-5-21-3323010747-2788445057-3376602549-1000\$0960991a520af2ec4086eba6cdaf280d (Trojan.Siredef.C) -> Delete on reboot. [fa6b8c0d424853e3001a23de0cf4d62a] Files Detected: 4 C:\Users\Nutzer\AppData\Roaming\ctfmon.exe (Trojan.VB) -> Delete on reboot. [1e47227786047db9de070194fd03b749] C:\Users\Nutzer\AppData\Roaming\hellomoto\TujP.dat (Trojan.Ransom.FGen) -> Delete on reboot. [3431e1b8f69473c3146e36de957054ac] C:\Users\Nutzer\AppData\Roaming\hellomoto\BukF.dat (Trojan.Ransom.FGen) -> Delete on reboot. [3431e1b8f69473c3146e36de957054ac] C:\Users\Nutzer\AppData\Roaming\Microsoft\Windows\unicode2.nls (Trojan.Backdoor) -> Delete on reboot. [db8ad7c2404a55e15a15809f8f767b85] Physical Sectors Detected: 0 (No malicious items detected) (end) Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.09.1.1004 www.malwarebytes.org Database version: main: v2015.05.29.01 rootkit: v2015.05.24.01 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 11.0.9600.17801 Nutzer :: LUCYNDE [administrator] 29.05.2015 12:09:59 mbar-log-2015-05-29 (12-09-59).txt Scan type: Quick scan Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken Scan options disabled: Objects scanned: 434292 Time elapsed: 15 minute(s), 18 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) Physical Sectors Detected: 0 (No malicious items detected) (end) Code:
ATTFilter 12:26:51.0357 0x0e94 TDSS rootkit removing tool 3.0.0.44 Jan 22 2015 08:27:04 12:26:54.0739 0x0e94 ============================================================ 12:26:54.0739 0x0e94 Current date / time: 2015/05/29 12:26:54.0739 12:26:54.0739 0x0e94 SystemInfo: 12:26:54.0739 0x0e94 12:26:54.0739 0x0e94 OS Version: 6.1.7601 ServicePack: 1.0 12:26:54.0739 0x0e94 Product type: Workstation 12:26:54.0739 0x0e94 ComputerName: LUCYNDE 12:26:54.0739 0x0e94 UserName: Nutzer 12:26:54.0739 0x0e94 Windows directory: C:\Windows 12:26:54.0739 0x0e94 System windows directory: C:\Windows 12:26:54.0739 0x0e94 Running under WOW64 12:26:54.0739 0x0e94 Processor architecture: Intel x64 12:26:54.0740 0x0e94 Number of processors: 6 12:26:54.0740 0x0e94 Page size: 0x1000 12:26:54.0740 0x0e94 Boot type: Normal boot 12:26:54.0740 0x0e94 ============================================================ 12:26:58.0169 0x0e94 KLMD registered as C:\Windows\system32\drivers\32082727.sys 12:26:58.0341 0x0e94 System UUID: {497E11AF-45AE-CA3A-A1F0-3D5C760FA4D2} 12:26:58.0683 0x0e94 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 ( 931.51 Gb ), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 12:26:58.0692 0x0e94 Drive \Device\Harddisk1\DR1 - Size: 0xF1000000 ( 3.77 Gb ), SectorSize: 0x200, Cylinders: 0x1EB, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W' 12:26:58.0698 0x0e94 ============================================================ 12:26:58.0698 0x0e94 \Device\Harddisk0\DR0: 12:26:58.0698 0x0e94 MBR partitions: 12:26:58.0698 0x0e94 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000 12:26:58.0698 0x0e94 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0xC31D800 12:26:58.0698 0x0e94 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0xC350000, BlocksNum 0x683B6000 12:26:58.0698 0x0e94 \Device\Harddisk1\DR1: 12:26:58.0699 0x0e94 MBR partitions: 12:26:58.0699 0x0e94 ============================================================ 12:26:58.0716 0x0e94 C: <-> \Device\Harddisk0\DR0\Partition2 12:26:58.0746 0x0e94 D: <-> \Device\Harddisk0\DR0\Partition3 12:26:58.0762 0x0e94 ============================================================ 12:26:58.0762 0x0e94 Initialize success 12:26:58.0762 0x0e94 ============================================================ 12:27:32.0293 0x12d0 ============================================================ 12:27:32.0293 0x12d0 Scan started 12:27:32.0293 0x12d0 Mode: Manual; SigCheck; TDLFS; 12:27:32.0293 0x12d0 ============================================================ 12:27:32.0293 0x12d0 KSN ping started 12:27:35.0037 0x12d0 KSN ping finished: true 12:27:36.0006 0x12d0 ================ Scan system memory ======================== 12:27:36.0006 0x12d0 System memory - ok 12:27:36.0007 0x12d0 ================ Scan services ============================= 12:27:36.0119 0x12d0 [ 0A4D16837E492F22DD15DA46E648BCD9, 6E52834DC2E7E846B035FABA22EC82F053D5FAB30E7B0E63C8884F99E12C0C47 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys 12:27:36.0235 0x12d0 1394ohci - ok 12:27:36.0264 0x12d0 [ 5133A75EE744C6DF4288FF775575ABCC, ACEE824489A9ECBFA25478DFC51241A1C434912FDF7AB7E87E98C23379233D1C ] ACPI C:\Windows\system32\drivers\ACPI.sys 12:27:36.0281 0x12d0 ACPI - ok 12:27:36.0297 0x12d0 [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys 12:27:36.0373 0x12d0 AcpiPmi - ok 12:27:36.0492 0x12d0 [ FC5B75CA6A1DA31EDD4F8D53F5540B98, CDC445F2790ADFC4C5568C40D4DA8BB95CD71991665B38AEC3D84571C99C3520 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe 12:27:36.0543 0x12d0 AdobeARMservice - ok 12:27:36.0761 0x12d0 [ B04A4810C6CC205F9DC72DC22E4AB236, 547321F5C28C80D4818372D65E2A33D4BAC593015DD6613B24586FE4B4A95D5D ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe 12:27:36.0787 0x12d0 AdobeFlashPlayerUpdateSvc - ok 12:27:36.0824 0x12d0 [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys 12:27:36.0845 0x12d0 adp94xx - ok 12:27:36.0873 0x12d0 [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci C:\Windows\system32\drivers\adpahci.sys 12:27:36.0889 0x12d0 adpahci - ok 12:27:36.0905 0x12d0 [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320 C:\Windows\system32\drivers\adpu320.sys 12:27:36.0917 0x12d0 adpu320 - ok 12:27:36.0944 0x12d0 [ 83BFCCAC53795E8A5055A93672D0C46C, B2B03473D950A5BA9DE59D81E7B14C1FAFF17B2A4D8A5808588F5CC21D63B291 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll 12:27:37.0004 0x12d0 AeLookupSvc - ok 12:27:37.0062 0x12d0 [ FA886682CFC5D36718D3E436AACF10B9, F80AB4F91AA6B5C7ECCB000D8E1BC2CF776DC3D69B3D9EBC2558C19035A6B3AB ] AFD C:\Windows\system32\drivers\afd.sys 12:27:37.0130 0x12d0 AFD - ok 12:27:37.0154 0x12d0 [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440 C:\Windows\system32\drivers\agp440.sys 12:27:37.0172 0x12d0 agp440 - ok 12:27:37.0193 0x12d0 [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG C:\Windows\System32\alg.exe 12:27:37.0229 0x12d0 ALG - ok 12:27:37.0249 0x12d0 [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide C:\Windows\system32\drivers\aliide.sys 12:27:37.0257 0x12d0 aliide - ok 12:27:37.0295 0x12d0 [ 191C574F72BE3D51D55A73080F9ADEDB, 53926AA0CF85451EAFB1F813AA99B83ED4AF5FDA0729846B3836B51FA4A20BAA ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe 12:27:37.0392 0x12d0 AMD External Events Utility - ok 12:27:37.0449 0x12d0 AMD FUEL Service - ok 12:27:37.0471 0x12d0 [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide C:\Windows\system32\drivers\amdide.sys 12:27:37.0483 0x12d0 amdide - ok 12:27:37.0503 0x12d0 [ 6A2EEB0C4133B20773BB3DD0B7B377B4, E4CB35C6937C70A145A13E5AE5B34A271B49101DA623171ACBFDA8601E5A70EA ] amdiox64 C:\Windows\system32\DRIVERS\amdiox64.sys 12:27:37.0529 0x12d0 amdiox64 - ok 12:27:37.0547 0x12d0 [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys 12:27:37.0580 0x12d0 AmdK8 - ok 12:27:37.0972 0x12d0 [ 482A7B44056A8403DD3B749C0F66FB01, 00C1F03599DC503447523B6FC31BCEC9CA7955332F261AADF9E207CBD5F04279 ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys 12:27:38.0387 0x12d0 amdkmdag - ok 12:27:38.0444 0x12d0 [ D39E8F05205A67E3478116C5EA9945DD, AD1F434095FDA3D2E941C3982C4FE705B33EDA7164F3159101613516A67E9B79 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys 12:27:38.0472 0x12d0 amdkmdap - ok 12:27:38.0494 0x12d0 [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys 12:27:38.0505 0x12d0 AmdPPM - ok 12:27:38.0540 0x12d0 [ D4121AE6D0C0E7E13AA221AA57EF2D49, 626F43C099BD197BE56648C367B711143C2BCCE96496BBDEF19F391D52FA01D0 ] amdsata C:\Windows\system32\drivers\amdsata.sys 12:27:38.0551 0x12d0 amdsata - ok 12:27:38.0566 0x12d0 [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs C:\Windows\system32\drivers\amdsbs.sys 12:27:38.0579 0x12d0 amdsbs - ok 12:27:38.0590 0x12d0 [ 540DAF1CEA6094886D72126FD7C33048, 296578572A93F5B74E1AD443E000B79DC99D1CBD25082E02704800F886A3065F ] amdxata C:\Windows\system32\drivers\amdxata.sys 12:27:38.0600 0x12d0 amdxata - ok 12:27:38.0625 0x12d0 [ 5A528A540B1AEE8B1C77ED65094E8CDF, 6E3DE68E630B81425056AB58E64721DD41F56491DD2D281CBB86AA7EF9CAD0E0 ] AODDriver4.01 C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys 12:27:38.0633 0x12d0 AODDriver4.01 - ok 12:27:38.0668 0x12d0 [ 5A528A540B1AEE8B1C77ED65094E8CDF, 6E3DE68E630B81425056AB58E64721DD41F56491DD2D281CBB86AA7EF9CAD0E0 ] AODDriver4.2 C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys 12:27:38.0676 0x12d0 AODDriver4.2 - ok 12:27:38.0719 0x12d0 [ 5355B9542D9058CAF2A9918A77776F16, 4055A7520C67BA55210BB4FD5D7172D9FFBA6162557544D6F5AECCE06D58723B ] AppID C:\Windows\system32\drivers\appid.sys 12:27:38.0774 0x12d0 AppID - ok 12:27:38.0803 0x12d0 [ F626A07F8ED8C8C24CB7B3205A2D2563, B4CD3F564DEE985AB330BAF9C8523FF994B84E157E1D177113953B5516FFC5C5 ] AppIDSvc C:\Windows\System32\appidsvc.dll 12:27:38.0844 0x12d0 AppIDSvc - ok 12:27:38.0883 0x12d0 [ 9D2A2369AB4B08A4905FE72DB104498F, D6FA1705018BABABFA2362E05691A0D6408D14DE7B76129B16D0A1DAD6378E58 ] Appinfo C:\Windows\System32\appinfo.dll 12:27:38.0927 0x12d0 Appinfo - ok 12:27:38.0944 0x12d0 [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc C:\Windows\system32\drivers\arc.sys 12:27:38.0963 0x12d0 arc - ok 12:27:38.0979 0x12d0 [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas C:\Windows\system32\drivers\arcsas.sys 12:27:38.0991 0x12d0 arcsas - ok 12:27:39.0089 0x12d0 [ F15AB80B867D3332D5DDFB0A05B9CE04, 5A16577106246AB5DCC04FE0A0B00B7C5702557B75F958721E4C00383AB99809 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe 12:27:39.0135 0x12d0 aspnet_state - ok 12:27:39.0149 0x12d0 [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys 12:27:39.0281 0x12d0 AsyncMac - ok 12:27:39.0298 0x12d0 [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi C:\Windows\system32\drivers\atapi.sys 12:27:39.0307 0x12d0 atapi - ok 12:27:39.0341 0x12d0 [ 437F55435623D4D54D36197F5AD8B435, CE004F1E3299E39AFD70C8618253901614C0F3DBD594B6F0E1BA294C7B47FAD6 ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys 12:27:39.0398 0x12d0 AtiHDAudioService - ok 12:27:39.0437 0x12d0 [ 6968D02DC38757C3FBE7ED7C2F9670AA, C8B3115DDB32EFBE8C56C5AA78EEA05BBB77DF3F75CC2A04532EB32327E4735A ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll 12:27:39.0486 0x12d0 AudioEndpointBuilder - ok 12:27:39.0508 0x12d0 [ 6968D02DC38757C3FBE7ED7C2F9670AA, C8B3115DDB32EFBE8C56C5AA78EEA05BBB77DF3F75CC2A04532EB32327E4735A ] AudioSrv C:\Windows\System32\Audiosrv.dll 12:27:39.0534 0x12d0 AudioSrv - ok 12:27:39.0562 0x12d0 [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV C:\Windows\System32\AxInstSV.dll 12:27:39.0618 0x12d0 AxInstSV - ok 12:27:39.0660 0x12d0 [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys 12:27:39.0718 0x12d0 b06bdrv - ok 12:27:39.0745 0x12d0 [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys 12:27:39.0782 0x12d0 b57nd60a - ok 12:27:39.0812 0x12d0 [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC C:\Windows\System32\bdesvc.dll 12:27:39.0839 0x12d0 BDESVC - ok 12:27:39.0851 0x12d0 [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep C:\Windows\system32\drivers\Beep.sys 12:27:39.0895 0x12d0 Beep - ok 12:27:39.0987 0x12d0 [ F513F0CE75F873A0050A34379A8E76B5, CB1329CCAE7B8EBB711772F4A4C5ABBC47347C948BBBDEE011A8A25872B0C17D ] BFE C:\Windows\System32\bfe.dll 12:27:40.0029 0x12d0 BFE - ok 12:27:40.0065 0x12d0 [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS C:\Windows\System32\qmgr.dll 12:27:40.0236 0x12d0 BITS - ok 12:27:40.0256 0x12d0 [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys 12:27:40.0269 0x12d0 blbdrive - ok 12:27:40.0299 0x12d0 [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser C:\Windows\system32\DRIVERS\bowser.sys 12:27:40.0322 0x12d0 bowser - ok 12:27:40.0336 0x12d0 [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys 12:27:40.0348 0x12d0 BrFiltLo - ok 12:27:40.0359 0x12d0 [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys 12:27:40.0372 0x12d0 BrFiltUp - ok 12:27:40.0395 0x12d0 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser C:\Windows\System32\browser.dll 12:27:40.0430 0x12d0 Browser - ok 12:27:40.0450 0x12d0 [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid C:\Windows\System32\Drivers\Brserid.sys 12:27:40.0475 0x12d0 Brserid - ok 12:27:40.0489 0x12d0 [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys 12:27:40.0501 0x12d0 BrSerWdm - ok 12:27:40.0515 0x12d0 [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys 12:27:40.0528 0x12d0 BrUsbMdm - ok 12:27:40.0546 0x12d0 [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys 12:27:40.0564 0x12d0 BrUsbSer - ok 12:27:40.0620 0x12d0 [ CF98190A94F62E405C8CB255018B2315, E1B2540023C4FE9FD588E4B6AE6347DFA565EB3898F21E5360882BF3E8B5E781 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys 12:27:40.0681 0x12d0 BthEnum - ok 12:27:40.0702 0x12d0 [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys 12:27:40.0751 0x12d0 BTHMODEM - ok 12:27:40.0783 0x12d0 [ 02DD601B708DD0667E1331FA8518E9FF, 7DE6CC4DBB621CD03B01D9CE6CF66EAFE31D39030A391562CD0E278E1D70ADE1 ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys 12:27:40.0808 0x12d0 BthPan - ok 12:27:40.0871 0x12d0 [ 738D0E9272F59EB7A1449C3EC118E6C4, FE3D32C2A5E4DC21376A0F89C0B2EE024ECF1A3FB99213CC9BBC986ADF7AF080 ] BTHPORT C:\Windows\System32\Drivers\BTHport.sys 12:27:40.0915 0x12d0 BTHPORT - ok 12:27:40.0939 0x12d0 [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv C:\Windows\system32\bthserv.dll 12:27:40.0968 0x12d0 bthserv - ok 12:27:40.0996 0x12d0 [ F188B7394D81010767B6DF3178519A37, 576304E92FD94908F093A6AB5F4D328F25829BE32EC3CA0D29EBFDF5DE83539B ] BTHUSB C:\Windows\System32\Drivers\BTHUSB.sys 12:27:41.0019 0x12d0 BTHUSB - ok 12:27:41.0057 0x12d0 [ 3AFF6DC496B8A8D12C867E3FC7C86FAC, 72541F7F9AF6278B8F19F2DBCCADC4FF47171866E04FB5A1010D9AFDF69F7D11 ] BTWAMPFL C:\Windows\system32\DRIVERS\btwampfl.sys 12:27:41.0080 0x12d0 BTWAMPFL - ok 12:27:41.0110 0x12d0 [ 336BBA0909B3636AB7D06A71D7B1C0DC, 3BC7593272101C340681A9909F9215580F8942DA54E9B251E3AC35B8D39D9B89 ] btwaudio C:\Windows\system32\drivers\btwaudio.sys 12:27:41.0122 0x12d0 btwaudio - ok 12:27:41.0156 0x12d0 [ 9FF58F76024D25784755B01F926B00BE, 7A2504E326E63B7225FA25EA6D6ED3E7267278F5D2343A375D7F3B3F74EC9F38 ] btwavdt C:\Windows\system32\DRIVERS\btwavdt.sys 12:27:41.0168 0x12d0 btwavdt - ok 12:27:41.0256 0x12d0 [ 26A80D7ACA49E03A403806418B5FED46, 52539FC9F5796002FD66393C759393717E3E242392B2E9039AD12B6D973B78BD ] btwdins C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe 12:27:41.0284 0x12d0 btwdins - ok 12:27:41.0300 0x12d0 [ B1ACFD00CDD13B48D86F46BFEC153BF9, CD7BE27D93364735511CC714B85CB7D97E21E84E3C2361EC405BADAAEA550925 ] btwl2cap C:\Windows\system32\DRIVERS\btwl2cap.sys 12:27:41.0309 0x12d0 btwl2cap - ok 12:27:41.0315 0x12d0 [ EDD953D635F3AA89EF902E3F82D60D22, 22A60B225A1AD0F25B9715338C805FED9D5F4BCAC296BBC0D045C6935BDA55E7 ] btwrchid C:\Windows\system32\DRIVERS\btwrchid.sys 12:27:41.0324 0x12d0 btwrchid - ok 12:27:41.0349 0x12d0 [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys 12:27:41.0387 0x12d0 cdfs - ok 12:27:41.0421 0x12d0 [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys 12:27:41.0433 0x12d0 cdrom - ok 12:27:41.0451 0x12d0 [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc C:\Windows\System32\certprop.dll 12:27:41.0488 0x12d0 CertPropSvc - ok 12:27:41.0511 0x12d0 [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass C:\Windows\system32\drivers\circlass.sys 12:27:41.0535 0x12d0 circlass - ok 12:27:41.0573 0x12d0 [ 404B7DF9CA4D1CB675045AF220FF3285, 91FFADE2ABE5C48849E63134D5FFD20671FE0D1720F7D486F904391B3D142C96 ] CLFS C:\Windows\system32\CLFS.sys 12:27:41.0597 0x12d0 CLFS - ok 12:27:41.0670 0x12d0 [ F13EC8A783E0CB0D6DC26A3CA848B7B8, 0809E3B71709F1343086EEB6C820543C1A7119E74EEF8AC1AEE1F81093ABEC66 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 12:27:41.0689 0x12d0 clr_optimization_v2.0.50727_32 - ok 12:27:41.0729 0x12d0 [ B4D73F04E9BC076F7CDAC4327DF636BB, 1ADED20D5A0D0A76E2F85CB778FD06BAB814868D35F8532E17D67045FF4770C2 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe 12:27:41.0744 0x12d0 clr_optimization_v2.0.50727_64 - ok 12:27:41.0816 0x12d0 [ F5AB4D2E36625F355E81539239765107, 48E6AD65EEFD6C54F938F5753EF58377CDA77ADBB41CD8635F0040D61EFB92A4 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 12:27:41.0841 0x12d0 clr_optimization_v4.0.30319_32 - ok 12:27:41.0855 0x12d0 [ 9ACBE5EC13C2CC95833BFB7636CA8B1A, 6224DA9FB335D2A8374C60B8DEA539DD3A0E43230DB888B137B71A56EC57D6AF ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe 12:27:41.0955 0x12d0 clr_optimization_v4.0.30319_64 - ok 12:27:41.0981 0x12d0 [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt C:\Windows\system32\drivers\CmBatt.sys 12:27:42.0000 0x12d0 CmBatt - ok 12:27:42.0023 0x12d0 [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide C:\Windows\system32\drivers\cmdide.sys 12:27:42.0034 0x12d0 cmdide - ok 12:27:42.0067 0x12d0 [ 4566E7FEA8C966648DFC34FE9953653E, CEFF85D84529F8EFE119ECC8E521B854A4A30F30F4212B30AE8B577F41682576 ] CNG C:\Windows\system32\Drivers\cng.sys 12:27:42.0098 0x12d0 CNG - ok 12:27:42.0113 0x12d0 [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt C:\Windows\system32\drivers\compbatt.sys 12:27:42.0123 0x12d0 Compbatt - ok 12:27:42.0137 0x12d0 [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys 12:27:42.0160 0x12d0 CompositeBus - ok 12:27:42.0164 0x12d0 COMSysApp - ok 12:27:42.0176 0x12d0 [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys 12:27:42.0188 0x12d0 crcdisk - ok 12:27:42.0236 0x12d0 [ 1CD76A83B9E8E9A5A3519B39E28354D9, F9931743B99820FFBFB13136DFFD92F86802D543F9D8478648CDC554FB38899D ] CryptSvc C:\Windows\system32\cryptsvc.dll 12:27:42.0279 0x12d0 CryptSvc - ok 12:27:42.0322 0x12d0 [ 225EFEE8960E554F3AB9A4A91790C039, A203583BECB4FE11300AF6B069D36632306AD0E7024618E5703392631C0A42A9 ] DcomLaunch C:\Windows\system32\rpcss.dll 12:27:42.0388 0x12d0 DcomLaunch - ok 12:27:42.0424 0x12d0 [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc C:\Windows\System32\defragsvc.dll 12:27:42.0466 0x12d0 defragsvc - ok 12:27:42.0485 0x12d0 [ 9BB2EF44EAA163B29C4A4587887A0FE4, 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F ] DfsC C:\Windows\system32\Drivers\dfsc.sys 12:27:42.0520 0x12d0 DfsC - ok 12:27:42.0578 0x12d0 [ 73BDD44A6088916964945886F9025409, 8E2ECC9AAEF3C6EBA2E61D25F657FDFCC72AB517CC4FD5FFF992E1F9EB942662 ] dg_ssudbus C:\Windows\system32\DRIVERS\ssudbus.sys 12:27:42.0612 0x12d0 dg_ssudbus - ok 12:27:42.0659 0x12d0 [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp C:\Windows\system32\dhcpcore.dll 12:27:42.0711 0x12d0 Dhcp - ok 12:27:42.0834 0x12d0 [ EA8A3E8C674B03CB4AFA1D344DBD7BC1, 564D9370AE4D12973647997684B9637B2A5A7480F66B87018F789CE4E43C8191 ] DiagTrack C:\Windows\system32\diagtrack.dll 12:27:42.0900 0x12d0 DiagTrack - ok 12:27:42.0937 0x12d0 [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache C:\Windows\system32\drivers\discache.sys 12:27:42.0995 0x12d0 discache - ok 12:27:43.0014 0x12d0 [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk C:\Windows\system32\drivers\disk.sys 12:27:43.0028 0x12d0 Disk - ok 12:27:43.0047 0x12d0 [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache C:\Windows\System32\dnsrslvr.dll 12:27:43.0094 0x12d0 Dnscache - ok 12:27:43.0122 0x12d0 [ DD5038774EDF647E0D9F4220B1ADE6FC, 7256B9D27236F750C440B8BA9482E4FA77832241540C9D957486BEC0B9AC0D2A ] dot3svc C:\Windows\System32\dot3svc.dll 12:27:43.0141 0x12d0 dot3svc - ok 12:27:43.0158 0x12d0 [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS C:\Windows\system32\dps.dll 12:27:43.0197 0x12d0 DPS - ok 12:27:43.0232 0x12d0 [ 9B19F34400D24DF84C858A421C205754, 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys 12:27:43.0259 0x12d0 drmkaud - ok 12:27:43.0319 0x12d0 [ 33F90B202E9DD9B7D489EB59310FDC34, 6ECF6669433E090E9CF6B1875AF18D2C06F8CDB3901D58BF89C3E2202574ABBD ] dtsoftbus01 C:\Windows\system32\DRIVERS\dtsoftbus01.sys 12:27:43.0351 0x12d0 dtsoftbus01 - ok 12:27:43.0411 0x12d0 [ F59E2FE2687A5C30598F9099F318EB73, 80A0B1CC758BD3C4AEAB8E5804120D8A145F918B527F41DEF02A0E4EBE170F37 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys 12:27:43.0445 0x12d0 DXGKrnl - ok 12:27:43.0474 0x12d0 EagleX64 - ok 12:27:43.0484 0x12d0 [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost C:\Windows\System32\eapsvc.dll 12:27:43.0516 0x12d0 EapHost - ok 12:27:43.0536 0x12d0 EasyAntiCheat - ok 12:27:43.0649 0x12d0 [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv C:\Windows\system32\drivers\evbda.sys 12:27:43.0799 0x12d0 ebdrv - ok 12:27:43.0836 0x12d0 [ D52C700254E7FBD9BF6D817BA7BA5309, A62A34391AF50B69DE46FE0DF7E79C0E45391B9AD8D99EB83F725E187A7CADAC ] EFS C:\Windows\System32\lsass.exe 12:27:43.0871 0x12d0 EFS - ok 12:27:43.0933 0x12d0 [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr C:\Windows\ehome\ehRecvr.exe 12:27:43.0986 0x12d0 ehRecvr - ok 12:27:44.0005 0x12d0 [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched C:\Windows\ehome\ehsched.exe 12:27:44.0018 0x12d0 ehSched - ok 12:27:44.0042 0x12d0 [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor C:\Windows\system32\drivers\elxstor.sys 12:27:44.0064 0x12d0 elxstor - ok 12:27:44.0080 0x12d0 [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev C:\Windows\system32\drivers\errdev.sys 12:27:44.0122 0x12d0 ErrDev - ok 12:27:44.0181 0x12d0 [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem C:\Windows\system32\es.dll 12:27:44.0232 0x12d0 EventSystem - ok 12:27:44.0256 0x12d0 [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat C:\Windows\system32\drivers\exfat.sys 12:27:44.0294 0x12d0 exfat - ok 12:27:44.0310 0x12d0 [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat C:\Windows\system32\drivers\fastfat.sys 12:27:44.0340 0x12d0 fastfat - ok 12:27:44.0379 0x12d0 [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax C:\Windows\system32\fxssvc.exe 12:27:44.0423 0x12d0 Fax - ok 12:27:44.0440 0x12d0 [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc C:\Windows\system32\drivers\fdc.sys 12:27:44.0451 0x12d0 fdc - ok 12:27:44.0475 0x12d0 [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost C:\Windows\system32\fdPHost.dll 12:27:44.0513 0x12d0 fdPHost - ok 12:27:44.0528 0x12d0 [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub C:\Windows\system32\fdrespub.dll 12:27:44.0570 0x12d0 FDResPub - ok 12:27:44.0589 0x12d0 [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo C:\Windows\system32\drivers\fileinfo.sys 12:27:44.0600 0x12d0 FileInfo - ok 12:27:44.0608 0x12d0 [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace C:\Windows\system32\drivers\filetrace.sys 12:27:44.0650 0x12d0 Filetrace - ok 12:27:44.0661 0x12d0 [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk C:\Windows\system32\drivers\flpydisk.sys 12:27:44.0686 0x12d0 flpydisk - ok 12:27:44.0697 0x12d0 [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys 12:27:44.0712 0x12d0 FltMgr - ok 12:27:44.0815 0x12d0 [ E612E86FA15EA1EF9A52433A2743C447, 8A66164541D2EE2334B6DE3995C31138EA85E3A06BC7FD901E60D345E4E1E8A8 ] FontCache C:\Windows\system32\FntCache.dll 12:27:44.0905 0x12d0 FontCache - ok 12:27:44.0946 0x12d0 [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe 12:27:44.0955 0x12d0 FontCache3.0.0.0 - ok 12:27:45.0070 0x12d0 [ DB557F4BB4E08E340D1C8B764602C4ED, 9D352D215C0131FB5E87DB6B00EBA4CAE5831D8444B01F11468F2D37B412D146 ] FoxitCloudUpdateService C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\Foxit Cloud\FCUpdateService.exe 12:27:45.0087 0x12d0 FoxitCloudUpdateService - ok 12:27:45.0097 0x12d0 [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends C:\Windows\system32\drivers\FsDepends.sys 12:27:45.0107 0x12d0 FsDepends - ok 12:27:45.0136 0x12d0 [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys 12:27:45.0149 0x12d0 Fs_Rec - ok 12:27:45.0203 0x12d0 [ 8F6322049018354F45F05A2FD2D4E5E0, 73BF0FB4EBD7887E992DDEBB79E906958D6678F8D1107E8C368F5A0514D80359 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys 12:27:45.0219 0x12d0 fvevol - ok 12:27:45.0229 0x12d0 [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys 12:27:45.0240 0x12d0 gagp30kx - ok 12:27:45.0275 0x12d0 [ E403AACF8C7BB11375122D2464560311, 0427B8FFD999D256EA1A5135F218692959A7577CB32354D3087CF0FB4F0577DF ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys 12:27:45.0283 0x12d0 GEARAspiWDM - ok 12:27:45.0316 0x12d0 [ 16C2A6BCDDA8952C2035DEC861492A19, 9023CD3A2C1009786A48EF7FBCC97ED1724C836279424A4D465CCE1AFA2DBDDA ] ggflt C:\Windows\system32\DRIVERS\ggflt.sys 12:27:45.0324 0x12d0 ggflt - ok 12:27:45.0339 0x12d0 [ 6B503DF845EABF3457E49FBBDA26C10E, A1553E3822EDEA26D8E67FCC7F9EA40DFBED49EC92FD5674AAF938F2D58CF964 ] ggsemc C:\Windows\system32\DRIVERS\ggsemc.sys 12:27:45.0348 0x12d0 ggsemc - ok 12:27:45.0381 0x12d0 [ 277BBC7E1AA1EE957F573A10ECA7EF3A, 2EE60B924E583E847CC24E78B401EF95C69DB777A5B74E1EC963E18D47B94D24 ] gpsvc C:\Windows\System32\gpsvc.dll 12:27:45.0446 0x12d0 gpsvc - ok 12:27:45.0488 0x12d0 [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe 12:27:45.0520 0x12d0 gupdate - ok 12:27:45.0526 0x12d0 [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe 12:27:45.0538 0x12d0 gupdatem - ok 12:27:45.0586 0x12d0 [ 1E6438D4EA6E1174A3B3B1EDC4DE660B, F9995CFEC7BBFE10B06EEE04CA6B49658275C43096E57747BFF9C2C31A0F9011 ] hamachi C:\Windows\system32\DRIVERS\hamachi.sys 12:27:45.0598 0x12d0 hamachi - ok 12:27:45.0617 0x12d0 [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys 12:27:45.0661 0x12d0 hcw85cir - ok 12:27:45.0694 0x12d0 [ 975761C778E33CD22498059B91E7373A, 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys 12:27:45.0733 0x12d0 HdAudAddService - ok 12:27:45.0755 0x12d0 [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys 12:27:45.0789 0x12d0 HDAudBus - ok 12:27:45.0805 0x12d0 [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt C:\Windows\system32\drivers\HidBatt.sys 12:27:45.0817 0x12d0 HidBatt - ok 12:27:45.0847 0x12d0 [ D6CD30C653887C5BE6DA0B914998C0B5, E608B39A55750B5648501EE83BB067A0DDE0F3BA6A2471D589F5E5271A8D7B1E ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys 12:27:45.0869 0x12d0 HidBth - ok 12:27:45.0905 0x12d0 [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr C:\Windows\system32\drivers\hidir.sys 12:27:45.0920 0x12d0 HidIr - ok 12:27:45.0925 0x12d0 [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv C:\Windows\system32\hidserv.dll 12:27:45.0968 0x12d0 hidserv - ok 12:27:45.0991 0x12d0 [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys 12:27:46.0011 0x12d0 HidUsb - ok 12:27:46.0102 0x12d0 [ 85A8488737454E4A3EC4772FD09B8E1A, 58E4A7030603B9803FE2998DAC7C0624453641E8D7F481C41006710EA8BE02CD ] HiPatchService D:\GameDIR\SMITE\HiPatchService.exe 12:27:46.0121 0x12d0 HiPatchService - detected UnsignedFile.Multi.Generic ( 1 ) 12:27:48.0926 0x12d0 HiPatchService ( UnsignedFile.Multi.Generic ) - warning 12:27:51.0616 0x12d0 [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc C:\Windows\system32\kmsvc.dll 12:27:51.0653 0x12d0 hkmsvc - ok 12:27:51.0677 0x12d0 [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\Windows\system32\ListSvc.dll 12:27:51.0716 0x12d0 HomeGroupListener - ok 12:27:51.0733 0x12d0 [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\Windows\system32\provsvc.dll 12:27:51.0758 0x12d0 HomeGroupProvider - ok 12:27:51.0783 0x12d0 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys 12:27:51.0793 0x12d0 HpSAMD - ok 12:27:51.0885 0x12d0 [ F61634BEC53F73702A10DE69F6DCAF57, BBA7344CF3AB96A46D1A6F1D50F2758EA8D097FE558C38B4EF45C8C334AF96E1 ] HTTP C:\Windows\system32\drivers\HTTP.sys 12:27:51.0960 0x12d0 HTTP - ok 12:27:51.0977 0x12d0 [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys 12:27:51.0987 0x12d0 hwpolicy - ok 12:27:52.0003 0x12d0 [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys 12:27:52.0015 0x12d0 i8042prt - ok 12:27:52.0197 0x12d0 [ AAAF44DB3BD0B9D1FB6969B23ECC8366, 805AA4A9464002D1AB3832E4106B2AAA1331F4281367E75956062AAE99699385 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys 12:27:52.0263 0x12d0 iaStorV - ok 12:27:52.0357 0x12d0 [ C98A5B9D932430AD8EEBD3EF73756EF7, DF7E1D391A0F3345AD61154363922C27BD557DEEACE395A6A8A8A16BFD1BB9A8 ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe 12:27:52.0389 0x12d0 idsvc - ok 12:27:52.0422 0x12d0 IEEtwCollectorService - ok 12:27:52.0432 0x12d0 [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp C:\Windows\system32\drivers\iirsp.sys 12:27:52.0442 0x12d0 iirsp - ok 12:27:52.0492 0x12d0 [ 1E2A51DB8B28CD431D2B5C76A71AAEE3, A356E381C155DF7D3E905696D63A652D1C01D524B6B866C2288ECC5F3B3D4AB9 ] IKEEXT C:\Windows\System32\ikeext.dll 12:27:52.0533 0x12d0 IKEEXT - ok 12:27:52.0567 0x12d0 [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide C:\Windows\system32\drivers\intelide.sys 12:27:52.0576 0x12d0 intelide - ok 12:27:52.0598 0x12d0 [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm C:\Windows\system32\drivers\intelppm.sys 12:27:52.0623 0x12d0 intelppm - ok 12:27:52.0646 0x12d0 [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum C:\Windows\system32\ipbusenum.dll 12:27:52.0687 0x12d0 IPBusEnum - ok 12:27:52.0704 0x12d0 [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys 12:27:52.0744 0x12d0 IpFilterDriver - ok 12:27:52.0841 0x12d0 [ 08C2957BB30058E663720C5606885653, E13EDF6701512E2A9977A531454932CA5023087CB50E1D2F416B8BCDD92B67BE ] iphlpsvc C:\Windows\System32\iphlpsvc.dll 12:27:52.0891 0x12d0 iphlpsvc - ok 12:27:52.0911 0x12d0 [ E277572E61604D174CFBCFCCEAFA9591, A4B1DA0D62424A043A1490C65D61A091919D9D6B03702F0E3FCA73D3D0B882FA ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys 12:27:52.0942 0x12d0 IPMIDRV - ok 12:27:52.0954 0x12d0 [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT C:\Windows\system32\drivers\ipnat.sys 12:27:52.0984 0x12d0 IPNAT - ok 12:27:53.0000 0x12d0 [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM C:\Windows\system32\drivers\irenum.sys 12:27:53.0025 0x12d0 IRENUM - ok 12:27:53.0040 0x12d0 [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp C:\Windows\system32\drivers\isapnp.sys 12:27:53.0050 0x12d0 isapnp - ok 12:27:53.0071 0x12d0 [ 96BB922A0981BC7432C8CF52B5410FE6, 236C05509B1040059B15021CBBDBDAF3B9C0F00910142BE5887B2C7561BAAFBA ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys 12:27:53.0085 0x12d0 iScsiPrt - ok 12:27:53.0095 0x12d0 [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys 12:27:53.0106 0x12d0 kbdclass - ok 12:27:53.0115 0x12d0 [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys 12:27:53.0136 0x12d0 kbdhid - ok 12:27:53.0151 0x12d0 [ D52C700254E7FBD9BF6D817BA7BA5309, A62A34391AF50B69DE46FE0DF7E79C0E45391B9AD8D99EB83F725E187A7CADAC ] KeyIso C:\Windows\system32\lsass.exe 12:27:53.0161 0x12d0 KeyIso - ok 12:27:53.0172 0x12d0 KMService - ok 12:27:53.0203 0x12d0 [ BBF27F6B5E7F5676A085B3065FB5C512, CFA9FD7BEBDDF4AA5D5381A02EC93FC726D85A8C2376A612DC119A48C6C780E6 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys 12:27:53.0214 0x12d0 KSecDD - ok 12:27:53.0234 0x12d0 [ 939B29DD43E813E75DBC21B409C26142, 29A90EB54B001688963E01D9F971CABBC4A6C2411A3D18B4626DA77B92B7DAEE ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys 12:27:53.0247 0x12d0 KSecPkg - ok 12:27:53.0261 0x12d0 [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk C:\Windows\system32\drivers\ksthunk.sys 12:27:53.0289 0x12d0 ksthunk - ok 12:27:53.0311 0x12d0 [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm C:\Windows\system32\msdtckrm.dll 12:27:53.0347 0x12d0 KtmRm - ok 12:27:53.0371 0x12d0 [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer C:\Windows\system32\srvsvc.dll 12:27:53.0403 0x12d0 LanmanServer - ok 12:27:53.0429 0x12d0 [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll 12:27:53.0471 0x12d0 LanmanWorkstation - ok 12:27:53.0490 0x12d0 [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys 12:27:53.0531 0x12d0 lltdio - ok 12:27:53.0553 0x12d0 [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc C:\Windows\System32\lltdsvc.dll 12:27:53.0594 0x12d0 lltdsvc - ok 12:27:53.0610 0x12d0 [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts C:\Windows\System32\lmhsvc.dll 12:27:53.0658 0x12d0 lmhosts - ok 12:27:53.0689 0x12d0 [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys 12:27:53.0701 0x12d0 LSI_FC - ok 12:27:53.0716 0x12d0 [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys 12:27:53.0728 0x12d0 LSI_SAS - ok 12:27:53.0736 0x12d0 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys 12:27:53.0746 0x12d0 LSI_SAS2 - ok 12:27:53.0760 0x12d0 [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys 12:27:53.0772 0x12d0 LSI_SCSI - ok 12:27:53.0799 0x12d0 [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv C:\Windows\system32\drivers\luafv.sys 12:27:53.0844 0x12d0 luafv - ok 12:27:53.0893 0x12d0 [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll 12:27:53.0905 0x12d0 Mcx2Svc - ok 12:27:53.0920 0x12d0 [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas C:\Windows\system32\drivers\megasas.sys 12:27:53.0930 0x12d0 megasas - ok 12:27:53.0946 0x12d0 [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys 12:27:53.0961 0x12d0 MegaSR - ok 12:27:54.0141 0x12d0 Microsoft SharePoint Workspace Audit Service - ok 12:27:54.0194 0x12d0 [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS C:\Windows\system32\mmcss.dll 12:27:54.0257 0x12d0 MMCSS - ok 12:27:54.0286 0x12d0 [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem C:\Windows\system32\drivers\modem.sys 12:27:54.0312 0x12d0 Modem - ok 12:27:54.0331 0x12d0 [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor C:\Windows\system32\DRIVERS\monitor.sys 12:27:54.0342 0x12d0 monitor - ok 12:27:54.0369 0x12d0 [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys 12:27:54.0381 0x12d0 mouclass - ok 12:27:54.0399 0x12d0 [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys 12:27:54.0419 0x12d0 mouhid - ok 12:27:54.0503 0x12d0 [ 87BCD1034CBF33537D4D4C251D39BA26, CB9DD235B62B79383F99873D75E26EEA5EE7914CA89E4B75992207F83420437F ] mountmgr C:\Windows\system32\drivers\mountmgr.sys 12:27:54.0522 0x12d0 mountmgr - ok 12:27:54.0626 0x12d0 [ DD370A8148862150BA81A3F5C56A1E40, F56B84297BDC32266CB69D10FB2D66B8B332D60CAB7E64E4E3AC2BB749BBD31B ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe 12:27:54.0650 0x12d0 MozillaMaintenance - ok 12:27:54.0689 0x12d0 [ D034667EE98E06ECE149E3C36A4998E1, 1C29FDB149A3537C40F80C856EF4FFFBE43957459C13AE4C7C166B7354C2B425 ] mpio C:\Windows\system32\drivers\mpio.sys 12:27:54.0712 0x12d0 mpio - ok 12:27:54.0728 0x12d0 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys 12:27:54.0775 0x12d0 mpsdrv - ok 12:27:54.0830 0x12d0 [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc C:\Windows\system32\mpssvc.dll 12:27:54.0884 0x12d0 MpsSvc - ok 12:27:54.0916 0x12d0 [ 0AE0AB07EB9166EA6030153830148C02, 03525A7BD53657EEEBD3CE1EA9360A93B4954DE5FA0363697BEDAF6EEFADDA9D ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys 12:27:54.0931 0x12d0 MRxDAV - ok 12:27:54.0947 0x12d0 [ A5D9106A73DC88564C825D317CAC68AC, 0457B2AEA4E05A91D0E43F317894A614434D8CEBE35020785387F307E231FBE4 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys 12:27:54.0970 0x12d0 mrxsmb - ok 12:27:55.0009 0x12d0 [ 7C95D3C4E3DA5289CE94E408DDC42E0D, DC72F8C9E2BE0478FB528E6FE123863D88BF79F14097F5CD3EA985746464BA9A ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys 12:27:55.0041 0x12d0 mrxsmb10 - ok 12:27:55.0048 0x12d0 [ 9423E9D355C8D303E76B8CFBD8A5C30C, 220B33F120C2DD937FE4D5664F4B581DC0ACF78D62EB56B7720888F67B9644CC ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys 12:27:55.0064 0x12d0 mrxsmb20 - ok 12:27:55.0087 0x12d0 [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci C:\Windows\system32\drivers\msahci.sys 12:27:55.0095 0x12d0 msahci - ok 12:27:55.0111 0x12d0 [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm C:\Windows\system32\drivers\msdsm.sys 12:27:55.0119 0x12d0 msdsm - ok 12:27:55.0142 0x12d0 [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC C:\Windows\System32\msdtc.exe 12:27:55.0166 0x12d0 MSDTC - ok 12:27:55.0173 0x12d0 [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs C:\Windows\system32\drivers\Msfs.sys 12:27:55.0197 0x12d0 Msfs - ok 12:27:55.0212 0x12d0 [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys 12:27:55.0244 0x12d0 mshidkmdf - ok 12:27:55.0251 0x12d0 [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys 12:27:55.0259 0x12d0 msisadrv - ok 12:27:55.0291 0x12d0 [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI C:\Windows\system32\iscsiexe.dll 12:27:55.0337 0x12d0 MSiSCSI - ok 12:27:55.0337 0x12d0 msiserver - ok 12:27:55.0369 0x12d0 [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys 12:27:55.0408 0x12d0 MSKSSRV - ok 12:27:55.0423 0x12d0 [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys 12:27:55.0462 0x12d0 MSPCLOCK - ok 12:27:55.0478 0x12d0 [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM C:\Windows\system32\drivers\MSPQM.sys 12:27:55.0501 0x12d0 MSPQM - ok 12:27:55.0525 0x12d0 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys 12:27:55.0541 0x12d0 MsRPC - ok 12:27:55.0548 0x12d0 [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys 12:27:55.0556 0x12d0 mssmbios - ok 12:27:55.0564 0x12d0 [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE C:\Windows\system32\drivers\MSTEE.sys 12:27:55.0603 0x12d0 MSTEE - ok 12:27:55.0642 0x12d0 [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig C:\Windows\system32\drivers\MTConfig.sys 12:27:55.0650 0x12d0 MTConfig - ok 12:27:55.0666 0x12d0 [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup C:\Windows\system32\Drivers\mup.sys 12:27:55.0673 0x12d0 Mup - ok 12:27:55.0697 0x12d0 [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent C:\Windows\system32\qagentRT.dll 12:27:55.0728 0x12d0 napagent - ok 12:27:55.0759 0x12d0 [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys 12:27:55.0791 0x12d0 NativeWifiP - ok 12:27:55.0845 0x12d0 [ 5E74508FCB5820B29EEAFE24E6035BCF, 8AE934AFF488A9D91072ECF040A475549A808CCC4AE347FB64F4251D43FE1276 ] NDIS C:\Windows\system32\drivers\ndis.sys 12:27:55.0876 0x12d0 NDIS - ok 12:27:55.0892 0x12d0 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys 12:27:55.0931 0x12d0 NdisCap - ok 12:27:55.0955 0x12d0 [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys 12:27:55.0978 0x12d0 NdisTapi - ok 12:27:55.0994 0x12d0 [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys 12:27:56.0033 0x12d0 Ndisuio - ok 12:27:56.0048 0x12d0 [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys 12:27:56.0087 0x12d0 NdisWan - ok 12:27:56.0103 0x12d0 [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys 12:27:56.0134 0x12d0 NDProxy - ok 12:27:56.0228 0x12d0 [ C7F5C284B6F46FCAF6910EA4E644700B, 754B11B71C06BC597EC5685E20772B604326C421BBD234BCD90678FD57C07768 ] Nero BackItUp Scheduler 4.0 C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe 12:27:56.0259 0x12d0 Nero BackItUp Scheduler 4.0 - ok 12:27:56.0259 0x12d0 [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys 12:27:56.0291 0x12d0 NetBIOS - ok 12:27:56.0306 0x12d0 [ 09594D1089C523423B32A4229263F068, 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys 12:27:56.0345 0x12d0 NetBT - ok 12:27:56.0361 0x12d0 [ D52C700254E7FBD9BF6D817BA7BA5309, A62A34391AF50B69DE46FE0DF7E79C0E45391B9AD8D99EB83F725E187A7CADAC ] Netlogon C:\Windows\system32\lsass.exe 12:27:56.0376 0x12d0 Netlogon - ok 12:27:56.0408 0x12d0 [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman C:\Windows\System32\netman.dll 12:27:56.0439 0x12d0 Netman - ok 12:27:56.0478 0x12d0 [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 12:27:56.0501 0x12d0 NetMsmqActivator - ok 12:27:56.0525 0x12d0 [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 12:27:56.0533 0x12d0 NetPipeActivator - ok 12:27:56.0564 0x12d0 [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm C:\Windows\System32\netprofm.dll 12:27:56.0595 0x12d0 netprofm - ok 12:27:56.0603 0x12d0 [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 12:27:56.0619 0x12d0 NetTcpActivator - ok 12:27:56.0619 0x12d0 [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 12:27:56.0634 0x12d0 NetTcpPortSharing - ok 12:27:56.0650 0x12d0 [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys 12:27:56.0658 0x12d0 nfrd960 - ok 12:27:56.0697 0x12d0 [ 8B301D474B478E9A92823BAB50A7BC49, 8181816035F41B1DABEC05E65E4F67BCD785F56760A61F1049E91BA39D42F01D ] NlaSvc C:\Windows\System32\nlasvc.dll 12:27:56.0736 0x12d0 NlaSvc - ok 12:27:56.0767 0x12d0 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs C:\Windows\system32\drivers\Npfs.sys 12:27:56.0798 0x12d0 Npfs - ok 12:27:56.0806 0x12d0 [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi C:\Windows\system32\nsisvc.dll 12:27:56.0845 0x12d0 nsi - ok 12:27:56.0861 0x12d0 [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys 12:27:56.0884 0x12d0 nsiproxy - ok 12:27:56.0962 0x12d0 [ 1A29A59A4C5BA6F8C85062A613B7E2B2, CC137F499A12C724D4166C2D85E9F447413419A0683DAC6F1A802B7F210C77F1 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys 12:27:57.0025 0x12d0 Ntfs - ok 12:27:57.0041 0x12d0 [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null C:\Windows\system32\drivers\Null.sys 12:27:57.0072 0x12d0 Null - ok 12:27:57.0103 0x12d0 [ 0A92CB65770442ED0DC44834632F66AD, 581327F07A68DBD5CC749214BE5F1211FC2CE41C7A4F0656B680AFB51A35ACE7 ] nvraid C:\Windows\system32\drivers\nvraid.sys 12:27:57.0119 0x12d0 nvraid - ok 12:27:57.0126 0x12d0 [ DAB0E87525C10052BF65F06152F37E4A, AD9BFF0D5FD3FFB95C758B478E1F6A9FE45E7B37AEC71EB5070D292FEAAEDF37 ] nvstor C:\Windows\system32\drivers\nvstor.sys 12:27:57.0142 0x12d0 nvstor - ok 12:27:57.0181 0x12d0 [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp C:\Windows\system32\drivers\nv_agp.sys 12:27:57.0189 0x12d0 nv_agp - ok 12:27:57.0205 0x12d0 [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys 12:27:57.0236 0x12d0 ohci1394 - ok 12:27:57.0298 0x12d0 [ 447D71FFCEFAD01D6787422A6286A182, A0C78B16387EAF91AE0FDCCE7FEFB7FE1E5D6A99B652CFE52A73E0750038BD38 ] OpenVPNService C:\Program Files (x86)\OpenVPN\bin\openvpnserv.exe 12:27:57.0384 0x12d0 OpenVPNService - detected UnsignedFile.Multi.Generic ( 1 ) 12:28:00.0119 0x12d0 Detect skipped due to KSN trusted 12:28:00.0119 0x12d0 OpenVPNService - ok 12:28:00.0166 0x12d0 [ 9D10F99A6712E28F8ACD5641E3A7EA6B, 70964A0ED9011EA94044E15FA77EDD9CF535CC79ED8E03A3721FF007E69595CC ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE 12:28:00.0181 0x12d0 ose - ok 12:28:00.0361 0x12d0 [ 61BFFB5F57AD12F83AB64B7181829B34, 1DD0DD35E4158F95765EE6639F217DF03A0A19E624E020DBA609268C08A13846 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE 12:28:00.0509 0x12d0 osppsvc - ok 12:28:00.0548 0x12d0 [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc C:\Windows\system32\pnrpsvc.dll 12:28:00.0580 0x12d0 p2pimsvc - ok 12:28:00.0611 0x12d0 [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc C:\Windows\system32\p2psvc.dll 12:28:00.0650 0x12d0 p2psvc - ok 12:28:00.0681 0x12d0 [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport C:\Windows\system32\DRIVERS\parport.sys 12:28:00.0689 0x12d0 Parport - ok 12:28:00.0720 0x12d0 [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr C:\Windows\system32\drivers\partmgr.sys 12:28:00.0728 0x12d0 partmgr - ok 12:28:00.0759 0x12d0 [ DB2D62AA2DF6B1F3D690A9EC9701AA2C, BEAC55E1AA0494565F1547DF5E6FE20FCEA66461764C016FCB68D8BFF0F0C375 ] PcaSvc C:\Windows\System32\pcasvc.dll 12:28:00.0798 0x12d0 PcaSvc - ok 12:28:00.0806 0x12d0 pccsmcfd - ok 12:28:00.0830 0x12d0 [ B26E102E0F54773119B162F56C9DD994, B28724DF87E838CFF7AC0E70E66C5F8FFA21B66BAEF8AE9CA148A7B51EF316CF ] pci C:\Windows\system32\drivers\pci.sys 12:28:00.0837 0x12d0 pci - ok 12:28:00.0861 0x12d0 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide C:\Windows\system32\drivers\pciide.sys 12:28:00.0869 0x12d0 pciide - ok 12:28:00.0884 0x12d0 [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys 12:28:00.0900 0x12d0 pcmcia - ok 12:28:00.0916 0x12d0 [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw C:\Windows\system32\drivers\pcw.sys 12:28:00.0923 0x12d0 pcw - ok 12:28:00.0955 0x12d0 [ ED6E75158D28D33A2E2A020AC5B2B59D, 0F364D9A88304C45F31318605C417A70A9D0E4CF087D73E949B42C12CC76CD6C ] PEAUTH C:\Windows\system32\drivers\peauth.sys 12:28:01.0001 0x12d0 PEAUTH - ok 12:28:01.0056 0x12d0 [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost C:\Windows\SysWow64\perfhost.exe 12:28:01.0072 0x12d0 PerfHost - ok 12:28:01.0134 0x12d0 [ 601E47C30CEA734CEE883D9A6FAA8032, 48FD78C1C68AD2AF4F1332E76CABF0589317173B16EEB350BEC0DBC6054F9576 ] pla C:\Windows\system32\pla.dll 12:28:01.0205 0x12d0 pla - ok 12:28:01.0251 0x12d0 [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay C:\Windows\system32\umpnpmgr.dll 12:28:01.0283 0x12d0 PlugPlay - ok 12:28:01.0384 0x12d0 PnkBstrA - ok 12:28:01.0400 0x12d0 [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll 12:28:01.0416 0x12d0 PNRPAutoReg - ok 12:28:01.0431 0x12d0 [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc C:\Windows\system32\pnrpsvc.dll 12:28:01.0447 0x12d0 PNRPsvc - ok 12:28:01.0478 0x12d0 [ 4F15D75ADF6156BF56ECED6D4A55C389, 2ADA3EA69A5D7EC2A4D2DD89178DB94EAFDDF95F07B0070D654D9F7A5C12A044 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll 12:28:01.0509 0x12d0 PolicyAgent - ok 12:28:01.0533 0x12d0 [ A2CCA4FB273E6050F17A0A416CFF2FCD, C42BA18DF0C8E3F7358669A784E51E4DC7A4112096345EA699EDC95F561E0255 ] Power C:\Windows\system32\umpo.dll 12:28:01.0572 0x12d0 Power - ok 12:28:01.0595 0x12d0 [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys 12:28:01.0619 0x12d0 PptpMiniport - ok 12:28:01.0642 0x12d0 [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor C:\Windows\system32\drivers\processr.sys 12:28:01.0658 0x12d0 Processor - ok 12:28:01.0697 0x12d0 [ D0891D2F5D63DAB719F005919762912C, F187C38764D01AE3FD7CF711DF8B5FE8EB455186F104D5A76FB9DD7443066352 ] ProfSvc C:\Windows\system32\profsvc.dll 12:28:01.0736 0x12d0 ProfSvc - ok 12:28:01.0751 0x12d0 [ D52C700254E7FBD9BF6D817BA7BA5309, A62A34391AF50B69DE46FE0DF7E79C0E45391B9AD8D99EB83F725E187A7CADAC ] ProtectedStorage C:\Windows\system32\lsass.exe 12:28:01.0759 0x12d0 ProtectedStorage - ok 12:28:01.0783 0x12d0 [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched C:\Windows\system32\DRIVERS\pacer.sys 12:28:01.0806 0x12d0 Psched - ok 12:28:01.0861 0x12d0 [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300 C:\Windows\system32\drivers\ql2300.sys 12:28:01.0916 0x12d0 ql2300 - ok 12:28:01.0931 0x12d0 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx C:\Windows\system32\drivers\ql40xx.sys 12:28:01.0947 0x12d0 ql40xx - ok 12:28:01.0970 0x12d0 [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE C:\Windows\system32\qwave.dll 12:28:01.0994 0x12d0 QWAVE - ok 12:28:02.0001 0x12d0 [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys 12:28:02.0017 0x12d0 QWAVEdrv - ok 12:28:02.0025 0x12d0 [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys 12:28:02.0064 0x12d0 RasAcd - ok 12:28:02.0087 0x12d0 [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys 12:28:02.0119 0x12d0 RasAgileVpn - ok 12:28:02.0126 0x12d0 [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto C:\Windows\System32\rasauto.dll 12:28:02.0166 0x12d0 RasAuto - ok 12:28:02.0173 0x12d0 [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys 12:28:02.0205 0x12d0 Rasl2tp - ok 12:28:02.0228 0x12d0 [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan C:\Windows\System32\rasmans.dll 12:28:02.0275 0x12d0 RasMan - ok 12:28:02.0298 0x12d0 [ 77682DE44B334E6AAFCD0ED61FB7404F, C95DF9113D8B777BC9CFE319A710C9293210377F531F0C38FA38C588B8A3F5B4 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys 12:28:02.0322 0x12d0 RasPppoe - ok 12:28:02.0337 0x12d0 [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys 12:28:02.0384 0x12d0 RasSstp - ok 12:28:02.0408 0x12d0 [ C7C154DF801D9887AB3DD56B397006EF, 9E62247F66B1E01A2B0B4F2EBBC54E1CE9EEC5FB35B0CB4563B87B2F26392D3B ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys 12:28:02.0423 0x12d0 rdbss - ok 12:28:02.0439 0x12d0 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus C:\Windows\system32\drivers\rdpbus.sys 12:28:02.0447 0x12d0 rdpbus - ok 12:28:02.0462 0x12d0 [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys 12:28:02.0501 0x12d0 RDPCDD - ok 12:28:02.0556 0x12d0 [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys 12:28:02.0619 0x12d0 RDPENCDD - ok 12:28:02.0642 0x12d0 [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys 12:28:02.0705 0x12d0 RDPREFMP - ok 12:28:02.0744 0x12d0 [ FE571E088C2D83619D2D48D4E961BF41, 88C5A2FCB1D0E528657842E39963471A6E42FCA3FCDF37955AEC8258AB4C48EA ] RDPWD C:\Windows\system32\drivers\RDPWD.sys 12:28:02.0767 0x12d0 RDPWD - ok 12:28:02.0783 0x12d0 [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost C:\Windows\system32\drivers\rdyboost.sys 12:28:02.0798 0x12d0 rdyboost - ok 12:28:02.0845 0x12d0 [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess C:\Windows\System32\mprdim.dll 12:28:02.0884 0x12d0 RemoteAccess - ok 12:28:02.0923 0x12d0 [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry C:\Windows\system32\regsvc.dll 12:28:02.0962 0x12d0 RemoteRegistry - ok 12:28:03.0009 0x12d0 [ 3DD798846E2C28102B922C56E71B7932, 30B111615D74CB2213997A5C08DD9C8613ADE441D9423CC1C49A753D13CE524D ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys 12:28:03.0025 0x12d0 RFCOMM - ok 12:28:03.0064 0x12d0 [ CAF88D6573D21CD2AA27001DDBFDC74D, 8256B93E586953F1B594BFFA1F005DB08325CAF1729A93820B09F60DAA998C97 ] RMCAST C:\Windows\system32\DRIVERS\RMCAST.sys 12:28:03.0087 0x12d0 RMCAST - ok 12:28:03.0095 0x12d0 [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll 12:28:03.0126 0x12d0 RpcEptMapper - ok 12:28:03.0134 0x12d0 [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator C:\Windows\system32\locator.exe 12:28:03.0158 0x12d0 RpcLocator - ok 12:28:03.0197 0x12d0 [ 225EFEE8960E554F3AB9A4A91790C039, A203583BECB4FE11300AF6B069D36632306AD0E7024618E5703392631C0A42A9 ] RpcSs C:\Windows\system32\rpcss.dll 12:28:03.0212 0x12d0 RpcSs - ok 12:28:03.0220 0x12d0 [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys 12:28:03.0259 0x12d0 rspndr - ok 12:28:03.0291 0x12d0 [ A73ED14670220307874AD6BC2F279349, 0AAAB96BD5CCE5AE6334D0D43BE9AEB1EB2C8EFA6996289595FB7D394E11B444 ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys 12:28:03.0306 0x12d0 RTL8167 - ok 12:28:03.0353 0x12d0 [ 858C15A70AF2900C03DAA4419B973903, 9BF8E054DBED4931856E0921FE46898972D8678D7DD42F82C71FCD01B81AACB4 ] SaiK0CD5 C:\Windows\system32\DRIVERS\SaiK0CD5.sys 12:28:03.0369 0x12d0 SaiK0CD5 - ok 12:28:03.0392 0x12d0 [ 85C9ACF89D132237EA00211B8727DA4A, 6E750289A2AC72C9BD3D60C90886043A464C02576F4BFAD1430CDCA17C5B1016 ] SaiMini C:\Windows\system32\DRIVERS\SaiMini.sys 12:28:03.0400 0x12d0 SaiMini - ok 12:28:03.0416 0x12d0 [ 4BA85056D51E4F63FB408E2BE6AA1066, 934D1A529D72447FD61AF483BC6F8AD8C1CBFCAE17CB28EEF19AF921EC032C0E ] SaiNtBus C:\Windows\system32\drivers\SaiBus.sys 12:28:03.0423 0x12d0 SaiNtBus - ok 12:28:03.0431 0x12d0 [ 866EFD804302483DE27E3947B25D0FAB, 71AD1228A6ACFAD67ECE3F5F1A323FE1882D3F8712CEAE69BF8DB25A1A7776ED ] SaiU0CD5 C:\Windows\system32\DRIVERS\SaiU0CD5.sys 12:28:03.0439 0x12d0 SaiU0CD5 - ok 12:28:03.0447 0x12d0 [ D52C700254E7FBD9BF6D817BA7BA5309, A62A34391AF50B69DE46FE0DF7E79C0E45391B9AD8D99EB83F725E187A7CADAC ] SamSs C:\Windows\system32\lsass.exe 12:28:03.0455 0x12d0 SamSs - ok 12:28:03.0533 0x12d0 [ 791EE9F4A82FC4E13133F107C1C4C286, F7B9E57D08EF68B17ADF70C2D1F7623EAE13CAADE5ACFF4CD54FB89DFDEAD9C6 ] SAVAdminService C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe 12:28:03.0548 0x12d0 SAVAdminService - ok 12:28:03.0580 0x12d0 [ 54C1EDAE9DF790450A73F5CF42CBEEEC, FF2BB46F1EBCAF567B313A210A599B1794A5FAF1C766EC96F33A694B0EABF3E6 ] SAVOnAccess C:\Windows\system32\DRIVERS\savonaccess.sys 12:28:03.0595 0x12d0 SAVOnAccess - ok 12:28:03.0611 0x12d0 [ D99F39D77432D1E979C1D918597C8A3E, 738740DB028B9A9838466714914A844AF72A669BAE1243123780F2C2FCD132CC ] SAVService C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe 12:28:03.0626 0x12d0 SAVService - ok 12:28:03.0642 0x12d0 [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys 12:28:03.0650 0x12d0 sbp2port - ok 12:28:03.0666 0x12d0 [ 38224FF66A734F973D10E1465AD4CB07, 07E4A77F08987BBF2ACE4DB18060F7A3201D72EC6EBAB6E8630C66F2119791CB ] SCardSvr C:\Windows\System32\SCardSvr.dll 12:28:03.0681 0x12d0 SCardSvr - ok 12:28:03.0689 0x12d0 [ CDF622EFC748F82EA9571138406871EA, 80B4A3C00739D9FA2CBA06210873D919C1A65DC3D8F9849AE8AB4653A1217AC8 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys 12:28:03.0712 0x12d0 scfilter - ok 12:28:03.0759 0x12d0 [ 262F6592C3299C005FD6BEC90FC4463A, 54095E37F0B6CC677A3E9BDD40F4647C713273D197DB341063AA7F342A60C4A7 ] Schedule C:\Windows\system32\schedsvc.dll 12:28:03.0837 0x12d0 Schedule - ok 12:28:03.0853 0x12d0 [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc C:\Windows\System32\certprop.dll 12:28:03.0861 0x12d0 SCPolicySvc - ok 12:28:03.0876 0x12d0 [ 75B98959013B22F8F40C08095B8AB73C, EF608EFBF72AF48EFC9352FCEDF0523BDBA6055612FFD22654E3B241AA9C8033 ] sdcfilter C:\Windows\system32\DRIVERS\sdcfilter.sys 12:28:03.0884 0x12d0 sdcfilter - ok 12:28:03.0900 0x12d0 [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC C:\Windows\System32\SDRSVC.dll 12:28:03.0923 0x12d0 SDRSVC - ok 12:28:04.0017 0x12d0 [ D777F1417D9BB9F66CD9D9C3B61F730F, 0CBD830EB9D2B0F1946131F20907793B2D68A3BCEEC3EA5416972149F73DC815 ] SDScannerService C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe 12:28:04.0064 0x12d0 SDScannerService - ok 12:28:04.0119 0x12d0 [ 68D6C7F99BC73B88954D844FCCBEB2A0, F746861B103C8BE8EA234B9FCFBBDD2412C79FB65F2F1E0F5E6EBC0B34905FF1 ] SDUpdateService C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe 12:28:04.0166 0x12d0 SDUpdateService - ok 12:28:04.0189 0x12d0 [ 9B9B368A8FF5CAF91D7A333CF62CD2CC, A4AE7FFBBAF983BFDE15B521ED162CBC4E6FC85BCDB200C75D45878B3FFDFA68 ] SDWSCService C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe 12:28:04.0197 0x12d0 SDWSCService - ok 12:28:04.0220 0x12d0 [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv C:\Windows\system32\drivers\secdrv.sys 12:28:04.0251 0x12d0 secdrv - ok 12:28:04.0267 0x12d0 [ BC617A4E1B4FA8DF523A061739A0BD87, 10C4057F6B321EB5237FF619747B74F5401BC17D15A8C7060829E8204A2297F9 ] seclogon C:\Windows\system32\seclogon.dll 12:28:04.0291 0x12d0 seclogon - ok 12:28:04.0298 0x12d0 [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS C:\Windows\System32\sens.dll 12:28:04.0330 0x12d0 SENS - ok 12:28:04.0337 0x12d0 [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc C:\Windows\system32\sensrsvc.dll 12:28:04.0376 0x12d0 SensrSvc - ok 12:28:04.0384 0x12d0 [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys 12:28:04.0400 0x12d0 Serenum - ok 12:28:04.0416 0x12d0 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial C:\Windows\system32\DRIVERS\serial.sys 12:28:04.0423 0x12d0 Serial - ok 12:28:04.0431 0x12d0 [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse C:\Windows\system32\drivers\sermouse.sys 12:28:04.0447 0x12d0 sermouse - ok 12:28:04.0462 0x12d0 [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv C:\Windows\system32\sessenv.dll 12:28:04.0494 0x12d0 SessionEnv - ok 12:28:04.0501 0x12d0 [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys 12:28:04.0509 0x12d0 sffdisk - ok 12:28:04.0517 0x12d0 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys 12:28:04.0548 0x12d0 sffp_mmc - ok 12:28:04.0548 0x12d0 [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys 12:28:04.0564 0x12d0 sffp_sd - ok 12:28:04.0580 0x12d0 [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys 12:28:04.0595 0x12d0 sfloppy - ok 12:28:04.0634 0x12d0 [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess C:\Windows\System32\ipnathlp.dll 12:28:04.0666 0x12d0 SharedAccess - ok 12:28:04.0697 0x12d0 [ EA9092F3DB26EDC7199AB64C9EF0D2D7, 2FD5AFD91CF50FEEE0E5C59590C471BE61470E1C0BF4DC3745B75739BB0769F3 ] ShellHWDetection C:\Windows\System32\shsvcs.dll 12:28:04.0728 0x12d0 ShellHWDetection - ok 12:28:04.0736 0x12d0 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys 12:28:04.0744 0x12d0 SiSRaid2 - ok 12:28:04.0759 0x12d0 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys 12:28:04.0775 0x12d0 SiSRaid4 - ok 12:28:04.0791 0x12d0 [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb C:\Windows\system32\DRIVERS\smb.sys 12:28:04.0814 0x12d0 Smb - ok 12:28:04.0830 0x12d0 [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP C:\Windows\System32\snmptrap.exe 12:28:04.0845 0x12d0 SNMPTRAP - ok 12:28:04.0916 0x12d0 [ 3A4F2C0BB87A0895ABEBA341AA1E341B, 4DADEEF3C5D181502D6F4A00FBBF3B001FA626E49569FB330D7AE2955CC7DE08 ] Sony PC Companion C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe 12:28:04.0923 0x12d0 Sony PC Companion - ok 12:28:04.0986 0x12d0 [ BEBFF064A8DC3C2FF634B7CFDCF6778B, DB49FDBB625112EFABC9E893DB61DD2E92F1BD06191450C33BF95FCEF0F415AA ] Sophos AutoUpdate Service C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe 12:28:05.0001 0x12d0 Sophos AutoUpdate Service - ok 12:28:05.0048 0x12d0 [ E26625A4A22E5BADF495B8FB613F27AD, C040328B0838A1DD2F5E12863611B3755681697D1ADA2F0C014694762B4F8F72 ] Sophos Web Control Service C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe 12:28:05.0064 0x12d0 Sophos Web Control Service - ok 12:28:05.0087 0x12d0 [ FFD056D55C46946ACA218F0A61DA2743, A9E3910EBEFC8674704F42C6D43A12A521C212B911D46FCD669D8AAFA8381C55 ] SophosBootDriver C:\Windows\system32\DRIVERS\SophosBootDriver.sys 12:28:05.0095 0x12d0 SophosBootDriver - ok 12:28:05.0111 0x12d0 [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr C:\Windows\system32\drivers\spldr.sys 12:28:05.0119 0x12d0 spldr - ok 12:28:05.0158 0x12d0 [ B9D7A4858CF32A6A15D2763F1DE47E0E, 428B1B19A4FCD6F6A160202BC1616AECCA98F80853BBF45A47F838E101A91D58 ] Spooler C:\Windows\System32\spoolsv.exe 12:28:05.0181 0x12d0 Spooler - ok 12:28:05.0283 0x12d0 [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc C:\Windows\system32\sppsvc.exe 12:28:05.0408 0x12d0 sppsvc - ok 12:28:05.0431 0x12d0 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify C:\Windows\system32\sppuinotify.dll 12:28:05.0462 0x12d0 sppuinotify - ok 12:28:05.0478 0x12d0 sptd - ok 12:28:05.0509 0x12d0 [ 10586F14752ACE786AB120FF8BB6BDA4, 843BC68BE685A9B04BBF4BBD94ECDF58F9EF668859E4C68F23D9B7B69D2A1E00 ] srv C:\Windows\system32\DRIVERS\srv.sys 12:28:05.0533 0x12d0 srv - ok 12:28:05.0548 0x12d0 [ E10010AC9A4E8D7676EC89700BB6A24C, 1B76DC3C5C9E3651D60A8E5AF12AF779C575FA10E6E8232F7BBEBAA736EFAC02 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys 12:28:05.0564 0x12d0 srv2 - ok 12:28:05.0572 0x12d0 [ 27E461F0BE5BFF5FC737328F749538C3, AFA4704ED8FFC1A0BAB40DFB81D3AE3F3D933A3C9BF54DDAF39FF9AF3646D9E6 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys 12:28:05.0595 0x12d0 srvnet - ok 12:28:05.0611 0x12d0 [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll 12:28:05.0642 0x12d0 SSDPSRV - ok 12:28:05.0658 0x12d0 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc C:\Windows\system32\sstpsvc.dll 12:28:05.0681 0x12d0 SstpSvc - ok 12:28:05.0720 0x12d0 [ 5252D7BC56E5E0ED715AEA8FE173A455, 1408B3E98B35A449434718777EE70595F0D306197A428279C6281D2F1953F259 ] ssudmdm C:\Windows\system32\DRIVERS\ssudmdm.sys 12:28:05.0736 0x12d0 ssudmdm - ok 12:28:05.0822 0x12d0 [ 25C16F7D749F1BA7D573756338658727, 4A4056F34C0D34D793E0A24D37842F8122A5C072F9A2ED9192763FB0CC8FDADC ] Steam Client Service C:\Program Files (x86)\Common Files\Steam\SteamService.exe 12:28:05.0845 0x12d0 Steam Client Service - ok 12:28:05.0869 0x12d0 [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor C:\Windows\system32\drivers\stexstor.sys 12:28:05.0876 0x12d0 stexstor - ok 12:28:05.0908 0x12d0 [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc C:\Windows\System32\wiaservc.dll 12:28:05.0939 0x12d0 stisvc - ok 12:28:05.0955 0x12d0 [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum C:\Windows\system32\DRIVERS\swenum.sys 12:28:05.0962 0x12d0 swenum - ok 12:28:06.0080 0x12d0 [ 5399E281726EAF0307EBF804A693ED40, 0AE45B2ECE26A87BF0E535AFDC7376EED2A7645C8CC810BE9D6D1330199BE28E ] swi_service C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe 12:28:06.0150 0x12d0 swi_service - ok 12:28:06.0267 0x12d0 [ A298C4D7C94C79D40739E89F9D8CE65E, 6C716C3E95637048613CEBFEDB38EB4AFFBE9287A53A3C6979EE4B8F5BCBEC78 ] swi_update_64 C:\ProgramData\Sophos\Web Intelligence\swi_update_64.exe 12:28:06.0330 0x12d0 swi_update_64 - ok 12:28:06.0369 0x12d0 [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv C:\Windows\System32\swprv.dll 12:28:06.0408 0x12d0 swprv - ok 12:28:06.0462 0x12d0 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D, 3C13217548BE61F2BDB8BD41F77345CDDA1F97BF0AE17241C335B9807EB3DBB8 ] SysMain C:\Windows\system32\sysmain.dll 12:28:06.0548 0x12d0 SysMain - ok 12:28:06.0572 0x12d0 [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\Windows\System32\TabSvc.dll 12:28:06.0587 0x12d0 TabletInputService - ok 12:28:06.0603 0x12d0 tandpl - ok 12:28:06.0642 0x12d0 [ 3B73C849B41FB20D77B0E553214061A5, 359F2DFEFF5B294B087F7F7DF0F6496CA06901135BB7D6DC52E41F393DA90059 ] tap0901 C:\Windows\system32\DRIVERS\tap0901.sys 12:28:06.0658 0x12d0 tap0901 - ok 12:28:06.0689 0x12d0 [ B08740047145B9BCE15BF75CA0F9718A, 3E2A8A5A2A4DC4D0F05E22EA2C0EBD85AA5C7C6854E873D53538D1F54B8F7C63 ] tap0901t C:\Windows\system32\DRIVERS\tap0901t.sys 12:28:06.0728 0x12d0 tap0901t - ok 12:28:06.0744 0x12d0 [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv C:\Windows\System32\tapisrv.dll 12:28:06.0775 0x12d0 TapiSrv - ok 12:28:06.0783 0x12d0 [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS C:\Windows\System32\tbssvc.dll 12:28:06.0822 0x12d0 TBS - ok 12:28:06.0908 0x12d0 [ 4F80944B03112F486212DC20BE166079, B4C1AF42E450A280C8018EF123555F4E3FD943BDC14E4ECD0AB72BB40C22AF94 ] Tcpip C:\Windows\system32\drivers\tcpip.sys 12:28:06.0978 0x12d0 Tcpip - ok 12:28:07.0033 0x12d0 [ 4F80944B03112F486212DC20BE166079, B4C1AF42E450A280C8018EF123555F4E3FD943BDC14E4ECD0AB72BB40C22AF94 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys 12:28:07.0080 0x12d0 TCPIP6 - ok 12:28:07.0111 0x12d0 [ 1B16D0BD9841794A6E0CDE0CEF744ABC, 7EB8BA97339199EEE7F2B09DA2DA6279DA64A510D4598D42CF86415D67CD674C ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys 12:28:07.0142 0x12d0 tcpipreg - ok 12:28:07.0173 0x12d0 [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys 12:28:07.0189 0x12d0 TDPIPE - ok 12:28:07.0212 0x12d0 [ 51C5ECEB1CDEE2468A1748BE550CFBC8, 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys 12:28:07.0220 0x12d0 TDTCP - ok 12:28:07.0251 0x12d0 [ 70988118145F5F10EF24720B97F35F65, F80C806417A68047FFB3D63214BC4AE5445315219AC594E043293006B704A63D ] tdx C:\Windows\system32\DRIVERS\tdx.sys 12:28:07.0267 0x12d0 tdx - ok 12:28:07.0283 0x12d0 [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD C:\Windows\system32\DRIVERS\termdd.sys 12:28:07.0291 0x12d0 TermDD - ok 12:28:07.0330 0x12d0 [ 008CD4EBFABCF78D0F19B3778492648C, 9050490EEE0AD86E73F0A82D83E4FC29DF84F6B6FDB389AE135FD712B5F425BE ] TermService C:\Windows\System32\termsrv.dll 12:28:07.0361 0x12d0 TermService - ok 12:28:07.0376 0x12d0 [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes C:\Windows\system32\themeservice.dll 12:28:07.0400 0x12d0 Themes - ok 12:28:07.0416 0x12d0 [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER C:\Windows\system32\mmcss.dll 12:28:07.0447 0x12d0 THREADORDER - ok 12:28:07.0455 0x12d0 [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks C:\Windows\System32\trkwks.dll 12:28:07.0494 0x12d0 TrkWks - ok 12:28:07.0525 0x12d0 [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe 12:28:07.0572 0x12d0 TrustedInstaller - ok 12:28:07.0595 0x12d0 [ 2CE1083C5A2D9BA5FFAD087F997EE25C, 1293A1B4D98A800A16BCD3ED52EA8AB429259FC16F9B6D3A0CAAEE7C7BE57DF7 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys 12:28:07.0603 0x12d0 tssecsrv - ok 12:28:07.0619 0x12d0 [ D11C783E3EF9A3C52C0EBE83CC5000E9, A136C355D4C8945729163D15801364A614E23217B15F9313C85BA45BB71A74EB ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys 12:28:07.0634 0x12d0 TsUsbFlt - ok 12:28:07.0642 0x12d0 [ 9CC2CCAE8A84820EAECB886D477CBCB8, 50D8AA2D7477A6618A0C31BB4D1C4887B457865FB1105E2E7B984EEFA337B804 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys 12:28:07.0658 0x12d0 TsUsbGD - ok 12:28:07.0681 0x12d0 [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys 12:28:07.0728 0x12d0 tunnel - ok 12:28:07.0806 0x12d0 [ 4181F82E9DC45D424739E444CA597C6C, 16CF2E5389432D246F5C021BF628FCB8A0641C9A08D6E91B49F32066D37EB473 ] TunngleService C:\Program Files (x86)\Tunngle\TnglCtrl.exe 12:28:07.0830 0x12d0 TunngleService - ok 12:28:07.0837 0x12d0 [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35 C:\Windows\system32\drivers\uagp35.sys 12:28:07.0853 0x12d0 uagp35 - ok 12:28:07.0869 0x12d0 [ 689EDE95BBAAC3F3209190EBCB4B2D22, 4B5948951A9C9434FE0D7B18DDB54780F916570A2D06C2D28FF80F42D5902414 ] udfs C:\Windows\system32\DRIVERS\udfs.sys 12:28:07.0892 0x12d0 udfs - ok 12:28:07.0908 0x12d0 [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect C:\Windows\system32\UI0Detect.exe 12:28:07.0931 0x12d0 UI0Detect - ok 12:28:07.0947 0x12d0 [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys 12:28:07.0955 0x12d0 uliagpkx - ok 12:28:07.0978 0x12d0 [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus C:\Windows\system32\DRIVERS\umbus.sys 12:28:07.0986 0x12d0 umbus - ok 12:28:07.0994 0x12d0 [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass C:\Windows\system32\drivers\umpass.sys 12:28:08.0001 0x12d0 UmPass - ok 12:28:08.0025 0x12d0 [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost C:\Windows\System32\upnphost.dll 12:28:08.0056 0x12d0 upnphost - ok 12:28:08.0087 0x12d0 [ AA33FC47ED58C34E6E9261E4F850B7EB, C6388127CAA695434ABFB6C59A53C8544E67E414012DE5F21B36D035BB1BACC8 ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys 12:28:08.0103 0x12d0 USBAAPL64 - detected UnsignedFile.Multi.Generic ( 1 ) 12:28:11.0072 0x12d0 Detect skipped due to KSN trusted 12:28:11.0072 0x12d0 USBAAPL64 - ok 12:28:11.0103 0x12d0 [ B0435098C81D04CAFFF80DDB746CD3A2, A17B207740382E38729571F0B0BC98FF874E856A7C7CE9EB930328A2AD88F52A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys 12:28:11.0126 0x12d0 usbaudio - ok 12:28:11.0158 0x12d0 [ 91D3C92A44FC682DD791147604E79152, AA0B6799BF9C26C2C1793C91295288A4989AA43EC5E070B650DA7F0A142817CE ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys 12:28:11.0197 0x12d0 usbccgp - ok 12:28:11.0220 0x12d0 [ 80B0F7D5CCF86CEB5D402EAAF61FEC31, 140C62116A425DEAD25FE8D82DE283BC92C482A9F643658D512F9F67061F28AD ] usbcir C:\Windows\system32\drivers\usbcir.sys 12:28:11.0244 0x12d0 usbcir - ok 12:28:11.0267 0x12d0 [ F7FFDF2A1D19A76A87759126B244C816, C91F09D77E22D976952A46F7B93F611B719EDAF694D538242FA8FAF1BA9BB2F0 ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys 12:28:11.0291 0x12d0 usbehci - ok 12:28:11.0322 0x12d0 [ 245FE7FC634D6A993E682E0A9EBA4ABB, F7A536D215EE3A63358EC8B5946D7BB3B56357BF91347B07013E00DAC98775B6 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys 12:28:11.0337 0x12d0 usbhub - ok 12:28:11.0369 0x12d0 [ C1A8966E0D09BFB501045105B30D86F2, 5BB95FBA441B898E258A3BFE174FC1042A04C19E25C59DE1FD90594290B11DA9 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys 12:28:11.0392 0x12d0 usbohci - ok 12:28:11.0408 0x12d0 [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys 12:28:11.0431 0x12d0 usbprint - ok 12:28:11.0462 0x12d0 [ 9661DA76B4531B2DA272ECCE25A8AF24, FEA93254A21E71A7EB8AD35FCCAD2C1E41F7329EC33B1734F5B41307A34D8637 ] usbscan C:\Windows\system32\drivers\usbscan.sys 12:28:11.0478 0x12d0 usbscan - ok 12:28:11.0509 0x12d0 [ 4ACEE387FA8FD39F83564FCD2FC234F2, 3D62DE27027B8C032D15EB74F97A14B4EC24E67052C1163862740D6312B2569B ] usbser C:\Windows\system32\drivers\usbser.sys 12:28:11.0517 0x12d0 usbser - ok 12:28:11.0541 0x12d0 [ 36106AC439EDFBB7B8BDBF99079C7590, C4BD9EA1FFB4D2521FB06318E2C57E1A72FBF4C848482B04D3A89CECE3864B01 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS 12:28:11.0564 0x12d0 USBSTOR - ok 12:28:11.0572 0x12d0 [ 2E682DCE4319A90E02A327F8A427544A, 3528C5A4669BAD53041085C3E72C64388D308E42AD9D1FAC85B6F2FFD81610FB ] usbuhci C:\Windows\system32\drivers\usbuhci.sys 12:28:11.0580 0x12d0 usbuhci - ok 12:28:11.0595 0x12d0 usj - ok 12:28:11.0603 0x12d0 [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms C:\Windows\System32\uxsms.dll 12:28:11.0634 0x12d0 UxSms - ok 12:28:11.0650 0x12d0 [ D52C700254E7FBD9BF6D817BA7BA5309, A62A34391AF50B69DE46FE0DF7E79C0E45391B9AD8D99EB83F725E187A7CADAC ] VaultSvc C:\Windows\system32\lsass.exe 12:28:11.0658 0x12d0 VaultSvc - ok 12:28:11.0681 0x12d0 [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys 12:28:11.0689 0x12d0 vdrvroot - ok 12:28:11.0705 0x12d0 [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds C:\Windows\System32\vds.exe 12:28:11.0744 0x12d0 vds - ok 12:28:11.0845 0x12d0 [ 13F3E4ECED43B5BFE003CB83CBF09796, 1927FB04D332FAF9BC7BC8CA558BB7C0B9576146C3C1DED6E49C77708E1C465F ] Verifies software is compatible C:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitychecksvc.exe 12:28:11.0869 0x12d0 Verifies software is compatible - detected UnsignedFile.Multi.Generic ( 1 ) 12:28:15.0900 0x12d0 Verifies software is compatible ( UnsignedFile.Multi.Generic ) - warning 12:28:18.0619 0x12d0 [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys 12:28:18.0642 0x12d0 vga - ok 12:28:18.0658 0x12d0 [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave C:\Windows\System32\drivers\vga.sys 12:28:18.0705 0x12d0 VgaSave - ok 12:28:18.0720 0x12d0 [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp C:\Windows\system32\drivers\vhdmp.sys 12:28:18.0736 0x12d0 vhdmp - ok 12:28:18.0814 0x12d0 [ D117DF27AA58550BEF9E28120ED78A47, 6972195E2CC84995D15D351601618396F3A5D84049BC6218817C3A1CDDF43FC4 ] VIAHdAudAddService C:\Windows\system32\drivers\viahduaa.sys 12:28:18.0892 0x12d0 VIAHdAudAddService - ok 12:28:18.0916 0x12d0 [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide C:\Windows\system32\drivers\viaide.sys 12:28:18.0923 0x12d0 viaide - ok 12:28:18.0947 0x12d0 [ 6B34F3220E4AE5D77BD42CEA94EB3892, 6BBED3FBD52935B0ECEA3A9B5B0A4B44214636840AE1EBB65AE1089B3F0C0500 ] VIAKaraokeService C:\Windows\system32\viakaraokesrv.exe 12:28:18.0955 0x12d0 VIAKaraokeService - ok 12:28:18.0970 0x12d0 [ 071E1B172D49154EE1D23A2ACC472EFB, 2E75ECE68F911F1FB0E8BEEFD8C7B8F794164335E1A1F2CE5D14126C9445BB7C ] volmgr C:\Windows\system32\drivers\volmgr.sys 12:28:18.0986 0x12d0 volmgr - ok 12:28:18.0994 0x12d0 [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx C:\Windows\system32\drivers\volmgrx.sys 12:28:19.0009 0x12d0 volmgrx - ok 12:28:19.0025 0x12d0 [ 879CE6AEA3FE874AD4C500B6B6198EB0, 1512BF4AA5ECCEC7EF209B5D64801D24EF7E788DAE206CC1B5BCE47BAA2473C2 ] volsnap C:\Windows\system32\drivers\volsnap.sys 12:28:19.0041 0x12d0 volsnap - ok 12:28:19.0041 0x12d0 [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid C:\Windows\system32\drivers\vsmraid.sys 12:28:19.0056 0x12d0 vsmraid - ok 12:28:19.0166 0x12d0 [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS C:\Windows\system32\vssvc.exe 12:28:19.0236 0x12d0 VSS - ok 12:28:19.0259 0x12d0 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys 12:28:19.0298 0x12d0 vwifibus - ok 12:28:19.0345 0x12d0 [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time C:\Windows\system32\w32time.dll 12:28:19.0423 0x12d0 W32Time - ok 12:28:19.0431 0x12d0 [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen C:\Windows\system32\drivers\wacompen.sys 12:28:19.0455 0x12d0 WacomPen - ok 12:28:19.0478 0x12d0 [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys 12:28:19.0556 0x12d0 WANARP - ok 12:28:19.0572 0x12d0 [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys 12:28:19.0603 0x12d0 Wanarpv6 - ok 12:28:19.0642 0x12d0 [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine C:\Windows\system32\wbengine.exe 12:28:19.0705 0x12d0 wbengine - ok 12:28:19.0728 0x12d0 [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc C:\Windows\System32\wbiosrvc.dll 12:28:19.0744 0x12d0 WbioSrvc - ok 12:28:19.0759 0x12d0 [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc C:\Windows\System32\wcncsvc.dll 12:28:19.0791 0x12d0 wcncsvc - ok 12:28:19.0814 0x12d0 [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll 12:28:19.0845 0x12d0 WcsPlugInService - ok 12:28:19.0853 0x12d0 [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd C:\Windows\system32\drivers\wd.sys 12:28:19.0861 0x12d0 Wd - ok 12:28:19.0908 0x12d0 [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys 12:28:19.0931 0x12d0 Wdf01000 - ok 12:28:19.0955 0x12d0 [ C6F7473B55510F0B93961DA03D8E3B38, 4BAB9274DED8F7AC4A52B8739F501323FFFA0367CAA24BFAFDB5523812E0CE39 ] WdiServiceHost C:\Windows\system32\wdi.dll 12:28:19.0970 0x12d0 WdiServiceHost - ok 12:28:19.0978 0x12d0 [ C6F7473B55510F0B93961DA03D8E3B38, 4BAB9274DED8F7AC4A52B8739F501323FFFA0367CAA24BFAFDB5523812E0CE39 ] WdiSystemHost C:\Windows\system32\wdi.dll 12:28:19.0986 0x12d0 WdiSystemHost - ok 12:28:20.0017 0x12d0 [ C1EAE0C20DFC3E193BC1B2701CA6B333, C6BEC998FE4A11F0600C613E6ECEAD9604510B73F3FB4EAF27B5974A6F1D9FA6 ] WebClient C:\Windows\System32\webclnt.dll 12:28:20.0041 0x12d0 WebClient - ok 12:28:20.0056 0x12d0 [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc C:\Windows\system32\wecsvc.dll 12:28:20.0087 0x12d0 Wecsvc - ok 12:28:20.0095 0x12d0 [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport C:\Windows\System32\wercplsupport.dll 12:28:20.0126 0x12d0 wercplsupport - ok 12:28:20.0150 0x12d0 [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc C:\Windows\System32\WerSvc.dll 12:28:20.0189 0x12d0 WerSvc - ok 12:28:20.0205 0x12d0 [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys 12:28:20.0228 0x12d0 WfpLwf - ok 12:28:20.0251 0x12d0 [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount C:\Windows\system32\drivers\wimmount.sys 12:28:20.0259 0x12d0 WIMMount - ok 12:28:20.0314 0x12d0 WinDefend - ok 12:28:20.0322 0x12d0 WinHttpAutoProxySvc - ok 12:28:20.0384 0x12d0 [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll 12:28:20.0439 0x12d0 Winmgmt - ok 12:28:20.0611 0x12d0 [ D929ABD465A2DED963DA8B30946A8D5C, DE8DBFB01C11D2AE903CBD6A974D6F995E9813CE2D6484B7DA06EAE4C545842A ] WinRM C:\Windows\system32\WsmSvc.dll 12:28:20.0689 0x12d0 WinRM - ok 12:28:20.0751 0x12d0 [ FE88B288356E7B47B74B13372ADD906D, A16B166F6BB32EF9D2A142F27B9EC54CBC7B3AC915799783CF4C40E525BC9E03 ] WinUsb C:\Windows\system32\drivers\WinUsb.sys 12:28:20.0783 0x12d0 WinUsb - ok 12:28:20.0830 0x12d0 [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc C:\Windows\System32\wlansvc.dll 12:28:20.0869 0x12d0 Wlansvc - ok 12:28:21.0048 0x12d0 [ 357CABBF155AFD1D3926E62539D2A3A7, C43CFF84E7D930B4999DC061AB0766B57AAD7540B3E6EE54605B10ECE90825F5 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE 12:28:21.0095 0x12d0 wlidsvc - ok 12:28:21.0119 0x12d0 [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys 12:28:21.0142 0x12d0 WmiAcpi - ok 12:28:21.0166 0x12d0 [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe 12:28:21.0181 0x12d0 wmiApSrv - ok 12:28:21.0189 0x12d0 WMPNetworkSvc - ok 12:28:21.0205 0x12d0 [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc C:\Windows\System32\wpcsvc.dll 12:28:21.0220 0x12d0 WPCSvc - ok 12:28:21.0228 0x12d0 [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll 12:28:21.0259 0x12d0 WPDBusEnum - ok 12:28:21.0275 0x12d0 [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys 12:28:21.0298 0x12d0 ws2ifsl - ok 12:28:21.0337 0x12d0 [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc C:\Windows\System32\wscsvc.dll 12:28:21.0345 0x12d0 wscsvc - ok 12:28:21.0353 0x12d0 WSearch - ok 12:28:21.0478 0x12d0 [ 0814A74C853F50B354F08F83DDA9F7FB, 0A63BAA8DE451B8C2C71FEF961718E769B9BAC305C76D24048C664CB27D0DF28 ] wuauserv C:\Windows\system32\wuaueng.dll 12:28:21.0572 0x12d0 wuauserv - ok 12:28:21.0603 0x12d0 [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys 12:28:21.0642 0x12d0 WudfPf - ok 12:28:21.0689 0x12d0 [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd C:\Windows\system32\drivers\WUDFRd.sys 12:28:21.0712 0x12d0 WUDFRd - ok 12:28:21.0744 0x12d0 [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc C:\Windows\System32\WUDFSvc.dll 12:28:21.0759 0x12d0 wudfsvc - ok 12:28:21.0806 0x12d0 [ 04F82965C09CBDF646B487E145060301, 2CD8533EDBE24C3E42EB7550E20F8A2EB9E5E345B165DEF543163A6BC1FDD18B ] WwanSvc C:\Windows\System32\wwansvc.dll 12:28:21.0853 0x12d0 WwanSvc - ok 12:28:21.0876 0x12d0 xhunter1 - ok 12:28:21.0955 0x12d0 [ 4A5CE13408945E525503B5F73D29B9C5, D58BB31AF17752508EA67931BF170CE46877DC204FC5DA7EED5A078AEB0CA0FD ] xnacc C:\Windows\system32\DRIVERS\xnacc.sys 12:28:22.0001 0x12d0 xnacc - ok 12:28:22.0025 0x12d0 [ 38F55D07B1D3391065C40EC065F984E2, 056F5E3034C4C11403D74F44A364964A3A5945608DAE2A03EF025A22F5C31B26 ] xusb21 C:\Windows\system32\DRIVERS\xusb21.sys 12:28:22.0048 0x12d0 xusb21 - ok 12:28:22.0056 0x12d0 ================ Scan global =============================== 12:28:22.0064 0x12d0 [ BA0CD8C393E8C9F83354106093832C7B, 18D8A4780A2BAA6CEF7FBBBDA0EF6BF2DADF146E1E578A618DD5859E8ADBF1A8 ] C:\Windows\system32\basesrv.dll 12:28:22.0119 0x12d0 [ 4A7726EC105064BB6614A402F25D3913, 6F02584088794CCAAABE858F0F84B1FA85C550088AABEE8CDD0EAD921048A2E0 ] C:\Windows\system32\winsrv.dll 12:28:22.0150 0x12d0 [ 4A7726EC105064BB6614A402F25D3913, 6F02584088794CCAAABE858F0F84B1FA85C550088AABEE8CDD0EAD921048A2E0 ] C:\Windows\system32\winsrv.dll 12:28:22.0181 0x12d0 [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\Windows\system32\sxssrv.dll 12:28:22.0228 0x12d0 [ 71C85477DF9347FE8E7BC55768473FCA, A86D6A6D1F5A0EFCD649792A06F3AE9B37158D48493D2ECA7F52DCC1CB9B6536 ] C:\Windows\system32\services.exe 12:28:22.0236 0x12d0 [ Global ] - ok 12:28:22.0236 0x12d0 ================ Scan MBR ================================== 12:28:22.0251 0x12d0 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0 12:28:22.0478 0x12d0 \Device\Harddisk0\DR0 - ok 12:28:22.0478 0x12d0 [ A0A1FCC79FB02A8A97592445656EF85B ] \Device\Harddisk1\DR1 12:28:25.0580 0x12d0 \Device\Harddisk1\DR1 - ok 12:28:25.0580 0x12d0 ================ Scan VBR ================================== 12:28:25.0587 0x12d0 [ BA967657017F590E1A02F0DDF7A0AA59 ] \Device\Harddisk0\DR0\Partition1 12:28:25.0650 0x12d0 \Device\Harddisk0\DR0\Partition1 - ok 12:28:25.0650 0x12d0 [ CD4A41D8C8654946230FB2AF765A7CE1 ] \Device\Harddisk0\DR0\Partition2 12:28:25.0705 0x12d0 \Device\Harddisk0\DR0\Partition2 - ok 12:28:25.0712 0x12d0 [ DE377145F2DCE859D16689A2FB6B13B5 ] \Device\Harddisk0\DR0\Partition3 12:28:25.0767 0x12d0 \Device\Harddisk0\DR0\Partition3 - ok 12:28:25.0775 0x12d0 ================ Scan generic autorun ====================== 12:28:25.0876 0x12d0 [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe 12:28:25.0947 0x12d0 Sidebar - ok 12:28:25.0970 0x12d0 [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe 12:28:25.0986 0x12d0 mctadmin - ok 12:28:26.0033 0x12d0 [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe 12:28:26.0064 0x12d0 Sidebar - ok 12:28:26.0064 0x12d0 [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe 12:28:26.0080 0x12d0 mctadmin - ok 12:28:26.0142 0x12d0 [ E3BF29CED96790CDAAFA981FFDDF53A3, 76CB27EF7B27E5636EDA9D95229519B2A2870729A0BB694F1FD11CD602BAC4DC ] C:\Program Files\Windows Sidebar\sidebar.exe 12:28:26.0212 0x12d0 Sidebar - ok 12:28:26.0244 0x12d0 [ 73430E79D6DF4DE9055E2A7742B881D3, AB067341A3B647FD7273FB1146BB9355AE53ACBD259FC061DF82399A5C185775 ] C:\Program Files (x86)\QuickTime\QTTask.exe 12:28:26.0267 0x12d0 QuickTime Task - detected UnsignedFile.Multi.Generic ( 1 ) 12:28:29.0009 0x12d0 Detect skipped due to KSN trusted 12:28:29.0009 0x12d0 QuickTime Task - ok 12:28:29.0166 0x12d0 [ F73154E180105822A5F9B755BA933737, 1CD775B6CE3736A70EC5FC7A6B77A2FEDA70D59B49A66046CC20B341005501D9 ] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe 12:28:29.0314 0x12d0 DAEMON Tools Lite - ok 12:28:29.0322 0x12d0 Waiting for KSN requests completion. In queue: 6 12:28:30.0322 0x12d0 Waiting for KSN requests completion. In queue: 6 12:28:31.0322 0x12d0 Waiting for KSN requests completion. In queue: 6 12:28:32.0353 0x12d0 AV detected via SS2: Sophos Anti-Virus, C:\Program Files (x86)\Sophos\Sophos Anti-Virus\WSCClient.exe ( 10.3.6.0 ), 0x50000 ( disabled : updated ) 12:28:32.0361 0x12d0 Win FW state via NFP2: enabled 12:28:35.0048 0x12d0 ============================================================ 12:28:35.0048 0x12d0 Scan finished 12:28:35.0048 0x12d0 ============================================================ 12:28:35.0064 0x1230 Detected object count: 2 12:28:35.0064 0x1230 Actual detected object count: 2 12:28:51.0056 0x1230 HiPatchService ( UnsignedFile.Multi.Generic ) - skipped by user 12:28:51.0056 0x1230 HiPatchService ( UnsignedFile.Multi.Generic ) - User select action: Skip 12:28:51.0056 0x1230 Verifies software is compatible ( UnsignedFile.Multi.Generic ) - skipped by user 12:28:51.0056 0x1230 Verifies software is compatible ( UnsignedFile.Multi.Generic ) - User select action: Skip Geändert von SepZis (29.05.2015 um 11:29 Uhr) |
30.05.2015, 08:54 | #6 |
/// the machine /// TB-Ausbilder | Compatiybilitycheck.exe hi, Scan mit Combofix
__________________ --> Compatiybilitycheck.exe |
30.05.2015, 13:01 | #7 |
| Compatiybilitycheck.exe So, bitte sehr. Er hat sich über ein angeblich laufende Spybot beschwert, aber eigentlich waren alle relevanten Tasks beendet. Combofix Log Code:
ATTFilter ComboFix 15-05-28.01 - Nutzer 30.05.2015 13:48:26.1.6 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.4095.2145 [GMT 2:00] ausgeführt von:: c:\users\Nutzer\Desktop\ComboFix.exe AV: Sophos Anti-Virus *Disabled/Updated* {6BABF8F7-3EB6-BD1D-9167-8C5ECA060A29} SP: Sophos Anti-Virus *Disabled/Updated* {D0CA1913-188C-B293-ABD7-B72CB1814094} SP: Spybot - Search and Destroy *Enabled/Outdated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . (((((((((((((((((((((((((((((((((((( Weitere Löschungen )))))))))))))))))))))))))))))))))))))))))))))))) . . c:\users\Nutzer\AppData\Roaming\AcroIEHelpe.txt c:\users\Nutzer\AppData\Roaming\chrtmp c:\users\Nutzer\AppData\Roaming\Microsoft\Windows\.data c:\users\Nutzer\AppData\Roaming\poclbm c:\users\Nutzer\AppData\Roaming\poclbm\poclbm.ini c:\users\Nutzer\ecm.exe c:\users\Nutzer\unecm.exe c:\windows\IsUn0407.exe c:\windows\iun6002.exe c:\windows\SysWow64\SET911D.tmp c:\windows\SysWow64\SETD6F.tmp c:\windows\SysWow64\tmpA086.tmp c:\windows\SysWow64\tmpABE1.tmp c:\windows\SysWow64\tmpCB1E.tmp c:\windows\SysWow64\tmpCB1F.tmp . . ((((((((((((((((((((((( Dateien erstellt von 2015-04-28 bis 2015-05-30 )))))))))))))))))))))))))))))) . . 2015-05-30 11:54 . 2015-05-30 11:54 -------- d-----w- c:\users\Helena\AppData\Local\temp 2015-05-30 11:54 . 2015-05-30 11:54 -------- d-----w- c:\users\hedev\AppData\Local\temp 2015-05-30 11:54 . 2015-05-30 11:54 -------- d-----w- c:\users\Default\AppData\Local\temp 2015-05-30 11:52 . 2015-05-30 11:52 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{4B59AED3-3147-433C-A305-BE5791179C08}\offreg.4024.dll 2015-05-30 11:21 . 2015-05-18 02:57 12214312 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{4B59AED3-3147-433C-A305-BE5791179C08}\mpengine.dll 2015-05-29 13:12 . 2010-08-21 00:53 86016 ----a-w- c:\windows\SysWow64\mtSplitter.ocx 2015-05-29 13:12 . 2010-06-01 17:45 1005088 ----a-w- c:\windows\SysWow64\TList8.ocx 2015-05-29 13:12 . 2010-03-25 13:33 171752 ----a-w- c:\windows\SysWow64\mtRTF2.ocx 2015-05-29 13:12 . 2009-10-13 03:02 44736 ----a-w- c:\windows\SysWow64\mtSubclass.dll 2015-05-29 13:12 . 2015-05-29 13:13 -------- d-----w- c:\users\Nutzer\AppData\Roaming\GetFoldersize 2015-05-29 13:12 . 2015-05-29 13:12 -------- d-----w- c:\program files (x86)\GetFoldersize 2015-05-29 13:12 . 2010-10-13 09:42 2369456 ----a-w- c:\windows\SysWow64\Codejock.CommandBars.v13.4.2.ocx 2015-05-29 09:47 . 2015-05-29 09:47 -------- d-----w- c:\programdata\Malwarebytes 2015-05-29 09:46 . 2015-05-30 10:19 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable) 2015-05-29 09:46 . 2015-05-29 10:09 136408 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys 2015-05-29 09:45 . 2015-05-29 10:09 107736 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys 2015-05-28 11:43 . 2015-05-28 11:51 -------- d-----w- C:\FRST 2015-05-27 15:08 . 2015-05-27 15:08 -------- d-----w- C:\RegBackup 2015-05-24 11:12 . 2015-05-27 14:44 -------- d-----w- C:\AdwCleaner 2015-05-18 05:55 . 2015-05-18 05:55 -------- d-----w- c:\windows\SysWow64\%LOCALAPPDATA% 2015-05-16 11:27 . 2015-05-30 10:24 -------- d-----w- c:\users\Default\AppData\Roaming\Compatibility Verifier 2015-05-16 11:27 . 2015-05-16 11:27 -------- d-----w- c:\users\Default\AppData\Local\Programs 2015-05-16 11:11 . 2015-05-16 11:11 -------- d-----w- C:\DAEMON Tools Lite 2015-05-13 14:46 . 2015-05-01 13:17 124112 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll 2015-05-13 14:46 . 2015-05-01 13:16 102608 ----a-w- c:\windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll 2015-05-13 10:23 . 2015-04-13 03:28 328704 ----a-w- c:\windows\system32\services.exe 2015-05-13 10:22 . 2015-02-18 07:06 123904 ----a-w- c:\windows\SysWow64\poqexec.exe 2015-05-13 10:22 . 2015-02-18 07:04 142336 ----a-w- c:\windows\system32\poqexec.exe 2015-05-13 10:22 . 2015-03-04 04:41 72192 ----a-w- c:\windows\system32\aelupsvc.dll 2015-05-13 10:22 . 2015-03-04 04:41 342016 ----a-w- c:\windows\system32\apphelp.dll 2015-05-13 10:22 . 2015-03-04 04:10 295936 ----a-w- c:\windows\SysWow64\apphelp.dll 2015-05-13 10:22 . 2015-03-04 04:41 6656 ----a-w- c:\windows\system32\shimeng.dll 2015-05-13 10:22 . 2015-03-04 04:41 23552 ----a-w- c:\windows\system32\sdbinst.exe 2015-05-13 10:22 . 2015-03-04 04:11 5120 ----a-w- c:\windows\SysWow64\shimeng.dll 2015-05-13 10:22 . 2015-03-04 04:10 20992 ----a-w- c:\windows\SysWow64\sdbinst.exe 2015-05-07 14:03 . 2015-05-07 14:00 35624 ----a-w- c:\windows\system32\SophosBootTasks.exe 2015-05-07 14:03 . 2015-05-07 14:03 -------- d-----w- c:\program files (x86)\Common Files\Cisco Systems 2015-05-07 14:01 . 2015-05-07 14:01 38144 ----a-w- c:\windows\system32\drivers\sdcfilter.sys 2015-05-07 14:01 . 2015-05-07 14:01 27904 ----a-w- c:\windows\system32\drivers\SophosBootDriver.sys 2015-05-07 14:00 . 2015-05-07 14:00 176120 ----a-w- c:\windows\system32\sdccoinstaller.dll 2015-05-07 14:00 . 2015-05-07 14:00 158976 ----a-w- c:\windows\system32\drivers\savonaccess.sys . . . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2015-05-13 14:52 . 2011-08-06 11:21 140425016 ----a-w- c:\windows\system32\MRT.exe 2015-04-27 18:55 . 2015-05-13 10:23 44032 ----a-w- c:\windows\apppatch\acwow64.dll 2015-04-15 11:31 . 2012-03-30 08:48 778416 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2015-04-15 11:31 . 2011-08-06 12:22 142512 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2015-04-15 11:31 . 2015-04-15 10:31 18178736 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe 2015-04-14 01:38 . 2015-04-14 01:38 1217192 ----a-w- c:\windows\SysWow64\FM20.DLL 2015-03-25 03:24 . 2015-04-15 08:58 98304 ----a-w- c:\windows\system32\wudriver.dll 2015-03-25 03:24 . 2015-04-15 08:58 37376 ----a-w- c:\windows\system32\wups2.dll 2015-03-25 03:24 . 2015-04-15 08:58 35328 ----a-w- c:\windows\system32\wups.dll 2015-03-25 03:24 . 2015-04-15 08:58 3298816 ----a-w- c:\windows\system32\wucltux.dll 2015-03-25 03:24 . 2015-04-15 08:58 2553856 ----a-w- c:\windows\system32\wuaueng.dll 2015-03-25 03:24 . 2015-04-15 08:58 191488 ----a-w- c:\windows\system32\wuwebv.dll 2015-03-25 03:24 . 2015-04-15 08:58 696320 ----a-w- c:\windows\system32\wuapi.dll 2015-03-25 03:24 . 2015-04-15 08:58 60416 ----a-w- c:\windows\system32\WinSetupUI.dll 2015-03-25 03:23 . 2015-04-15 08:58 12288 ----a-w- c:\windows\system32\wu.upgrade.ps.dll 2015-03-25 03:23 . 2015-04-15 08:58 36864 ----a-w- c:\windows\system32\wuapp.exe 2015-03-25 03:23 . 2015-04-15 08:58 135168 ----a-w- c:\windows\system32\wuauclt.exe 2015-03-25 03:00 . 2015-04-15 08:58 92672 ----a-w- c:\windows\SysWow64\wudriver.dll 2015-03-25 03:00 . 2015-04-15 08:58 566784 ----a-w- c:\windows\SysWow64\wuapi.dll 2015-03-25 03:00 . 2015-04-15 08:58 29696 ----a-w- c:\windows\SysWow64\wups.dll 2015-03-25 03:00 . 2015-04-15 08:58 173056 ----a-w- c:\windows\SysWow64\wuwebv.dll 2015-03-25 03:00 . 2015-04-15 08:58 33792 ----a-w- c:\windows\SysWow64\wuapp.exe 2015-03-23 03:25 . 2015-04-15 08:58 726528 ----a-w- c:\windows\system32\generaltel.dll 2015-03-23 03:25 . 2015-04-15 08:58 769536 ----a-w- c:\windows\system32\invagent.dll 2015-03-23 03:24 . 2015-04-15 08:58 419840 ----a-w- c:\windows\system32\devinv.dll 2015-03-23 03:24 . 2015-04-15 08:58 957952 ----a-w- c:\windows\system32\appraiser.dll 2015-03-23 03:24 . 2015-04-15 08:58 30720 ----a-w- c:\windows\system32\acmigration.dll 2015-03-23 03:24 . 2015-04-15 08:58 227328 ----a-w- c:\windows\system32\aepdu.dll 2015-03-23 03:24 . 2015-04-15 08:58 192000 ----a-w- c:\windows\system32\aepic.dll 2015-03-23 03:17 . 2015-04-15 08:58 1111552 ----a-w- c:\windows\system32\aeinv.dll 2015-03-20 19:41 . 2015-03-20 19:42 237864 ----a-w- c:\windows\SysWow64\EasyAntiCheat.exe 2015-03-10 03:25 . 2015-04-15 08:58 1882624 ----a-w- c:\windows\system32\msxml3.dll 2015-03-10 03:21 . 2015-04-15 08:58 2048 ----a-w- c:\windows\system32\msxml3r.dll 2015-03-10 03:08 . 2015-04-15 08:58 1237504 ----a-w- c:\windows\SysWow64\msxml3.dll 2015-03-10 03:05 . 2015-04-15 08:58 2048 ----a-w- c:\windows\SysWow64\msxml3r.dll 2015-03-05 05:12 . 2015-04-15 08:58 404480 ----a-w- c:\windows\system32\gdi32.dll 2015-03-05 04:05 . 2015-04-15 08:58 311808 ----a-w- c:\windows\SysWow64\gdi32.dll 2015-03-04 04:55 . 2015-04-15 08:56 367552 ----a-w- c:\windows\system32\clfs.sys 2015-03-04 04:41 . 2015-04-15 08:56 79360 ----a-w- c:\windows\system32\clfsw32.dll 2015-03-04 04:41 . 2015-05-13 10:22 309248 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll 2015-03-04 04:41 . 2015-05-13 10:22 103424 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll 2015-03-04 04:10 . 2015-04-15 08:56 58880 ----a-w- c:\windows\SysWow64\clfsw32.dll 2015-03-04 04:10 . 2015-05-13 10:22 470528 ----a-w- c:\windows\apppatch\AcSpecfc.dll 2015-03-04 04:10 . 2015-05-13 10:22 2178560 ----a-w- c:\windows\apppatch\AcGenral.dll 2015-03-04 04:06 . 2015-05-13 10:22 2560 ----a-w- c:\windows\apppatch\AcRes.dll . . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1] @="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}" [HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}] 2014-11-06 16:09 223432 ----a-w- c:\users\Nutzer\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\SkyDriveShell.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2] @="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}" [HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}] 2014-11-06 16:09 223432 ----a-w- c:\users\Nutzer\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\SkyDriveShell.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3] @="{BBACC218-34EA-4666-9D7A-C78F2274A524}" [HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}] 2014-11-06 16:09 223432 ----a-w- c:\users\Nutzer\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\SkyDriveShell.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-12-19 642808] "Sophos AutoUpdate Monitor"="c:\program files (x86)\Sophos\AutoUpdate\almon.exe" [2015-05-07 1593640] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-12-19 1022152] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows] "LoadAppInit_DLLs"=1 (0x1) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "aux"=wdmaud.drv . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean64.exe . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Notification Packages REG_MULTI_SZ scecli c:\program files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SAVService] @="service" . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" . [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"="1" "UpdatesDisableNotify"="1" . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SophosAntiVirus] "DisableMonitoring"=dword:00000001 . R2 AODDriver4.2;AODDriver4.2;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [x] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x] R2 KMService;KMService;c:\windows\system32\srvany.exe;c:\windows\SYSNATIVE\srvany.exe [x] R2 swi_update_64;Sophos Web Intelligence Update;c:\programdata\Sophos\Web Intelligence\swi_update_64.exe;c:\programdata\Sophos\Web Intelligence\swi_update_64.exe [x] R2 Verifies software is compatible;Compatibility Check;c:\users\Default\AppData\Roaming\Compatibility Verifier\compatibilitychecksvc.exe;c:\users\Default\AppData\Roaming\Compatibility Verifier\compatibilitychecksvc.exe [x] R3 BTWAMPFL;BTWAMPFL;c:\windows\system32\DRIVERS\btwampfl.sys;c:\windows\SYSNATIVE\DRIVERS\btwampfl.sys [x] R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x] R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x] R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys;c:\windows\SYSNATIVE\drivers\EagleX64.sys [x] R3 EasyAntiCheat;EasyAntiCheat;c:\windows\system32\EasyAntiCheat.exe;c:\windows\SYSNATIVE\EasyAntiCheat.exe [x] R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys;c:\windows\SYSNATIVE\DRIVERS\ggflt.sys [x] R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x] R3 sdcfilter;sdcfilter;c:\windows\system32\DRIVERS\sdcfilter.sys;c:\windows\SYSNATIVE\DRIVERS\sdcfilter.sys [x] R3 Sony PC Companion;Sony PC Companion;c:\program files (x86)\Sony\Sony PC Companion\PCCService.exe;c:\program files (x86)\Sony\Sony PC Companion\PCCService.exe [x] R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x] R3 TunngleService;TunngleService;c:\program files (x86)\Tunngle\TnglCtrl.exe;c:\program files (x86)\Tunngle\TnglCtrl.exe [x] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x] R3 usj;usj;d:\gamedir\EdenEternal\avital\ussjcs64.sys;d:\gamedir\EdenEternal\avital\ussjcs64.sys [x] R3 xhunter1;xhunter1;c:\windows\xhunter1.sys;c:\windows\xhunter1.sys [x] R4 SophosBootDriver;SophosBootDriver;c:\windows\system32\DRIVERS\SophosBootDriver.sys;c:\windows\SYSNATIVE\DRIVERS\SophosBootDriver.sys [x] R4 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x] S1 SAVOnAccess;SAVOnAccess;c:\windows\system32\DRIVERS\savonaccess.sys;c:\windows\SYSNATIVE\DRIVERS\savonaccess.sys [x] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x] S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [x] S2 AODDriver4.01;AODDriver4.01;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [x] S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x] S2 FoxitCloudUpdateService;Foxit Cloud Safe Update Service;c:\program files (x86)\FOXIT SOFTWARE\FOXIT READER\Foxit Cloud\FCUpdateService.exe;c:\program files (x86)\FOXIT SOFTWARE\FOXIT READER\Foxit Cloud\FCUpdateService.exe [x] S2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;d:\gamedir\SMITE\HiPatchService.exe;d:\gamedir\SMITE\HiPatchService.exe [x] S2 SAVAdminService;Sophos Anti-Virus Statusreporter;c:\program files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe;c:\program files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe [x] S2 SAVService;Sophos Anti-Virus;c:\program files (x86)\Sophos\Sophos Anti-Virus\SavService.exe;c:\program files (x86)\Sophos\Sophos Anti-Virus\SavService.exe [x] S2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [x] S2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [x] S2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [x] S2 Sophos Web Control Service;Sophos Web Control Service;c:\program files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe;c:\program files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe [x] S2 swi_service;Sophos Web Intelligence Service;c:\program files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe;c:\program files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe [x] S2 VIAKaraokeService;VIA Karaoke digital mixer Service;c:\windows\system32\viakaraokesrv.exe;c:\windows\SYSNATIVE\viakaraokesrv.exe [x] S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys;c:\windows\SYSNATIVE\DRIVERS\amdiox64.sys [x] S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x] S3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x] S3 SaiK0CD5;SaiK0CD5;c:\windows\system32\DRIVERS\SaiK0CD5.sys;c:\windows\SYSNATIVE\DRIVERS\SaiK0CD5.sys [x] S3 SaiU0CD5;SaiU0CD5;c:\windows\system32\DRIVERS\SaiU0CD5.sys;c:\windows\SYSNATIVE\DRIVERS\SaiU0CD5.sys [x] S3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\DRIVERS\tap0901t.sys;c:\windows\SYSNATIVE\DRIVERS\tap0901t.sys [x] S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys;c:\windows\SYSNATIVE\drivers\viahduaa.sys [x] . . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2015-05-26 10:31 986440 ----a-w- c:\program files (x86)\Google\Chrome\Application\43.0.2357.81\Installer\chrmstp.exe . Inhalt des "geplante Tasks" Ordners . 2015-05-30 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-30 11:31] . 2015-05-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-07-02 18:51] . 2015-05-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-07-02 18:51] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1] @="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}" [HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}] 2014-11-06 16:09 262344 ----a-w- c:\users\Nutzer\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2] @="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}" [HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}] 2014-11-06 16:09 262344 ----a-w- c:\users\Nutzer\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3] @="{BBACC218-34EA-4666-9D7A-C78F2274A524}" [HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}] 2014-11-06 16:09 262344 ----a-w- c:\users\Nutzer\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll . ------- Zusätzlicher Suchlauf ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = uDefault_Search_URL = hxxp://www.google.com mDefault_Search_URL = hxxp://www.google.com mDefault_Page_URL = mStart Page = mLocal Page = c:\windows\SysWOW64\blank.htm mSearch Page = hxxp://www.google.com IE: ????3?? IE: ????3?????? IE: An OneNote s&enden - c:\progra~2\MICROS~2\Office14\ONBttnIE.dll/105 IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000 IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000 IE: ????3?? - c:\users\Nutzer\AppData\Roaming\FlashGetBHO\GetUrl.htm IE: ????3?????? - c:\users\Nutzer\AppData\Roaming\FlashGetBHO\GetAllUrl.htm IE: {{c0e8ae32-0758-4c8d-ab71-23b361fe8964} - c:\users\Nutzer\AppData\Local\Temp\ie_script.htm LSP: c:\programdata\Sophos\Web Intelligence\swi_ifslsp.dll Trusted Zone: aeriagames.com TCP: DhcpNameServer = 192.168.1.1 FF - ProfilePath - c:\users\Nutzer\AppData\Roaming\Mozilla\Firefox\Profiles\aipr1e7v.default-1347110546619\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.de FF - ExtSQL: !HIDDEN! 2012-03-07 17:27; {184AA5E6-741D-464a-820E-94B3ABC2F3B4}; c:\users\Nutzer\AppData\Roaming\10008 . - - - - Entfernte verwaiste Registrierungseinträge - - - - . Notify-SDWinLogon - SDWinLogon.dll HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start AddRemove-Final Fantasy VII - c:\windows\IsUn0407.exe AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe . . . --------------------- Gesperrte Registrierungsschluessel --------------------- . [HKEY_USERS\S-1-5-21-3323010747-2788445057-3376602549-1000\Software\Microsoft\Internet Explorer\MenuExt\O(uë_f3*N}] @="c:\\Users\\Nutzer\\AppData\\Roaming\\FlashGetBHO\\GetUrl.htm" "contexts"=dword:00000022 . [HKEY_USERS\S-1-5-21-3323010747-2788445057-3376602549-1000\Software\Microsoft\Internet Explorer\MenuExt\O(uë_f3*N}hQèþ”¥c] @="c:\\Users\\Nutzer\\AppData\\Roaming\\FlashGetBHO\\GetAllUrl.htm" "contexts"=dword:000000f3 . [HKEY_USERS\S-1-5-21-3323010747-2788445057-3376602549-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*] "??"=hex:65,77,d9,b2,4e,ca,1d,0c,f4,bc,19,a5,66,d4,26,3b,f4,5c,57,99,65,15,32, 20,08,d1,a9,67,49,d0,c5,a3,26,c1,7f,9d,64,7b,09,cf,4a,11,33,bf,35,48,a9,c8,\ "??"=hex:53,64,42,a7,ea,7b,ae,8d,fa,49,87,7b,0a,cd,1e,88 . [HKEY_USERS\S-1-5-21-3323010747-2788445057-3376602549-1000\Software\SecuROM\License information*] "datasecu"=hex:3f,73,17,da,45,a8,ab,a7,f2,44,80,69,10,e2,db,76,61,01,df,12,4d, 8d,4c,a0,27,ca,30,9d,de,88,51,a8,41,30,a4,81,9d,9d,06,71,75,b2,3f,2b,3b,55,\ "rkeysecu"=hex:f3,d2,e3,92,10,64,af,ea,13,7f,35,17,91,30,db,33 . [HKEY_USERS\S-1-5-21-3323010747-2788445057-3376602549-1000_Classes\Wow6432Node\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}] @Denied: (Full) (Everyone) @Allowed: (Read) (RestrictedCode) "scansk"=hex(0):22,55,92,21,ad,91,04,4b,3a,71,11,21,27,60,b3,59,54,71,8a,b9,fb, 95,e3,cc,2b,a8,66,f3,65,b2,99,ca,ce,37,11,a3,4d,01,33,6c,00,00,00,00,00,00,\ . [HKEY_USERS\S-1-5-21-3323010747-2788445057-3376602549-1000_Classes\Wow6432Node\CLSID\{b73d9303-2762-4cfa-a627-e14944f9dcff}] @Denied: (Full) (Everyone) @Allowed: (Read) (RestrictedCode) "Model"=dword:000000ae "Therad"=dword:0000001f "MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26, 38,95,44,d0,5e,8c,47,43,d6,d3,fc,41,de,aa,54,ca,98,79,69,12,c6,3e,e2,15,06,\ . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_17_0_0_169_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_17_0_0_169_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}] @Denied: (A 2) (Everyone) @="IFlashBroker6" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_17_0_0_169_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_17_0_0_169_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_17_0_0_169.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.17" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_17_0_0_169.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_17_0_0_169.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_17_0_0_169.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}] @Denied: (A 2) (Everyone) @="IFlashBroker6" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}] @Denied: (A) (Everyone) "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3] @Denied: (A) (Everyone) . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0] "Key"="ActionsPane3" "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Zeit der Fertigstellung: 2015-05-30 13:58:26 ComboFix-quarantined-files.txt 2015-05-30 11:58 . Vor Suchlauf: 23 Verzeichnis(se), 37.700.272.128 Bytes frei Nach Suchlauf: 29 Verzeichnis(se), 37.348.835.328 Bytes frei . - - End Of File - - 0B9D84DD4741CF85DB2DD42936A68768 A36C5E4F47E84449FF07ED3517B43A31 |
31.05.2015, 05:41 | #8 |
/// the machine /// TB-Ausbilder | Compatiybilitycheck.exe Downloade Dir bitte Malwarebytes Anti-Malware
Downloade Dir bitte AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
31.05.2015, 15:36 | #9 |
| Compatiybilitycheck.exe Malwarebytes hat leider kein verwertbares Log ausgespuckt, nur ein LOG in dem meine Updates festgehalten sind. Aber hier das AdwCleaner LOG Code:
ATTFilter # AdwCleaner v4.205 - Bericht erstellt 31/05/2015 um 16:32:47 # Aktualisiert 21/05/2015 von Xplode # Datenbank : 2015-05-25.3 [Server] # Betriebssystem : Windows 7 Home Premium Service Pack 1 (x64) # Benutzername : Nutzer - LUCYNDE # Gestarted von : C:\Users\Nutzer\Desktop\adwcleaner_4.205.exe # Option : Löschen ***** [ Dienste ] ***** ***** [ Dateien / Ordner ] ***** Datei Gelöscht : C:\Users\Nutzer\AppData\Roaming\Opera Software\Opera Stable\databases\chrome-extension_lmnbobhffedhdhfpcjkjphcfpeeiocdn_0 Datei Gelöscht : C:\Users\Nutzer\AppData\Roaming\Opera Software\Opera Stable\Local Extension Settings\lmnbobhffedhdhfpcjkjphcfpeeiocdn ***** [ Geplante Tasks ] ***** ***** [ Verknüpfungen ] ***** ***** [ Registrierungsdatenbank ] ***** Schlüssel Gelöscht : HKCU\Software\DriverTuner_Init Schlüssel Gelöscht : HKCU\Software\DriverTuner Daten Gelöscht : HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - <local> ***** [ Internetbrowser ] ***** -\\ Internet Explorer v11.0.9600.17801 -\\ Mozilla Firefox v38.0.1 (x86 de) [aipr1e7v.default-1347110546619\prefs.js] - Zeile Gelöscht : user_pref("browser.newtab.url", "chrome://unitedtb/content/newtab/newtab-page.xhtml"); -\\ Google Chrome v43.0.2357.81 -\\ Chromium v -\\ Opera v29.0.1795.60 ************************* AdwCleaner[R0].txt - [17850 Bytes] - [24/05/2015 13:12:28] AdwCleaner[R1].txt - [2212 Bytes] - [27/05/2015 16:34:22] AdwCleaner[R2].txt - [1866 Bytes] - [31/05/2015 16:28:55] AdwCleaner[S0].txt - [16416 Bytes] - [24/05/2015 13:13:41] AdwCleaner[S1].txt - [2298 Bytes] - [27/05/2015 16:44:34] AdwCleaner[S2].txt - [1682 Bytes] - [31/05/2015 16:32:47] ########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [1741 Bytes] ########## Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 6.8.5 (05.30.2015:1) OS: Windows 7 Home Premium x64 Ran by Nutzer on 31.05.2015 at 16:36:42,31 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Tasks ~~~ Registry Values ~~~ Registry Keys ~~~ Files ~~~ Folders ~~~ Chrome [C:\Users\Nutzer\appdata\local\Google\Chrome\User Data\Default\Preferences] - default search provider reset [C:\Users\Nutzer\appdata\local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted: [C:\Users\Nutzer\appdata\local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset [C:\Users\Nutzer\appdata\local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted: [] ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on 31.05.2015 at 16:39:55,45 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 27-05-2015 01 Ran by Nutzer (administrator) on LUCYNDE on 31-05-2015 16:42:24 Running from C:\Users\Nutzer\Desktop Loaded Profiles: Nutzer (Available Profiles: Nutzer & Helena) Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe (Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe (Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe (Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642808 2012-12-19] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [Sophos AutoUpdate Monitor] => C:\Program Files (x86)\Sophos\AutoUpdate\almon.exe [1593640 2015-05-07] (Sophos Limited) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated) Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X] HKU\S-1-5-21-3323010747-2788445057-3376602549-1000\...\Policies\system: [EnableLUA] 1 HKU\S-1-5-21-3323010747-2788445057-3376602549-1000\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1 HKU\S-1-5-21-3323010747-2788445057-3376602549-1000\...\Policies\Explorer: [1 compatibilitycheck.exe] HKU\S-1-5-21-3323010747-2788445057-3376602549-1000\...\Policies\Explorer: [2 db88.exe] HKU\S-1-5-21-3323010747-2788445057-3376602549-1000\...\Policies\Explorer: [3 UCV.exe] HKU\S-1-5-21-3323010747-2788445057-3376602549-1000\...\Policies\Explorer: [4 UCV.tmp] HKU\S-1-5-21-3323010747-2788445057-3376602549-1000\...\Policies\Explorer: [5 vcredist_x86.exe] Lsa: [Notification Packages] scecli C:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll BootExecute: autocheck autochk * sdnclean64.exe ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKU\S-1-5-21-3323010747-2788445057-3376602549-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome HKU\S-1-5-21-3323010747-2788445057-3376602549-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\S-1-5-21-3323010747-2788445057-3376602549-1000\Software\Microsoft\Internet Explorer\Main,Start Page = SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll [2012-02-13] (Advanced Micro Devices) BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation) BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation) BHO-x32: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll [2012-02-13] (Advanced Micro Devices) BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-01-26] (Oracle Corporation) BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-26] (Oracle Corporation) Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-07] (Advanced Micro Devices) Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll [2011-06-07] (Advanced Micro Devices) Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-07] (Advanced Micro Devices) Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll [2011-06-07] (Advanced Micro Devices) Winsock: Catalog9 01 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [126760 2012-10-04] (Sophos Limited) Winsock: Catalog9 02 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [126760 2012-10-04] (Sophos Limited) Winsock: Catalog9 03 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [126760 2012-10-04] (Sophos Limited) Winsock: Catalog9 04 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [126760 2012-10-04] (Sophos Limited) Winsock: Catalog9 05 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [126760 2012-10-04] (Sophos Limited) Winsock: Catalog9 06 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [126760 2012-10-04] (Sophos Limited) Winsock: Catalog9 07 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [126760 2012-10-04] (Sophos Limited) Winsock: Catalog9 08 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [126760 2012-10-04] (Sophos Limited) Winsock: Catalog9 22 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [126760 2012-10-04] (Sophos Limited) Winsock: Catalog9-x64 01 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [173864 2012-10-04] (Sophos Limited) Winsock: Catalog9-x64 02 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [173864 2012-10-04] (Sophos Limited) Winsock: Catalog9-x64 03 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [173864 2012-10-04] (Sophos Limited) Winsock: Catalog9-x64 04 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [173864 2012-10-04] (Sophos Limited) Winsock: Catalog9-x64 05 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [173864 2012-10-04] (Sophos Limited) Winsock: Catalog9-x64 06 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [173864 2012-10-04] (Sophos Limited) Winsock: Catalog9-x64 07 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [173864 2012-10-04] (Sophos Limited) Winsock: Catalog9-x64 08 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [173864 2012-10-04] (Sophos Limited) Winsock: Catalog9-x64 22 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [173864 2012-10-04] (Sophos Limited) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 FireFox: ======== FF ProfilePath: C:\Users\Nutzer\AppData\Roaming\Mozilla\Firefox\Profiles\aipr1e7v.default-1347110546619 FF Homepage: hxxp://www.google.de FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-04-15] () FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll No File FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-15] () FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2014-11-18] (Foxit Corporation) FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-01-26] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-26] (Oracle Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation) FF Plugin-x32: @nexon.net/NxGame -> C:\ProgramData\NexonUS\NGM\npNxGameUS.dll [2014-02-06] (Nexon) FF Plugin-x32: @ngm.nexoneu.com/NxGame -> C:\ProgramData\NexonEU\NGM\npNxGameEU.dll [2014-02-06] (Nexon) FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [2013-03-26] (Pando Networks) FF Plugin-x32: @SonyCreativeSoftware.com/Media Go,version=1.0 -> C:\Program Files (x86)\Sony\Media Go\npmediago.dll [2012-02-03] (Sony Network Entertainment International LLC) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-18] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-18] (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=1.1.11 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2011-07-14] (the VideoLAN Team) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-05-01] (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-3323010747-2788445057-3376602549-1000: pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [2013-03-26] (Pando Networks) FF Plugin HKU\S-1-5-21-3323010747-2788445057-3376602549-1000: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll No File FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-05-01] (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2011-09-17] (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2011-09-17] (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2011-09-17] (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2011-09-17] (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2011-09-17] (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll [2011-09-17] (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll [2011-09-17] (Apple Inc.) FF Extension: Ghostery - C:\Users\Nutzer\AppData\Roaming\Mozilla\Firefox\Profiles\aipr1e7v.default-1347110546619\Extensions\firefox@ghostery.com.xpi [2015-01-23] FF Extension: Video DownloadHelper - C:\Users\Nutzer\AppData\Roaming\Mozilla\Firefox\Profiles\aipr1e7v.default-1347110546619\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2015-03-14] FF Extension: {c2255ecc-6835-4084-8f2b-08ccd0ac4e73} - C:\Users\Nutzer\AppData\Roaming\Mozilla\Firefox\Profiles\aipr1e7v.default-1347110546619\Extensions\{c2255ecc-6835-4084-8f2b-08ccd0ac4e73}.xpi [2015-03-10] FF Extension: skype converter - C:\Users\Nutzer\AppData\Roaming\Mozilla\Firefox\Profiles\aipr1e7v.default-1347110546619\Extensions\{cc6cc534-0a92-464a-91be-f27f39fe75fa}.xpi [2015-04-29] FF Extension: Adblock Plus - C:\Users\Nutzer\AppData\Roaming\Mozilla\Firefox\Profiles\aipr1e7v.default-1347110546619\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-01-17] FF Extension: UITBAutoInstaller - C:\Program Files (x86)\Mozilla Firefox\distribution\bundles\{edd7fc99-d65c-4979-85c2-ddeed30c50c7} [2015-05-26] Chrome: ======= CHR StartupUrls: Default -> "hxxp://www.google.com/" CHR Profile: C:\Users\Nutzer\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Drive) - C:\Users\Nutzer\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-07-05] CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Nutzer\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-24] CHR Extension: (YouTube) - C:\Users\Nutzer\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-07-05] CHR Extension: (Google Search) - C:\Users\Nutzer\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-07-05] CHR Extension: (Google Wallet) - C:\Users\Nutzer\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-07-08] CHR Extension: (Gmail) - C:\Users\Nutzer\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-07-05] CHR HKLM-x32\...\Chrome\Extension: [ocbnpbkmjpgbdcgiflkgkpnkinifpgpj] - C:\Users\Nutzer\ChromeExtensions\ocbnpbkmjpgbdcgiflkgkpnkinifpgpj\amazon-icon-2.crx [2015-03-10] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-12-19] (Advanced Micro Devices, Inc.) [File not signed] R2 DiagTrack; C:\Windows\system32\diagtrack.dll [1254400 2015-04-27] (Microsoft Corporation) S3 EasyAntiCheat; C:\Windows\SysWOW64\EasyAntiCheat.exe [237864 2015-03-20] (EasyAntiCheat Ltd) S2 FoxitCloudUpdateService; C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\Foxit Cloud\FCUpdateService.exe [243880 2015-02-13] (Foxit Software Inc.) S2 HiPatchService; D:\GameDIR\SMITE\HiPatchService.exe [9216 2015-02-24] (Hi-Rez Studios) [File not signed] S2 KMService; C:\Windows\SysWOW64\srvany.exe [8192 2003-04-18] () [File not signed] S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation) S3 OpenVPNService; C:\Program Files (x86)\OpenVPN\bin\openvpnserv.exe [36352 2010-11-08] () [File not signed] S2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [75136 2013-12-29] () R2 SAVAdminService; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe [288552 2015-05-07] (Sophos Limited) R2 SAVService; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe [208168 2015-05-07] (Sophos Limited) R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.) R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.) R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.) S2 Sophos AutoUpdate Service; C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe [340776 2015-05-07] (Sophos Limited) R2 Sophos Web Control Service; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe [341800 2015-05-07] (Sophos Limited) R2 swi_service; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe [3278632 2015-05-07] (Sophos Limited) S2 swi_update_64; C:\ProgramData\Sophos\Web Intelligence\swi_update_64.exe [2081064 2015-05-07] (Sophos Limited) S3 TunngleService; C:\Program Files (x86)\Tunngle\TnglCtrl.exe [762320 2015-01-17] (Tunngle.net GmbH) S2 Verifies software is compatible; C:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitychecksvc.exe [99496 2015-04-20] () [File not signed] S2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27768 2012-12-12] (VIA Technologies, Inc.) R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) U5 AppMgmt; C:\Windows\system32\svchost.exe [27648 2011-03-31] (Microsoft Corporation) R3 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-10-31] (Disc Soft Ltd) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation) S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-04-14] (Malwarebytes Corporation) R3 SaiK0CD5; C:\Windows\System32\DRIVERS\SaiK0CD5.sys [183104 2011-09-20] (Saitek) R3 SaiMini; C:\Windows\System32\DRIVERS\SaiMini.sys [24680 2012-06-26] (Saitek) R3 SaiNtBus; C:\Windows\System32\drivers\SaiBus.sys [52200 2012-06-26] (Saitek) R3 SaiU0CD5; C:\Windows\System32\DRIVERS\SaiU0CD5.sys [47168 2011-09-20] (Saitek) R1 SAVOnAccess; C:\Windows\System32\DRIVERS\savonaccess.sys [158976 2015-05-07] (Sophos Limited) S3 sdcfilter; C:\Windows\System32\DRIVERS\sdcfilter.sys [38144 2015-05-07] (Sophos Limited) S4 SophosBootDriver; C:\Windows\System32\DRIVERS\SophosBootDriver.sys [27904 2015-05-07] (Sophos Limited) S4 sptd; C:\Windows\System32\Drivers\sptd.sys [386680 2014-08-10] (Duplex Secure Ltd.) S2 tandpl; C:\Windows\SysWOW64\drivers\tandpl.sys [4736 2003-04-19] () [File not signed] R3 tap0901t; C:\Windows\System32\DRIVERS\tap0901t.sys [31232 2009-09-16] (Tunngle.net) S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [51712 2011-05-10] (Apple, Inc.) [File not signed] S3 catchme; \??\C:\ComboFix\catchme.sys [X] S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X] S3 pccsmcfd; system32\DRIVERS\pccsmcfdx64.sys [X] S3 usj; \??\D:\GameDIR\EdenEternal\avital\ussjcs64.sys [X] S3 xhunter1; \??\C:\Windows\xhunter1.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-05-31 16:42 - 2015-05-31 16:42 - 00021131 _____ () C:\Users\Nutzer\Desktop\FRST.txt 2015-05-31 16:39 - 2015-05-31 16:39 - 00001063 _____ () C:\Users\Nutzer\Desktop\JRT.txt 2015-05-31 16:36 - 2015-05-30 17:05 - 02947635 _____ (Thisisu) C:\Users\Nutzer\Desktop\JRT_NEW.exe 2015-05-31 16:11 - 2015-05-31 16:11 - 00000362 _____ () C:\Users\Nutzer\Desktop\mbam.txt 2015-05-31 15:21 - 2015-05-31 15:21 - 00001113 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2015-05-31 15:21 - 2015-05-31 15:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2015-05-31 15:21 - 2015-05-31 15:21 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2015-05-31 15:21 - 2015-04-14 09:37 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2015-05-31 15:21 - 2015-04-14 09:37 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2015-05-31 15:20 - 2015-05-31 15:20 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\Nutzer\Downloads\mbam-setup-2.1.6.1022.exe 2015-05-30 13:58 - 2015-05-30 13:58 - 00031498 _____ () C:\ComboFix.txt 2015-05-30 13:44 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe 2015-05-30 13:44 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe 2015-05-30 13:44 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe 2015-05-30 13:44 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe 2015-05-30 13:44 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe 2015-05-30 13:44 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe 2015-05-30 13:44 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe 2015-05-30 13:44 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe 2015-05-30 13:39 - 2015-05-30 13:58 - 00000000 ____D () C:\Qoobox 2015-05-30 13:34 - 2015-05-30 13:57 - 00000000 ____D () C:\Windows\erdnt 2015-05-30 13:32 - 2015-05-30 13:32 - 05628678 ____R (Swearware) C:\Users\Nutzer\Desktop\ComboFix.exe 2015-05-29 15:12 - 2015-05-29 15:13 - 00000000 ____D () C:\Users\Nutzer\AppData\Roaming\GetFoldersize 2015-05-29 15:12 - 2015-05-29 15:12 - 00001078 _____ () C:\Users\Public\Desktop\GetFoldersize.lnk 2015-05-29 15:12 - 2015-05-29 15:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GetFoldersize 2015-05-29 15:12 - 2015-05-29 15:12 - 00000000 ____D () C:\Program Files (x86)\GetFoldersize 2015-05-29 15:12 - 2010-10-13 11:42 - 02369456 _____ (Codejock Software) C:\Windows\SysWOW64\Codejock.CommandBars.v13.4.2.ocx 2015-05-29 15:12 - 2010-08-21 02:53 - 00086016 _____ (Michael Thummerer Software Design) C:\Windows\SysWOW64\mtSplitter.ocx 2015-05-29 15:12 - 2010-06-01 19:45 - 01005088 _____ (Bennet-Tec Information Systems, Inc) C:\Windows\SysWOW64\TList8.ocx 2015-05-29 15:12 - 2010-03-25 15:33 - 00171752 _____ (Michael Thummerer Software Design) C:\Windows\SysWOW64\mtRTF2.ocx 2015-05-29 15:12 - 2009-10-13 05:02 - 00044736 _____ (Michael Thummerer Software Design) C:\Windows\SysWOW64\mtSubclass.dll 2015-05-29 11:50 - 2015-05-29 11:50 - 04197016 _____ (Kaspersky Lab ZAO) C:\Users\Nutzer\Desktop\tdsskiller.exe 2015-05-29 11:47 - 2015-05-31 15:21 - 00000000 ____D () C:\ProgramData\Malwarebytes 2015-05-29 11:46 - 2015-05-31 16:24 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-05-29 11:46 - 2015-05-30 12:19 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable) 2015-05-29 11:45 - 2015-04-14 09:37 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2015-05-29 11:43 - 2015-05-29 12:25 - 00000000 ____D () C:\Users\Nutzer\Desktop\mbar 2015-05-29 11:41 - 2015-05-29 11:41 - 16502728 _____ (Malwarebytes Corp.) C:\Users\Nutzer\Desktop\mbar-1.09.1.1004.exe 2015-05-28 13:43 - 2015-05-31 16:42 - 00000000 ____D () C:\FRST 2015-05-28 13:35 - 2015-05-28 13:35 - 00000188 _____ () C:\Users\Nutzer\defogger_reenable 2015-05-28 13:33 - 2015-05-28 13:33 - 00050477 _____ () C:\Users\Nutzer\Desktop\Defogger.exe 2015-05-28 13:31 - 2015-05-28 13:31 - 02108928 _____ (Farbar) C:\Users\Nutzer\Desktop\FRST64.exe 2015-05-27 20:13 - 2015-05-27 20:13 - 00002104 _____ () C:\Windows\DPINST.LOG 2015-05-27 17:08 - 2015-05-27 17:08 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-LUCYNDE-Windows-7-Home-Premium-(64-bit).dat 2015-05-27 17:08 - 2015-05-27 17:08 - 00000000 ____D () C:\RegBackup 2015-05-27 17:05 - 2015-05-27 17:05 - 02946603 _____ (Thisisu) C:\Users\Nutzer\Desktop\JRT.exe 2015-05-27 16:55 - 2015-05-27 16:57 - 00000000 ____D () C:\Users\Nutzer\Desktop\Games 2015-05-27 16:45 - 2015-05-31 16:21 - 00005342 _____ () C:\Windows\PFRO.log 2015-05-27 16:28 - 2015-05-27 16:29 - 02223104 _____ () C:\Users\Nutzer\Desktop\adwcleaner_4.205.exe 2015-05-26 14:13 - 2015-05-26 14:14 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2015-05-24 13:12 - 2015-05-31 16:32 - 00000000 ____D () C:\AdwCleaner 2015-05-18 07:55 - 2015-05-18 07:55 - 00000000 ____D () C:\Windows\SysWOW64\%LOCALAPPDATA% 2015-05-17 12:01 - 2015-05-31 16:33 - 00002016 _____ () C:\Windows\setupact.log 2015-05-17 12:01 - 2015-05-17 12:01 - 00000000 _____ () C:\Windows\setuperr.log 2015-05-16 13:32 - 2015-05-31 16:31 - 00000112 _____ () C:\ProgramData\QUX80go.dat 2015-05-16 13:30 - 2015-05-16 13:30 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Adobe 2015-05-16 13:30 - 2015-05-16 13:30 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Adobe 2015-05-16 13:27 - 2015-05-31 16:26 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Compatibility Verifier 2015-05-16 13:27 - 2015-05-31 16:26 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Compatibility Verifier 2015-05-16 13:11 - 2015-05-16 13:11 - 00000000 ____D () C:\DAEMON Tools Lite 2015-05-13 16:46 - 2015-05-01 15:17 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll 2015-05-13 16:46 - 2015-05-01 15:16 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll 2015-05-13 12:24 - 2015-05-05 05:43 - 00342528 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2015-05-13 12:24 - 2015-05-05 05:27 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2015-05-13 12:24 - 2015-04-22 04:28 - 00389840 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2015-05-13 12:24 - 2015-04-22 03:48 - 00342736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2015-05-13 12:24 - 2015-04-21 19:14 - 24971776 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2015-05-13 12:24 - 2015-04-21 19:08 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2015-05-13 12:24 - 2015-04-21 19:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2015-05-13 12:24 - 2015-04-21 18:51 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2015-05-13 12:24 - 2015-04-21 18:50 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2015-05-13 12:24 - 2015-04-21 18:50 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec 2015-05-13 12:24 - 2015-04-21 18:50 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2015-05-13 12:24 - 2015-04-21 18:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2015-05-13 12:24 - 2015-04-21 18:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2015-05-13 12:24 - 2015-04-21 18:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2015-05-13 12:24 - 2015-04-21 18:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2015-05-13 12:24 - 2015-04-21 18:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2015-05-13 12:24 - 2015-04-21 18:35 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2015-05-13 12:24 - 2015-04-21 18:35 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2015-05-13 12:24 - 2015-04-21 18:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2015-05-13 12:24 - 2015-04-21 18:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2015-05-13 12:24 - 2015-04-21 18:31 - 06025728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2015-05-13 12:24 - 2015-04-21 18:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2015-05-13 12:24 - 2015-04-21 18:25 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2015-05-13 12:24 - 2015-04-21 18:24 - 19691008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2015-05-13 12:24 - 2015-04-21 18:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2015-05-13 12:24 - 2015-04-21 18:14 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2015-05-13 12:24 - 2015-04-21 18:11 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2015-05-13 12:24 - 2015-04-21 18:11 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2015-05-13 12:24 - 2015-04-21 18:10 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2015-05-13 12:24 - 2015-04-21 18:09 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec 2015-05-13 12:24 - 2015-04-21 18:09 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2015-05-13 12:24 - 2015-04-21 18:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2015-05-13 12:24 - 2015-04-21 18:08 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2015-05-13 12:24 - 2015-04-21 18:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2015-05-13 12:24 - 2015-04-21 18:04 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2015-05-13 12:24 - 2015-04-21 18:03 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2015-05-13 12:24 - 2015-04-21 18:02 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2015-05-13 12:24 - 2015-04-21 18:00 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2015-05-13 12:24 - 2015-04-21 17:58 - 00664576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2015-05-13 12:24 - 2015-04-21 17:58 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2015-05-13 12:24 - 2015-04-21 17:57 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2015-05-13 12:24 - 2015-04-21 17:49 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2015-05-13 12:24 - 2015-04-21 17:49 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2015-05-13 12:24 - 2015-04-21 17:48 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2015-05-13 12:24 - 2015-04-21 17:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2015-05-13 12:24 - 2015-04-21 17:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2015-05-13 12:24 - 2015-04-21 17:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2015-05-13 12:24 - 2015-04-21 17:40 - 14401536 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2015-05-13 12:24 - 2015-04-21 17:39 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2015-05-13 12:24 - 2015-04-21 17:38 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2015-05-13 12:24 - 2015-04-21 17:36 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2015-05-13 12:24 - 2015-04-21 17:31 - 04305920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2015-05-13 12:24 - 2015-04-21 17:27 - 02352128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2015-05-13 12:24 - 2015-04-21 17:26 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2015-05-13 12:24 - 2015-04-21 17:25 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2015-05-13 12:24 - 2015-04-21 17:24 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2015-05-13 12:24 - 2015-04-21 17:17 - 12828672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2015-05-13 12:24 - 2015-04-21 17:15 - 01547264 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2015-05-13 12:24 - 2015-04-21 17:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2015-05-13 12:24 - 2015-04-21 17:02 - 01882112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2015-05-13 12:24 - 2015-04-21 16:58 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2015-05-13 12:24 - 2015-04-21 16:56 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2015-05-13 12:23 - 2015-04-27 21:23 - 01254400 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll 2015-05-13 12:23 - 2015-04-27 21:23 - 00113664 _____ (Microsoft Corporation) C:\Windows\system32\sechost.dll 2015-05-13 12:23 - 2015-04-27 21:22 - 05550016 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2015-05-13 12:23 - 2015-04-27 21:22 - 00706496 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi 2015-05-13 12:23 - 2015-04-27 21:22 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\tracerpt.exe 2015-05-13 12:23 - 2015-04-27 21:22 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys 2015-05-13 12:23 - 2015-04-27 21:22 - 00104448 _____ (Microsoft Corporation) C:\Windows\system32\logman.exe 2015-05-13 12:23 - 2015-04-27 21:22 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys 2015-05-13 12:23 - 2015-04-27 21:22 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\typeperf.exe 2015-05-13 12:23 - 2015-04-27 21:22 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\relog.exe 2015-05-13 12:23 - 2015-04-27 21:22 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\diskperf.exe 2015-05-13 12:23 - 2015-04-27 21:20 - 01728960 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll 2015-05-13 12:23 - 2015-04-27 21:20 - 00631384 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi 2015-05-13 12:23 - 2015-04-27 21:18 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll 2015-05-13 12:23 - 2015-04-27 21:18 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll 2015-05-13 12:23 - 2015-04-27 21:18 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll 2015-05-13 12:23 - 2015-04-27 21:17 - 01464832 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2015-05-13 12:23 - 2015-04-27 21:17 - 01163776 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll 2015-05-13 12:23 - 2015-04-27 21:17 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll 2015-05-13 12:23 - 2015-04-27 21:17 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll 2015-05-13 12:23 - 2015-04-27 21:17 - 00729600 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2015-05-13 12:23 - 2015-04-27 21:17 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll 2015-05-13 12:23 - 2015-04-27 21:17 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll 2015-05-13 12:23 - 2015-04-27 21:17 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll 2015-05-13 12:23 - 2015-04-27 21:17 - 00316416 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll 2015-05-13 12:23 - 2015-04-27 21:17 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll 2015-05-13 12:23 - 2015-04-27 21:17 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe 2015-05-13 12:23 - 2015-04-27 21:17 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll 2015-05-13 12:23 - 2015-04-27 21:17 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll 2015-05-13 12:23 - 2015-04-27 21:17 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll 2015-05-13 12:23 - 2015-04-27 21:17 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe 2015-05-13 12:23 - 2015-04-27 21:17 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll 2015-05-13 12:23 - 2015-04-27 21:17 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll 2015-05-13 12:23 - 2015-04-27 21:17 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll 2015-05-13 12:23 - 2015-04-27 21:17 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll 2015-05-13 12:23 - 2015-04-27 21:17 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll 2015-05-13 12:23 - 2015-04-27 21:17 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll 2015-05-13 12:23 - 2015-04-27 21:17 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll 2015-05-13 12:23 - 2015-04-27 21:17 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll 2015-05-13 12:23 - 2015-04-27 21:17 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll 2015-05-13 12:23 - 2015-04-27 21:17 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll 2015-05-13 12:23 - 2015-04-27 21:16 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe 2015-05-13 12:23 - 2015-04-27 21:16 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe 2015-05-13 12:23 - 2015-04-27 21:16 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe 2015-05-13 12:23 - 2015-04-27 21:16 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe 2015-05-13 12:23 - 2015-04-27 21:16 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe 2015-05-13 12:23 - 2015-04-27 21:13 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll 2015-05-13 12:23 - 2015-04-27 21:12 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll 2015-05-13 12:23 - 2015-04-27 21:10 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll 2015-05-13 12:23 - 2015-04-27 21:10 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll 2015-05-13 12:23 - 2015-04-27 21:10 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll 2015-05-13 12:23 - 2015-04-27 21:10 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll 2015-05-13 12:23 - 2015-04-27 21:10 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll 2015-05-13 12:23 - 2015-04-27 21:10 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll 2015-05-13 12:23 - 2015-04-27 21:10 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll 2015-05-13 12:23 - 2015-04-27 21:10 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll 2015-05-13 12:23 - 2015-04-27 21:10 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll 2015-05-13 12:23 - 2015-04-27 21:10 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll 2015-05-13 12:23 - 2015-04-27 21:10 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll 2015-05-13 12:23 - 2015-04-27 21:10 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll 2015-05-13 12:23 - 2015-04-27 21:10 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll 2015-05-13 12:23 - 2015-04-27 21:10 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll 2015-05-13 12:23 - 2015-04-27 21:10 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll 2015-05-13 12:23 - 2015-04-27 21:10 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll 2015-05-13 12:23 - 2015-04-27 21:10 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll 2015-05-13 12:23 - 2015-04-27 21:10 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll 2015-05-13 12:23 - 2015-04-27 21:10 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll 2015-05-13 12:23 - 2015-04-27 21:10 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll 2015-05-13 12:23 - 2015-04-27 21:10 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll 2015-05-13 12:23 - 2015-04-27 21:10 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll 2015-05-13 12:23 - 2015-04-27 21:10 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll 2015-05-13 12:23 - 2015-04-27 21:10 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll 2015-05-13 12:23 - 2015-04-27 21:10 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll 2015-05-13 12:23 - 2015-04-27 21:10 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll 2015-05-13 12:23 - 2015-04-27 21:10 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll 2015-05-13 12:23 - 2015-04-27 21:10 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll 2015-05-13 12:23 - 2015-04-27 21:10 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll 2015-05-13 12:23 - 2015-04-27 21:10 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll 2015-05-13 12:23 - 2015-04-27 21:05 - 00092160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sechost.dll 2015-05-13 12:23 - 2015-04-27 21:04 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tracerpt.exe 2015-05-13 12:23 - 2015-04-27 21:04 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\logman.exe 2015-05-13 12:23 - 2015-04-27 21:04 - 00040448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\typeperf.exe 2015-05-13 12:23 - 2015-04-27 21:04 - 00037888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\relog.exe 2015-05-13 12:23 - 2015-04-27 21:03 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\diskperf.exe 2015-05-13 12:23 - 2015-04-27 21:01 - 03994560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe 2015-05-13 12:23 - 2015-04-27 21:01 - 03939264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe 2015-05-13 12:23 - 2015-04-27 20:58 - 01311256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll 2015-05-13 12:23 - 2015-04-27 20:56 - 00635392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll 2015-05-13 12:23 - 2015-04-27 20:56 - 00260096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll 2015-05-13 12:23 - 2015-04-27 20:56 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll 2015-05-13 12:23 - 2015-04-27 20:56 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll 2015-05-13 12:23 - 2015-04-27 20:56 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll 2015-05-13 12:23 - 2015-04-27 20:56 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll 2015-05-13 12:23 - 2015-04-27 20:56 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2015-05-13 12:23 - 2015-04-27 20:56 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll 2015-05-13 12:23 - 2015-04-27 20:55 - 00643072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll 2015-05-13 12:23 - 2015-04-27 20:55 - 00551424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll 2015-05-13 12:23 - 2015-04-27 20:55 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll 2015-05-13 12:23 - 2015-04-27 20:55 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll 2015-05-13 12:23 - 2015-04-27 20:55 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe 2015-05-13 12:23 - 2015-04-27 20:55 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe 2015-05-13 12:23 - 2015-04-27 20:55 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll 2015-05-13 12:23 - 2015-04-27 20:54 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll 2015-05-13 12:23 - 2015-04-27 20:54 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll 2015-05-13 12:23 - 2015-04-27 20:54 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll 2015-05-13 12:23 - 2015-04-27 20:54 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll 2015-05-13 12:23 - 2015-04-27 20:53 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll 2015-05-13 12:23 - 2015-04-27 20:53 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll 2015-05-13 12:23 - 2015-04-27 20:52 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll 2015-05-13 12:23 - 2015-04-27 20:52 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll 2015-05-13 12:23 - 2015-04-27 20:52 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll 2015-05-13 12:23 - 2015-04-27 20:52 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll 2015-05-13 12:23 - 2015-04-27 20:52 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll 2015-05-13 12:23 - 2015-04-27 20:52 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll 2015-05-13 12:23 - 2015-04-27 20:52 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll 2015-05-13 12:23 - 2015-04-27 20:52 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll 2015-05-13 12:23 - 2015-04-27 20:52 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll 2015-05-13 12:23 - 2015-04-27 20:52 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll 2015-05-13 12:23 - 2015-04-27 20:52 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll 2015-05-13 12:23 - 2015-04-27 20:52 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll 2015-05-13 12:23 - 2015-04-27 20:52 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll 2015-05-13 12:23 - 2015-04-27 20:52 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll 2015-05-13 12:23 - 2015-04-27 20:52 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll 2015-05-13 12:23 - 2015-04-27 20:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll 2015-05-13 12:23 - 2015-04-27 20:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll 2015-05-13 12:23 - 2015-04-27 20:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll 2015-05-13 12:23 - 2015-04-27 20:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll 2015-05-13 12:23 - 2015-04-27 20:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll 2015-05-13 12:23 - 2015-04-27 20:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll 2015-05-13 12:23 - 2015-04-27 20:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll 2015-05-13 12:23 - 2015-04-27 20:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll 2015-05-13 12:23 - 2015-04-27 20:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll 2015-05-13 12:23 - 2015-04-27 20:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll 2015-05-13 12:23 - 2015-04-27 20:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll 2015-05-13 12:23 - 2015-04-27 20:14 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys 2015-05-13 12:23 - 2015-04-27 20:06 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll 2015-05-13 12:23 - 2015-04-27 19:54 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe 2015-05-13 12:23 - 2015-04-27 19:54 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe 2015-05-13 12:23 - 2015-04-27 19:51 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll 2015-05-13 12:23 - 2015-04-27 19:51 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll 2015-05-13 12:23 - 2015-04-27 19:51 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll 2015-05-13 12:23 - 2015-04-27 19:51 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll 2015-05-13 12:23 - 2015-04-20 05:17 - 01647104 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll 2015-05-13 12:23 - 2015-04-20 05:17 - 01179136 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll 2015-05-13 12:23 - 2015-04-20 04:56 - 01250816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll 2015-05-13 12:23 - 2015-04-20 04:11 - 03204608 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2015-05-13 12:23 - 2015-04-13 05:28 - 00328704 _____ (Microsoft Corporation) C:\Windows\system32\services.exe 2015-05-13 12:23 - 2015-04-08 05:29 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll 2015-05-13 12:23 - 2015-04-08 05:29 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll 2015-05-13 12:23 - 2015-04-08 05:14 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll 2015-05-13 12:23 - 2015-03-19 01:39 - 00632984 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe 2015-05-13 12:23 - 2015-03-19 01:39 - 00546656 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe 2015-05-13 12:23 - 2015-01-29 05:19 - 02543104 _____ (Microsoft Corporation) C:\Windows\system32\wpdshext.dll 2015-05-13 12:23 - 2015-01-29 05:02 - 02311168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wpdshext.dll 2015-05-13 12:22 - 2015-03-04 06:41 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\apphelp.dll 2015-05-13 12:22 - 2015-03-04 06:41 - 00072192 _____ (Microsoft Corporation) C:\Windows\system32\aelupsvc.dll 2015-05-13 12:22 - 2015-03-04 06:41 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\sdbinst.exe 2015-05-13 12:22 - 2015-03-04 06:41 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\shimeng.dll 2015-05-13 12:22 - 2015-03-04 06:11 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shimeng.dll 2015-05-13 12:22 - 2015-03-04 06:10 - 00295936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apphelp.dll 2015-05-13 12:22 - 2015-03-04 06:10 - 00020992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sdbinst.exe 2015-05-13 12:22 - 2015-02-18 09:06 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe 2015-05-13 12:22 - 2015-02-18 09:04 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe 2015-05-07 16:04 - 2015-05-07 16:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos 2015-05-07 16:03 - 2015-05-07 16:00 - 00035624 _____ (Sophos Limited) C:\Windows\system32\SophosBootTasks.exe 2015-05-07 16:01 - 2015-05-07 16:01 - 00038144 _____ (Sophos Limited) C:\Windows\system32\Drivers\sdcfilter.sys 2015-05-07 16:01 - 2015-05-07 16:01 - 00027904 _____ (Sophos Limited) C:\Windows\system32\Drivers\SophosBootDriver.sys 2015-05-07 16:00 - 2015-05-07 16:00 - 00176120 _____ (Sophos Limited) C:\Windows\system32\sdccoinstaller.dll 2015-05-07 16:00 - 2015-05-07 16:00 - 00158976 _____ (Sophos Limited) C:\Windows\system32\Drivers\savonaccess.sys ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-05-31 16:37 - 2011-08-04 07:34 - 01677491 _____ () C:\Windows\WindowsUpdate.log 2015-05-31 16:37 - 2009-07-14 06:45 - 00028912 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-05-31 16:37 - 2009-07-14 06:45 - 00028912 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-05-31 16:33 - 2014-07-02 20:51 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-05-31 16:33 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2015-05-31 16:31 - 2012-03-30 10:49 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-05-31 16:30 - 2014-07-02 20:51 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-05-31 15:20 - 2011-08-17 11:26 - 00000000 ____D () C:\Users\Nutzer\dwhelper 2015-05-30 13:56 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini 2015-05-30 13:54 - 2011-08-04 07:44 - 00000000 ____D () C:\Users\Nutzer 2015-05-30 13:52 - 2012-06-29 00:35 - 00000000 ____D () C:\ProgramData\TEMP 2015-05-30 13:46 - 2011-08-09 23:39 - 00000000 ____D () C:\Users\Nutzer\AppData\Local\CrashDumps 2015-05-29 15:15 - 2013-07-25 12:15 - 00000000 ____D () C:\Users\Nutzer\AppData\Roaming\uTorrent 2015-05-29 12:50 - 2010-11-21 08:50 - 00710518 _____ () C:\Windows\system32\perfh007.dat 2015-05-29 12:50 - 2010-11-21 08:50 - 00154848 _____ () C:\Windows\system32\perfc007.dat 2015-05-29 12:50 - 2009-07-14 07:13 - 01651822 _____ () C:\Windows\system32\PerfStringBackup.INI 2015-05-28 16:28 - 2011-08-07 15:30 - 00007602 _____ () C:\Users\Nutzer\AppData\Local\resmon.resmoncfg 2015-05-28 15:13 - 2014-08-11 17:37 - 00000000 ____D () C:\Users\Nutzer\AppData\Local\Battle.net 2015-05-27 16:45 - 2012-05-26 23:29 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2015-05-27 14:50 - 2015-04-24 11:01 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox.bak 2015-05-26 12:45 - 2013-04-15 15:00 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk 2015-05-24 13:14 - 2012-05-26 23:29 - 00001072 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2015-05-24 13:14 - 2011-08-04 07:45 - 00001004 _____ () C:\Users\Nutzer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2015-05-20 15:31 - 2015-04-07 19:49 - 00000000 ___SD () C:\Windows\SysWOW64\GWX 2015-05-20 15:31 - 2015-04-07 19:49 - 00000000 ___SD () C:\Windows\system32\GWX 2015-05-20 12:27 - 2014-06-09 14:14 - 00003850 _____ () C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1379773154 2015-05-20 12:27 - 2013-09-21 16:19 - 00000000 ____D () C:\Program Files (x86)\Opera 2015-05-18 07:25 - 2014-07-02 20:51 - 00004106 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2015-05-18 07:25 - 2014-07-02 20:51 - 00003854 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2015-05-17 11:46 - 2014-08-17 23:41 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2 2015-05-16 13:28 - 2013-12-16 00:13 - 00000000 ____D () C:\ProgramData\Package Cache 2015-05-14 20:43 - 2011-08-12 20:57 - 00000000 ____D () C:\Users\Nutzer\Documents\My Games 2015-05-14 18:51 - 2013-01-17 15:56 - 00412528 _____ () C:\Windows\system32\FNTCACHE.DAT 2015-05-14 18:47 - 2010-11-21 09:00 - 00000000 ____D () C:\Program Files\Windows Journal 2015-05-14 18:47 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\AdvancedInstallers 2015-05-13 17:04 - 2011-09-04 15:06 - 00000000 ____D () C:\ProgramData\Microsoft Help 2015-05-13 17:00 - 2013-07-16 17:37 - 00000000 ____D () C:\Windows\system32\MRT 2015-05-13 16:52 - 2011-08-06 13:21 - 140425016 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2015-05-13 16:46 - 2013-12-14 16:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight 2015-05-13 16:45 - 2013-12-14 16:50 - 00000000 ____D () C:\Program Files\Microsoft Silverlight 2015-05-13 16:45 - 2013-12-14 16:50 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight 2015-05-12 14:24 - 2014-08-11 17:37 - 00000000 ____D () C:\Program Files (x86)\Battle.net 2015-05-11 14:39 - 2015-03-29 15:34 - 00000000 ____D () C:\Users\Nutzer\AppData\Local\Songr 2015-05-08 12:28 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache 2015-05-07 16:05 - 2012-10-04 13:11 - 00000000 ____D () C:\Program Files (x86)\Sophos 2015-05-07 16:04 - 2012-10-04 13:11 - 00000000 ____D () C:\ProgramData\Sophos ==================== Files in the root of some directories ======= 2012-02-08 00:27 - 2012-02-29 00:33 - 0000080 _____ () C:\Users\Nutzer\AppData\Roaming\blckdom.res 2011-08-07 15:09 - 2015-02-14 04:30 - 0015360 _____ () C:\Users\Nutzer\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2012-11-14 18:03 - 2012-11-14 18:03 - 0000094 _____ () C:\Users\Nutzer\AppData\Local\fusioncache.dat 2011-08-07 15:30 - 2015-05-28 16:28 - 0007602 _____ () C:\Users\Nutzer\AppData\Local\resmon.resmoncfg 2013-09-20 12:03 - 2013-09-20 12:03 - 0005082 _____ () C:\ProgramData\iqrjmdeq.fak 2015-05-16 13:32 - 2015-05-31 16:31 - 0000112 _____ () C:\ProgramData\QUX80go.dat Files to move or delete: ==================== C:\ProgramData\QUX80go.dat C:\Users\Nutzer\F.bat Some files in TEMP: ==================== C:\Users\Nutzer\AppData\Local\Temp\Quarantine.exe C:\Users\Nutzer\AppData\Local\Temp\sqlite3.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-05-08 12:19 ==================== End of log ============================ Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 27-05-2015 01 Ran by Nutzer at 2015-05-31 16:43:06 Running from C:\Users\Nutzer\Desktop Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-3323010747-2788445057-3376602549-500 - Administrator - Disabled) ASPNET (S-1-5-21-3323010747-2788445057-3376602549-1020 - Limited - Enabled) Gast (S-1-5-21-3323010747-2788445057-3376602549-501 - Limited - Enabled) Helena (S-1-5-21-3323010747-2788445057-3376602549-1004 - Limited - Enabled) => C:\Users\Helena HomeGroupUser$ (S-1-5-21-3323010747-2788445057-3376602549-1003 - Limited - Enabled) Nutzer (S-1-5-21-3323010747-2788445057-3376602549-1000 - Administrator - Enabled) => C:\Users\Nutzer SophosSAULUCYNDE0 (S-1-5-21-3323010747-2788445057-3376602549-1017 - Limited - Enabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Sophos Anti-Virus (Disabled - Up to date) {6BABF8F7-3EB6-BD1D-9167-8C5ECA060A29} AS: Sophos Anti-Virus (Disabled - Up to date) {D0CA1913-188C-B293-ABD7-B72CB1814094} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Spybot - Search and Destroy (Enabled - Out of date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) „Der Herr der Ringe Online™“ v03.08.00.8025 (HKLM-x32\...\12bbe590-c890-11d9-9669-0800200c9a66_is1) (Version: 03.08.00.8025 - Turbine, Inc.) Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 13.0.0.83 - Adobe Systems Incorporated) Adobe Flash Player 17 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 17.0.0.169 - Adobe Systems Incorporated) Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.169 - Adobe Systems Incorporated) Adobe Reader XI (11.0.11) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.11 - Adobe Systems Incorporated) Advertising Center (x32 Version: 0.0.0.1 - Nero AG) Hidden Age of Empires II: HD Edition (HKLM-x32\...\Steam App 221380) (Version: - Hidden Path Entertainment, Ensemble Studios) Akamai NetSession Interface (HKU\S-1-5-21-3323010747-2788445057-3376602549-1000\...\Akamai) (Version: - Akamai Technologies, Inc) AMD Catalyst Install Manager (HKLM\...\{5E03A267-415E-5383-FA8F-3CE4145663B9}) (Version: 8.0.903.0 - Advanced Micro Devices, Inc.) ANSTOSS 3 (HKLM-x32\...\ANSTOSS 3_is1) (Version: - ) Apple Application Support (HKLM-x32\...\{B3575D00-27EF-49C2-B9E0-14B3D954E992}) (Version: 1.5.2 - Apple Inc.) Ashampoo Burning Studio FREE v.1.14.5 (HKLM-x32\...\{91B33C97-91F8-FFB3-581B-BC952C901685}_is1) (Version: 1.14.5 - Ashampoo GmbH & Co. KG) ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.10 - Michael Tippach) Assassin's Creed (HKLM-x32\...\{8CFA9151-6404-409A-AF22-4632D04582FD}) (Version: 1.00 - Ubisoft) Assassin's Creed (R) III (HKLM-x32\...\{9D15E813-0C26-41E7-ABC5-3EB06FF1B3CF}) (Version: 1.01 - Ubisoft) Assassin's Creed Brotherhood (HKLM-x32\...\{BE4BA698-8533-4F77-9559-C7F3F78C0B05}) (Version: 1.03 - Ubisoft) Assassin's Creed II (HKLM-x32\...\{8570BEE8-0CA3-4977-9AB1-80ED93F0513C}) (Version: 1.01 - Ubisoft) Assassin's Creed Revelations 1.03 (HKLM-x32\...\{33A22B2D-55BA-4508-B767-BF2E9C21A73F}) (Version: 1.03 - Ubisoft) Audacity 1.3.13 (Unicode) (HKLM-x32\...\Audacity 1.3 Beta (Unicode)_is1) (Version: - Audacity Team) Auslogics BoostSpeed (HKLM-x32\...\{7216871F-869E-437C-B9BF-2A13F2DCE63F}_is1) (Version: 5.2 - Auslogics Software Pty Ltd) Bandisoft MPEG-1 Decoder (HKLM-x32\...\BandiMPEG1) (Version: - ) Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment) Battlefield 1942 (HKLM-x32\...\{698D7E61-E4BF-4CA6-8A09-CF6BDBFDEF65}) (Version: - ) Borderlands 2 (HKLM-x32\...\Borderlands 2_is1) (Version: 1.8.0 - 2K Games) Brother MFL-Pro Suite DCP-7065DN (HKLM-x32\...\{3ACCCFB3-7B17-4E9F-ACB0-46868FCD4487}) (Version: 1.1.3.0 - Brother Industries, Ltd.) CCleaner (HKLM\...\CCleaner) (Version: 4.16 - Piriform) CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.4.4852 - CDBurnerXP) CDRWIN 9 (HKLM-x32\...\{23D4A973-14FF-474E-0001-6529DDC11226}) (Version: 9.0.11.304 - Engelmann Media GmbH) D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.49.1.0356 - Disc Soft Ltd) Dawn of War - Soulstorm (HKLM-x32\...\{20533183-D42D-4261-A125-956736FBEA8C}) (Version: 1.00.0000 - THQ) Dawn of War - Soulstorm (x32 Version: 1.00.0000 - THQ) Hidden DawnOfWar (HKLM-x32\...\InstallShield_{362D5167-9716-44BE-89FD-BF9EB6EF814B}) (Version: 1.00.00000 - THQ) DawnOfWar (x32 Version: 1.00.00000 - THQ) Hidden Diablo II (HKLM-x32\...\Diablo II) (Version: - ) Diablo III (HKLM-x32\...\Diablo III) (Version: - Blizzard Entertainment) DiRT 3 (x32 Version: 1.0.0001.130 - Codemasters) Hidden DolbyFiles (x32 Version: 2.0 - Nero AG) Hidden Dragon's Prophet (EU) (HKLM-x32\...\Steam App 259020) (Version: - ) EVEREST Home Edition v2.20 (HKLM-x32\...\EVEREST Home Edition_is1) (Version: 2.20 - Lavalys Inc) F.E.A.R. Online (HKLM-x32\...\Steam App 223650) (Version: - InPlay Interactive) Facebook Messenger 2.1.4814.0 (HKLM-x32\...\{7204BDEE-1A48-4D95-A964-44A9250B439E}) (Version: 2.1.4814.0 - Facebook) FIFA 13 (HKLM-x32\...\{A29E18C2-7AB1-4b6b-848C-5D5E2C85F0C0}) (Version: 1.1.0.0 - Electronic Arts) Final Fantasy VII (HKLM-x32\...\Final Fantasy VII) (Version: - ) FINAL FANTASY XIII (HKLM-x32\...\Steam App 292120) (Version: - SQUARE ENIX) FINAL FANTASY XIII-2 (HKLM-x32\...\Steam App 292140) (Version: - SQUARE ENIX) Fistful of Frags (HKLM-x32\...\Steam App 265630) (Version: - Fistful of Frags Team) FL Studio 10 (HKLM-x32\...\FL Studio 10) (Version: - Image-Line) Flixster (HKLM-x32\...\com.wb.DC2) (Version: 2.2.0 - Warner Bros. Entertainment, Inc.) Flixster (x32 Version: 2.2.0 - Warner Bros. Entertainment, Inc.) Hidden Fotogalerie (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Foxit Cloud (HKLM-x32\...\{41914D8B-9D6E-4764-A1F9-BC43FB6782C1}_is1) (Version: 2.8.49.213 - Foxit Software Inc.) Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 7.0.6.1126 - Foxit Software Inc.) Free Mp3 Wma Converter V 2.2 (HKLM-x32\...\Free Mp3 Wma Converter_is1) (Version: 2.2.0.0 - Koyote Soft) GetFoldersize 2.6.0 (HKLM-x32\...\GetFoldersize_is1) (Version: 2.6.0 - Michael Thummerer Software Design) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 43.0.2357.81 - Google Inc.) Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden Hearthstone (HKLM-x32\...\Hearthstone) (Version: - Blizzard Entertainment) Hero Editor V0.96 (HKLM-x32\...\ST6UNST #1) (Version: - ) Hi-Rez Studios Authenticate and Update Service (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}) (Version: 3.0.0.0 - Hi-Rez Studios) Hydra VSTi/DXi v1.2 (HKLM-x32\...\SynapseHydra_is1) (Version: 1.2 - Synapse Audio Software) IBM SPSS Statistics 19 (HKLM\...\{06C43FAA-7226-41EF-A05E-9AE0AA849FFE}) (Version: 19.0.0 - SPSS Inc., an IBM Company) IL Download Manager (HKLM-x32\...\IL Download Manager) (Version: - Image-Line) ImagXpress (x32 Version: 7.0.74.0 - Nero AG) Hidden IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.35 - Irfan Skiljan) Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation) Java(TM) 6 Update 26 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216026FF}) (Version: 6.0.260 - Oracle) JavaFX 2.1.1 (HKLM-x32\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation) Kyocera Product Library (HKLM\...\Kyocera Product Library) (Version: 2.0.0713 - Kyocera Mita Corporation) LAME v3.98.3 for Audacity (HKLM-x32\...\LAME for Audacity_is1) (Version: - ) LameXP v4.07 (HKLM-x32\...\{FBD7A67D-D700-4043-B54F-DD106D00F308}) (Version: 4.07 Final-1 [Build #1286] - LoRd_MuldeR <mulder2@gmx.de>) League of Legends (HKLM-x32\...\{92606477-9366-4D3B-8AE3-6BE4B29727AB}) (Version: 1.3 - Riot Games) Left 4 Dead 2 (HKLM-x32\...\Steam App 550) (Version: - Valve) Malwarebytes Anti-Malware Version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation) Media Go (HKLM-x32\...\{DBF1AE39-DA30-4B89-A7EB-3BDA675C5D9E}) (Version: 2.1.392 - Sony) Menu Templates - Starter Kit (x32 Version: 9.0.4.0 - Nero AG) Hidden Microsoft .NET Framework 1.1 (HKLM-x32\...\Microsoft .NET Framework 1.1 (1033)) (Version: - ) Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation) Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{F2508213-9989-4E85-A078-72BE483917EF}) (Version: 3.5.88.0 - Microsoft Corporation) Microsoft Games for Windows Marketplace (HKLM-x32\...\{4CB0307C-565E-4441-86BE-0DF2E4FB828C}) (Version: 3.5.50.0 - Microsoft Corporation) Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation) Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation) Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-007A-0407-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation) Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-3323010747-2788445057-3376602549-1000\...\OneDriveSetup.exe) (Version: 17.0.4035.0328 - Microsoft Corporation) Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit (HKLM-x32\...\{95140000-007D-0409-0000-0000000FF1CE}) (Version: 14.0.5120.5000 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable - KB2467175 (HKLM-x32\...\{a0fe116e-9a8a-466f-aee0-625cb7c207e3}) (Version: 8.0.51011 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{527BBE2F-1FED-3D8B-91CB-4DB0F838E69E}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{b341426f-8543-4e0d-96c3-e976f8ec5ab6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation) Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation) Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation) mini-KMS Activator 1.0.5.2 (HKLM-x32\...\mini-KMS Activator 1.0.5.2) (Version: - ) Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Mozilla Firefox 38.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 38.0.1 (x86 de)) (Version: 38.0.1 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla) Mozilla Thunderbird 31.4.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 31.4.0 (x86 de)) (Version: 31.4.0 - Mozilla) MSVC80_x64 (Version: 1.0.1.0 - Nokia) Hidden MSVC80_x64_v2 (Version: 1.0.3.0 - Nokia) Hidden MSVC80_x86 (x32 Version: 1.0.1.0 - Nokia) Hidden MSVC80_x86_v2 (x32 Version: 1.0.3.0 - Nokia) Hidden MSVC90_x64 (Version: 1.0.1.2 - Nokia) Hidden MSVC90_x86 (x32 Version: 1.0.1.2 - Nokia) Hidden MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) Nexon Game Manager (HKLM-x32\...\{EA2DB6E0-72C5-4ef9-A3A0-E6705F4A6A9E}) (Version: - ) Norton Bootable Recovery Tool Wizard (HKLM-x32\...\NBRTWizard) (Version: 4.5.0.34 - Symantec Corporation) NPC-Reconstruction Models Mod (HKLM-x32\...\{8F2FE985-BCA2-44B1-9D05-9853DF8DFE52}) (Version: 0.6 - United ODC Corporation) NVIDIA PhysX (HKLM-x32\...\{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}) (Version: 9.12.1031 - NVIDIA Corporation) NVIDIA WDM Drivers (HKLM-x32\...\{B023185F-F1EF-4F97-B0BD-AE6D802226D1}) (Version: - ) Ohm Force - Ohmicide VST (HKLM-x32\...\Ohmicide VST) (Version: - ) OpenAL (HKLM-x32\...\OpenAL) (Version: - ) OpenVPN 2.1.4 (HKLM-x32\...\OpenVPN) (Version: 2.1.4 - ) Opera Stable 29.0.1795.60 (HKLM-x32\...\Opera 29.0.1795.60) (Version: 29.0.1795.60 - Opera Software ASA) Pando Media Booster (HKLM-x32\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.6.0.9 - Pando Networks Inc.) PAYDAY 2 (HKLM-x32\...\Steam App 218620) (Version: - OVERKILL - a Starbreeze Studio.) PDF24 Creator 5.6.0 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version: - PDF24.org) PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.991 - Even Balance, Inc.) QuickTime (HKLM-x32\...\{C9E14402-3631-4182-B377-6B0DFB1C0339}) (Version: 7.70.80.34 - Apple Inc.) Ragnarok Online 2 (HKLM-x32\...\{717BD14A-BE61-40A4-9865-17AACF611FE0}) (Version: 1.0.0 - Gravity Interactive, Inc.) reFX Nexus 1.0.0 (HKLM-x32\...\{84D04D4F-2201-4AED-BE9A-FFA62069CA19}_is1) (Version: 1.0.0 - reFX) reFX Nexus 1.0.9 (HKLM-x32\...\reFX Nexus 1.0.9_is1) (Version: - ) Robocraft (HKLM-x32\...\Steam App 301520) (Version: - Freejam) ROCCAT Isku FX Keyboard Driver (HKLM-x32\...\{DC69933C-E7B0-455D-8E54-FAC1EEF046FF}) (Version: - Roccat GmbH) Roccat Talk (HKLM-x32\...\{605D671E-1D1E-4840-84D9-BFACE17F160D}) (Version: 1.00.0002 - Roccat GmbH) Rust (HKLM-x32\...\Steam App 252490) (Version: - Facepunch Studios) Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft) Smite (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF017}) (Version: 2.1.2598.3 - Hi-Rez Studios) Smokin' Guns version 1.1 (HKLM-x32\...\{C0F2B168-5C5C-4B55-B76E-035813CC559E}_is1) (Version: 1.1 - Smokin' Guns Productions) Songr (HKU\S-1-5-21-3323010747-2788445057-3376602549-1000\...\Songr) (Version: 2.0.2343 - Xamasoft) Sonic Charge µTonic VSTi v2.0.1 (HKLM-x32\...\Sonic Charge µTonic VSTi v2.0.1) (Version: - ) Sony Ericsson Update Engine (HKLM-x32\...\Update Engine) (Version: 2.13.6.201305161305 - Sony Ericsson Communications AB) Sony PC Companion 2.10.155 (HKLM-x32\...\{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}) (Version: 2.10.155 - Sony) SopCast 3.5.0 (HKLM-x32\...\SopCast) (Version: 3.5.0 - www.sopcast.com) Sophos Anti-Virus (HKLM-x32\...\{D929B3B5-56C6-46CC-B3A3-A1A784CBB8E4}) (Version: 10.3.13 - Sophos Limited) Sophos AutoUpdate (HKLM-x32\...\{7CD26A0C-9B59-4E84-B5EE-B386B2F7AA16}) (Version: 4.1.0.273 - Sophos Limited) Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.) Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation) TeamSpeak 3 Client (HKLM-x32\...\TeamSpeak 3 Client) (Version: 3.0.9.2 - TeamSpeak Systems GmbH) TERA (HKLM-x32\...\{A2F166A0-F031-4E27-A057-C69733219434}_is1) (Version: 7 - Gameforge Productions GmbH) Titan Quest (HKLM-x32\...\{412B69AF-C352-4F6F-A318-B92B3CB9ACC6}) (Version: 1.00.0000 - Iron Lore) Titan Quest Immortal Throne (HKLM-x32\...\{B5C5C17E-FEF6-4062-8151-A427AE8AF9D7}) (Version: 1.00.0000 - Iron Lore) TmNationsForever (HKLM-x32\...\TmNationsForever_is1) (Version: - Nadeo) Toxic Biohazard (HKLM-x32\...\Toxic Biohazard) (Version: - Image-Line bvba) Tunngle (HKLM-x32\...\Tunngle_is1) (Version: Tunngle - Tunngle.net GmbH) VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden Ventrilo Client for Windows x64 (HKLM\...\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}) (Version: 3.0.8.0 - Flagship Industries, Inc.) Virtual DJ - Atomix Productions (HKLM-x32\...\Virtual DJ - Atomix Productions) (Version: - ) Virtual DJ Pro Full - Atomix Productions (HKLM-x32\...\Virtual DJ Pro Full - Atomix Productions) (Version: - ) VLC media player 1.1.11 (HKLM-x32\...\VLC media player) (Version: 1.1.11 - VideoLAN) VueScan (HKLM\...\VueScan) (Version: - ) Waves Diamond Bundle v5.2 (HKLM-x32\...\Waves Diamond Bundle v5.2) (Version: - ) WEB.DE MailCheck für Mozilla Firefox (HKLM-x32\...\1&1 Mail & Media GmbH Toolbar FF) (Version: 3.0.2.1739 - 1&1 Mail & Media GmbH) WIDCOMM Bluetooth Software (HKLM\...\{A1439D4F-FD46-47F2-A1D3-FEE097C29A09}) (Version: 6.5.1.2700 - Broadcom Corporation) Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation) Windows-Treiberpaket - Advanced Micro Devices, Inc System (03/16/2011 5.12.0.0015) (HKLM\...\A3A37EC031F134EDD1E9DB40819B1EAD0DB7C844) (Version: 03/16/2011 5.12.0.0015 - Advanced Micro Devices, Inc) Windows-Treiberpaket - Advanced Micro Devices, Inc. (amdkmdap) Display (04/27/2013 13.100.0.0000) (HKLM\...\F8F0B13FDB7725B9538C9C18B3562F3F189A87D0) (Version: 04/27/2013 13.100.0.0000 - Advanced Micro Devices, Inc.) Windows-Treiberpaket - VIA Technologies, Inc. (VIAHdAudAddService) MEDIA (05/10/2013 6.0.10.1900) (HKLM\...\185DAE5F7B07C55192F4D2FBD9690DDE3C0A181E) (Version: 05/10/2013 6.0.10.1900 - VIA Technologies, Inc.) Windows-Treiberpaket - VIA Technologies, Inc. (VIAHdAudAddService) MEDIA (05/10/2013 6.0.10.1900) (HKLM\...\594FF2EA687138898144DD89BA5BAE020851C470) (Version: 05/10/2013 6.0.10.1900 - VIA Technologies, Inc.) WinRAR 4.01 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 4.01.0 - win.rar GmbH) You Don't Know Jack 4 1.00 (HKLM-x32\...\You Don't Know Jack 4) (Version: 1.00 - Take 2 Interactive) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-3323010747-2788445057-3376602549-1000_Classes\CLSID\{55839D91-467F-4be1-9DC1-8ADBBCC794F6}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-3323010747-2788445057-3376602549-1000_Classes\CLSID\{97D17A04-4438-4C8E-BAC7-BC21B8B9E999}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-3323010747-2788445057-3376602549-1000_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Nutzer\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-3323010747-2788445057-3376602549-1000_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Nutzer\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-3323010747-2788445057-3376602549-1000_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\Nutzer\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-3323010747-2788445057-3376602549-1000_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Nutzer\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-3323010747-2788445057-3376602549-1000_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Nutzer\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\FileSyncApi64.dll (Microsoft Corporation) ==================== Restore Points ========================= 29-05-2015 12:02:58 Malwarebytes Anti-Rootkit Restore Point 30-05-2015 13:18:52 Windows Update ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-14 04:34 - 2015-05-30 13:56 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 localhost ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {07E3524A-5796-47B3-AB1B-4DCCAF0B2559} - System32\Tasks\{040617CC-357D-430D-9D0F-AB21426C3A9F} => pcalua.exe -a C:\Users\Nutzer\Downloads\Saitek_Cyborg_Pad_For_XBox_SD6_64_Vista_Drivers(1).exe -d C:\Users\Nutzer\Downloads Task: {15AD936A-63E0-4409-BEC3-ED0D6D7EC89D} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2014-06-27] (Safer-Networking Ltd.) Task: {200925A9-0DBA-4434-B108-DA6A2AA155D5} - System32\Tasks\{8050F89F-78D9-4359-9D9B-77F9A4DD3FB2} => pcalua.exe -a "C:\Program Files (x86)\Common Files\Nero\Nero ProductInstaller 4\SetupX.exe" -c REMOVESERIALNUMBER="9M03-01A1-PCX7-K31A-8A94-98PT-KT2E-522A" Task: {24C54EDE-0AAF-4ABB-A73B-91209146E3BD} - System32\Tasks\{66BAA13C-637C-44ED-874C-9AF4449C00F4} => pcalua.exe -a F:\1Setup.exe -d F:\ Task: {3D51AE01-3307-400A-B1E3-A501F6242CBA} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-07-23] (Piriform Ltd) Task: {4A8C1BC7-EA41-4DFB-8F47-9FB905C1135A} - System32\Tasks\Adobe-Online-Aktualisierungsprogramm => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated) Task: {5013B958-27EC-4E54-B017-A9B7F04D420C} - System32\Tasks\{C0D28A93-F1CC-4474-ADFC-2E63CC26360F} => pcalua.exe -a "D:\GameDIR\TQIT\TQIT 1.17 UNinstaller.exe" -d D:\GameDIR\TQIT Task: {72A12628-67C1-4371-8A0D-50DB9F497D91} - System32\Tasks\{581AA96B-715F-404F-A45D-E4A880956113} => pcalua.exe -a C:\Users\Nutzer\Downloads\fantomcd1.2.1.1960_enu.exe -d "C:\Program Files (x86)\Mozilla Firefox" Task: {7DC170EE-E1E6-4272-8369-C5453ECC373F} - System32\Tasks\{8E777ECF-C4DA-4745-B114-A627C4712E75} => pcalua.exe -a C:\Users\Nutzer\Downloads\ASIO4ALL_2_10_Deutsch(2).exe -d "C:\Program Files (x86)\Mozilla Firefox" Task: {7DD84BA6-B9F7-4713-BCA2-AD98E0C79F88} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2014-06-24] (Safer-Networking Ltd.) Task: {9EF4C86C-C34E-4300-9491-96FAEAF67AF0} - System32\Tasks\{ADC77504-F806-46B5-B5B8-B179EC21A303} => pcalua.exe -a D:\GameDIR\Savage\Uninstall.exe -d D:\GameDIR\Savage Task: {A1385A0D-D6D3-4F2C-8781-973A8D40C3A8} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2014-12-17] (Oracle Corporation) Task: {A4D23114-E8ED-4BE4-AF78-D9404AE64843} - System32\Tasks\Opera scheduled Autoupdate 1379773154 => C:\Program Files (x86)\Opera\launcher.exe [2015-05-18] (Opera Software) Task: {B3A6090D-8AD8-477C-9C24-43B260AEAC89} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-05-07] (Microsoft Corporation) Task: {BDC1894E-4373-4774-9DDD-3E0EABCE2EB8} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-04-15] (Adobe Systems Incorporated) Task: {CBEE7CEE-CF2A-4A83-8FC5-CA0870AB3A8B} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => schtasks Task: {D0595654-1C6B-4701-9C58-D0835E3DB391} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2014-06-24] (Safer-Networking Ltd.) Task: {D1F693A8-FE88-47C0-8AB7-D72DAEC7914D} - System32\Tasks\{C0CD93BC-4BDB-48DF-BE69-C21BCFB68138} => pcalua.exe -a "D:\GameDIR\TQIT\TQIT 1.17a installer.exe" -d D:\GameDIR\TQIT Task: {D346DA35-8D2B-477E-9BE7-164917D2ACCC} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-07-02] (Google Inc.) Task: {E2E7F2C9-C573-4EB1-A7E7-6ADB5A3F0661} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-07-02] (Google Inc.) Task: {E7821201-C950-4B88-9F62-1EA08B6420D7} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-05-07] (Microsoft Corporation) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (Whitelisted) ============== 2013-09-05 01:17 - 2013-09-05 01:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF 2011-08-06 16:57 - 2011-05-28 22:05 - 00164864 _____ () C:\Program Files\WinRAR\rarext.dll 2014-08-17 23:41 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl 2014-08-17 23:41 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl 2014-08-17 23:41 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl 2014-08-17 23:41 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll 2014-08-17 23:41 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) AlternateDataStreams: C:\ProgramData\TEMP:07BF512B AlternateDataStreams: C:\ProgramData\TEMP:B2AA1B61 AlternateDataStreams: C:\Users\Nutzer\Anwendungsdaten:NT AlternateDataStreams: C:\Users\Nutzer\AppData\Roaming:NT ==================== Safe Mode (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SAVService => ""="service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SAVService => ""="service" ==================== EXE Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) IE trusted site: HKU\.DEFAULT\...\clonewarsadventures.com -> clonewarsadventures.com IE trusted site: HKU\.DEFAULT\...\freerealms.com -> freerealms.com IE trusted site: HKU\.DEFAULT\...\soe.com -> soe.com IE trusted site: HKU\.DEFAULT\...\sony.com -> sony.com ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-3323010747-2788445057-3376602549-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Nutzer\AppData\Roaming\Mozilla\Firefox\Desktop-Hintergrund.bmp DNS Servers: 192.168.1.1 ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk => C:\Windows\pss\Bluetooth.lnk.CommonStartup MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Roccat Talk.lnk => C:\Windows\pss\Roccat Talk.lnk.CommonStartup MSCONFIG\startupfolder: C:^Users^Nutzer^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^ctfmon.lnk => C:\Windows\pss\ctfmon.lnk.Startup MSCONFIG\startupfolder: C:^Users^Nutzer^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^yr0.09649393655489957.exe.lnk => C:\Windows\pss\yr0.09649393655489957.exe.lnk.Startup MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" MSCONFIG\startupreg: Aeria Ignite => "C:\Program Files (x86)\Aeria Games\Ignite\aeriaignite.exe" silent MSCONFIG\startupreg: Akamai NetSession Interface => "C:\Users\Nutzer\AppData\Local\Akamai\netsession_win.exe" MSCONFIG\startupreg: AlcoholAutomount => "C:\Program Files (x86)\Alcohol Soft\Alcohol 120\axcmd.exe" /automount MSCONFIG\startupreg: ApnUpdater => "C:\Program Files (x86)\Ask.com\Updater\Updater.exe" MSCONFIG\startupreg: BCSSync => "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices MSCONFIG\startupreg: CloneCDTray => "C:\Program Files (x86)\SlySoft\CloneCD\CloneCDTray.exe" /s MSCONFIG\startupreg: DivXUpdate => "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW MSCONFIG\startupreg: Facebook Update => "C:\Users\Nutzer\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver MSCONFIG\startupreg: Google Update => "C:\Users\Nutzer\AppData\Local\Google\Update\GoogleUpdate.exe" /c MSCONFIG\startupreg: IDMan => C:\Program Files (x86)\Internet Download Manager\IDMan.exe /onboot MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe" MSCONFIG\startupreg: ltfhqdrlteqqeiv => C:\ProgramData\ltfhqdrl.exe MSCONFIG\startupreg: Makro => "C:\Users\Nutzer\AppData\Local\Temp\Rar$EX59.184\Makro.exe" /D:3000 MSCONFIG\startupreg: msnmsgr => "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background MSCONFIG\startupreg: NokiaMServer => C:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup MSCONFIG\startupreg: NokiaOviSuite2 => C:\Program Files (x86)\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe -tray MSCONFIG\startupreg: olipra => rundll32.exe "C:\Users\Nutzer\AppData\Roaming\olipra.dll",CreateContext MSCONFIG\startupreg: ProfilerU => C:\Program Files\SmartTechnology\Software\ProfilerU.exe MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime MSCONFIG\startupreg: RMActivate_ssp => C:\Users\Nutzer\AppData\Local\Microsoft\Windows\1997\RMActivate_ssp.exe MSCONFIG\startupreg: RoccatIskuFX => "C:\Program Files (x86)\ROCCAT\Isku FX Keyboard\IskuFXMonitor.exe" MSCONFIG\startupreg: S60 PC Suite Tray => "C:\Program Files (x86)\Samsung\Samsung PC Studio 7\PCSuite.exe" -onlytray MSCONFIG\startupreg: SaiMfd => C:\Program Files\SmartTechnology\Software\SaiMfd.exe MSCONFIG\startupreg: SDTray => "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun MSCONFIG\startupreg: StartCCC => "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun MSCONFIG\startupreg: Steam => "D:\ProgDir\Steam\Steam.exe" -silent MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" MSCONFIG\startupreg: uTorrent => "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED MSCONFIG\startupreg: vasja => C:\Users\Nutzer\AppData\Local\Temp\mor.exe MSCONFIG\startupreg: WinampAgent => "C:\Program Files (x86)\Winamp\winampa.exe" MSCONFIG\startupreg: {4D075306-E134-2F4F-D6C9-84A2DE9D71EA} => C:\Users\Nutzer\AppData\Roaming\Kuocti\ywywcy.exe ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service ==================== Faulty Device Manager Devices ============= Name: Teredo Tunneling Pseudo-Interface Description: Microsoft-Teredo-Tunneling-Adapter Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: tunnel Problem: : This device cannot start. (Code10) Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device. On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard. ==================== Event log errors: ========================= Application errors: ================== Error: (05/31/2015 04:34:00 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (05/31/2015 04:21:25 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (05/31/2015 03:19:09 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (05/30/2015 01:46:41 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: compatibilitycheck.exe, Version: 0.0.0.0, Zeitstempel: 0x55359d95 Name des fehlerhaften Moduls: compatibilitycheck.exe, Version: 0.0.0.0, Zeitstempel: 0x55359d95 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0006d2bc ID des fehlerhaften Prozesses: 0x1dd4 Startzeit der fehlerhaften Anwendung: 0xcompatibilitycheck.exe0 Pfad der fehlerhaften Anwendung: compatibilitycheck.exe1 Pfad des fehlerhaften Moduls: compatibilitycheck.exe2 Berichtskennung: compatibilitycheck.exe3 Error: (05/30/2015 00:19:51 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (05/29/2015 04:22:17 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: compatibilitycheck.exe, Version: 0.0.0.0, Zeitstempel: 0x55359d95 Name des fehlerhaften Moduls: compatibilitycheck.exe, Version: 0.0.0.0, Zeitstempel: 0x55359d95 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0006d2bc ID des fehlerhaften Prozesses: 0x1354 Startzeit der fehlerhaften Anwendung: 0xcompatibilitycheck.exe0 Pfad der fehlerhaften Anwendung: compatibilitycheck.exe1 Pfad des fehlerhaften Moduls: compatibilitycheck.exe2 Berichtskennung: compatibilitycheck.exe3 Error: (05/29/2015 04:17:15 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: compatibilitycheck.exe, Version: 0.0.0.0, Zeitstempel: 0x55359d95 Name des fehlerhaften Moduls: compatibilitycheck.exe, Version: 0.0.0.0, Zeitstempel: 0x55359d95 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0006d2bc ID des fehlerhaften Prozesses: 0x152c Startzeit der fehlerhaften Anwendung: 0xcompatibilitycheck.exe0 Pfad der fehlerhaften Anwendung: compatibilitycheck.exe1 Pfad des fehlerhaften Moduls: compatibilitycheck.exe2 Berichtskennung: compatibilitycheck.exe3 Error: (05/29/2015 04:12:13 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: compatibilitycheck.exe, Version: 0.0.0.0, Zeitstempel: 0x55359d95 Name des fehlerhaften Moduls: compatibilitycheck.exe, Version: 0.0.0.0, Zeitstempel: 0x55359d95 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0006d2bc ID des fehlerhaften Prozesses: 0x15a4 Startzeit der fehlerhaften Anwendung: 0xcompatibilitycheck.exe0 Pfad der fehlerhaften Anwendung: compatibilitycheck.exe1 Pfad des fehlerhaften Moduls: compatibilitycheck.exe2 Berichtskennung: compatibilitycheck.exe3 Error: (05/29/2015 04:07:11 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: compatibilitycheck.exe, Version: 0.0.0.0, Zeitstempel: 0x55359d95 Name des fehlerhaften Moduls: compatibilitycheck.exe, Version: 0.0.0.0, Zeitstempel: 0x55359d95 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0006d2bc ID des fehlerhaften Prozesses: 0x1734 Startzeit der fehlerhaften Anwendung: 0xcompatibilitycheck.exe0 Pfad der fehlerhaften Anwendung: compatibilitycheck.exe1 Pfad des fehlerhaften Moduls: compatibilitycheck.exe2 Berichtskennung: compatibilitycheck.exe3 Error: (05/29/2015 04:02:08 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: compatibilitycheck.exe, Version: 0.0.0.0, Zeitstempel: 0x55359d95 Name des fehlerhaften Moduls: compatibilitycheck.exe, Version: 0.0.0.0, Zeitstempel: 0x55359d95 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0006d2bc ID des fehlerhaften Prozesses: 0x15d8 Startzeit der fehlerhaften Anwendung: 0xcompatibilitycheck.exe0 Pfad der fehlerhaften Anwendung: compatibilitycheck.exe1 Pfad des fehlerhaften Moduls: compatibilitycheck.exe2 Berichtskennung: compatibilitycheck.exe3 System errors: ============= Error: (05/31/2015 04:37:43 PM) (Source: WMPNetworkSvc) (EventID: 14338) (User: ) Description: 0x80070422 Error: (05/31/2015 04:37:43 PM) (Source: WMPNetworkSvc) (EventID: 14338) (User: ) Description: 0x80070422 Error: (05/31/2015 04:37:43 PM) (Source: WMPNetworkSvc) (EventID: 14338) (User: ) Description: 0x80070422 Error: (05/31/2015 04:37:43 PM) (Source: WMPNetworkSvc) (EventID: 14338) (User: ) Description: 0x80070422 Error: (05/31/2015 04:37:13 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: Der Dienst "Software Protection" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 120000 Millisekunden durchgeführt: Neustart des Diensts. Error: (05/31/2015 04:37:13 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: Der Dienst "Windows Media Player-Netzwerkfreigabedienst" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts. Error: (05/31/2015 04:37:13 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: Der Dienst "Spybot-S&D 2 Security Center Service" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt: Neustart des Diensts. Error: (05/31/2015 04:37:13 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: Dienst "VIA Karaoke digital mixer Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. Error: (05/31/2015 04:37:13 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: Dienst "Compatibility Check" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. Error: (05/31/2015 04:37:12 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: Der Dienst "Sophos Web Intelligence Service" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts. Microsoft Office: ========================= Error: (05/31/2015 04:34:00 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (05/31/2015 04:21:25 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (05/31/2015 03:19:09 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (05/30/2015 01:46:41 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: compatibilitycheck.exe0.0.0.055359d95compatibilitycheck.exe0.0.0.055359d95c00000050006d2bc1dd401d09ace444168f9C:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exeC:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe893e2364-06c1-11e5-9669-0017ad12cbe8 Error: (05/30/2015 00:19:51 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (05/29/2015 04:22:17 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: compatibilitycheck.exe0.0.0.055359d95compatibilitycheck.exe0.0.0.055359d95c00000050006d2bc135401d09a1ad6dfd365C:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exeC:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe1bc6800f-060e-11e5-a535-0017ad12cbe8 Error: (05/29/2015 04:17:15 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: compatibilitycheck.exe0.0.0.055359d95compatibilitycheck.exe0.0.0.055359d95c00000050006d2bc152c01d09a1a22b22ce4C:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exeC:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe6798d98e-060d-11e5-a535-0017ad12cbe8 Error: (05/29/2015 04:12:13 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: compatibilitycheck.exe0.0.0.055359d95compatibilitycheck.exe0.0.0.055359d95c00000050006d2bc15a401d09a196e835536C:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exeC:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exeb36c643a-060c-11e5-a535-0017ad12cbe8 Error: (05/29/2015 04:07:11 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: compatibilitycheck.exe0.0.0.055359d95compatibilitycheck.exe0.0.0.055359d95c00000050006d2bc173401d09a18ba55888fC:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exeC:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exeff39d2df-060b-11e5-a535-0017ad12cbe8 Error: (05/29/2015 04:02:08 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: compatibilitycheck.exe0.0.0.055359d95compatibilitycheck.exe0.0.0.055359d95c00000050006d2bc15d801d09a1806257fb4C:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exeC:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe4b0c2c5e-060b-11e5-a535-0017ad12cbe8 CodeIntegrity Errors: =================================== Date: 2015-05-30 13:54:23.459 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2015-05-30 13:54:23.428 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2013-11-27 17:18:33.909 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Users\Nutzer\AppData\Local\Temp\EverestDriver.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2013-11-27 17:18:33.779 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Users\Nutzer\AppData\Local\Temp\EverestDriver.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2013-11-27 17:18:31.394 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Lavalys\EVEREST Home Edition\kerneld.amd64" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2013-11-27 17:18:31.259 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Lavalys\EVEREST Home Edition\kerneld.amd64" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. ==================== Memory info =========================== Processor: AMD Phenom(tm) II X6 1055T Processor Percentage of memory in use: 42% Total physical RAM: 4095.24 MB Available physical RAM: 2352.46 MB Total Pagefile: 8188.67 MB Available Pagefile: 6227.59 MB Total Virtual: 8192 MB Available Virtual: 8191.83 MB ==================== Drives ================================ Drive c: (Windows) (Fixed) (Total:97.56 GB) (Free:34.86 GB) NTFS Drive d: (Daten) (Fixed) (Total:833.86 GB) (Free:417.44 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 7BC0D4B0) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=97.6 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=833.9 GB) - (Type=07 NTFS) ==================== End of log ============================ Geändert von SepZis (31.05.2015 um 15:43 Uhr) |
01.06.2015, 09:22 | #10 |
/// the machine /// TB-Ausbilder | Compatiybilitycheck.exeESET Online Scanner
Downloade Dir bitte SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
01.06.2015, 22:46 | #11 |
| Compatiybilitycheck.exe Jo die Compatibilitycheck ist leider immer noch da, steht auch so im ESET Log ESET Log Code:
ATTFilter C:\AdwCleaner\Quarantine\C\Program Files\003\nuttkoqiez64.exe.vir Variante von Win64/Adware.Adpeak.C Anwendung C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\SupTab.dll.vir Win32/Thinknice.B evtl. unerwünschte Anwendung C:\AdwCleaner\Quarantine\C\Program Files (x86)\Torntv V9.0\b78a7d68-d9c3-4ffd-983b-fc8848234a16-11.exe.vir Variante von Win32/Toolbar.CrossRider.AK evtl. unerwünschte Anwendung C:\AdwCleaner\Quarantine\C\Program Files (x86)\Torntv V9.0\b78a7d68-d9c3-4ffd-983b-fc8848234a16-2.exe.vir Variante von Win32/Toolbar.CrossRider.AJ evtl. unerwünschte Anwendung C:\AdwCleaner\Quarantine\C\Program Files (x86)\Torntv V9.0\b78a7d68-d9c3-4ffd-983b-fc8848234a16-4.exe.vir Variante von Win32/Toolbar.CrossRider.AK evtl. unerwünschte Anwendung C:\AdwCleaner\Quarantine\C\Program Files (x86)\Torntv V9.0\Torntv V9.0-bg.exe.vir Variante von Win32/Toolbar.CrossRider.AL evtl. unerwünschte Anwendung C:\AdwCleaner\Quarantine\C\Program Files (x86)\Torntv V9.0\Torntv V9.0-bho.dll.vir Variante von Win32/Toolbar.CrossRider.AF evtl. unerwünschte Anwendung C:\AdwCleaner\Quarantine\C\Program Files (x86)\Torntv V9.0\Torntv V9.0-buttonutil.dll.vir Variante von Win32/Toolbar.CrossRider.BD evtl. unerwünschte Anwendung C:\AdwCleaner\Quarantine\C\Program Files (x86)\Torntv V9.0\Torntv V9.0-codedownloader.exe.vir Variante von Win32/Toolbar.CrossRider.AJ evtl. unerwünschte Anwendung C:\AdwCleaner\Quarantine\C\Program Files (x86)\Torntv V9.0\Torntv V9.0-novainstaller.exe.vir Variante von Win32/Toolbar.CrossRider.AJ evtl. unerwünschte Anwendung C:\AdwCleaner\Quarantine\C\ProgramData\IePluginService\PluginService.exe.vir Variante von Win32/ELEX.AV evtl. unerwünschte Anwendung C:\AdwCleaner\Quarantine\C\ProgramData\IePluginServices\PluginService.exe.vir Variante von Win32/ELEX.AV evtl. unerwünschte Anwendung C:\AdwCleaner\Quarantine\C\ProgramData\WPM\wprotectmanager.exe.vir Variante von Win32/ELEX.AE evtl. unerwünschte Anwendung C:\AdwCleaner\Quarantine\C\Users\Helena\AppData\Roaming\Mozilla\Firefox\Profiles\gt17l0qh.default\Extensions\5a6bf058-b978-4b84-a2ec-6f5462cfccb2@10120365-d3c0-4ec9-8624-5fac2592d0df.com\extensionData\plugins\21.js.vir JS/Toolbar.Crossrider.F evtl. unerwünschte Anwendung C:\AdwCleaner\Quarantine\C\Users\Helena\AppData\Roaming\Mozilla\Firefox\Profiles\gt17l0qh.default\Extensions\5a6bf058-b978-4b84-a2ec-6f5462cfccb2@10120365-d3c0-4ec9-8624-5fac2592d0df.com\extensionData\plugins\28.js.vir JS/Toolbar.Crossrider.F evtl. unerwünschte Anwendung C:\AdwCleaner\Quarantine\C\Users\Helena\AppData\Roaming\Mozilla\Firefox\Profiles\gt17l0qh.default\Extensions\5a6bf058-b978-4b84-a2ec-6f5462cfccb2@10120365-d3c0-4ec9-8624-5fac2592d0df.com\extensionData\plugins\91.js.vir JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung C:\AdwCleaner\Quarantine\C\Users\Nutzer\AppData\Local\Google\Chrome\User Data\Default\Extensions\jciibccebcogmkmcbehleciidbhbbgie\1.0_0\manifest.json.vir JS/Adware.Adpeak.C Anwendung C:\AdwCleaner\Quarantine\C\Users\Nutzer\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe.vir Variante von Win32/AdSuproot Trojaner C:\AdwCleaner\Quarantine\C\Users\Nutzer\AppData\Roaming\Compatibility Verifier\compatibilitychecksvc.exe.vir Variante von Win32/AdSuproot.C Trojaner C:\AdwCleaner\Quarantine\C\Users\Nutzer\AppData\Roaming\Compatibility Verifier\d3dcompiler_46.dll.vir Variante von Win32/AdSuproot Trojaner C:\AdwCleaner\Quarantine\C\Users\Nutzer\AppData\Roaming\Compatibility Verifier\ffmpegsumo.dll.vir Variante von Win32/AdSuproot Trojaner C:\AdwCleaner\Quarantine\C\Users\Nutzer\AppData\Roaming\Compatibility Verifier\libEGL.dll.vir Variante von Win32/AdSuproot Trojaner C:\AdwCleaner\Quarantine\C\Users\Nutzer\AppData\Roaming\Compatibility Verifier\libGLESv2.dll.vir Variante von Win32/AdSuproot Trojaner C:\AdwCleaner\Quarantine\C\Users\Nutzer\AppData\Roaming\Compatibility Verifier\NPSWF32_15_0_0_189.dll.vir Variante von Win32/AdSuproot Trojaner C:\AdwCleaner\Quarantine\C\Users\Nutzer\AppData\Roaming\Opera Software\Opera Stable\Extensions\lmnbobhffedhdhfpcjkjphcfpeeiocdn\1.26.84_0\extensionData\plugins\1.js.vir JS/Toolbar.Crossrider.F evtl. unerwünschte Anwendung C:\AdwCleaner\Quarantine\C\Users\Nutzer\AppData\Roaming\Opera Software\Opera Stable\Extensions\lmnbobhffedhdhfpcjkjphcfpeeiocdn\1.26.84_0\extensionData\plugins\21.js.vir JS/Toolbar.Crossrider.F evtl. unerwünschte Anwendung C:\AdwCleaner\Quarantine\C\Users\Nutzer\AppData\Roaming\Opera Software\Opera Stable\Extensions\lmnbobhffedhdhfpcjkjphcfpeeiocdn\1.26.84_0\extensionData\plugins\28.js.vir JS/Toolbar.Crossrider.F evtl. unerwünschte Anwendung C:\AdwCleaner\Quarantine\C\Users\Nutzer\AppData\Roaming\Opera Software\Opera Stable\Extensions\lmnbobhffedhdhfpcjkjphcfpeeiocdn\1.26.84_0\extensionData\plugins\91.js.vir JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung C:\AdwCleaner\Quarantine\C\Users\Nutzer\AppData\Roaming\Opera Software\Opera Stable\Extensions\lmnbobhffedhdhfpcjkjphcfpeeiocdn\1.26.84_0\js\lib\crossriderAPI.js.vir JS/Toolbar.Crossrider.F evtl. unerwünschte Anwendung C:\AdwCleaner\Quarantine\C\Users\Nutzer\AppData\Roaming\qone8\UninstallManager.exe.vir Variante von Win32/ELEX.CP evtl. unerwünschte Anwendung C:\AdwCleaner\Quarantine\C\Users\Nutzer\AppData\Roaming\SupTab\SupTab.dll.vir Win32/Thinknice.A evtl. unerwünschte Anwendung C:\AdwCleaner\Quarantine\C\Windows\System32\roboot64.exe.vir Variante von Win64/Systweak.A evtl. unerwünschte Anwendung C:\AdwCleaner\Quarantine\C\Windows\System32\drivers\netfilter64.sys.vir Variante von Win64/Riskware.NetFilter.F Anwendung C:\Program Files\7B2309EA-E015-4F90-83B6-EB71CABA5A4E\sgnahzzzax.dll Variante von Win32/AdWare.CouponAmazing.B Anwendung C:\Program Files\7B2309EA-E015-4F90-83B6-EB71CABA5A4E\xkymsyyrfh.dll Variante von Win32/AdWare.CouponAmazing.B Anwendung C:\Program Files (x86)\7B2309EA-E015-4F90-83B6-EB71CABA5A4E\eugubobiys64.exe Variante von Win64/Adware.Adpeak.F Anwendung C:\Program Files (x86)\7B2309EA-E015-4F90-83B6-EB71CABA5A4E\hmhfslexky64.exe Variante von Win64/Adware.Adpeak.F Anwendung C:\Program Files (x86)\7B2309EA-E015-4F90-83B6-EB71CABA5A4E\SupraSavingsService64.exe Variante von Win64/Adware.Adpeak.F Anwendung C:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe Variante von Win32/AdSuproot Trojaner C:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitychecksvc.exe Variante von Win32/AdSuproot.C Trojaner C:\Users\Default\AppData\Roaming\Compatibility Verifier\d3dcompiler_46.dll Variante von Win32/AdSuproot Trojaner C:\Users\Default\AppData\Roaming\Compatibility Verifier\ffmpegsumo.dll Variante von Win32/AdSuproot Trojaner C:\Users\Default\AppData\Roaming\Compatibility Verifier\libEGL.dll Variante von Win32/AdSuproot Trojaner C:\Users\Default\AppData\Roaming\Compatibility Verifier\libGLESv2.dll Variante von Win32/AdSuproot Trojaner C:\Users\Default\AppData\Roaming\Compatibility Verifier\NPSWF32_15_0_0_189.dll Variante von Win32/AdSuproot Trojaner C:\Users\Helena\AppData\Local\Mozilla\Firefox\Profiles\gt17l0qh.default\cache2\entries\D93FD00B0D2732C1554AA0E9602FA06F2599C19C JS/Toolbar.Crossrider.F evtl. unerwünschte Anwendung C:\Users\Helena\AppData\Roaming\Mozilla\Firefox\Profiles\gt17l0qh.default\extensions\5a6bf058-b978-4b84-a2ec-6f5462cfccb2@10120365-d3c0-4ec9-8624-5fac2592d0df.com\extensionData\plugins\21.js JS/Toolbar.Crossrider.F evtl. unerwünschte Anwendung C:\Users\Helena\AppData\Roaming\Mozilla\Firefox\Profiles\gt17l0qh.default\extensions\5a6bf058-b978-4b84-a2ec-6f5462cfccb2@10120365-d3c0-4ec9-8624-5fac2592d0df.com\extensionData\plugins\28.js JS/Toolbar.Crossrider.F evtl. unerwünschte Anwendung C:\Users\Helena\AppData\Roaming\Mozilla\Firefox\Profiles\gt17l0qh.default\extensions\5a6bf058-b978-4b84-a2ec-6f5462cfccb2@10120365-d3c0-4ec9-8624-5fac2592d0df.com\extensionData\plugins\91.js JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung C:\Users\Nutzer\AppData\Local\Google\Chrome\User Data\Default\Preferences.bak JS/Adware.Adpeak.C Anwendung C:\Users\Nutzer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R2F3X6H0\setup[1].exe Win32/Somoto.G evtl. unerwünschte Anwendung C:\Users\Nutzer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZSVCXLQ9\BiTool[1].dll Variante von Win32/Somoto.K evtl. unerwünschte Anwendung C:\Users\Nutzer\AppData\Roaming\Auslogics\Rescue\Boost Speed\150527180544590.rsc Mehrere Bedrohungen C:\Users\Nutzer\AppData\Roaming\Opera Software\Opera Stable\File System\000\t\00\00000000 Win32/AdWare.1ClickDownload.AT Anwendung C:\Users\Nutzer\AppData\Roaming\Opera Software\Opera Stable\File System\001\t\00\00000000 Win32/AdWare.1ClickDownload.AT Anwendung D:\GameDIR\UFO\Dosbox.exe möglicherweise unbekannter Virus NewHeur_PE Virus H:\Games\Age of Empires\Age of Empires II\Age Of Empires 2 & The Conquerors Expansion - Full Game.exe Variante von Win32/Hupigon.NWG Trojaner H:\Games\AoE2HD\Age.of.Empires.II.HD.GERMAN-0x0007\de-aoe2hd.iso Variante von Win32/Packed.VMProtect.AAH Trojaner H:\Games\Assassins Creed Brotherhood\Assassins.Creed.Brotherhood.v1.01.Update.Repack-SKIDROW\ac_brotherhood_1.01_update.exe MSIL/Arcdoor.AH Wurm H:\Games\Assassins Creed II\sr-acii.iso Variante von Win32/Packed.VMProtect.AAA Trojaner H:\Games\Die Siedler 7\rzr-set7.iso Variante von Win32/Packed.VMProtect.AAA Trojaner H:\Games\DIRT 3\sr-dirt3.iso Variante von Win32/Packed.VMProtect.AAA Trojaner H:\Games\Left 4 Dead 2\L4D2 Update 2.0.0.0-2.0.1.5 Setup.exe Win32/Packed.Autoit.E.Gen evtl. unerwünschte Anwendung H:\Games\The Witcher 2\DVD2\sr-tw2b.iso Variante von Win32/Packed.VMProtect.AAA Trojaner Code:
ATTFilter Results of screen317's Security Check version 1.002 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 11 ``````````````Antivirus/Firewall Check:`````````````` Sophos Anti-Virus WMI entry may not exist for antivirus; attempting automatic update. `````````Anti-malware/Other Utilities Check:````````` JavaFX 2.1.1 Java(TM) 6 Update 26 Java 8 Update 31 Java version 32-bit out of Date! Adobe Flash Player 17.0.0.169 Adobe Reader XI Mozilla Firefox (38.0.1) Mozilla Thunderbird (31.4.0) Google Chrome (43.0.2357.65) Google Chrome (43.0.2357.81) ````````Process Check: objlist.exe by Laurent```````` Sophos Sophos Anti-Virus SavService.exe Sophos Sophos Anti-Virus SAVAdminService.exe Sophos Sophos Anti-Virus Web Control swc_service.exe Sophos Sophos Anti-Virus Web Intelligence swi_service.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: ````````````````````End of Log`````````````````````` Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 27-05-2015 01 Ran by Nutzer (administrator) on LUCYNDE on 01-06-2015 23:45:49 Running from C:\Users\Nutzer\Desktop Loaded Profiles: Nutzer (Available Profiles: Nutzer & Helena) Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AMD) C:\Windows\System32\atiesrxx.exe (Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe (AMD) C:\Windows\System32\atieclxx.exe (Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe () C:\Windows\SysWOW64\PnkBstrA.exe (Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe (Sophos Limited) C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe (Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe (Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe () C:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitychecksvc.exe (VIA Technologies, Inc.) C:\Windows\System32\ViakaraokeSrv.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe (Sophos Limited) C:\Program Files (x86)\Sophos\AutoUpdate\ALMon.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Hi-Rez Studios) D:\GameDIR\SMITE\HiPatchService.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Microsoft Corporation) C:\Windows\System32\PrintIsolationHost.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642808 2012-12-19] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [Sophos AutoUpdate Monitor] => C:\Program Files (x86)\Sophos\AutoUpdate\almon.exe [1593640 2015-05-07] (Sophos Limited) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated) HKU\S-1-5-21-3323010747-2788445057-3376602549-1000\...\Policies\system: [EnableLUA] 1 HKU\S-1-5-21-3323010747-2788445057-3376602549-1000\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1 HKU\S-1-5-21-3323010747-2788445057-3376602549-1000\...\Policies\Explorer: [1 compatibilitycheck.exe] HKU\S-1-5-21-3323010747-2788445057-3376602549-1000\...\Policies\Explorer: [2 db88.exe] HKU\S-1-5-21-3323010747-2788445057-3376602549-1000\...\Policies\Explorer: [3 UCV.exe] HKU\S-1-5-21-3323010747-2788445057-3376602549-1000\...\Policies\Explorer: [4 UCV.tmp] HKU\S-1-5-21-3323010747-2788445057-3376602549-1000\...\Policies\Explorer: [5 vcredist_x86.exe] Lsa: [Notification Packages] scecli C:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll BootExecute: autocheck autochk * sdnclean64.exe ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKU\S-1-5-21-3323010747-2788445057-3376602549-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome HKU\S-1-5-21-3323010747-2788445057-3376602549-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\S-1-5-21-3323010747-2788445057-3376602549-1000\Software\Microsoft\Internet Explorer\Main,Start Page = SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll [2012-02-13] (Advanced Micro Devices) BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation) BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation) BHO-x32: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll [2012-02-13] (Advanced Micro Devices) BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-01-26] (Oracle Corporation) BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-26] (Oracle Corporation) Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-07] (Advanced Micro Devices) Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll [2011-06-07] (Advanced Micro Devices) Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-07] (Advanced Micro Devices) Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll [2011-06-07] (Advanced Micro Devices) Winsock: Catalog9 01 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [126760 2012-10-04] (Sophos Limited) Winsock: Catalog9 02 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [126760 2012-10-04] (Sophos Limited) Winsock: Catalog9 03 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [126760 2012-10-04] (Sophos Limited) Winsock: Catalog9 04 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [126760 2012-10-04] (Sophos Limited) Winsock: Catalog9 05 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [126760 2012-10-04] (Sophos Limited) Winsock: Catalog9 06 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [126760 2012-10-04] (Sophos Limited) Winsock: Catalog9 07 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [126760 2012-10-04] (Sophos Limited) Winsock: Catalog9 08 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [126760 2012-10-04] (Sophos Limited) Winsock: Catalog9 22 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [126760 2012-10-04] (Sophos Limited) Winsock: Catalog9-x64 01 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [173864 2012-10-04] (Sophos Limited) Winsock: Catalog9-x64 02 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [173864 2012-10-04] (Sophos Limited) Winsock: Catalog9-x64 03 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [173864 2012-10-04] (Sophos Limited) Winsock: Catalog9-x64 04 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [173864 2012-10-04] (Sophos Limited) Winsock: Catalog9-x64 05 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [173864 2012-10-04] (Sophos Limited) Winsock: Catalog9-x64 06 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [173864 2012-10-04] (Sophos Limited) Winsock: Catalog9-x64 07 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [173864 2012-10-04] (Sophos Limited) Winsock: Catalog9-x64 08 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [173864 2012-10-04] (Sophos Limited) Winsock: Catalog9-x64 22 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [173864 2012-10-04] (Sophos Limited) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 FireFox: ======== FF ProfilePath: C:\Users\Nutzer\AppData\Roaming\Mozilla\Firefox\Profiles\aipr1e7v.default-1347110546619 FF Homepage: hxxp://www.google.de FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-04-15] () FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll No File FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-15] () FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2014-11-18] (Foxit Corporation) FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-01-26] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-26] (Oracle Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation) FF Plugin-x32: @nexon.net/NxGame -> C:\ProgramData\NexonUS\NGM\npNxGameUS.dll No File FF Plugin-x32: @ngm.nexoneu.com/NxGame -> C:\ProgramData\NexonEU\NGM\npNxGameEU.dll [2014-02-06] (Nexon) FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [2013-03-26] (Pando Networks) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-18] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-18] (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=1.1.11 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2011-07-14] (the VideoLAN Team) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-05-01] (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-3323010747-2788445057-3376602549-1000: pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [2013-03-26] (Pando Networks) FF Plugin HKU\S-1-5-21-3323010747-2788445057-3376602549-1000: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll No File FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-05-01] (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2011-09-17] (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2011-09-17] (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2011-09-17] (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2011-09-17] (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2011-09-17] (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll [2011-09-17] (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll [2011-09-17] (Apple Inc.) FF Extension: Ghostery - C:\Users\Nutzer\AppData\Roaming\Mozilla\Firefox\Profiles\aipr1e7v.default-1347110546619\Extensions\firefox@ghostery.com.xpi [2015-01-23] FF Extension: Video DownloadHelper - C:\Users\Nutzer\AppData\Roaming\Mozilla\Firefox\Profiles\aipr1e7v.default-1347110546619\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2015-03-14] FF Extension: {c2255ecc-6835-4084-8f2b-08ccd0ac4e73} - C:\Users\Nutzer\AppData\Roaming\Mozilla\Firefox\Profiles\aipr1e7v.default-1347110546619\Extensions\{c2255ecc-6835-4084-8f2b-08ccd0ac4e73}.xpi [2015-03-10] FF Extension: skype converter - C:\Users\Nutzer\AppData\Roaming\Mozilla\Firefox\Profiles\aipr1e7v.default-1347110546619\Extensions\{cc6cc534-0a92-464a-91be-f27f39fe75fa}.xpi [2015-04-29] FF Extension: Adblock Plus - C:\Users\Nutzer\AppData\Roaming\Mozilla\Firefox\Profiles\aipr1e7v.default-1347110546619\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-01-17] Chrome: ======= CHR StartupUrls: Default -> "hxxp://www.google.com/" CHR Profile: C:\Users\Nutzer\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Drive) - C:\Users\Nutzer\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-07-05] CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Nutzer\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-24] CHR Extension: (YouTube) - C:\Users\Nutzer\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-07-05] CHR Extension: (Google Search) - C:\Users\Nutzer\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-07-05] CHR Extension: (Google Wallet) - C:\Users\Nutzer\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-07-08] CHR Extension: (Gmail) - C:\Users\Nutzer\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-07-05] CHR HKLM-x32\...\Chrome\Extension: [ocbnpbkmjpgbdcgiflkgkpnkinifpgpj] - C:\Users\Nutzer\ChromeExtensions\ocbnpbkmjpgbdcgiflkgkpnkinifpgpj\amazon-icon-2.crx [2015-03-10] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-12-19] (Advanced Micro Devices, Inc.) [File not signed] R2 DiagTrack; C:\Windows\system32\diagtrack.dll [1254400 2015-04-27] (Microsoft Corporation) S3 EasyAntiCheat; C:\Windows\SysWOW64\EasyAntiCheat.exe [237864 2015-03-20] (EasyAntiCheat Ltd) R2 HiPatchService; D:\GameDIR\SMITE\HiPatchService.exe [9216 2015-03-12] (Hi-Rez Studios) [File not signed] S2 KMService; C:\Windows\SysWOW64\srvany.exe [8192 2003-04-18] () [File not signed] S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation) S3 OpenVPNService; C:\Program Files (x86)\OpenVPN\bin\openvpnserv.exe [36352 2010-11-08] () [File not signed] R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [75136 2013-12-29] () R2 SAVAdminService; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe [288552 2015-05-07] (Sophos Limited) R2 SAVService; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe [208168 2015-05-07] (Sophos Limited) R2 Sophos AutoUpdate Service; C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe [340776 2015-05-07] (Sophos Limited) R2 Sophos Web Control Service; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe [341800 2015-05-07] (Sophos Limited) R2 swi_service; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe [3278632 2015-05-07] (Sophos Limited) S2 swi_update_64; C:\ProgramData\Sophos\Web Intelligence\swi_update_64.exe [2081064 2015-05-07] (Sophos Limited) S3 TunngleService; C:\Program Files (x86)\Tunngle\TnglCtrl.exe [762320 2015-01-17] (Tunngle.net GmbH) R2 Verifies software is compatible; C:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitychecksvc.exe [99496 2015-04-20] () [File not signed] R2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27768 2012-12-12] (VIA Technologies, Inc.) R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) U5 AppMgmt; C:\Windows\system32\svchost.exe [27648 2011-03-31] (Microsoft Corporation) R3 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-10-31] (Disc Soft Ltd) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation) S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-04-14] (Malwarebytes Corporation) R3 SaiK0CD5; C:\Windows\System32\DRIVERS\SaiK0CD5.sys [183104 2011-09-20] (Saitek) R3 SaiMini; C:\Windows\System32\DRIVERS\SaiMini.sys [24680 2012-06-26] (Saitek) R3 SaiNtBus; C:\Windows\System32\drivers\SaiBus.sys [52200 2012-06-26] (Saitek) R3 SaiU0CD5; C:\Windows\System32\DRIVERS\SaiU0CD5.sys [47168 2011-09-20] (Saitek) R1 SAVOnAccess; C:\Windows\System32\DRIVERS\savonaccess.sys [158976 2015-05-07] (Sophos Limited) S3 sdcfilter; C:\Windows\System32\DRIVERS\sdcfilter.sys [38144 2015-05-07] (Sophos Limited) S4 SophosBootDriver; C:\Windows\System32\DRIVERS\SophosBootDriver.sys [27904 2015-05-07] (Sophos Limited) S4 sptd; C:\Windows\System32\Drivers\sptd.sys [386680 2014-08-10] (Duplex Secure Ltd.) S2 tandpl; C:\Windows\SysWOW64\drivers\tandpl.sys [4736 2003-04-19] () [File not signed] R3 tap0901t; C:\Windows\System32\DRIVERS\tap0901t.sys [31232 2009-09-16] (Tunngle.net) S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [51712 2011-05-10] (Apple, Inc.) [File not signed] S3 catchme; \??\C:\ComboFix\catchme.sys [X] S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X] S3 pccsmcfd; system32\DRIVERS\pccsmcfdx64.sys [X] S3 usj; \??\D:\GameDIR\EdenEternal\avital\ussjcs64.sys [X] S3 xhunter1; \??\C:\Windows\xhunter1.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-06-01 23:43 - 2015-06-01 23:43 - 00852639 _____ () C:\Users\Nutzer\Desktop\SecurityCheck.exe 2015-06-01 23:42 - 2015-06-01 23:42 - 00009642 _____ () C:\Users\Nutzer\Desktop\ESET.txt 2015-06-01 13:09 - 2015-06-01 13:10 - 00000085 _____ () C:\Windows\wininit.ini 2015-06-01 12:23 - 2015-06-01 12:23 - 00000000 ____D () C:\Users\Nutzer\AppData\Local\GWX 2015-06-01 11:40 - 2015-06-01 11:40 - 00000000 ____D () C:\Program Files (x86)\ESET 2015-06-01 11:39 - 2015-06-01 11:39 - 02347384 _____ (ESET) C:\Users\Nutzer\Downloads\esetsmartinstaller_deu.exe 2015-05-31 16:43 - 2015-05-31 16:43 - 00050260 _____ () C:\Users\Nutzer\Desktop\Addition.txt 2015-05-31 16:42 - 2015-06-01 23:45 - 00010693 _____ () C:\Users\Nutzer\Desktop\FRST.txt 2015-05-31 16:39 - 2015-05-31 16:39 - 00001063 _____ () C:\Users\Nutzer\Desktop\JRT.txt 2015-05-31 16:36 - 2015-05-30 17:05 - 02947635 _____ (Thisisu) C:\Users\Nutzer\Desktop\JRT_NEW.exe 2015-05-31 16:11 - 2015-05-31 16:11 - 00000362 _____ () C:\Users\Nutzer\Desktop\mbam.txt 2015-05-31 15:21 - 2015-05-31 15:21 - 00001113 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2015-05-31 15:21 - 2015-05-31 15:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2015-05-31 15:21 - 2015-05-31 15:21 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2015-05-31 15:21 - 2015-04-14 09:37 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2015-05-31 15:21 - 2015-04-14 09:37 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2015-05-31 15:20 - 2015-05-31 15:20 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\Nutzer\Downloads\mbam-setup-2.1.6.1022.exe 2015-05-30 13:58 - 2015-05-30 13:58 - 00031498 _____ () C:\ComboFix.txt 2015-05-30 13:44 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe 2015-05-30 13:44 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe 2015-05-30 13:44 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe 2015-05-30 13:44 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe 2015-05-30 13:44 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe 2015-05-30 13:44 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe 2015-05-30 13:44 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe 2015-05-30 13:44 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe 2015-05-30 13:39 - 2015-05-30 13:58 - 00000000 ____D () C:\Qoobox 2015-05-30 13:34 - 2015-05-30 13:57 - 00000000 ____D () C:\Windows\erdnt 2015-05-30 13:32 - 2015-05-30 13:32 - 05628678 ____R (Swearware) C:\Users\Nutzer\Desktop\ComboFix.exe 2015-05-29 11:50 - 2015-05-29 11:50 - 04197016 _____ (Kaspersky Lab ZAO) C:\Users\Nutzer\Desktop\tdsskiller.exe 2015-05-29 11:47 - 2015-05-31 15:21 - 00000000 ____D () C:\ProgramData\Malwarebytes 2015-05-29 11:46 - 2015-05-31 16:24 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-05-29 11:46 - 2015-05-30 12:19 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable) 2015-05-29 11:45 - 2015-04-14 09:37 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2015-05-29 11:43 - 2015-05-29 12:25 - 00000000 ____D () C:\Users\Nutzer\Desktop\mbar 2015-05-29 11:41 - 2015-05-29 11:41 - 16502728 _____ (Malwarebytes Corp.) C:\Users\Nutzer\Desktop\mbar-1.09.1.1004.exe 2015-05-28 13:43 - 2015-06-01 23:45 - 00000000 ____D () C:\FRST 2015-05-28 13:35 - 2015-05-28 13:35 - 00000188 _____ () C:\Users\Nutzer\defogger_reenable 2015-05-28 13:33 - 2015-05-28 13:33 - 00050477 _____ () C:\Users\Nutzer\Desktop\Defogger.exe 2015-05-28 13:31 - 2015-05-28 13:31 - 02108928 _____ (Farbar) C:\Users\Nutzer\Desktop\FRST64.exe 2015-05-27 20:13 - 2015-05-27 20:13 - 00002104 _____ () C:\Windows\DPINST.LOG 2015-05-27 17:08 - 2015-05-27 17:08 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-LUCYNDE-Windows-7-Home-Premium-(64-bit).dat 2015-05-27 17:08 - 2015-05-27 17:08 - 00000000 ____D () C:\RegBackup 2015-05-27 17:05 - 2015-05-27 17:05 - 02946603 _____ (Thisisu) C:\Users\Nutzer\Desktop\JRT.exe 2015-05-27 16:55 - 2015-05-27 16:57 - 00000000 ____D () C:\Users\Nutzer\Desktop\Games 2015-05-27 16:45 - 2015-05-31 16:21 - 00005342 _____ () C:\Windows\PFRO.log 2015-05-27 16:28 - 2015-05-27 16:29 - 02223104 _____ () C:\Users\Nutzer\Desktop\adwcleaner_4.205.exe 2015-05-26 14:13 - 2015-06-01 13:43 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2015-05-24 13:12 - 2015-05-31 16:32 - 00000000 ____D () C:\AdwCleaner 2015-05-18 07:55 - 2015-05-18 07:55 - 00000000 ____D () C:\Windows\SysWOW64\%LOCALAPPDATA% 2015-05-17 12:01 - 2015-06-01 11:33 - 00002072 _____ () C:\Windows\setupact.log 2015-05-17 12:01 - 2015-05-17 12:01 - 00000000 _____ () C:\Windows\setuperr.log 2015-05-16 13:32 - 2015-06-01 15:19 - 00000112 _____ () C:\ProgramData\QUX80go.dat 2015-05-16 13:30 - 2015-05-16 13:30 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Adobe 2015-05-16 13:30 - 2015-05-16 13:30 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Adobe 2015-05-16 13:27 - 2015-06-01 23:45 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Compatibility Verifier 2015-05-16 13:27 - 2015-06-01 23:45 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Compatibility Verifier 2015-05-16 13:11 - 2015-05-16 13:11 - 00000000 ____D () C:\DAEMON Tools Lite 2015-05-13 16:46 - 2015-05-01 15:17 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll 2015-05-13 16:46 - 2015-05-01 15:16 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll 2015-05-13 12:24 - 2015-05-05 05:43 - 00342528 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2015-05-13 12:24 - 2015-05-05 05:27 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2015-05-13 12:24 - 2015-04-22 04:28 - 00389840 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2015-05-13 12:24 - 2015-04-22 03:48 - 00342736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2015-05-13 12:24 - 2015-04-21 19:14 - 24971776 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2015-05-13 12:24 - 2015-04-21 19:08 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2015-05-13 12:24 - 2015-04-21 19:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2015-05-13 12:24 - 2015-04-21 18:51 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2015-05-13 12:24 - 2015-04-21 18:50 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2015-05-13 12:24 - 2015-04-21 18:50 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec 2015-05-13 12:24 - 2015-04-21 18:50 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2015-05-13 12:24 - 2015-04-21 18:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2015-05-13 12:24 - 2015-04-21 18:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2015-05-13 12:24 - 2015-04-21 18:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2015-05-13 12:24 - 2015-04-21 18:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2015-05-13 12:24 - 2015-04-21 18:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2015-05-13 12:24 - 2015-04-21 18:35 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2015-05-13 12:24 - 2015-04-21 18:35 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2015-05-13 12:24 - 2015-04-21 18:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2015-05-13 12:24 - 2015-04-21 18:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2015-05-13 12:24 - 2015-04-21 18:31 - 06025728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2015-05-13 12:24 - 2015-04-21 18:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2015-05-13 12:24 - 2015-04-21 18:25 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2015-05-13 12:24 - 2015-04-21 18:24 - 19691008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2015-05-13 12:24 - 2015-04-21 18:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2015-05-13 12:24 - 2015-04-21 18:14 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2015-05-13 12:24 - 2015-04-21 18:11 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2015-05-13 12:24 - 2015-04-21 18:11 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2015-05-13 12:24 - 2015-04-21 18:10 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2015-05-13 12:24 - 2015-04-21 18:09 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec 2015-05-13 12:24 - 2015-04-21 18:09 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2015-05-13 12:24 - 2015-04-21 18:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2015-05-13 12:24 - 2015-04-21 18:08 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2015-05-13 12:24 - 2015-04-21 18:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2015-05-13 12:24 - 2015-04-21 18:04 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2015-05-13 12:24 - 2015-04-21 18:03 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2015-05-13 12:24 - 2015-04-21 18:02 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2015-05-13 12:24 - 2015-04-21 18:00 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2015-05-13 12:24 - 2015-04-21 17:58 - 00664576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2015-05-13 12:24 - 2015-04-21 17:58 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2015-05-13 12:24 - 2015-04-21 17:57 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2015-05-13 12:24 - 2015-04-21 17:49 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2015-05-13 12:24 - 2015-04-21 17:49 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2015-05-13 12:24 - 2015-04-21 17:48 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2015-05-13 12:24 - 2015-04-21 17:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2015-05-13 12:24 - 2015-04-21 17:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2015-05-13 12:24 - 2015-04-21 17:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2015-05-13 12:24 - 2015-04-21 17:40 - 14401536 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2015-05-13 12:24 - 2015-04-21 17:39 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2015-05-13 12:24 - 2015-04-21 17:38 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2015-05-13 12:24 - 2015-04-21 17:36 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2015-05-13 12:24 - 2015-04-21 17:31 - 04305920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2015-05-13 12:24 - 2015-04-21 17:27 - 02352128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2015-05-13 12:24 - 2015-04-21 17:26 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2015-05-13 12:24 - 2015-04-21 17:25 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2015-05-13 12:24 - 2015-04-21 17:24 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2015-05-13 12:24 - 2015-04-21 17:17 - 12828672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2015-05-13 12:24 - 2015-04-21 17:15 - 01547264 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2015-05-13 12:24 - 2015-04-21 17:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2015-05-13 12:24 - 2015-04-21 17:02 - 01882112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2015-05-13 12:24 - 2015-04-21 16:58 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2015-05-13 12:24 - 2015-04-21 16:56 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2015-05-13 12:23 - 2015-04-27 21:23 - 01254400 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll 2015-05-13 12:23 - 2015-04-27 21:23 - 00113664 _____ (Microsoft Corporation) C:\Windows\system32\sechost.dll 2015-05-13 12:23 - 2015-04-27 21:22 - 05550016 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2015-05-13 12:23 - 2015-04-27 21:22 - 00706496 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi 2015-05-13 12:23 - 2015-04-27 21:22 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\tracerpt.exe 2015-05-13 12:23 - 2015-04-27 21:22 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys 2015-05-13 12:23 - 2015-04-27 21:22 - 00104448 _____ (Microsoft Corporation) C:\Windows\system32\logman.exe 2015-05-13 12:23 - 2015-04-27 21:22 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys 2015-05-13 12:23 - 2015-04-27 21:22 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\typeperf.exe 2015-05-13 12:23 - 2015-04-27 21:22 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\relog.exe 2015-05-13 12:23 - 2015-04-27 21:22 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\diskperf.exe 2015-05-13 12:23 - 2015-04-27 21:20 - 01728960 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll 2015-05-13 12:23 - 2015-04-27 21:20 - 00631384 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi 2015-05-13 12:23 - 2015-04-27 21:18 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll 2015-05-13 12:23 - 2015-04-27 21:18 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll 2015-05-13 12:23 - 2015-04-27 21:18 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll 2015-05-13 12:23 - 2015-04-27 21:17 - 01464832 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2015-05-13 12:23 - 2015-04-27 21:17 - 01163776 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll 2015-05-13 12:23 - 2015-04-27 21:17 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll 2015-05-13 12:23 - 2015-04-27 21:17 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll 2015-05-13 12:23 - 2015-04-27 21:17 - 00729600 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2015-05-13 12:23 - 2015-04-27 21:17 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll 2015-05-13 12:23 - 2015-04-27 21:17 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll 2015-05-13 12:23 - 2015-04-27 21:17 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll 2015-05-13 12:23 - 2015-04-27 21:17 - 00316416 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll 2015-05-13 12:23 - 2015-04-27 21:17 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll 2015-05-13 12:23 - 2015-04-27 21:17 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe 2015-05-13 12:23 - 2015-04-27 21:17 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll 2015-05-13 12:23 - 2015-04-27 21:17 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll 2015-05-13 12:23 - 2015-04-27 21:17 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll 2015-05-13 12:23 - 2015-04-27 21:17 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe 2015-05-13 12:23 - 2015-04-27 21:17 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll 2015-05-13 12:23 - 2015-04-27 21:17 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll 2015-05-13 12:23 - 2015-04-27 21:17 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll 2015-05-13 12:23 - 2015-04-27 21:17 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll 2015-05-13 12:23 - 2015-04-27 21:17 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll 2015-05-13 12:23 - 2015-04-27 21:17 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll 2015-05-13 12:23 - 2015-04-27 21:17 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll 2015-05-13 12:23 - 2015-04-27 21:17 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll 2015-05-13 12:23 - 2015-04-27 21:17 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll 2015-05-13 12:23 - 2015-04-27 21:17 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll 2015-05-13 12:23 - 2015-04-27 21:16 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe 2015-05-13 12:23 - 2015-04-27 21:16 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe 2015-05-13 12:23 - 2015-04-27 21:16 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe 2015-05-13 12:23 - 2015-04-27 21:16 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe 2015-05-13 12:23 - 2015-04-27 21:16 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe 2015-05-13 12:23 - 2015-04-27 21:13 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll 2015-05-13 12:23 - 2015-04-27 21:12 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll 2015-05-13 12:23 - 2015-04-27 21:10 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll 2015-05-13 12:23 - 2015-04-27 21:10 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll 2015-05-13 12:23 - 2015-04-27 21:10 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll 2015-05-13 12:23 - 2015-04-27 21:10 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll 2015-05-13 12:23 - 2015-04-27 21:10 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll 2015-05-13 12:23 - 2015-04-27 21:10 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll 2015-05-13 12:23 - 2015-04-27 21:10 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll 2015-05-13 12:23 - 2015-04-27 21:10 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll 2015-05-13 12:23 - 2015-04-27 21:10 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll 2015-05-13 12:23 - 2015-04-27 21:10 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll 2015-05-13 12:23 - 2015-04-27 21:10 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll 2015-05-13 12:23 - 2015-04-27 21:10 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll 2015-05-13 12:23 - 2015-04-27 21:10 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll 2015-05-13 12:23 - 2015-04-27 21:10 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll 2015-05-13 12:23 - 2015-04-27 21:10 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll 2015-05-13 12:23 - 2015-04-27 21:10 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll 2015-05-13 12:23 - 2015-04-27 21:10 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll 2015-05-13 12:23 - 2015-04-27 21:10 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll 2015-05-13 12:23 - 2015-04-27 21:10 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll 2015-05-13 12:23 - 2015-04-27 21:10 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll 2015-05-13 12:23 - 2015-04-27 21:10 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll 2015-05-13 12:23 - 2015-04-27 21:10 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll 2015-05-13 12:23 - 2015-04-27 21:10 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll 2015-05-13 12:23 - 2015-04-27 21:10 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll 2015-05-13 12:23 - 2015-04-27 21:10 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll 2015-05-13 12:23 - 2015-04-27 21:10 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll 2015-05-13 12:23 - 2015-04-27 21:10 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll 2015-05-13 12:23 - 2015-04-27 21:10 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll 2015-05-13 12:23 - 2015-04-27 21:10 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll 2015-05-13 12:23 - 2015-04-27 21:10 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll 2015-05-13 12:23 - 2015-04-27 21:05 - 00092160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sechost.dll 2015-05-13 12:23 - 2015-04-27 21:04 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tracerpt.exe 2015-05-13 12:23 - 2015-04-27 21:04 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\logman.exe 2015-05-13 12:23 - 2015-04-27 21:04 - 00040448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\typeperf.exe 2015-05-13 12:23 - 2015-04-27 21:04 - 00037888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\relog.exe 2015-05-13 12:23 - 2015-04-27 21:03 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\diskperf.exe 2015-05-13 12:23 - 2015-04-27 21:01 - 03994560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe 2015-05-13 12:23 - 2015-04-27 21:01 - 03939264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe 2015-05-13 12:23 - 2015-04-27 20:58 - 01311256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll 2015-05-13 12:23 - 2015-04-27 20:56 - 00635392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll 2015-05-13 12:23 - 2015-04-27 20:56 - 00260096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll 2015-05-13 12:23 - 2015-04-27 20:56 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll 2015-05-13 12:23 - 2015-04-27 20:56 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll 2015-05-13 12:23 - 2015-04-27 20:56 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll 2015-05-13 12:23 - 2015-04-27 20:56 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll 2015-05-13 12:23 - 2015-04-27 20:56 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2015-05-13 12:23 - 2015-04-27 20:56 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll 2015-05-13 12:23 - 2015-04-27 20:55 - 00643072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll 2015-05-13 12:23 - 2015-04-27 20:55 - 00551424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll 2015-05-13 12:23 - 2015-04-27 20:55 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll 2015-05-13 12:23 - 2015-04-27 20:55 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll 2015-05-13 12:23 - 2015-04-27 20:55 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe 2015-05-13 12:23 - 2015-04-27 20:55 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe 2015-05-13 12:23 - 2015-04-27 20:55 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll 2015-05-13 12:23 - 2015-04-27 20:54 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll 2015-05-13 12:23 - 2015-04-27 20:54 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll 2015-05-13 12:23 - 2015-04-27 20:54 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll 2015-05-13 12:23 - 2015-04-27 20:54 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll 2015-05-13 12:23 - 2015-04-27 20:53 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll 2015-05-13 12:23 - 2015-04-27 20:53 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll 2015-05-13 12:23 - 2015-04-27 20:52 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll 2015-05-13 12:23 - 2015-04-27 20:52 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll 2015-05-13 12:23 - 2015-04-27 20:52 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll 2015-05-13 12:23 - 2015-04-27 20:52 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll 2015-05-13 12:23 - 2015-04-27 20:52 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll 2015-05-13 12:23 - 2015-04-27 20:52 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll 2015-05-13 12:23 - 2015-04-27 20:52 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll 2015-05-13 12:23 - 2015-04-27 20:52 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll 2015-05-13 12:23 - 2015-04-27 20:52 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll 2015-05-13 12:23 - 2015-04-27 20:52 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll 2015-05-13 12:23 - 2015-04-27 20:52 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll 2015-05-13 12:23 - 2015-04-27 20:52 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll 2015-05-13 12:23 - 2015-04-27 20:52 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll 2015-05-13 12:23 - 2015-04-27 20:52 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll 2015-05-13 12:23 - 2015-04-27 20:52 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll 2015-05-13 12:23 - 2015-04-27 20:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll 2015-05-13 12:23 - 2015-04-27 20:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll 2015-05-13 12:23 - 2015-04-27 20:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll 2015-05-13 12:23 - 2015-04-27 20:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll 2015-05-13 12:23 - 2015-04-27 20:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll 2015-05-13 12:23 - 2015-04-27 20:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll 2015-05-13 12:23 - 2015-04-27 20:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll 2015-05-13 12:23 - 2015-04-27 20:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll 2015-05-13 12:23 - 2015-04-27 20:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll 2015-05-13 12:23 - 2015-04-27 20:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll 2015-05-13 12:23 - 2015-04-27 20:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll 2015-05-13 12:23 - 2015-04-27 20:14 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys 2015-05-13 12:23 - 2015-04-27 20:06 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll 2015-05-13 12:23 - 2015-04-27 19:54 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe 2015-05-13 12:23 - 2015-04-27 19:54 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe 2015-05-13 12:23 - 2015-04-27 19:51 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll 2015-05-13 12:23 - 2015-04-27 19:51 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll 2015-05-13 12:23 - 2015-04-27 19:51 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll 2015-05-13 12:23 - 2015-04-27 19:51 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll 2015-05-13 12:23 - 2015-04-20 05:17 - 01647104 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll 2015-05-13 12:23 - 2015-04-20 05:17 - 01179136 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll 2015-05-13 12:23 - 2015-04-20 04:56 - 01250816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll 2015-05-13 12:23 - 2015-04-20 04:11 - 03204608 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2015-05-13 12:23 - 2015-04-13 05:28 - 00328704 _____ (Microsoft Corporation) C:\Windows\system32\services.exe 2015-05-13 12:23 - 2015-04-08 05:29 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll 2015-05-13 12:23 - 2015-04-08 05:29 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll 2015-05-13 12:23 - 2015-04-08 05:14 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll 2015-05-13 12:23 - 2015-03-19 01:39 - 00632984 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe 2015-05-13 12:23 - 2015-03-19 01:39 - 00546656 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe 2015-05-13 12:23 - 2015-01-29 05:19 - 02543104 _____ (Microsoft Corporation) C:\Windows\system32\wpdshext.dll 2015-05-13 12:23 - 2015-01-29 05:02 - 02311168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wpdshext.dll 2015-05-13 12:22 - 2015-03-04 06:41 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\apphelp.dll 2015-05-13 12:22 - 2015-03-04 06:41 - 00072192 _____ (Microsoft Corporation) C:\Windows\system32\aelupsvc.dll 2015-05-13 12:22 - 2015-03-04 06:41 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\sdbinst.exe 2015-05-13 12:22 - 2015-03-04 06:41 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\shimeng.dll 2015-05-13 12:22 - 2015-03-04 06:11 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shimeng.dll 2015-05-13 12:22 - 2015-03-04 06:10 - 00295936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apphelp.dll 2015-05-13 12:22 - 2015-03-04 06:10 - 00020992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sdbinst.exe 2015-05-13 12:22 - 2015-02-18 09:06 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe 2015-05-13 12:22 - 2015-02-18 09:04 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe 2015-05-07 16:04 - 2015-05-07 16:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos 2015-05-07 16:03 - 2015-05-07 16:00 - 00035624 _____ (Sophos Limited) C:\Windows\system32\SophosBootTasks.exe 2015-05-07 16:01 - 2015-05-07 16:01 - 00038144 _____ (Sophos Limited) C:\Windows\system32\Drivers\sdcfilter.sys 2015-05-07 16:01 - 2015-05-07 16:01 - 00027904 _____ (Sophos Limited) C:\Windows\system32\Drivers\SophosBootDriver.sys 2015-05-07 16:00 - 2015-05-07 16:00 - 00176120 _____ (Sophos Limited) C:\Windows\system32\sdccoinstaller.dll 2015-05-07 16:00 - 2015-05-07 16:00 - 00158976 _____ (Sophos Limited) C:\Windows\system32\Drivers\savonaccess.sys ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-06-01 23:45 - 2011-08-09 23:39 - 00000000 ____D () C:\Users\Nutzer\AppData\Local\CrashDumps 2015-06-01 23:42 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF 2015-06-01 23:36 - 2011-08-04 07:34 - 01744796 _____ () C:\Windows\WindowsUpdate.log 2015-06-01 23:34 - 2014-07-02 20:51 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-06-01 23:31 - 2012-03-30 10:49 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-06-01 21:39 - 2009-07-14 06:45 - 00028912 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-06-01 21:39 - 2009-07-14 06:45 - 00028912 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-06-01 20:56 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache 2015-06-01 14:41 - 2015-02-17 11:25 - 00000003 _____ () C:\Windows\system32\HRUPPROG.TXT 2015-06-01 14:41 - 2013-07-25 19:06 - 00000000 ____D () C:\ProgramData\Ubisoft 2015-06-01 14:40 - 2011-08-07 14:40 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information 2015-06-01 14:39 - 2009-07-14 07:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games 2015-06-01 14:35 - 2013-07-07 16:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\THQ 2015-06-01 13:34 - 2013-07-25 19:07 - 00000000 ____D () C:\Users\Nutzer\AppData\Roaming\Ubisoft 2015-06-01 13:32 - 2014-02-06 14:26 - 00000000 ____D () C:\ProgramData\NexonUS 2015-06-01 13:10 - 2014-08-17 23:41 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2 2015-06-01 13:09 - 2014-08-17 23:41 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy 2015-06-01 13:08 - 2012-06-25 18:22 - 00000000 ____D () C:\ProgramData\Sony Ericsson 2015-06-01 13:08 - 2012-06-25 18:22 - 00000000 ____D () C:\Program Files (x86)\Sony Ericsson 2015-06-01 11:36 - 2014-07-02 20:51 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-06-01 11:33 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2015-05-31 15:20 - 2011-08-17 11:26 - 00000000 ____D () C:\Users\Nutzer\dwhelper 2015-05-30 13:56 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini 2015-05-30 13:54 - 2011-08-04 07:44 - 00000000 ____D () C:\Users\Nutzer 2015-05-30 13:52 - 2012-06-29 00:35 - 00000000 ____D () C:\ProgramData\TEMP 2015-05-29 15:15 - 2013-07-25 12:15 - 00000000 ____D () C:\Users\Nutzer\AppData\Roaming\uTorrent 2015-05-29 12:50 - 2010-11-21 08:50 - 00710518 _____ () C:\Windows\system32\perfh007.dat 2015-05-29 12:50 - 2010-11-21 08:50 - 00154848 _____ () C:\Windows\system32\perfc007.dat 2015-05-29 12:50 - 2009-07-14 07:13 - 01651822 _____ () C:\Windows\system32\PerfStringBackup.INI 2015-05-28 16:28 - 2011-08-07 15:30 - 00007602 _____ () C:\Users\Nutzer\AppData\Local\resmon.resmoncfg 2015-05-28 15:13 - 2014-08-11 17:37 - 00000000 ____D () C:\Users\Nutzer\AppData\Local\Battle.net 2015-05-27 16:45 - 2012-05-26 23:29 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2015-05-27 14:50 - 2015-04-24 11:01 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox.bak 2015-05-26 12:45 - 2013-04-15 15:00 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk 2015-05-24 13:14 - 2012-05-26 23:29 - 00001072 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2015-05-24 13:14 - 2011-08-04 07:45 - 00001004 _____ () C:\Users\Nutzer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2015-05-20 15:31 - 2015-04-07 19:49 - 00000000 ___SD () C:\Windows\SysWOW64\GWX 2015-05-20 15:31 - 2015-04-07 19:49 - 00000000 ___SD () C:\Windows\system32\GWX 2015-05-20 12:27 - 2014-06-09 14:14 - 00003850 _____ () C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1379773154 2015-05-20 12:27 - 2013-09-21 16:19 - 00000000 ____D () C:\Program Files (x86)\Opera 2015-05-18 07:25 - 2014-07-02 20:51 - 00004106 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2015-05-18 07:25 - 2014-07-02 20:51 - 00003854 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2015-05-16 13:28 - 2013-12-16 00:13 - 00000000 ____D () C:\ProgramData\Package Cache 2015-05-14 20:43 - 2011-08-12 20:57 - 00000000 ____D () C:\Users\Nutzer\Documents\My Games 2015-05-14 18:51 - 2013-01-17 15:56 - 00412528 _____ () C:\Windows\system32\FNTCACHE.DAT 2015-05-14 18:47 - 2010-11-21 09:00 - 00000000 ____D () C:\Program Files\Windows Journal 2015-05-14 18:47 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\AdvancedInstallers 2015-05-13 17:04 - 2011-09-04 15:06 - 00000000 ____D () C:\ProgramData\Microsoft Help 2015-05-13 17:00 - 2013-07-16 17:37 - 00000000 ____D () C:\Windows\system32\MRT 2015-05-13 16:52 - 2011-08-06 13:21 - 140425016 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2015-05-13 16:46 - 2013-12-14 16:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight 2015-05-13 16:45 - 2013-12-14 16:50 - 00000000 ____D () C:\Program Files\Microsoft Silverlight 2015-05-13 16:45 - 2013-12-14 16:50 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight 2015-05-12 14:24 - 2014-08-11 17:37 - 00000000 ____D () C:\Program Files (x86)\Battle.net 2015-05-11 14:39 - 2015-03-29 15:34 - 00000000 ____D () C:\Users\Nutzer\AppData\Local\Songr 2015-05-07 16:05 - 2012-10-04 13:11 - 00000000 ____D () C:\Program Files (x86)\Sophos 2015-05-07 16:04 - 2012-10-04 13:11 - 00000000 ____D () C:\ProgramData\Sophos ==================== Files in the root of some directories ======= 2012-02-08 00:27 - 2012-02-29 00:33 - 0000080 _____ () C:\Users\Nutzer\AppData\Roaming\blckdom.res 2011-08-07 15:09 - 2015-02-14 04:30 - 0015360 _____ () C:\Users\Nutzer\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2012-11-14 18:03 - 2012-11-14 18:03 - 0000094 _____ () C:\Users\Nutzer\AppData\Local\fusioncache.dat 2011-08-07 15:30 - 2015-05-28 16:28 - 0007602 _____ () C:\Users\Nutzer\AppData\Local\resmon.resmoncfg 2013-09-20 12:03 - 2013-09-20 12:03 - 0005082 _____ () C:\ProgramData\iqrjmdeq.fak 2015-05-16 13:32 - 2015-06-01 15:19 - 0000112 _____ () C:\ProgramData\QUX80go.dat Files to move or delete: ==================== C:\ProgramData\QUX80go.dat C:\Users\Nutzer\F.bat Some files in TEMP: ==================== C:\Users\Nutzer\AppData\Local\Temp\NGM.exe C:\Users\Nutzer\AppData\Local\Temp\NGMDll.dll C:\Users\Nutzer\AppData\Local\Temp\NGMResource.dll C:\Users\Nutzer\AppData\Local\Temp\Quarantine.exe C:\Users\Nutzer\AppData\Local\Temp\sqlite3.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-06-01 20:49 ==================== End of log ============================ |
02.06.2015, 18:45 | #12 |
/// the machine /// TB-Ausbilder | Compatiybilitycheck.exe Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter C:\Program Files\7B2309EA-E015-4F90-83B6-EB71CABA5A4E C:\Program Files (x86)\7B2309EA-E015-4F90-83B6-EB71CABA5A4E C:\Users\Default\AppData\Roaming\Compatibility Verifier C:\Users\Helena\AppData\Local\Mozilla\Firefox\Profiles\gt17l0qh.default HKU\S-1-5-21-3323010747-2788445057-3376602549-1000\...\Policies\system: [EnableLUA] 1 HKU\S-1-5-21-3323010747-2788445057-3376602549-1000\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1 HKU\S-1-5-21-3323010747-2788445057-3376602549-1000\...\Policies\Explorer: [1 compatibilitycheck.exe] HKU\S-1-5-21-3323010747-2788445057-3376602549-1000\...\Policies\Explorer: [2 db88.exe] HKU\S-1-5-21-3323010747-2788445057-3376602549-1000\...\Policies\Explorer: [3 UCV.exe] HKU\S-1-5-21-3323010747-2788445057-3376602549-1000\...\Policies\Explorer: [4 UCV.tmp] HKU\S-1-5-21-3323010747-2788445057-3376602549-1000\...\Policies\Explorer: [5 vcredist_x86.exe] HKU\S-1-5-21-3323010747-2788445057-3376602549-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION S3 pccsmcfd; system32\DRIVERS\pccsmcfdx64.sys [X] S3 usj; \??\D:\GameDIR\EdenEternal\avital\ussjcs64.sys [X] S3 xhunter1; \??\C:\Windows\xhunter1.sys [X] 2012-02-08 00:27 - 2012-02-29 00:33 - 0000080 _____ () C:\Users\Nutzer\AppData\Roaming\blckdom.res 2013-09-20 12:03 - 2013-09-20 12:03 - 0005082 _____ () C:\ProgramData\iqrjmdeq.fak 2015-05-16 13:32 - 2015-06-01 15:19 - 0000112 _____ () C:\ProgramData\QUX80go.dat Emptytemp: Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Revo Uninstaller - Download - Filepony damit Firefox deinstallieren, keine Daten behalten, Reste entfernen lassen, neu installieren. Dann: https://support.mozilla.org/de/kb/fi...einfach-loesen Frisches FRST log bitte.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
02.06.2015, 20:30 | #13 |
| Compatiybilitycheck.exe Einmal das Fixlog Code:
ATTFilter Fix result of Farbar Recovery Scan Tool (x64) Version: 27-05-2015 01 Ran by Nutzer at 2015-06-02 21:07:14 Run:1 Running from C:\Users\Nutzer\Desktop Loaded Profiles: Nutzer (Available Profiles: Nutzer & Helena) Boot Mode: Normal ============================================== fixlist content: ***************** C:\Program Files\7B2309EA-E015-4F90-83B6-EB71CABA5A4E C:\Program Files (x86)\7B2309EA-E015-4F90-83B6-EB71CABA5A4E C:\Users\Default\AppData\Roaming\Compatibility Verifier C:\Users\Helena\AppData\Local\Mozilla\Firefox\Profiles\gt17l0qh.default HKU\S-1-5-21-3323010747-2788445057-3376602549-1000\...\Policies\system: [EnableLUA] 1 HKU\S-1-5-21-3323010747-2788445057-3376602549-1000\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1 HKU\S-1-5-21-3323010747-2788445057-3376602549-1000\...\Policies\Explorer: [1 compatibilitycheck.exe] HKU\S-1-5-21-3323010747-2788445057-3376602549-1000\...\Policies\Explorer: [2 db88.exe] HKU\S-1-5-21-3323010747-2788445057-3376602549-1000\...\Policies\Explorer: [3 UCV.exe] HKU\S-1-5-21-3323010747-2788445057-3376602549-1000\...\Policies\Explorer: [4 UCV.tmp] HKU\S-1-5-21-3323010747-2788445057-3376602549-1000\...\Policies\Explorer: [5 vcredist_x86.exe] HKU\S-1-5-21-3323010747-2788445057-3376602549-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION S3 pccsmcfd; system32\DRIVERS\pccsmcfdx64.sys [X] S3 usj; \??\D:\GameDIR\EdenEternal\avital\ussjcs64.sys [X] S3 xhunter1; \??\C:\Windows\xhunter1.sys [X] 2012-02-08 00:27 - 2012-02-29 00:33 - 0000080 _____ () C:\Users\Nutzer\AppData\Roaming\blckdom.res 2013-09-20 12:03 - 2013-09-20 12:03 - 0005082 _____ () C:\ProgramData\iqrjmdeq.fak 2015-05-16 13:32 - 2015-06-01 15:19 - 0000112 _____ () C:\ProgramData\QUX80go.dat Emptytemp: ***************** C:\Program Files\7B2309EA-E015-4F90-83B6-EB71CABA5A4E => Moved successfully. C:\Program Files (x86)\7B2309EA-E015-4F90-83B6-EB71CABA5A4E => Moved successfully. C:\Users\Default\AppData\Roaming\Compatibility Verifier => Moved successfully. C:\Users\Helena\AppData\Local\Mozilla\Firefox\Profiles\gt17l0qh.default => Moved successfully. HKU\S-1-5-21-3323010747-2788445057-3376602549-1000\Software\Microsoft\Windows\CurrentVersion\Policies\system\\EnableLUA => value Removed successfully HKU\S-1-5-21-3323010747-2788445057-3376602549-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoLowDiskSpaceChecks => value Removed successfully HKU\S-1-5-21-3323010747-2788445057-3376602549-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\1 compatibilitycheck.exe => value Removed successfully HKU\S-1-5-21-3323010747-2788445057-3376602549-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\2 db88.exe => value Removed successfully HKU\S-1-5-21-3323010747-2788445057-3376602549-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\3 UCV.exe => value Removed successfully HKU\S-1-5-21-3323010747-2788445057-3376602549-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\4 UCV.tmp => value Removed successfully HKU\S-1-5-21-3323010747-2788445057-3376602549-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\5 vcredist_x86.exe => value Removed successfully "HKU\S-1-5-21-3323010747-2788445057-3376602549-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => key Removed successfully pccsmcfd => Service Removed successfully usj => Service Removed successfully xhunter1 => Service Removed successfully C:\Users\Nutzer\AppData\Roaming\blckdom.res => Moved successfully. C:\ProgramData\iqrjmdeq.fak => Moved successfully. C:\ProgramData\QUX80go.dat => Moved successfully. EmptyTemp: => Removed 740.6 MB temporary data. The system needed a reboot. ==== End of Fixlog 21:09:33 ==== Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 27-05-2015 01 Ran by Nutzer (administrator) on LUCYNDE on 02-06-2015 21:28:09 Running from C:\Users\Nutzer\Desktop Loaded Profiles: Nutzer (Available Profiles: Nutzer & Helena) Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AMD) C:\Windows\System32\atiesrxx.exe (Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe (AMD) C:\Windows\System32\atieclxx.exe (Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (Hi-Rez Studios) D:\GameDIR\SMITE\HiPatchService.exe () C:\Windows\SysWOW64\PnkBstrA.exe (Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe (Sophos Limited) C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe (Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe (Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe (VIA Technologies, Inc.) C:\Windows\System32\ViakaraokeSrv.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe (Sophos Limited) C:\Program Files (x86)\Sophos\AutoUpdate\ALMon.exe (Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642808 2012-12-19] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [Sophos AutoUpdate Monitor] => C:\Program Files (x86)\Sophos\AutoUpdate\almon.exe [1593640 2015-05-07] (Sophos Limited) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated) Lsa: [Notification Packages] scecli C:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll BootExecute: autocheck autochk * sdnclean64.exe ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome HKU\S-1-5-21-3323010747-2788445057-3376602549-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\S-1-5-21-3323010747-2788445057-3376602549-1000\Software\Microsoft\Internet Explorer\Main,Start Page = SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll [2012-02-13] (Advanced Micro Devices) BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation) BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation) BHO-x32: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll [2012-02-13] (Advanced Micro Devices) BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-01-26] (Oracle Corporation) BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-26] (Oracle Corporation) Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-07] (Advanced Micro Devices) Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll [2011-06-07] (Advanced Micro Devices) Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-07] (Advanced Micro Devices) Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll [2011-06-07] (Advanced Micro Devices) Winsock: Catalog9 01 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [126760 2012-10-04] (Sophos Limited) Winsock: Catalog9 02 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [126760 2012-10-04] (Sophos Limited) Winsock: Catalog9 03 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [126760 2012-10-04] (Sophos Limited) Winsock: Catalog9 04 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [126760 2012-10-04] (Sophos Limited) Winsock: Catalog9 05 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [126760 2012-10-04] (Sophos Limited) Winsock: Catalog9 06 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [126760 2012-10-04] (Sophos Limited) Winsock: Catalog9 07 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [126760 2012-10-04] (Sophos Limited) Winsock: Catalog9 08 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [126760 2012-10-04] (Sophos Limited) Winsock: Catalog9 22 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [126760 2012-10-04] (Sophos Limited) Winsock: Catalog9-x64 01 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [173864 2012-10-04] (Sophos Limited) Winsock: Catalog9-x64 02 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [173864 2012-10-04] (Sophos Limited) Winsock: Catalog9-x64 03 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [173864 2012-10-04] (Sophos Limited) Winsock: Catalog9-x64 04 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [173864 2012-10-04] (Sophos Limited) Winsock: Catalog9-x64 05 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [173864 2012-10-04] (Sophos Limited) Winsock: Catalog9-x64 06 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [173864 2012-10-04] (Sophos Limited) Winsock: Catalog9-x64 07 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [173864 2012-10-04] (Sophos Limited) Winsock: Catalog9-x64 08 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [173864 2012-10-04] (Sophos Limited) Winsock: Catalog9-x64 22 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [173864 2012-10-04] (Sophos Limited) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 FireFox: ======== FF ProfilePath: C:\Users\Nutzer\AppData\Roaming\Mozilla\Firefox\Profiles\wl1u72kk.default-1433273151049 FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-04-15] () FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll No File FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-15] () FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2014-11-18] (Foxit Corporation) FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-01-26] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-26] (Oracle Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation) FF Plugin-x32: @nexon.net/NxGame -> C:\ProgramData\NexonUS\NGM\npNxGameUS.dll No File FF Plugin-x32: @ngm.nexoneu.com/NxGame -> C:\ProgramData\NexonEU\NGM\npNxGameEU.dll [2014-02-06] (Nexon) FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [2013-03-26] (Pando Networks) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-18] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-18] (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=1.1.11 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2011-07-14] (the VideoLAN Team) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-05-01] (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-3323010747-2788445057-3376602549-1000: pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [2013-03-26] (Pando Networks) FF Plugin HKU\S-1-5-21-3323010747-2788445057-3376602549-1000: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll No File Chrome: ======= CHR StartupUrls: Default -> "hxxp://www.google.com/" CHR Profile: C:\Users\Nutzer\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Drive) - C:\Users\Nutzer\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-07-05] CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Nutzer\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-24] CHR Extension: (YouTube) - C:\Users\Nutzer\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-07-05] CHR Extension: (Google Search) - C:\Users\Nutzer\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-07-05] CHR Extension: (Google Wallet) - C:\Users\Nutzer\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-07-08] CHR Extension: (Gmail) - C:\Users\Nutzer\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-07-05] CHR HKLM-x32\...\Chrome\Extension: [ocbnpbkmjpgbdcgiflkgkpnkinifpgpj] - C:\Users\Nutzer\ChromeExtensions\ocbnpbkmjpgbdcgiflkgkpnkinifpgpj\amazon-icon-2.crx [2015-03-10] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-12-19] (Advanced Micro Devices, Inc.) [File not signed] R2 DiagTrack; C:\Windows\system32\diagtrack.dll [1254400 2015-04-27] (Microsoft Corporation) S3 EasyAntiCheat; C:\Windows\SysWOW64\EasyAntiCheat.exe [237864 2015-03-20] (EasyAntiCheat Ltd) R2 HiPatchService; D:\GameDIR\SMITE\HiPatchService.exe [9216 2015-03-12] (Hi-Rez Studios) [File not signed] S2 KMService; C:\Windows\SysWOW64\srvany.exe [8192 2003-04-18] () [File not signed] S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation) S3 OpenVPNService; C:\Program Files (x86)\OpenVPN\bin\openvpnserv.exe [36352 2010-11-08] () [File not signed] R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [75136 2013-12-29] () R2 SAVAdminService; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe [288552 2015-05-07] (Sophos Limited) R2 SAVService; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe [208168 2015-05-07] (Sophos Limited) R2 Sophos AutoUpdate Service; C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe [340776 2015-05-07] (Sophos Limited) R2 Sophos Web Control Service; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe [341800 2015-05-07] (Sophos Limited) R2 swi_service; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe [3278632 2015-05-07] (Sophos Limited) S2 swi_update_64; C:\ProgramData\Sophos\Web Intelligence\swi_update_64.exe [2081064 2015-05-07] (Sophos Limited) S3 TunngleService; C:\Program Files (x86)\Tunngle\TnglCtrl.exe [762320 2015-01-17] (Tunngle.net GmbH) R2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27768 2012-12-12] (VIA Technologies, Inc.) R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) S2 Verifies software is compatible; C:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitychecksvc.exe [X] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) U5 AppMgmt; C:\Windows\system32\svchost.exe [27648 2011-03-31] (Microsoft Corporation) R3 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-10-31] (Disc Soft Ltd) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation) S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-04-14] (Malwarebytes Corporation) R3 SaiK0CD5; C:\Windows\System32\DRIVERS\SaiK0CD5.sys [183104 2011-09-20] (Saitek) R3 SaiMini; C:\Windows\System32\DRIVERS\SaiMini.sys [24680 2012-06-26] (Saitek) R3 SaiNtBus; C:\Windows\System32\drivers\SaiBus.sys [52200 2012-06-26] (Saitek) R3 SaiU0CD5; C:\Windows\System32\DRIVERS\SaiU0CD5.sys [47168 2011-09-20] (Saitek) R1 SAVOnAccess; C:\Windows\System32\DRIVERS\savonaccess.sys [158976 2015-05-07] (Sophos Limited) S3 sdcfilter; C:\Windows\System32\DRIVERS\sdcfilter.sys [38144 2015-05-07] (Sophos Limited) S4 SophosBootDriver; C:\Windows\System32\DRIVERS\SophosBootDriver.sys [27904 2015-05-07] (Sophos Limited) S4 sptd; C:\Windows\System32\Drivers\sptd.sys [386680 2014-08-10] (Duplex Secure Ltd.) S2 tandpl; C:\Windows\SysWOW64\drivers\tandpl.sys [4736 2003-04-19] () [File not signed] R3 tap0901t; C:\Windows\System32\DRIVERS\tap0901t.sys [31232 2009-09-16] (Tunngle.net) S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [51712 2011-05-10] (Apple, Inc.) [File not signed] S3 catchme; \??\C:\ComboFix\catchme.sys [X] S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-06-02 21:25 - 2015-06-02 21:25 - 00000000 ____D () C:\Users\Nutzer\Desktop\Alte Firefox-Daten 2015-06-02 21:24 - 2015-06-02 21:24 - 00001170 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2015-06-02 21:24 - 2015-06-02 21:24 - 00001158 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk 2015-06-02 21:24 - 2015-06-02 21:24 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2015-06-02 21:22 - 2015-06-02 21:23 - 00243592 _____ () C:\Users\Nutzer\Downloads\Firefox Setup Stub 38.0.5.exe 2015-06-02 21:13 - 2015-06-02 21:13 - 00001275 _____ () C:\Users\Nutzer\Desktop\Revo Uninstaller.lnk 2015-06-02 21:13 - 2015-06-02 21:13 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group 2015-06-02 21:12 - 2015-06-02 21:12 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Nutzer\Downloads\revosetup95.exe 2015-06-01 23:43 - 2015-06-01 23:43 - 00852639 _____ () C:\Users\Nutzer\Desktop\SecurityCheck.exe 2015-06-01 23:42 - 2015-06-01 23:42 - 00009642 _____ () C:\Users\Nutzer\Desktop\ESET.txt 2015-06-01 13:09 - 2015-06-01 13:10 - 00000085 _____ () C:\Windows\wininit.ini 2015-06-01 12:23 - 2015-06-01 12:23 - 00000000 ____D () C:\Users\Nutzer\AppData\Local\GWX 2015-06-01 11:40 - 2015-06-01 11:40 - 00000000 ____D () C:\Program Files (x86)\ESET 2015-06-01 11:39 - 2015-06-01 11:39 - 02347384 _____ (ESET) C:\Users\Nutzer\Downloads\esetsmartinstaller_deu.exe 2015-05-31 16:43 - 2015-05-31 16:43 - 00050260 _____ () C:\Users\Nutzer\Desktop\Addition.txt 2015-05-31 16:42 - 2015-06-02 21:28 - 00006628 _____ () C:\Users\Nutzer\Desktop\FRST.txt 2015-05-31 16:39 - 2015-05-31 16:39 - 00001063 _____ () C:\Users\Nutzer\Desktop\JRT.txt 2015-05-31 16:36 - 2015-05-30 17:05 - 02947635 _____ (Thisisu) C:\Users\Nutzer\Desktop\JRT_NEW.exe 2015-05-31 16:11 - 2015-05-31 16:11 - 00000362 _____ () C:\Users\Nutzer\Desktop\mbam.txt 2015-05-31 15:21 - 2015-05-31 15:21 - 00001113 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2015-05-31 15:21 - 2015-05-31 15:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2015-05-31 15:21 - 2015-05-31 15:21 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2015-05-31 15:21 - 2015-04-14 09:37 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2015-05-31 15:21 - 2015-04-14 09:37 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2015-05-31 15:20 - 2015-05-31 15:20 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\Nutzer\Downloads\mbam-setup-2.1.6.1022.exe 2015-05-30 13:58 - 2015-05-30 13:58 - 00031498 _____ () C:\ComboFix.txt 2015-05-30 13:44 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe 2015-05-30 13:44 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe 2015-05-30 13:44 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe 2015-05-30 13:44 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe 2015-05-30 13:44 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe 2015-05-30 13:44 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe 2015-05-30 13:44 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe 2015-05-30 13:44 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe 2015-05-30 13:39 - 2015-05-30 13:58 - 00000000 ____D () C:\Qoobox 2015-05-30 13:34 - 2015-05-30 13:57 - 00000000 ____D () C:\Windows\erdnt 2015-05-30 13:32 - 2015-05-30 13:32 - 05628678 ____R (Swearware) C:\Users\Nutzer\Desktop\ComboFix.exe 2015-05-29 11:50 - 2015-05-29 11:50 - 04197016 _____ (Kaspersky Lab ZAO) C:\Users\Nutzer\Desktop\tdsskiller.exe 2015-05-29 11:47 - 2015-05-31 15:21 - 00000000 ____D () C:\ProgramData\Malwarebytes 2015-05-29 11:46 - 2015-05-31 16:24 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-05-29 11:46 - 2015-05-30 12:19 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable) 2015-05-29 11:45 - 2015-04-14 09:37 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2015-05-29 11:43 - 2015-05-29 12:25 - 00000000 ____D () C:\Users\Nutzer\Desktop\mbar 2015-05-29 11:41 - 2015-05-29 11:41 - 16502728 _____ (Malwarebytes Corp.) C:\Users\Nutzer\Desktop\mbar-1.09.1.1004.exe 2015-05-28 13:43 - 2015-06-02 21:28 - 00000000 ____D () C:\FRST 2015-05-28 13:35 - 2015-05-28 13:35 - 00000188 _____ () C:\Users\Nutzer\defogger_reenable 2015-05-28 13:33 - 2015-05-28 13:33 - 00050477 _____ () C:\Users\Nutzer\Desktop\Defogger.exe 2015-05-28 13:31 - 2015-05-28 13:31 - 02108928 _____ (Farbar) C:\Users\Nutzer\Desktop\FRST64.exe 2015-05-27 20:13 - 2015-05-27 20:13 - 00002104 _____ () C:\Windows\DPINST.LOG 2015-05-27 17:08 - 2015-05-27 17:08 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-LUCYNDE-Windows-7-Home-Premium-(64-bit).dat 2015-05-27 17:08 - 2015-05-27 17:08 - 00000000 ____D () C:\RegBackup 2015-05-27 17:05 - 2015-05-27 17:05 - 02946603 _____ (Thisisu) C:\Users\Nutzer\Desktop\JRT.exe 2015-05-27 16:55 - 2015-05-27 16:57 - 00000000 ____D () C:\Users\Nutzer\Desktop\Games 2015-05-27 16:45 - 2015-06-02 21:04 - 00008768 _____ () C:\Windows\PFRO.log 2015-05-27 16:28 - 2015-05-27 16:29 - 02223104 _____ () C:\Users\Nutzer\Desktop\adwcleaner_4.205.exe 2015-05-24 13:12 - 2015-05-31 16:32 - 00000000 ____D () C:\AdwCleaner 2015-05-18 07:55 - 2015-05-18 07:55 - 00000000 ____D () C:\Windows\SysWOW64\%LOCALAPPDATA% 2015-05-17 12:01 - 2015-06-02 21:10 - 00002184 _____ () C:\Windows\setupact.log 2015-05-17 12:01 - 2015-05-17 12:01 - 00000000 _____ () C:\Windows\setuperr.log 2015-05-16 13:30 - 2015-05-16 13:30 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Adobe 2015-05-16 13:30 - 2015-05-16 13:30 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Adobe 2015-05-16 13:11 - 2015-05-16 13:11 - 00000000 ____D () C:\DAEMON Tools Lite 2015-05-13 16:46 - 2015-05-01 15:17 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll 2015-05-13 16:46 - 2015-05-01 15:16 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll 2015-05-13 12:24 - 2015-05-05 05:43 - 00342528 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2015-05-13 12:24 - 2015-05-05 05:27 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2015-05-13 12:24 - 2015-04-22 04:28 - 00389840 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2015-05-13 12:24 - 2015-04-22 03:48 - 00342736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2015-05-13 12:24 - 2015-04-21 19:14 - 24971776 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2015-05-13 12:24 - 2015-04-21 19:08 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2015-05-13 12:24 - 2015-04-21 19:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2015-05-13 12:24 - 2015-04-21 18:51 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2015-05-13 12:24 - 2015-04-21 18:50 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2015-05-13 12:24 - 2015-04-21 18:50 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec 2015-05-13 12:24 - 2015-04-21 18:50 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2015-05-13 12:24 - 2015-04-21 18:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2015-05-13 12:24 - 2015-04-21 18:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2015-05-13 12:24 - 2015-04-21 18:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2015-05-13 12:24 - 2015-04-21 18:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2015-05-13 12:24 - 2015-04-21 18:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2015-05-13 12:24 - 2015-04-21 18:35 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2015-05-13 12:24 - 2015-04-21 18:35 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2015-05-13 12:24 - 2015-04-21 18:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2015-05-13 12:24 - 2015-04-21 18:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2015-05-13 12:24 - 2015-04-21 18:31 - 06025728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2015-05-13 12:24 - 2015-04-21 18:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2015-05-13 12:24 - 2015-04-21 18:25 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2015-05-13 12:24 - 2015-04-21 18:24 - 19691008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2015-05-13 12:24 - 2015-04-21 18:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2015-05-13 12:24 - 2015-04-21 18:14 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2015-05-13 12:24 - 2015-04-21 18:11 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2015-05-13 12:24 - 2015-04-21 18:11 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2015-05-13 12:24 - 2015-04-21 18:10 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2015-05-13 12:24 - 2015-04-21 18:09 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec 2015-05-13 12:24 - 2015-04-21 18:09 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2015-05-13 12:24 - 2015-04-21 18:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2015-05-13 12:24 - 2015-04-21 18:08 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2015-05-13 12:24 - 2015-04-21 18:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2015-05-13 12:24 - 2015-04-21 18:04 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2015-05-13 12:24 - 2015-04-21 18:03 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2015-05-13 12:24 - 2015-04-21 18:02 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2015-05-13 12:24 - 2015-04-21 18:00 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2015-05-13 12:24 - 2015-04-21 17:58 - 00664576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2015-05-13 12:24 - 2015-04-21 17:58 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2015-05-13 12:24 - 2015-04-21 17:57 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2015-05-13 12:24 - 2015-04-21 17:49 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2015-05-13 12:24 - 2015-04-21 17:49 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2015-05-13 12:24 - 2015-04-21 17:48 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2015-05-13 12:24 - 2015-04-21 17:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2015-05-13 12:24 - 2015-04-21 17:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2015-05-13 12:24 - 2015-04-21 17:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2015-05-13 12:24 - 2015-04-21 17:40 - 14401536 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2015-05-13 12:24 - 2015-04-21 17:39 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2015-05-13 12:24 - 2015-04-21 17:38 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2015-05-13 12:24 - 2015-04-21 17:36 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2015-05-13 12:24 - 2015-04-21 17:31 - 04305920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2015-05-13 12:24 - 2015-04-21 17:27 - 02352128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2015-05-13 12:24 - 2015-04-21 17:26 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2015-05-13 12:24 - 2015-04-21 17:25 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2015-05-13 12:24 - 2015-04-21 17:24 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2015-05-13 12:24 - 2015-04-21 17:17 - 12828672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2015-05-13 12:24 - 2015-04-21 17:15 - 01547264 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2015-05-13 12:24 - 2015-04-21 17:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2015-05-13 12:24 - 2015-04-21 17:02 - 01882112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2015-05-13 12:24 - 2015-04-21 16:58 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2015-05-13 12:24 - 2015-04-21 16:56 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2015-05-13 12:23 - 2015-04-27 21:23 - 01254400 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll 2015-05-13 12:23 - 2015-04-27 21:23 - 00113664 _____ (Microsoft Corporation) C:\Windows\system32\sechost.dll 2015-05-13 12:23 - 2015-04-27 21:22 - 05550016 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2015-05-13 12:23 - 2015-04-27 21:22 - 00706496 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi 2015-05-13 12:23 - 2015-04-27 21:22 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\tracerpt.exe 2015-05-13 12:23 - 2015-04-27 21:22 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys 2015-05-13 12:23 - 2015-04-27 21:22 - 00104448 _____ (Microsoft Corporation) C:\Windows\system32\logman.exe 2015-05-13 12:23 - 2015-04-27 21:22 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys 2015-05-13 12:23 - 2015-04-27 21:22 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\typeperf.exe 2015-05-13 12:23 - 2015-04-27 21:22 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\relog.exe 2015-05-13 12:23 - 2015-04-27 21:22 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\diskperf.exe 2015-05-13 12:23 - 2015-04-27 21:20 - 01728960 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll 2015-05-13 12:23 - 2015-04-27 21:20 - 00631384 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi 2015-05-13 12:23 - 2015-04-27 21:18 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll 2015-05-13 12:23 - 2015-04-27 21:18 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll 2015-05-13 12:23 - 2015-04-27 21:18 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll 2015-05-13 12:23 - 2015-04-27 21:17 - 01464832 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2015-05-13 12:23 - 2015-04-27 21:17 - 01163776 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll 2015-05-13 12:23 - 2015-04-27 21:17 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll 2015-05-13 12:23 - 2015-04-27 21:17 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll 2015-05-13 12:23 - 2015-04-27 21:17 - 00729600 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2015-05-13 12:23 - 2015-04-27 21:17 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll 2015-05-13 12:23 - 2015-04-27 21:17 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll 2015-05-13 12:23 - 2015-04-27 21:17 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll 2015-05-13 12:23 - 2015-04-27 21:17 - 00316416 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll 2015-05-13 12:23 - 2015-04-27 21:17 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll 2015-05-13 12:23 - 2015-04-27 21:17 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe 2015-05-13 12:23 - 2015-04-27 21:17 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll 2015-05-13 12:23 - 2015-04-27 21:17 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll 2015-05-13 12:23 - 2015-04-27 21:17 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll 2015-05-13 12:23 - 2015-04-27 21:17 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe 2015-05-13 12:23 - 2015-04-27 21:17 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll 2015-05-13 12:23 - 2015-04-27 21:17 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll 2015-05-13 12:23 - 2015-04-27 21:17 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll 2015-05-13 12:23 - 2015-04-27 21:17 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll 2015-05-13 12:23 - 2015-04-27 21:17 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll 2015-05-13 12:23 - 2015-04-27 21:17 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll 2015-05-13 12:23 - 2015-04-27 21:17 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll 2015-05-13 12:23 - 2015-04-27 21:17 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll 2015-05-13 12:23 - 2015-04-27 21:17 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll 2015-05-13 12:23 - 2015-04-27 21:17 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll 2015-05-13 12:23 - 2015-04-27 21:16 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe 2015-05-13 12:23 - 2015-04-27 21:16 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe 2015-05-13 12:23 - 2015-04-27 21:16 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe 2015-05-13 12:23 - 2015-04-27 21:16 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe 2015-05-13 12:23 - 2015-04-27 21:16 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe 2015-05-13 12:23 - 2015-04-27 21:13 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll 2015-05-13 12:23 - 2015-04-27 21:12 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll 2015-05-13 12:23 - 2015-04-27 21:10 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll 2015-05-13 12:23 - 2015-04-27 21:10 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll 2015-05-13 12:23 - 2015-04-27 21:10 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll 2015-05-13 12:23 - 2015-04-27 21:10 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll 2015-05-13 12:23 - 2015-04-27 21:10 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll 2015-05-13 12:23 - 2015-04-27 21:10 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll 2015-05-13 12:23 - 2015-04-27 21:10 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll 2015-05-13 12:23 - 2015-04-27 21:10 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll 2015-05-13 12:23 - 2015-04-27 21:10 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll 2015-05-13 12:23 - 2015-04-27 21:10 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll 2015-05-13 12:23 - 2015-04-27 21:10 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll 2015-05-13 12:23 - 2015-04-27 21:10 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll 2015-05-13 12:23 - 2015-04-27 21:10 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll 2015-05-13 12:23 - 2015-04-27 21:10 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll 2015-05-13 12:23 - 2015-04-27 21:10 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll 2015-05-13 12:23 - 2015-04-27 21:10 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll 2015-05-13 12:23 - 2015-04-27 21:10 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll 2015-05-13 12:23 - 2015-04-27 21:10 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll 2015-05-13 12:23 - 2015-04-27 21:10 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll 2015-05-13 12:23 - 2015-04-27 21:10 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll 2015-05-13 12:23 - 2015-04-27 21:10 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll 2015-05-13 12:23 - 2015-04-27 21:10 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll 2015-05-13 12:23 - 2015-04-27 21:10 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll 2015-05-13 12:23 - 2015-04-27 21:10 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll 2015-05-13 12:23 - 2015-04-27 21:10 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll 2015-05-13 12:23 - 2015-04-27 21:10 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll 2015-05-13 12:23 - 2015-04-27 21:10 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll 2015-05-13 12:23 - 2015-04-27 21:10 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll 2015-05-13 12:23 - 2015-04-27 21:10 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll 2015-05-13 12:23 - 2015-04-27 21:10 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll 2015-05-13 12:23 - 2015-04-27 21:05 - 00092160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sechost.dll 2015-05-13 12:23 - 2015-04-27 21:04 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tracerpt.exe 2015-05-13 12:23 - 2015-04-27 21:04 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\logman.exe 2015-05-13 12:23 - 2015-04-27 21:04 - 00040448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\typeperf.exe 2015-05-13 12:23 - 2015-04-27 21:04 - 00037888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\relog.exe 2015-05-13 12:23 - 2015-04-27 21:03 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\diskperf.exe 2015-05-13 12:23 - 2015-04-27 21:01 - 03994560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe 2015-05-13 12:23 - 2015-04-27 21:01 - 03939264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe 2015-05-13 12:23 - 2015-04-27 20:58 - 01311256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll 2015-05-13 12:23 - 2015-04-27 20:56 - 00635392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll 2015-05-13 12:23 - 2015-04-27 20:56 - 00260096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll 2015-05-13 12:23 - 2015-04-27 20:56 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll 2015-05-13 12:23 - 2015-04-27 20:56 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll 2015-05-13 12:23 - 2015-04-27 20:56 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll 2015-05-13 12:23 - 2015-04-27 20:56 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll 2015-05-13 12:23 - 2015-04-27 20:56 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2015-05-13 12:23 - 2015-04-27 20:56 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll 2015-05-13 12:23 - 2015-04-27 20:55 - 00643072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll 2015-05-13 12:23 - 2015-04-27 20:55 - 00551424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll 2015-05-13 12:23 - 2015-04-27 20:55 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll 2015-05-13 12:23 - 2015-04-27 20:55 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll 2015-05-13 12:23 - 2015-04-27 20:55 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe 2015-05-13 12:23 - 2015-04-27 20:55 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe 2015-05-13 12:23 - 2015-04-27 20:55 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll 2015-05-13 12:23 - 2015-04-27 20:54 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll 2015-05-13 12:23 - 2015-04-27 20:54 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll 2015-05-13 12:23 - 2015-04-27 20:54 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll 2015-05-13 12:23 - 2015-04-27 20:54 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll 2015-05-13 12:23 - 2015-04-27 20:53 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll 2015-05-13 12:23 - 2015-04-27 20:53 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll 2015-05-13 12:23 - 2015-04-27 20:52 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll 2015-05-13 12:23 - 2015-04-27 20:52 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll 2015-05-13 12:23 - 2015-04-27 20:52 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll 2015-05-13 12:23 - 2015-04-27 20:52 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll 2015-05-13 12:23 - 2015-04-27 20:52 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll 2015-05-13 12:23 - 2015-04-27 20:52 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll 2015-05-13 12:23 - 2015-04-27 20:52 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll 2015-05-13 12:23 - 2015-04-27 20:52 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll 2015-05-13 12:23 - 2015-04-27 20:52 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll 2015-05-13 12:23 - 2015-04-27 20:52 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll 2015-05-13 12:23 - 2015-04-27 20:52 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll 2015-05-13 12:23 - 2015-04-27 20:52 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll 2015-05-13 12:23 - 2015-04-27 20:52 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll 2015-05-13 12:23 - 2015-04-27 20:52 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll 2015-05-13 12:23 - 2015-04-27 20:52 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll 2015-05-13 12:23 - 2015-04-27 20:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll 2015-05-13 12:23 - 2015-04-27 20:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll 2015-05-13 12:23 - 2015-04-27 20:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll 2015-05-13 12:23 - 2015-04-27 20:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll 2015-05-13 12:23 - 2015-04-27 20:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll 2015-05-13 12:23 - 2015-04-27 20:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll 2015-05-13 12:23 - 2015-04-27 20:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll 2015-05-13 12:23 - 2015-04-27 20:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll 2015-05-13 12:23 - 2015-04-27 20:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll 2015-05-13 12:23 - 2015-04-27 20:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll 2015-05-13 12:23 - 2015-04-27 20:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll 2015-05-13 12:23 - 2015-04-27 20:14 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys 2015-05-13 12:23 - 2015-04-27 20:06 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll 2015-05-13 12:23 - 2015-04-27 19:54 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe 2015-05-13 12:23 - 2015-04-27 19:54 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe 2015-05-13 12:23 - 2015-04-27 19:51 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll 2015-05-13 12:23 - 2015-04-27 19:51 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll 2015-05-13 12:23 - 2015-04-27 19:51 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll 2015-05-13 12:23 - 2015-04-27 19:51 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll 2015-05-13 12:23 - 2015-04-20 05:17 - 01647104 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll 2015-05-13 12:23 - 2015-04-20 05:17 - 01179136 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll 2015-05-13 12:23 - 2015-04-20 04:56 - 01250816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll 2015-05-13 12:23 - 2015-04-20 04:11 - 03204608 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2015-05-13 12:23 - 2015-04-13 05:28 - 00328704 _____ (Microsoft Corporation) C:\Windows\system32\services.exe 2015-05-13 12:23 - 2015-04-08 05:29 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll 2015-05-13 12:23 - 2015-04-08 05:29 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll 2015-05-13 12:23 - 2015-04-08 05:14 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll 2015-05-13 12:23 - 2015-03-19 01:39 - 00632984 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe 2015-05-13 12:23 - 2015-03-19 01:39 - 00546656 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe 2015-05-13 12:23 - 2015-01-29 05:19 - 02543104 _____ (Microsoft Corporation) C:\Windows\system32\wpdshext.dll 2015-05-13 12:23 - 2015-01-29 05:02 - 02311168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wpdshext.dll 2015-05-13 12:22 - 2015-03-04 06:41 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\apphelp.dll 2015-05-13 12:22 - 2015-03-04 06:41 - 00072192 _____ (Microsoft Corporation) C:\Windows\system32\aelupsvc.dll 2015-05-13 12:22 - 2015-03-04 06:41 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\sdbinst.exe 2015-05-13 12:22 - 2015-03-04 06:41 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\shimeng.dll 2015-05-13 12:22 - 2015-03-04 06:11 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shimeng.dll 2015-05-13 12:22 - 2015-03-04 06:10 - 00295936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apphelp.dll 2015-05-13 12:22 - 2015-03-04 06:10 - 00020992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sdbinst.exe 2015-05-13 12:22 - 2015-02-18 09:06 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe 2015-05-13 12:22 - 2015-02-18 09:04 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe 2015-05-07 16:04 - 2015-05-07 16:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos 2015-05-07 16:03 - 2015-05-07 16:00 - 00035624 _____ (Sophos Limited) C:\Windows\system32\SophosBootTasks.exe 2015-05-07 16:01 - 2015-05-07 16:01 - 00038144 _____ (Sophos Limited) C:\Windows\system32\Drivers\sdcfilter.sys 2015-05-07 16:01 - 2015-05-07 16:01 - 00027904 _____ (Sophos Limited) C:\Windows\system32\Drivers\SophosBootDriver.sys 2015-05-07 16:00 - 2015-05-07 16:00 - 00176120 _____ (Sophos Limited) C:\Windows\system32\sdccoinstaller.dll 2015-05-07 16:00 - 2015-05-07 16:00 - 00158976 _____ (Sophos Limited) C:\Windows\system32\Drivers\savonaccess.sys ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-06-02 21:24 - 2012-05-26 23:29 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2015-06-02 21:18 - 2009-07-14 06:45 - 00028912 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-06-02 21:18 - 2009-07-14 06:45 - 00028912 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-06-02 21:10 - 2014-07-02 20:51 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-06-02 21:10 - 2013-09-21 16:19 - 00000000 ____D () C:\Program Files (x86)\Opera 2015-06-02 21:10 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2015-06-02 21:09 - 2011-08-04 07:34 - 01754952 _____ () C:\Windows\WindowsUpdate.log 2015-06-02 21:04 - 2014-08-17 23:41 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2 2015-06-01 23:45 - 2011-08-09 23:39 - 00000000 ____D () C:\Users\Nutzer\AppData\Local\CrashDumps 2015-06-01 23:42 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF 2015-06-01 23:34 - 2014-07-02 20:51 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-06-01 23:31 - 2012-03-30 10:49 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-06-01 20:56 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache 2015-06-01 14:41 - 2015-02-17 11:25 - 00000003 _____ () C:\Windows\system32\HRUPPROG.TXT 2015-06-01 14:41 - 2013-07-25 19:06 - 00000000 ____D () C:\ProgramData\Ubisoft 2015-06-01 14:40 - 2011-08-07 14:40 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information 2015-06-01 14:39 - 2009-07-14 07:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games 2015-06-01 14:35 - 2013-07-07 16:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\THQ 2015-06-01 13:34 - 2013-07-25 19:07 - 00000000 ____D () C:\Users\Nutzer\AppData\Roaming\Ubisoft 2015-06-01 13:32 - 2014-02-06 14:26 - 00000000 ____D () C:\ProgramData\NexonUS 2015-06-01 13:09 - 2014-08-17 23:41 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy 2015-06-01 13:08 - 2012-06-25 18:22 - 00000000 ____D () C:\ProgramData\Sony Ericsson 2015-06-01 13:08 - 2012-06-25 18:22 - 00000000 ____D () C:\Program Files (x86)\Sony Ericsson 2015-05-31 15:20 - 2011-08-17 11:26 - 00000000 ____D () C:\Users\Nutzer\dwhelper 2015-05-30 13:56 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini 2015-05-30 13:54 - 2011-08-04 07:44 - 00000000 ____D () C:\Users\Nutzer 2015-05-30 13:52 - 2012-06-29 00:35 - 00000000 ____D () C:\ProgramData\TEMP 2015-05-29 15:15 - 2013-07-25 12:15 - 00000000 ____D () C:\Users\Nutzer\AppData\Roaming\uTorrent 2015-05-29 12:50 - 2010-11-21 08:50 - 00710518 _____ () C:\Windows\system32\perfh007.dat 2015-05-29 12:50 - 2010-11-21 08:50 - 00154848 _____ () C:\Windows\system32\perfc007.dat 2015-05-29 12:50 - 2009-07-14 07:13 - 01651822 _____ () C:\Windows\system32\PerfStringBackup.INI 2015-05-28 16:28 - 2011-08-07 15:30 - 00007602 _____ () C:\Users\Nutzer\AppData\Local\resmon.resmoncfg 2015-05-28 15:13 - 2014-08-11 17:37 - 00000000 ____D () C:\Users\Nutzer\AppData\Local\Battle.net 2015-05-27 14:50 - 2015-04-24 11:01 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox.bak 2015-05-26 12:45 - 2013-04-15 15:00 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk 2015-05-24 13:14 - 2011-08-04 07:45 - 00001004 _____ () C:\Users\Nutzer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2015-05-20 15:31 - 2015-04-07 19:49 - 00000000 ___SD () C:\Windows\SysWOW64\GWX 2015-05-20 15:31 - 2015-04-07 19:49 - 00000000 ___SD () C:\Windows\system32\GWX 2015-05-20 12:27 - 2014-06-09 14:14 - 00003850 _____ () C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1379773154 2015-05-18 07:25 - 2014-07-02 20:51 - 00004106 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2015-05-18 07:25 - 2014-07-02 20:51 - 00003854 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2015-05-16 13:28 - 2013-12-16 00:13 - 00000000 ____D () C:\ProgramData\Package Cache 2015-05-14 20:43 - 2011-08-12 20:57 - 00000000 ____D () C:\Users\Nutzer\Documents\My Games 2015-05-14 18:51 - 2013-01-17 15:56 - 00412528 _____ () C:\Windows\system32\FNTCACHE.DAT 2015-05-14 18:47 - 2010-11-21 09:00 - 00000000 ____D () C:\Program Files\Windows Journal 2015-05-14 18:47 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\AdvancedInstallers 2015-05-13 17:04 - 2011-09-04 15:06 - 00000000 ____D () C:\ProgramData\Microsoft Help 2015-05-13 17:00 - 2013-07-16 17:37 - 00000000 ____D () C:\Windows\system32\MRT 2015-05-13 16:52 - 2011-08-06 13:21 - 140425016 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2015-05-13 16:46 - 2013-12-14 16:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight 2015-05-13 16:45 - 2013-12-14 16:50 - 00000000 ____D () C:\Program Files\Microsoft Silverlight 2015-05-13 16:45 - 2013-12-14 16:50 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight 2015-05-12 14:24 - 2014-08-11 17:37 - 00000000 ____D () C:\Program Files (x86)\Battle.net 2015-05-11 14:39 - 2015-03-29 15:34 - 00000000 ____D () C:\Users\Nutzer\AppData\Local\Songr 2015-05-07 16:05 - 2012-10-04 13:11 - 00000000 ____D () C:\Program Files (x86)\Sophos 2015-05-07 16:04 - 2012-10-04 13:11 - 00000000 ____D () C:\ProgramData\Sophos ==================== Files in the root of some directories ======= 2011-08-07 15:09 - 2015-02-14 04:30 - 0015360 _____ () C:\Users\Nutzer\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2012-11-14 18:03 - 2012-11-14 18:03 - 0000094 _____ () C:\Users\Nutzer\AppData\Local\fusioncache.dat 2011-08-07 15:30 - 2015-05-28 16:28 - 0007602 _____ () C:\Users\Nutzer\AppData\Local\resmon.resmoncfg Files to move or delete: ==================== C:\Users\Nutzer\F.bat ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-06-01 20:49 ==================== End of log ============================ |
03.06.2015, 11:53 | #14 |
/// the machine /// TB-Ausbilder | Compatiybilitycheck.exe Bitte noch nen Tag oder so beaobachten und nochmal melden
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
08.06.2015, 09:41 | #15 |
| Compatiybilitycheck.exe So nach einigen Tagen intensiven Testens scheint das Problem gelöst zu sein Vielen Dank Schrauber. Kannst du mir zumindest kurz sagen, was das eigentliche Problem war, habe bei den ganzen Meldungen etwas den Überblick verloren |
Themen zu Compatiybilitycheck.exe |
ahnung, andere, anderen, ausführen, bereits, campatibilitycheck, datei, dateien, durchgeführt, forum, hoffe, interne, internet, log, manager, mehrfach, poste, posten, probleme, programme, schei, stehe, systemverlangsamt, task manager, thread, wenig, wenig ahnung, zusammen |