| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Glaube, mein Rechner ist verseucht.Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
30.05.2015, 14:01
| #1 |
 |  Glaube, mein Rechner ist verseucht. Seit gestern ist er ohne jeden (offensichtlichen) Grund arschlangsam und braucht für die kleinsten Dinge (einen neuen Tab öffnen, surfen + downloaden, einen Ordner öffen, ..) kleine Ewigkeiten. Wäre toll, wenn mir einer eurer Experten helfen würde und meinen Laptop mal eingehend prüft.  Gruß |
|
30.05.2015, 14:05
| #2 |
| /// the machine /// TB-Ausbilder    | Glaube, mein Rechner ist verseucht. hi,
__________________Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:  FRST 32-Bit | FRST 64-Bit(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ |
|
30.05.2015, 15:32
| #3 |
| | Glaube, mein Rechner ist verseucht. Als ichs startete, poppte folgendes Fenster auf. Ich klickte auf "Ja" und ließ den Scan beginnen.
__________________ Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 29-05-2015
Ran by smoking caterpillar (administrator) on SMOKINGCATERPIL on 30-05-2015 15:15:26
Running from C:\Users\smoking caterpillar\Desktop
Loaded Profiles: smoking caterpillar (Available Profiles: smoking caterpillar)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Box Inc.) C:\Program Files\Box\Box Sync\SyncUpdaterService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
() C:\Program Files (x86)\Rainlendar2\Rainlendar2.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Ruiware LLC) C:\Program Files (x86)\Ruiware\WinPatrol\WinPatrol.exe
(Panda Security) C:\Program Files (x86)\Panda USB Vaccine\USBVaccine.exe
(Dropbox, Inc.) C:\Users\smoking caterpillar\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Nullsoft, Inc.) C:\Program Files (x86)\Winamp\winamp.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Last.fm) C:\Program Files (x86)\Last.fm\Last.fm Scrobbler.exe
() C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1337000 2015-04-30] (Microsoft Corporation)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [RestrictRun] 0
HKU\S-1-5-21-3093878258-50056534-2936666279-1000\...\Run: [Rainlendar2] => C:\Program Files (x86)\Rainlendar2\Rainlendar2.exe [2598496 2013-03-10] ()
HKU\S-1-5-21-3093878258-50056534-2936666279-1000\...\Run: [WinPatrol] => C:\Program Files (x86)\Ruiware\WinPatrol\winpatrol.exe [1154112 2014-07-21] (Ruiware LLC)
HKU\S-1-5-21-3093878258-50056534-2936666279-1000\...\Policies\Explorer: [RestrictRun] 0
Startup: C:\Users\smoking caterpillar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2015-01-07]
ShortcutTarget: Dropbox.lnk -> C:\Users\smoking caterpillar\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: [000BoxSyncFileLocked] -> {C253B817-3A00-475f-A5A3-6F2DD704B48D} => C:\Windows\system32\mscoree.dll [2010-11-21] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [000BoxSyncNotSynced] -> {19ACC806-F7AA-46AA-A80A-726A07CA6637} => C:\Windows\system32\mscoree.dll [2010-11-21] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [000BoxSyncProblem] -> {8CEE0157-49FA-4ACE-87AF-C01BCA971E26} => C:\Windows\system32\mscoree.dll [2010-11-21] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [000BoxSyncSynced] -> {B7AC9C6D-F15B-4B1A-A88D-F518D13861D9} => C:\Windows\system32\mscoree.dll [2010-11-21] (Microsoft Corporation)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3093878258-50056534-2936666279-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3093878258-50056534-2936666279-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2015-04-22] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_45\bin\ssv.dll [2015-04-19] (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2014-01-23] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-04-19] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-04-19] (Oracle Corporation)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2014-01-22] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2015-04-14] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-04-19] (Oracle Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2014-03-12] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
FireFox:
========
FF ProfilePath: C:\Users\smoking caterpillar\AppData\Roaming\Mozilla\Firefox\Profiles\cnfbof9z.default-1414958804586
FF Homepage: about:home
FF NetworkProxy: "backup.ftp", "76.181.194.34"
FF NetworkProxy: "backup.ftp_port", 3128
FF NetworkProxy: "backup.socks", "76.181.194.34"
FF NetworkProxy: "backup.socks_port", 3128
FF NetworkProxy: "backup.ssl", "76.181.194.34"
FF NetworkProxy: "backup.ssl_port", 3128
FF NetworkProxy: "ftp", "212.82.126.32"
FF NetworkProxy: "ftp_port", 80
FF NetworkProxy: "http", "212.82.126.32"
FF NetworkProxy: "http_port", 80
FF NetworkProxy: "share_proxy_settings", true
FF NetworkProxy: "socks", "212.82.126.32"
FF NetworkProxy: "socks_port", 80
FF NetworkProxy: "ssl", "212.82.126.32"
FF NetworkProxy: "ssl_port", 80
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-04-18] ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [2014-05-22] (DivX, LLC.)
FF Plugin: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-04-19] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-04-19] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~3\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2012-06-28] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.0.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2012-06-28] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.0.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2012-06-28] (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-18] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1214154.dll [2014-11-26] (Adobe Systems, Inc.)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll [2014-05-22] (DivX, LLC.)
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll [2014-08-13] (DivX, LLC)
FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-04-19] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-04-19] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-04-22] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office15\NPSPWRAP.DLL [2014-01-22] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2015-04-22] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\smoking caterpillar\AppData\Roaming\Mozilla\Firefox\Profiles\ugu86ww1.default\searchplugins\{10EAE007-E823-4FBA-96D3-2A6A8ECF38BB}.xml [2012-10-02]
FF SearchPlugin: C:\Users\smoking caterpillar\AppData\Roaming\Mozilla\Firefox\Profiles\ugu86ww1.default\searchplugins\{822630B8-4A7C-4A90-93A7-EBA67A4B226F}.xml [2012-10-02]
FF SearchPlugin: C:\Users\smoking caterpillar\AppData\Roaming\Mozilla\Firefox\Profiles\ugu86ww1.default\searchplugins\{99712A85-9A13-483E-8B77-0E84CA887CE1}.xml [2012-10-02]
FF Extension: LavaFox V2-Purple - C:\Users\smoking caterpillar\AppData\Roaming\Mozilla\Firefox\Profiles\cnfbof9z.default-1414958804586\Extensions\zigboom555@aol.com [2015-05-02]
FF Extension: WOT - C:\Users\smoking caterpillar\AppData\Roaming\Mozilla\Firefox\Profiles\cnfbof9z.default-1414958804586\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2015-05-29]
FF Extension: Speed Dial - C:\Users\smoking caterpillar\AppData\Roaming\Mozilla\Firefox\Profiles\cnfbof9z.default-1414958804586\Extensions\{64161300-e22b-11db-8314-0800200c9a66}.xpi [2014-11-08]
FF Extension: CookieCuller - C:\Users\smoking caterpillar\AppData\Roaming\Mozilla\Firefox\Profiles\cnfbof9z.default-1414958804586\Extensions\{99B98C2C-7274-45a3-A640-D9DF1A1C8460}.xpi [2014-11-08]
FF Extension: Adblock Edge - C:\Users\smoking caterpillar\AppData\Roaming\Mozilla\Firefox\Profiles\cnfbof9z.default-1414958804586\Extensions\{fe272bd1-5f76-4ea4-8501-a05d35d823fc}.xpi [2014-11-02]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 BoxSyncUpdateService; C:\Program Files\Box\Box Sync\SyncUpdaterService.exe [18944 2013-09-26] (Box Inc.) [File not signed]
S4 DMAgent; C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe [498688 2011-06-14] (Red Bend Ltd.) [File not signed]
S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1080120 2015-03-17] (Malwarebytes Corporation)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2015-04-30] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [366544 2015-04-30] (Microsoft Corporation)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5426448 2014-12-15] (TeamViewer GmbH)
S4 WiMAXAppSrv; C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe [986112 2011-06-14] (Intel(R) Corporation) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S3 IntcDAud; C:\Windows\System32\DRIVERS\IntcDAud.sys [317440 2010-10-15] (Intel(R) Corporation) [File not signed]
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-03-17] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-03-17] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [280376 2015-03-04] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124568 2015-03-04] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-05-30 15:15 - 2015-05-30 15:16 - 00016258 _____ () C:\Users\smoking caterpillar\Desktop\FRST.txt
2015-05-30 15:14 - 2015-05-30 15:15 - 00000000 ____D () C:\FRST
2015-05-30 15:12 - 2015-05-30 15:12 - 02108928 _____ (Farbar) C:\Users\smoking caterpillar\Desktop\FRST64.exe
2015-05-24 09:51 - 2015-05-24 09:51 - 00000000 __SHD () C:\found.001
2015-05-23 17:56 - 2015-05-23 17:56 - 00002783 _____ () C:\Users\smoking caterpillar\AppData\Local\recently-used.xbel
2015-05-13 03:11 - 2015-05-01 15:17 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-13 03:11 - 2015-05-01 15:16 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-05-12 23:32 - 2015-05-05 03:29 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-05-12 23:32 - 2015-05-05 03:12 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-05-12 23:32 - 2015-04-22 04:28 - 00389840 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-05-12 23:32 - 2015-04-22 03:48 - 00342736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-05-12 23:32 - 2015-04-21 19:08 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-05-12 23:32 - 2015-04-21 19:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-05-12 23:32 - 2015-04-21 18:51 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-05-12 23:32 - 2015-04-21 18:50 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-05-12 23:32 - 2015-04-21 18:50 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-05-12 23:32 - 2015-04-21 18:50 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-05-12 23:32 - 2015-04-21 18:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-05-12 23:32 - 2015-04-21 18:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-05-12 23:32 - 2015-04-21 18:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-05-12 23:32 - 2015-04-21 18:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-05-12 23:32 - 2015-04-21 18:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-05-12 23:32 - 2015-04-21 18:35 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-05-12 23:32 - 2015-04-21 18:35 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-05-12 23:32 - 2015-04-21 18:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-05-12 23:32 - 2015-04-21 18:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-05-12 23:32 - 2015-04-21 18:31 - 06025728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-05-12 23:32 - 2015-04-21 18:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-05-12 23:32 - 2015-04-21 18:25 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-05-12 23:32 - 2015-04-21 18:24 - 19691008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-05-12 23:32 - 2015-04-21 18:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-05-12 23:32 - 2015-04-21 18:14 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-05-12 23:32 - 2015-04-21 18:11 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-05-12 23:32 - 2015-04-21 18:11 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-05-12 23:32 - 2015-04-21 18:10 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-05-12 23:32 - 2015-04-21 18:09 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-05-12 23:32 - 2015-04-21 18:09 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-05-12 23:32 - 2015-04-21 18:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-05-12 23:32 - 2015-04-21 18:08 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-05-12 23:32 - 2015-04-21 18:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-05-12 23:32 - 2015-04-21 18:04 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-05-12 23:32 - 2015-04-21 18:03 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-05-12 23:32 - 2015-04-21 18:02 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-05-12 23:32 - 2015-04-21 18:00 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-05-12 23:32 - 2015-04-21 17:58 - 00664576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-05-12 23:32 - 2015-04-21 17:58 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-05-12 23:32 - 2015-04-21 17:57 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-05-12 23:32 - 2015-04-21 17:49 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-05-12 23:32 - 2015-04-21 17:49 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-05-12 23:32 - 2015-04-21 17:48 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-05-12 23:32 - 2015-04-21 17:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-05-12 23:32 - 2015-04-21 17:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-05-12 23:32 - 2015-04-21 17:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-05-12 23:32 - 2015-04-21 17:40 - 14401536 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-05-12 23:32 - 2015-04-21 17:39 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-05-12 23:32 - 2015-04-21 17:38 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-05-12 23:32 - 2015-04-21 17:36 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-05-12 23:32 - 2015-04-21 17:31 - 04305920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-05-12 23:32 - 2015-04-21 17:27 - 02352128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-05-12 23:32 - 2015-04-21 17:26 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-05-12 23:32 - 2015-04-21 17:25 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-05-12 23:32 - 2015-04-21 17:24 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-05-12 23:32 - 2015-04-21 17:17 - 12828672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-05-12 23:32 - 2015-04-21 17:15 - 01547264 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-05-12 23:32 - 2015-04-21 17:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-05-12 23:32 - 2015-04-21 17:02 - 01882112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-05-12 23:32 - 2015-04-21 16:58 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-05-12 23:32 - 2015-04-21 16:56 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-05-12 23:32 - 2015-04-18 05:10 - 00460800 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2015-05-12 23:32 - 2015-04-18 04:56 - 00342016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2015-05-12 23:32 - 2015-04-04 05:29 - 00155576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-05-12 23:32 - 2015-04-04 05:29 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-05-12 23:32 - 2015-04-04 05:22 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-05-12 23:32 - 2015-04-04 05:22 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-05-12 23:32 - 2015-04-04 05:22 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-05-12 23:32 - 2015-04-04 05:22 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-05-12 23:32 - 2015-04-04 05:22 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-05-12 23:32 - 2015-04-04 05:22 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-05-12 23:32 - 2015-04-04 05:22 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-05-12 23:32 - 2015-04-04 05:22 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-05-12 23:32 - 2015-04-04 05:22 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-05-12 23:32 - 2015-04-04 05:22 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-05-12 23:32 - 2015-04-04 05:20 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-05-12 23:32 - 2015-04-04 05:20 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-05-12 23:32 - 2015-04-04 05:17 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-05-12 23:32 - 2015-04-04 05:17 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-05-12 23:32 - 2015-04-04 05:15 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-05-12 23:32 - 2015-04-04 05:05 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-05-12 23:32 - 2015-04-04 05:05 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-05-12 23:32 - 2015-04-04 05:05 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-05-12 23:32 - 2015-04-04 05:05 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-05-12 23:32 - 2015-04-04 05:05 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-05-12 23:32 - 2015-04-04 05:05 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-05-12 23:32 - 2015-04-04 05:05 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-05-12 23:32 - 2015-04-04 05:04 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-05-12 23:32 - 2015-04-04 05:04 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-05-12 23:32 - 2015-04-04 05:01 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-05-12 23:32 - 2015-04-04 05:01 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-05-12 23:32 - 2015-04-04 04:59 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-05-12 23:31 - 2015-04-21 19:14 - 24971776 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-05-12 23:31 - 2015-04-20 05:17 - 01647104 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-05-12 23:31 - 2015-04-20 05:17 - 01179136 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-05-12 23:31 - 2015-04-20 04:56 - 01250816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-05-12 23:31 - 2015-04-20 04:11 - 03204608 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-05-12 23:31 - 2015-04-13 05:28 - 00328704 _____ (Microsoft Corporation) C:\Windows\system32\services.exe
2015-05-12 23:31 - 2015-04-08 05:29 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2015-05-12 23:31 - 2015-04-08 05:29 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll
2015-05-12 23:31 - 2015-04-08 05:14 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
2015-05-12 23:31 - 2015-02-18 09:06 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2015-05-12 23:31 - 2015-02-18 09:04 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2015-05-12 06:43 - 2015-05-12 06:43 - 00000000 __SHD () C:\found.000
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-05-30 15:16 - 2012-10-02 20:00 - 00000000 ____D () C:\Users\smoking caterpillar\AppData\Local\Last.fm
2015-05-30 14:43 - 2009-07-14 06:45 - 00022512 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-05-30 14:43 - 2009-07-14 06:45 - 00022512 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-05-30 14:39 - 2010-11-21 08:50 - 00699682 _____ () C:\Windows\system32\perfh007.dat
2015-05-30 14:39 - 2010-11-21 08:50 - 00149790 _____ () C:\Windows\system32\perfc007.dat
2015-05-30 14:39 - 2009-07-14 07:13 - 01620684 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-05-30 14:38 - 2012-10-01 21:19 - 02017366 _____ () C:\Windows\WindowsUpdate.log
2015-05-30 14:34 - 2014-10-11 12:19 - 00000000 ___RD () C:\Users\smoking caterpillar\Dropbox
2015-05-30 14:34 - 2014-10-11 12:11 - 00000000 ____D () C:\Users\smoking caterpillar\AppData\Roaming\Dropbox
2015-05-30 14:33 - 2015-03-02 07:31 - 00000000 ____D () C:\Users\smoking caterpillar\.rainlendar2
2015-05-30 14:33 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-05-30 14:33 - 2009-07-14 06:51 - 00199099 _____ () C:\Windows\setupact.log
2015-05-30 14:24 - 2012-10-02 18:24 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-05-27 16:57 - 2012-10-02 20:10 - 00000000 ____D () C:\Users\smoking caterpillar\AppData\Roaming\vlc
2015-05-26 20:33 - 2015-04-26 11:46 - 00000000 ____D () C:\Users\smoking caterpillar\Desktop\Praktikum
2015-05-25 04:16 - 2012-11-15 20:11 - 00000000 ____D () C:\Users\smoking caterpillar\AppData\Roaming\Mipony
2015-05-25 00:44 - 2014-12-06 15:01 - 00000000 ____D () C:\Users\smoking caterpillar\AppData\Local\Captcha_Brotherhood
2015-05-23 18:22 - 2012-11-27 03:58 - 00000000 ____D () C:\Users\smoking caterpillar\.gimp-2.8
2015-05-23 17:53 - 2014-02-21 21:07 - 00000000 ____D () C:\Users\smoking caterpillar\AppData\Local\gtk-2.0
2015-05-20 16:08 - 2012-10-02 17:13 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-05-20 06:40 - 2012-10-06 21:48 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2015-05-17 14:30 - 2015-03-22 03:40 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-05-15 23:46 - 2012-12-10 19:22 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-05-13 11:30 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2015-05-13 08:53 - 2009-07-14 07:08 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-05-13 08:53 - 2009-07-14 06:45 - 00389040 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-05-13 08:51 - 2014-04-11 03:00 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2015-05-13 08:51 - 2014-04-11 03:00 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2015-05-13 03:37 - 2010-11-21 09:00 - 00000000 ____D () C:\Program Files\Windows Journal
2015-05-13 03:34 - 2013-06-24 08:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2015-05-13 03:34 - 2013-06-21 13:49 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-05-13 03:33 - 2012-10-04 00:03 - 00002117 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2015-05-13 03:33 - 2012-10-04 00:03 - 00001912 _____ () C:\Windows\epplauncher.mif
2015-05-13 03:32 - 2012-10-04 00:02 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2015-05-13 03:32 - 2012-10-04 00:02 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client
2015-05-13 03:28 - 2013-07-24 08:32 - 00000000 ____D () C:\Windows\system32\MRT
2015-05-13 03:21 - 2012-10-02 17:28 - 140425016 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-05-13 03:07 - 2014-04-11 03:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-05-09 21:42 - 2013-11-04 17:53 - 00000000 ____D () C:\Users\smoking caterpillar\AppData\Roaming\Aquamarin Haushaltsbuch
2015-05-08 15:56 - 2014-10-11 12:18 - 00000000 ____D () C:\Users\smoking caterpillar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-05-02 22:33 - 2013-06-21 13:49 - 00000000 ____D () C:\Users\smoking caterpillar\AppData\Local\Microsoft Help
==================== Files in the root of some directories =======
2014-02-28 17:55 - 2014-12-07 13:05 - 0023978 _____ () C:\Users\smoking caterpillar\AppData\Roaming\Notepad2.ini
2015-03-22 03:23 - 2015-03-22 03:23 - 0000043 _____ () C:\Users\smoking caterpillar\AppData\Roaming\WB.CFG
2012-10-02 00:32 - 2012-10-02 00:32 - 0003584 _____ () C:\Users\smoking caterpillar\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-10-07 23:44 - 2013-10-07 23:44 - 0001480 _____ () C:\Users\smoking caterpillar\AppData\Local\RecConfig.xml
2015-05-23 17:56 - 2015-05-23 17:56 - 0002783 _____ () C:\Users\smoking caterpillar\AppData\Local\recently-used.xbel
2013-10-05 22:14 - 2013-10-05 22:14 - 0007605 _____ () C:\Users\smoking caterpillar\AppData\Local\Resmon.ResmonCfg
Some files in TEMP:
====================
C:\Users\smoking caterpillar\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpbkja5g.dll
C:\Users\smoking caterpillar\AppData\Local\Temp\install_flashplayer17x32au_ltr5x64d_awc_aih.exe
C:\Users\smoking caterpillar\AppData\Local\Temp\jre-8u45-windows-au.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-05-24 03:38
==================== End of log ============================
Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 29-05-2015
Ran by smoking caterpillar at 2015-05-30 15:16:49
Running from C:\Users\smoking caterpillar\Desktop
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-3093878258-50056534-2936666279-500 - Administrator - Disabled)
Gast (S-1-5-21-3093878258-50056534-2936666279-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3093878258-50056534-2936666279-1005 - Limited - Enabled)
smoking caterpillar (S-1-5-21-3093878258-50056534-2936666279-1000 - Administrator - Enabled) => C:\Users\smoking caterpillar
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Flash Player 14 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.11) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.11 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.4.154 - Adobe Systems, Inc.)
Box Sync (HKLM\...\{EEB8F356-B3D4-4FB6-815D-DBADA7E71E4F}) (Version: 4.0.3234.0 - Box, Inc.)
Captcha Brotherhood (HKLM-x32\...\{CCD438F0-5D72-4945-9E72-6560C7E5E0D0}) (Version: 1.2.0 - Brotherhood Software)
Compatibility Pack für 2007 Office System (HKLM-x32\...\{90120000-0020-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Debut Video Capture Software (HKLM-x32\...\Debut) (Version: 1.82 - NCH Software)
DivX-Setup (HKLM-x32\...\DivX Setup) (Version: 2.6.3.88 - DivX, LLC)
Dropbox (HKU\S-1-5-21-3093878258-50056534-2936666279-1000\...\Dropbox) (Version: 3.4.6 - Dropbox, Inc.)
FileZilla Client 3.10.0 (HKLM-x32\...\FileZilla Client) (Version: 3.10.0 - Tim Kosse)
Fotogalerie (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
GIMP 2.8.10 (HKLM\...\GIMP-2_is1) (Version: 2.8.10 - The GIMP Team)
Intel WiMAX Tutorial (HKLM\...\{4F26C164-9373-4974-8F43-E0F2176AF937}) (Version: 1.5.3.1 - Intel Corporation)
Intel® PROSet/Wireless WiMAX Software (HKLM\...\{5C1DA3D9-F590-4317-A4FB-274F658E504B}) (Version: 6.05.0000 - Intel Corporation)
Java 8 Update 45 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418045F0}) (Version: 8.0.450 - Oracle Corporation)
Java 8 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation)
K-Lite Codec Pack 10.8.0 Basic (HKLM-x32\...\KLiteCodecPack_is1) (Version: 10.8.0 - )
Last.fm Scrobbler 2.1.37 (HKLM-x32\...\LastFM_is1) (Version: - Last.fm)
Malwarebytes Anti-Malware Version 2.1.4.1018 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.4.1018 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.8.204.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (HKLM\...\{D285FC5F-3021-32E9-9C59-24CA325BDC5C}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
MiPony 2.2.3 (HKLM-x32\...\MiPony) (Version: 2.2.3 - )
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 38.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 38.0.1 (x86 de)) (Version: 38.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 35.0.1 - Mozilla)
Mozilla Thunderbird 31.7.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 31.7.0 (x86 de)) (Version: 31.7.0 - Mozilla)
Notepad2 (Notepad Replacement) (HKLM\...\Notepad2) (Version: 4.2.25 - Florian Balmer)
Outils de vérification linguistique 2013 de Microsoft Office*- Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
PDF24 Creator 6.8.0 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version: - PDF24.org)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{D82063A8-7C8C-4C3B-A9BB-95138CA55D26}) (Version: - Microsoft)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (Version: - Microsoft) Hidden
Shutdown Timer (HKLM\...\{0B1BBEE3-C10D-44BE-A6BE-EEC867315F87}) (Version: 3.3.4 - Sinvise Systems)
Skype™ 6.18 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.18.106 - Skype Technologies S.A.)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.36897 - TeamViewer)
Update for Skype for Business 2015 (KB2889853) 64-Bit Edition (HKLM\...\{90150000-012B-0407-1000-0000000FF1CE}_Office15.PROPLUS_{CBCC2FD8-7DFE-4752-95B5-2E447C226F45}) (Version: - Microsoft)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
VLC media player 2.0.2 (HKLM\...\VLC media player) (Version: 2.0.2 - VideoLAN)
Winamp Erkennungs-Plug-in (HKU\S-1-5-21-3093878258-50056534-2936666279-1000\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinPatrol (HKLM\...\{6A206A04-6BC1-411B-AA04-4E52EDEEADF2}) (Version: 32.0.2014.5 - Ruiware)
WinRAR 5.01 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== Restore Points =========================
27-05-2015 02:35:46 Geplanter Prüfpunkt
27-05-2015 14:16:28 Windows Update
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 04:34 - 2014-12-10 15:28 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {0311A0CE-5DEB-42E9-8FFD-77FA09F39190} - System32\Tasks\{57DE9D6B-0882-4BD7-ABA2-F81A351032B2} => pcalua.exe -a "C:\Users\smoking caterpillar\Desktop\httpq_v3.0_win_installer.exe" -d "C:\Users\smoking caterpillar\Desktop"
Task: {0D0F74DE-8245-42C0-A928-734AF66C6BAF} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {4480DF2B-BE9E-4265-A8F6-B8D0B6463F54} - System32\Tasks\{A2413FBC-F606-442B-A65E-CEB5513CFAE8} => pcalua.exe -a "C:\Users\smoking caterpillar\Desktop\DeepBurner19.exe" -d "C:\Users\smoking caterpillar\Desktop"
Task: {6D63B34F-A3EC-49AE-A775-1DA1478703B1} - System32\Tasks\{BF1FC3AF-DB5D-4852-976C-261341060581} => pcalua.exe -a "C:\Users\smoking caterpillar\Desktop\Install_ICQ6.exe" -d "C:\Users\smoking caterpillar\Desktop"
Task: {7FA54300-76BF-4D55-BFE8-CC77F2ABC8F6} - System32\Tasks\PandaUSBVaccine => C:\Program Files (x86)\Panda USB Vaccine\RunInteractiveWin.exe [2009-09-23] ()
Task: {9773D4EB-C093-49EE-8EA0-B92FA58910CD} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {BB96A6BA-9DA6-45A5-A3D8-10449F0F449A} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
Task: {D4FACB97-30F5-4E16-9843-07E9D7E705FF} - System32\Tasks\klcp_update => C:\Program Files (x86)\K-Lite Codec Pack\Tools\CodecTweakTool.exe [2014-10-06] ()
Task: {DAD3D603-9F91-45DE-A964-3BE34A3FE9BF} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {E536B87C-E6DD-4174-A34C-774BC2C65C2D} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe
Task: {FC9D033E-8999-4D68-A0AF-6B55808F5B0B} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-04-18] (Adobe Systems Incorporated)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
==================== Loaded Modules (Whitelisted) ==============
2013-09-26 14:40 - 2013-09-26 14:40 - 00080896 _____ () C:\Program Files\Box\Box Sync\SystemWrapper.dll
2014-12-08 12:10 - 2014-12-08 12:10 - 00102176 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2011-04-10 10:40 - 2011-04-10 10:40 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2013-03-10 19:58 - 2013-03-10 19:58 - 02598496 _____ () C:\Program Files (x86)\Rainlendar2\Rainlendar2.exe
2014-01-10 07:26 - 2014-01-10 07:26 - 01861968 _____ () C:\PROGRAM FILES (X86)\DIVX\DIVX UPDATE\DIVXUPDATE.EXE
2012-05-16 21:01 - 2012-05-16 21:01 - 00140800 _____ () C:\Program Files (x86)\Rainlendar2\lua52.dll
2013-03-10 19:59 - 2013-03-10 19:59 - 00215648 _____ () C:\Program Files (x86)\Rainlendar2\plugins\iCalendarPlugin.dll
2012-06-17 15:22 - 2012-06-17 15:22 - 00012800 _____ () C:\Program Files (x86)\Rainlendar2\lfs.dll
2015-05-30 14:33 - 2015-05-30 14:33 - 00043008 _____ () c:\Users\smoking caterpillar\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpbkja5g.dll
2015-03-04 23:45 - 2015-03-04 23:45 - 00750080 _____ () C:\Users\smoking caterpillar\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2015-03-04 23:45 - 2015-03-04 23:45 - 00047616 _____ () C:\Users\smoking caterpillar\AppData\Roaming\Dropbox\bin\libEGL.dll
2015-03-04 23:45 - 2015-03-04 23:45 - 00865280 _____ () C:\Users\smoking caterpillar\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll
2015-03-04 23:45 - 2015-03-04 23:45 - 00200704 _____ () C:\Users\smoking caterpillar\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll
2015-03-04 23:45 - 2015-03-04 23:45 - 00010240 _____ () C:\Users\smoking caterpillar\AppData\Roaming\Dropbox\bin\QtQuick.2\qtquick2plugin.dll
2015-03-04 23:45 - 2015-03-04 23:45 - 00726016 _____ () C:\Users\smoking caterpillar\AppData\Roaming\Dropbox\bin\QtQuick\Controls\qtquickcontrolsplugin.dll
2015-03-04 23:45 - 2015-03-04 23:45 - 00010240 _____ () C:\Users\smoking caterpillar\AppData\Roaming\Dropbox\bin\QtQuick\Window.2\windowplugin.dll
2012-06-20 18:14 - 2012-10-02 19:02 - 00417280 _____ () C:\Program Files (x86)\Winamp\nsutil.dll
2012-06-20 18:14 - 2012-10-02 19:02 - 00078848 _____ () C:\Program Files (x86)\Winamp\nde.dll
2012-06-20 18:14 - 2012-10-02 19:02 - 00064512 _____ () C:\Program Files (x86)\Winamp\zlib.dll
2015-05-30 14:33 - 2015-05-30 14:33 - 00010752 _____ () C:\Users\smoking caterpillar\AppData\Local\Temp\WLZ2B05.tmp\auth.lng
2015-05-30 14:33 - 2015-05-30 14:33 - 00069120 _____ () C:\Users\smoking caterpillar\AppData\Local\Temp\WLZ2B05.tmp\burnlib.lng
2015-05-30 14:33 - 2015-05-30 14:33 - 00013824 _____ () C:\Users\smoking caterpillar\AppData\Local\Temp\WLZ2B05.tmp\dsp_sps.lng
2015-05-30 14:33 - 2015-05-30 14:33 - 00006656 _____ () C:\Users\smoking caterpillar\AppData\Local\Temp\WLZ2B05.tmp\enc_fhgaac.lng
2015-05-30 14:33 - 2015-05-30 14:33 - 00004096 _____ () C:\Users\smoking caterpillar\AppData\Local\Temp\WLZ2B05.tmp\enc_flac.lng
2015-05-30 14:33 - 2015-05-30 14:33 - 00005632 _____ () C:\Users\smoking caterpillar\AppData\Local\Temp\WLZ2B05.tmp\enc_lame.lng
2015-05-30 14:33 - 2015-05-30 14:33 - 00004096 _____ () C:\Users\smoking caterpillar\AppData\Local\Temp\WLZ2B05.tmp\enc_vorbis.lng
2015-05-30 14:33 - 2015-05-30 14:33 - 00004096 _____ () C:\Users\smoking caterpillar\AppData\Local\Temp\WLZ2B05.tmp\enc_wav.lng
2015-05-30 14:33 - 2015-05-30 14:33 - 00006144 _____ () C:\Users\smoking caterpillar\AppData\Local\Temp\WLZ2B05.tmp\enc_wma.lng
2015-05-30 14:33 - 2015-05-30 14:33 - 00023552 _____ () C:\Users\smoking caterpillar\AppData\Local\Temp\WLZ2B05.tmp\gen_classicart.lng
2015-05-30 14:33 - 2015-05-30 14:33 - 00007168 _____ () C:\Users\smoking caterpillar\AppData\Local\Temp\WLZ2B05.tmp\gen_crasher.lng
2015-05-30 14:33 - 2015-05-30 14:33 - 00023040 _____ () C:\Users\smoking caterpillar\AppData\Local\Temp\WLZ2B05.tmp\gen_ff.lng
2015-05-30 14:33 - 2015-05-30 14:33 - 00004096 _____ () C:\Users\smoking caterpillar\AppData\Local\Temp\WLZ2B05.tmp\gen_find_on_disk.lng
2015-05-30 14:33 - 2015-05-30 14:33 - 00011776 _____ () C:\Users\smoking caterpillar\AppData\Local\Temp\WLZ2B05.tmp\gen_hotkeys.lng
2015-05-30 14:33 - 2015-05-30 14:33 - 00041984 _____ () C:\Users\smoking caterpillar\AppData\Local\Temp\WLZ2B05.tmp\gen_jumpex.lng
2015-05-30 14:33 - 2015-05-30 14:33 - 00041984 _____ () C:\Users\smoking caterpillar\AppData\Local\Temp\WLZ2B05.tmp\gen_jumpex_original.lng
2015-05-30 14:33 - 2015-05-30 14:33 - 00021504 _____ () C:\Users\smoking caterpillar\AppData\Local\Temp\WLZ2B05.tmp\gen_ml.lng
2015-05-30 14:33 - 2015-05-30 14:33 - 00009728 _____ () C:\Users\smoking caterpillar\AppData\Local\Temp\WLZ2B05.tmp\gen_nopro.lng
2015-05-30 14:33 - 2015-05-30 14:33 - 00007168 _____ () C:\Users\smoking caterpillar\AppData\Local\Temp\WLZ2B05.tmp\gen_orgler.lng
2015-05-30 14:33 - 2015-05-30 14:33 - 00014848 _____ () C:\Users\smoking caterpillar\AppData\Local\Temp\WLZ2B05.tmp\gen_play_remove.lng
2015-05-30 14:33 - 2015-05-30 14:33 - 00011776 _____ () C:\Users\smoking caterpillar\AppData\Local\Temp\WLZ2B05.tmp\gen_skinmanager.lng
2015-05-30 14:33 - 2015-05-30 14:33 - 00010240 _____ () C:\Users\smoking caterpillar\AppData\Local\Temp\WLZ2B05.tmp\gen_timerestore.lng
2015-05-30 14:33 - 2015-05-30 14:33 - 00008192 _____ () C:\Users\smoking caterpillar\AppData\Local\Temp\WLZ2B05.tmp\gen_tray.lng
2015-05-30 14:33 - 2015-05-30 14:33 - 00010752 _____ () C:\Users\smoking caterpillar\AppData\Local\Temp\WLZ2B05.tmp\gen_undo.lng
2015-05-30 14:33 - 2015-05-30 14:33 - 00005120 _____ () C:\Users\smoking caterpillar\AppData\Local\Temp\WLZ2B05.tmp\in_avi.lng
2015-05-30 14:33 - 2015-05-30 14:33 - 00014336 _____ () C:\Users\smoking caterpillar\AppData\Local\Temp\WLZ2B05.tmp\in_cdda.lng
2015-05-30 14:33 - 2015-05-30 14:33 - 00006656 _____ () C:\Users\smoking caterpillar\AppData\Local\Temp\WLZ2B05.tmp\in_dshow.lng
2015-05-30 14:33 - 2015-05-30 14:33 - 00005632 _____ () C:\Users\smoking caterpillar\AppData\Local\Temp\WLZ2B05.tmp\in_flac.lng
2015-05-30 14:33 - 2015-05-30 14:33 - 00003584 _____ () C:\Users\smoking caterpillar\AppData\Local\Temp\WLZ2B05.tmp\in_flv.lng
2015-05-30 14:33 - 2015-05-30 14:33 - 00003584 _____ () C:\Users\smoking caterpillar\AppData\Local\Temp\WLZ2B05.tmp\in_linein.lng
2015-05-30 14:33 - 2015-05-30 14:33 - 00020480 _____ () C:\Users\smoking caterpillar\AppData\Local\Temp\WLZ2B05.tmp\in_midi.lng
2015-05-30 14:33 - 2015-05-30 14:33 - 00004608 _____ () C:\Users\smoking caterpillar\AppData\Local\Temp\WLZ2B05.tmp\in_mkv.lng
2015-05-30 14:33 - 2015-05-30 14:33 - 00018944 _____ () C:\Users\smoking caterpillar\AppData\Local\Temp\WLZ2B05.tmp\in_mod.lng
2015-05-30 14:33 - 2015-05-30 14:33 - 00023040 _____ () C:\Users\smoking caterpillar\AppData\Local\Temp\WLZ2B05.tmp\in_mp3.lng
2015-05-30 14:33 - 2015-05-30 14:33 - 00005120 _____ () C:\Users\smoking caterpillar\AppData\Local\Temp\WLZ2B05.tmp\in_mp4.lng
2015-05-30 14:33 - 2015-05-30 14:33 - 00011776 _____ () C:\Users\smoking caterpillar\AppData\Local\Temp\WLZ2B05.tmp\in_nsv.lng
2015-05-30 14:33 - 2015-05-30 14:33 - 00003584 _____ () C:\Users\smoking caterpillar\AppData\Local\Temp\WLZ2B05.tmp\in_swf.lng
2015-05-30 14:34 - 2015-05-30 14:34 - 00011264 _____ () C:\Users\smoking caterpillar\AppData\Local\Temp\WLZ2B05.tmp\in_vorbis.lng
2015-05-30 14:34 - 2015-05-30 14:34 - 00006656 _____ () C:\Users\smoking caterpillar\AppData\Local\Temp\WLZ2B05.tmp\in_wav.lng
2015-05-30 14:34 - 2015-05-30 14:34 - 00005632 _____ () C:\Users\smoking caterpillar\AppData\Local\Temp\WLZ2B05.tmp\in_wave.lng
2015-05-30 14:34 - 2015-05-30 14:34 - 00015360 _____ () C:\Users\smoking caterpillar\AppData\Local\Temp\WLZ2B05.tmp\in_wm.lng
2015-05-30 14:34 - 2015-05-30 14:34 - 00004608 _____ () C:\Users\smoking caterpillar\AppData\Local\Temp\WLZ2B05.tmp\in_wv.lng
2015-05-30 14:34 - 2015-05-30 14:34 - 00003584 _____ () C:\Users\smoking caterpillar\AppData\Local\Temp\WLZ2B05.tmp\ml_addons.lng
2015-05-30 14:34 - 2015-05-30 14:34 - 00006656 _____ () C:\Users\smoking caterpillar\AppData\Local\Temp\WLZ2B05.tmp\ml_autotag.lng
2015-05-30 14:34 - 2015-05-30 14:34 - 00005120 _____ () C:\Users\smoking caterpillar\AppData\Local\Temp\WLZ2B05.tmp\ml_bookmarks.lng
2015-05-30 14:34 - 2015-05-30 14:34 - 00008704 _____ () C:\Users\smoking caterpillar\AppData\Local\Temp\WLZ2B05.tmp\ml_devices.lng
2015-05-30 14:34 - 2015-05-30 14:34 - 00047616 _____ () C:\Users\smoking caterpillar\AppData\Local\Temp\WLZ2B05.tmp\ml_disc.lng
2015-05-30 14:34 - 2015-05-30 14:34 - 00009728 _____ () C:\Users\smoking caterpillar\AppData\Local\Temp\WLZ2B05.tmp\ml_downloads.lng
2015-05-30 14:34 - 2015-05-30 14:34 - 00004608 _____ () C:\Users\smoking caterpillar\AppData\Local\Temp\WLZ2B05.tmp\ml_enqplay.lng
2015-05-30 14:34 - 2015-05-30 14:34 - 00008704 _____ () C:\Users\smoking caterpillar\AppData\Local\Temp\WLZ2B05.tmp\ml_history.lng
2015-05-30 14:34 - 2015-05-30 14:34 - 00005120 _____ () C:\Users\smoking caterpillar\AppData\Local\Temp\WLZ2B05.tmp\ml_impex.lng
2015-05-30 14:34 - 2015-05-30 14:34 - 00056320 _____ () C:\Users\smoking caterpillar\AppData\Local\Temp\WLZ2B05.tmp\ml_local.lng
2015-05-30 14:34 - 2015-05-30 14:34 - 00003584 _____ () C:\Users\smoking caterpillar\AppData\Local\Temp\WLZ2B05.tmp\ml_nowplaying.lng
2015-05-30 14:34 - 2015-05-30 14:34 - 00014336 _____ () C:\Users\smoking caterpillar\AppData\Local\Temp\WLZ2B05.tmp\ml_online.lng
2015-05-30 14:34 - 2015-05-30 14:34 - 00004096 _____ () C:\Users\smoking caterpillar\AppData\Local\Temp\WLZ2B05.tmp\ml_orb.lng
2015-05-30 14:34 - 2015-05-30 14:34 - 00012800 _____ () C:\Users\smoking caterpillar\AppData\Local\Temp\WLZ2B05.tmp\ml_playlists.lng
2015-05-30 14:34 - 2015-05-30 14:34 - 00034816 _____ () C:\Users\smoking caterpillar\AppData\Local\Temp\WLZ2B05.tmp\ml_plg.lng
2015-05-30 14:34 - 2015-05-30 14:34 - 00047104 _____ () C:\Users\smoking caterpillar\AppData\Local\Temp\WLZ2B05.tmp\ml_pmp.lng
2015-05-30 14:34 - 2015-05-30 14:34 - 00005120 _____ () C:\Users\smoking caterpillar\AppData\Local\Temp\WLZ2B05.tmp\ml_rg.lng
2015-05-30 14:34 - 2015-05-30 14:34 - 00008192 _____ () C:\Users\smoking caterpillar\AppData\Local\Temp\WLZ2B05.tmp\ml_transcode.lng
2015-05-30 14:34 - 2015-05-30 14:34 - 00014848 _____ () C:\Users\smoking caterpillar\AppData\Local\Temp\WLZ2B05.tmp\ml_wire.lng
2015-05-30 14:34 - 2015-05-30 14:34 - 00036352 _____ () C:\Users\smoking caterpillar\AppData\Local\Temp\WLZ2B05.tmp\ombrowser.lng
2015-05-30 14:34 - 2015-05-30 14:34 - 00006144 _____ () C:\Users\smoking caterpillar\AppData\Local\Temp\WLZ2B05.tmp\out_disk.lng
2015-05-30 14:34 - 2015-05-30 14:34 - 00016384 _____ () C:\Users\smoking caterpillar\AppData\Local\Temp\WLZ2B05.tmp\out_ds.lng
2015-05-30 14:34 - 2015-05-30 14:34 - 00007680 _____ () C:\Users\smoking caterpillar\AppData\Local\Temp\WLZ2B05.tmp\out_wave.lng
2015-05-30 14:34 - 2015-05-30 14:34 - 00003072 _____ () C:\Users\smoking caterpillar\AppData\Local\Temp\WLZ2B05.tmp\playlist.lng
2015-05-30 14:34 - 2015-05-30 14:34 - 00004608 _____ () C:\Users\smoking caterpillar\AppData\Local\Temp\WLZ2B05.tmp\pmp_activesync.lng
2015-05-30 14:34 - 2015-05-30 14:34 - 00020480 _____ () C:\Users\smoking caterpillar\AppData\Local\Temp\WLZ2B05.tmp\pmp_android.lng
2015-05-30 14:34 - 2015-05-30 14:34 - 00036864 _____ () C:\Users\smoking caterpillar\AppData\Local\Temp\WLZ2B05.tmp\pmp_ipod.lng
2015-05-30 14:34 - 2015-05-30 14:34 - 00003584 _____ () C:\Users\smoking caterpillar\AppData\Local\Temp\WLZ2B05.tmp\pmp_njb.lng
2015-05-30 14:34 - 2015-05-30 14:34 - 00004096 _____ () C:\Users\smoking caterpillar\AppData\Local\Temp\WLZ2B05.tmp\pmp_p4s.lng
2015-05-30 14:34 - 2015-05-30 14:34 - 00011776 _____ () C:\Users\smoking caterpillar\AppData\Local\Temp\WLZ2B05.tmp\pmp_usb.lng
2015-05-30 14:34 - 2015-05-30 14:34 - 00039424 _____ () C:\Users\smoking caterpillar\AppData\Local\Temp\WLZ2B05.tmp\pmp_wifi.lng
2015-05-30 14:34 - 2015-05-30 14:34 - 00006144 _____ () C:\Users\smoking caterpillar\AppData\Local\Temp\WLZ2B05.tmp\tagz.lng
2015-05-30 14:34 - 2015-05-30 14:34 - 00088064 _____ () C:\Users\smoking caterpillar\AppData\Local\Temp\WLZ2B05.tmp\vis_avs.lng
2015-05-30 14:34 - 2015-05-30 14:34 - 00156160 _____ () C:\Users\smoking caterpillar\AppData\Local\Temp\WLZ2B05.tmp\vis_milk2.lng
2015-05-30 14:34 - 2015-05-30 14:34 - 00007680 _____ () C:\Users\smoking caterpillar\AppData\Local\Temp\WLZ2B05.tmp\vis_nsfs.lng
2015-05-30 14:34 - 2015-05-30 14:34 - 00206336 _____ () C:\Users\smoking caterpillar\AppData\Local\Temp\WLZ2B05.tmp\winamp.lng
2015-05-30 14:34 - 2015-05-30 14:34 - 00004096 _____ () C:\Users\smoking caterpillar\AppData\Local\Temp\WLZ2B05.tmp\winampa.lng
2012-06-20 18:14 - 2012-10-02 19:02 - 00023552 _____ () C:\Program Files (x86)\Winamp\System\albumart.w5s
2012-06-20 18:14 - 2012-10-02 19:02 - 00174080 _____ () C:\Program Files (x86)\Winamp\System\auth.w5s
2012-06-20 18:14 - 2012-10-02 19:02 - 00019456 _____ () C:\Program Files (x86)\Winamp\System\bmp.w5s
2012-06-20 18:14 - 2012-10-02 19:02 - 00044544 _____ () C:\Program Files (x86)\Winamp\System\devices.w5s
2012-06-20 18:14 - 2012-10-02 19:02 - 00016896 _____ () C:\Program Files (x86)\Winamp\System\dlmgr.w5s
2012-06-20 18:14 - 2012-10-02 19:02 - 00014336 _____ () C:\Program Files (x86)\Winamp\System\filereader.w5s
2012-06-20 18:14 - 2012-10-02 19:02 - 00019456 _____ () C:\Program Files (x86)\Winamp\System\gif.w5s
2012-06-20 18:14 - 2012-10-02 19:02 - 00016384 _____ () C:\Program Files (x86)\Winamp\System\gracenote.w5s
2012-06-20 18:14 - 2012-10-02 19:02 - 00623616 _____ () C:\Program Files (x86)\Winamp\System\jnetlib.w5s
2012-06-20 18:14 - 2012-10-02 19:02 - 00154624 _____ () C:\Program Files (x86)\Winamp\System\jpeg.w5s
2012-06-20 18:14 - 2012-10-02 19:02 - 00084480 _____ () C:\Program Files (x86)\Winamp\System\playlist.w5s
2012-06-20 18:14 - 2012-10-02 19:02 - 00087552 _____ () C:\Program Files (x86)\Winamp\System\png.w5s
2012-06-20 18:14 - 2012-10-02 19:02 - 00013824 _____ () C:\Program Files (x86)\Winamp\System\primo.w5s
2012-06-20 18:14 - 2012-10-02 19:02 - 00021504 _____ () C:\Program Files (x86)\Winamp\System\tagz.w5s
2012-06-20 18:14 - 2012-10-02 19:02 - 00035328 _____ () C:\Program Files (x86)\Winamp\System\timer.w5s
2012-06-20 18:14 - 2012-10-02 19:02 - 00091136 _____ () C:\Program Files (x86)\Winamp\System\xml.w5s
2012-06-20 18:14 - 2012-10-02 19:02 - 00068608 _____ () C:\Program Files (x86)\Winamp\Plugins\in_avi.dll
2012-06-20 18:14 - 2012-10-02 19:02 - 00102400 _____ () C:\Program Files (x86)\Winamp\Plugins\in_cdda.dll
2012-06-20 18:14 - 2012-10-02 19:02 - 00072192 _____ () C:\Program Files (x86)\Winamp\Plugins\in_dshow.dll
2012-06-20 18:14 - 2012-10-02 19:02 - 00061440 _____ () C:\Program Files (x86)\Winamp\Plugins\in_flac.dll
2012-06-20 18:14 - 2012-10-02 19:02 - 00043008 _____ () C:\Program Files (x86)\Winamp\Plugins\in_flv.dll
2012-06-20 18:14 - 2012-10-02 19:02 - 00007168 _____ () C:\Program Files (x86)\Winamp\Plugins\in_linein.dll
2012-06-20 18:14 - 2012-10-02 19:02 - 00109568 _____ () C:\Program Files (x86)\Winamp\Plugins\in_midi.dll
2012-06-20 18:14 - 2012-10-02 19:02 - 00049152 _____ () C:\Program Files (x86)\Winamp\Plugins\in_mkv.dll
2012-06-20 18:14 - 2012-10-02 19:02 - 00164864 _____ () C:\Program Files (x86)\Winamp\Plugins\in_mod.dll
2012-06-20 18:14 - 2012-10-02 19:02 - 00290816 _____ () C:\Program Files (x86)\Winamp\Plugins\in_mp3.dll
2012-06-20 18:14 - 2012-10-02 19:02 - 00052736 _____ () C:\Program Files (x86)\Winamp\Plugins\in_mp4.dll
2012-06-20 18:14 - 2012-10-02 19:02 - 00075264 _____ () C:\Program Files (x86)\Winamp\Plugins\in_nsv.dll
2012-06-20 18:14 - 2012-10-02 19:02 - 00023552 _____ () C:\Program Files (x86)\Winamp\Plugins\in_swf.dll
2012-06-20 18:14 - 2012-10-02 19:02 - 00253440 _____ () C:\Program Files (x86)\Winamp\Plugins\in_vorbis.dll
2012-06-20 18:14 - 2012-10-02 19:02 - 00016896 _____ () C:\Program Files (x86)\Winamp\Plugins\in_wave.dll
2012-06-20 18:14 - 2012-10-02 19:02 - 00253440 _____ () C:\Program Files (x86)\Winamp\libsndfile.dll
2012-06-20 18:14 - 2012-10-02 19:02 - 00313344 _____ () C:\Program Files (x86)\Winamp\Plugins\in_wm.dll
2012-06-20 18:14 - 2012-10-02 19:02 - 00022528 _____ () C:\Program Files (x86)\Winamp\Plugins\out_disk.dll
2012-06-20 18:14 - 2012-10-02 19:02 - 00052224 _____ () C:\Program Files (x86)\Winamp\Plugins\out_ds.dll
2012-06-20 18:14 - 2012-10-02 19:02 - 00018432 _____ () C:\Program Files (x86)\Winamp\Plugins\out_wave.dll
2012-06-20 18:14 - 2012-10-02 19:02 - 01737728 _____ () C:\Program Files (x86)\Winamp\Plugins\gen_ff.dll
2012-06-20 18:14 - 2012-10-02 19:02 - 00083968 _____ () C:\Program Files (x86)\Winamp\tataki.dll
2012-06-20 18:14 - 2012-10-02 19:02 - 00340992 _____ () C:\Program Files (x86)\Winamp\Plugins\freeform\wacs\freetype\freetype.wac
2012-06-20 18:14 - 2012-10-02 19:02 - 00028160 _____ () C:\Program Files (x86)\Winamp\Plugins\gen_hotkeys.dll
2004-04-26 00:09 - 2004-04-26 00:09 - 00372736 _____ () C:\Program Files (x86)\Winamp\Plugins\gen_httpq.dll
2011-11-11 00:10 - 2012-10-02 19:02 - 00185344 _____ () C:\Program Files (x86)\Winamp\Plugins\gen_jumpex.dll
2012-06-20 18:14 - 2012-10-02 19:02 - 00318976 _____ () C:\Program Files (x86)\Winamp\Plugins\gen_ml.dll
2012-06-20 18:14 - 2012-10-02 19:02 - 00294912 _____ () C:\Program Files (x86)\Winamp\Plugins\ml_local.dll
2012-06-20 18:14 - 2012-10-02 19:02 - 00084480 _____ () C:\Program Files (x86)\Winamp\Plugins\ml_playlists.dll
2012-06-20 18:14 - 2012-10-02 19:02 - 00249856 _____ () C:\Program Files (x86)\Winamp\Plugins\ml_devices.dll
2012-06-20 18:14 - 2012-10-02 19:02 - 00201728 _____ () C:\Program Files (x86)\Winamp\Plugins\ml_disc.dll
2012-06-20 18:14 - 2012-10-02 19:02 - 00240640 _____ () C:\Program Files (x86)\Winamp\Plugins\ml_pmp.dll
2012-06-20 18:14 - 2012-10-02 19:02 - 00060928 _____ () C:\Program Files (x86)\Winamp\Plugins\pmp_android.dll
2012-06-20 18:14 - 2012-10-02 19:02 - 00170496 _____ () C:\Program Files (x86)\Winamp\Plugins\pmp_ipod.dll
2012-06-20 18:14 - 2012-10-02 19:02 - 00020480 _____ () C:\Program Files (x86)\Winamp\Plugins\pmp_njb.dll
2012-06-20 18:14 - 2012-10-02 19:02 - 00118272 _____ () C:\Program Files (x86)\Winamp\Plugins\pmp_p4s.dll
2012-06-20 18:14 - 2012-10-02 19:02 - 00053760 _____ () C:\Program Files (x86)\Winamp\Plugins\pmp_usb.dll
2012-06-20 18:14 - 2012-10-02 19:02 - 00113664 _____ () C:\Program Files (x86)\Winamp\Plugins\pmp_wifi.dll
2012-06-20 18:14 - 2012-10-02 19:02 - 00028672 _____ () C:\Program Files (x86)\Winamp\Plugins\ml_bookmarks.dll
2012-06-20 18:14 - 2012-10-02 19:02 - 00052224 _____ () C:\Program Files (x86)\Winamp\Plugins\ml_history.dll
2012-06-20 18:14 - 2012-10-02 19:02 - 00028672 _____ () C:\Program Files (x86)\Winamp\Plugins\ml_autotag.dll
2012-06-20 18:14 - 2012-10-02 19:02 - 00057344 _____ () C:\Program Files (x86)\Winamp\Plugins\ml_impex.dll
2012-06-20 18:14 - 2012-10-02 19:02 - 00033792 _____ () C:\Program Files (x86)\Winamp\Plugins\ml_rg.dll
2012-06-20 18:14 - 2012-10-02 19:02 - 00032256 _____ () C:\Program Files (x86)\Winamp\Plugins\ml_transcode.dll
2012-06-20 18:14 - 2012-10-02 19:02 - 00025600 _____ () C:\Program Files (x86)\Winamp\Plugins\gen_tray.dll
2013-01-16 14:55 - 2015-04-20 02:00 - 00738784 _____ () C:\Program Files (x86)\Last.fm\unicorn.dll
2013-01-16 14:55 - 2015-04-20 02:00 - 00034784 _____ () C:\Program Files (x86)\Last.fm\logger.dll
2013-01-16 14:55 - 2015-04-20 02:00 - 00353248 _____ () C:\Program Files (x86)\Last.fm\lastfm.dll
2013-01-16 14:55 - 2015-04-20 02:00 - 00128992 _____ () C:\Program Files (x86)\Last.fm\listener.dll
2013-01-16 14:55 - 2015-04-20 01:59 - 00304608 _____ () C:\Program Files (x86)\Last.fm\phonon.dll
2015-04-22 16:16 - 2015-04-20 02:00 - 00184800 _____ () C:\Program Files (x86)\Last.fm\plugins\phonon_backend\phonon_vlc.dll
2013-01-16 14:55 - 2015-04-20 01:59 - 00113120 _____ () C:\Program Files (x86)\Last.fm\libvlc.dll
2013-01-16 14:55 - 2015-04-20 01:59 - 02288608 _____ () C:\Program Files (x86)\Last.fm\libvlccore.dll
2015-04-22 16:16 - 2015-04-20 02:00 - 00051680 _____ () C:\Program Files (x86)\Last.fm\plugins\audio_output\libaout_directx_plugin.dll
2014-01-10 07:28 - 2014-01-10 07:28 - 00100688 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
2015-04-18 19:40 - 2015-04-18 19:40 - 16863920 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\ProgramData\TEMP:0A8E2C33
AlternateDataStreams: C:\ProgramData\TEMP:5C321E34
==================== Safe Mode (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
IE trusted site: HKU\S-1-5-21-3093878258-50056534-2936666279-1000\...\secunia.com -> hxxps://secunia.com
IE restricted site: HKU\S-1-5-21-3093878258-50056534-2936666279-1000\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-3093878258-50056534-2936666279-1000\...\008k.com -> 008k.com
IE restricted site: HKU\S-1-5-21-3093878258-50056534-2936666279-1000\...\00hq.com -> 00hq.com
IE restricted site: HKU\S-1-5-21-3093878258-50056534-2936666279-1000\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-3093878258-50056534-2936666279-1000\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-3093878258-50056534-2936666279-1000\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-3093878258-50056534-2936666279-1000\...\0411dd.com -> 0411dd.com
IE restricted site: HKU\S-1-5-21-3093878258-50056534-2936666279-1000\...\0511zfhl.com -> 0511zfhl.com
IE restricted site: HKU\S-1-5-21-3093878258-50056534-2936666279-1000\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-3093878258-50056534-2936666279-1000\...\0632qyw.com -> 0632qyw.com
IE restricted site: HKU\S-1-5-21-3093878258-50056534-2936666279-1000\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-3093878258-50056534-2936666279-1000\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-3093878258-50056534-2936666279-1000\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-3093878258-50056534-2936666279-1000\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-3093878258-50056534-2936666279-1000\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-3093878258-50056534-2936666279-1000\...\0scan.com -> 0scan.com
IE restricted site: HKU\S-1-5-21-3093878258-50056534-2936666279-1000\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-3093878258-50056534-2936666279-1000\...\1-domains-registrations.com -> 1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-3093878258-50056534-2936666279-1000\...\1-se.com -> 1-se.com
IE restricted site: HKU\S-1-5-21-3093878258-50056534-2936666279-1000\...\1001movie.com -> 1001movie.com
There are 6088 more restricted sites.
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-3093878258-50056534-2936666279-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\smoking caterpillar\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.2.1
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: DMAgent => 2
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: Secunia PSI Agent => 2
MSCONFIG\Services: Secunia Update Agent => 2
MSCONFIG\Services: WiMAXAppSrv => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Secunia PSI Tray.lnk => C:\Windows\pss\Secunia PSI Tray.lnk.CommonStartup
MSCONFIG\startupreg: FileHippo.com => "C:\Program Files (x86)\FileHippo.com\UpdateChecker.exe" /background
MSCONFIG\startupreg: HotKeysCmds => C:\Windows\system32\hkcmd.exe
MSCONFIG\startupreg: IgfxTray => C:\Windows\system32\igfxtray.exe
MSCONFIG\startupreg: IntelWirelessWiMAX => "C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe" /tasktray /nosplash
MSCONFIG\startupreg: Ocs_SM => C:\Users\smoking caterpillar\AppData\Roaming\OCS\SM\SearchAnonymizer.exe
MSCONFIG\startupreg: Persistence => C:\Windows\system32\igfxpers.exe
MSCONFIG\startupreg: RtHDVBg => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /SF3
MSCONFIG\startupreg: RtHDVCpl => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
MSCONFIG\startupreg: SonicMasterTray => C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe
MSCONFIG\startupreg: Spotify => "C:\Users\smoking caterpillar\AppData\Roaming\Spotify\spotify.exe" /uri spotify:autostart
MSCONFIG\startupreg: Spotify Web Helper => "C:\Users\smoking caterpillar\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: SynAsusAcpi => %ProgramFiles%\Synaptics\SynTP\SynAsusAcpi.exe
MSCONFIG\startupreg: SynTPEnh => %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{3C5F7CDE-0BF6-452B-B559-E96BDB2FB379}] => (Allow) C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe
FirewallRules: [{ED0CD68E-F281-4125-A5DF-CA96A21B8AEB}] => (Allow) C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe
FirewallRules: [{F377B8F7-FF69-4C85-9626-33AB10AEF8DC}] => (Allow) C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe
FirewallRules: [{3A973FE1-5BF8-4705-8504-C8881D1166A0}] => (Allow) C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe
FirewallRules: [TCP Query User{F33B5FD2-71FA-4600-8445-0A864817ABFE}C:\program files (x86)\winamp\winamp.exe] => (Allow) C:\program files (x86)\winamp\winamp.exe
FirewallRules: [UDP Query User{1571C7F1-98A0-4EAD-8BFA-D15B7326ACEC}C:\program files (x86)\winamp\winamp.exe] => (Allow) C:\program files (x86)\winamp\winamp.exe
FirewallRules: [{3778583D-C91A-4519-B38A-5C50C6E6DB0B}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{13B16981-6D5E-46C6-9414-E1597D1DB1EB}] => (Allow) C:\Program Files (x86)\ICQ7M\ICQ.exe
FirewallRules: [{F4EFD91C-EBA0-4603-A01F-658963A3A111}] => (Allow) C:\Program Files (x86)\ICQ7M\ICQ.exe
FirewallRules: [TCP Query User{7DB69B7E-C5A0-4481-B388-E37FD63EA969}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [UDP Query User{9A50D58F-0212-4280-A593-3E64C70E927A}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [{BDFD8E04-BBC2-451A-AAA2-66B55FE8F4CB}] => (Allow) C:\Windows\SysWOW64\msiexec.exe
FirewallRules: [{3E8C0259-9F0C-4A14-9C5E-447565DEDD73}] => (Allow) C:\Windows\SysWOW64\msiexec.exe
FirewallRules: [{8A7361E0-2A8E-4004-818F-7ACB6B279B94}] => (Allow) C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe
FirewallRules: [{F2073049-1BD5-4B8B-B181-8E164D1FD752}] => (Allow) C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe
FirewallRules: [{31A8DF2E-B654-49B6-9AD0-2B5FFA9C1F16}] => (Allow) C:\Program Files (x86)\Nero\KM\KwikMedia.exe
FirewallRules: [{D0F9379C-87E2-4E9E-98DF-4ADD6A09095B}] => (Allow) C:\Program Files (x86)\Nero\KM\KwikMedia.exe
FirewallRules: [TCP Query User{F8C39154-DC4B-4431-95B2-88ADD36B8F22}C:\program files (x86)\jdownloader 2\jdownloader 2.exe] => (Allow) C:\program files (x86)\jdownloader 2\jdownloader 2.exe
FirewallRules: [UDP Query User{976E6DB3-FA94-4CBE-92A8-281A13A3C90F}C:\program files (x86)\jdownloader 2\jdownloader 2.exe] => (Allow) C:\program files (x86)\jdownloader 2\jdownloader 2.exe
FirewallRules: [TCP Query User{43AE14EE-AA38-415D-953C-CCC4A78E60D9}C:\users\smoking caterpillar\desktop\candisoft_load__0.7.2\candisoft_load!_0.7.2\candisoft_load!_0.7.2\load.exe] => (Allow) C:\users\smoking caterpillar\desktop\candisoft_load__0.7.2\candisoft_load!_0.7.2\candisoft_load!_0.7.2\load.exe
FirewallRules: [UDP Query User{DBC6A752-681A-4DFA-86D9-D657221F85CD}C:\users\smoking caterpillar\desktop\candisoft_load__0.7.2\candisoft_load!_0.7.2\candisoft_load!_0.7.2\load.exe] => (Allow) C:\users\smoking caterpillar\desktop\candisoft_load__0.7.2\candisoft_load!_0.7.2\candisoft_load!_0.7.2\load.exe
FirewallRules: [TCP Query User{C2C4D137-D1E0-45FB-A62C-03C1D5A49A23}C:\users\smoking caterpillar\desktop\rtmpexplorer2\rtmpexplorer2\rtmpsrv.exe] => (Allow) C:\users\smoking caterpillar\desktop\rtmpexplorer2\rtmpexplorer2\rtmpsrv.exe
FirewallRules: [UDP Query User{5124CD94-A20A-41DA-AA08-1C26D059FD55}C:\users\smoking caterpillar\desktop\rtmpexplorer2\rtmpexplorer2\rtmpsrv.exe] => (Allow) C:\users\smoking caterpillar\desktop\rtmpexplorer2\rtmpexplorer2\rtmpsrv.exe
FirewallRules: [TCP Query User{CAE872C6-B946-49C2-90D0-4808A4DC7E88}C:\users\smoking caterpillar\desktop\rtmpexplorer2\rtmpexplorer2\rtmpsuck.exe] => (Allow) C:\users\smoking caterpillar\desktop\rtmpexplorer2\rtmpexplorer2\rtmpsuck.exe
FirewallRules: [UDP Query User{522C08C0-0835-4ED5-A360-40854D5021BE}C:\users\smoking caterpillar\desktop\rtmpexplorer2\rtmpexplorer2\rtmpsuck.exe] => (Allow) C:\users\smoking caterpillar\desktop\rtmpexplorer2\rtmpexplorer2\rtmpsuck.exe
FirewallRules: [TCP Query User{8F1461A0-F056-4BE4-BF8A-CAD77D85ED81}C:\users\smoking caterpillar\desktop\office\office64\office64\microsoft.office.professional.plus.2013.volume.license.x64.kmsmicro.v3.10.german-mcu\kmsmicro.v3.10\kmsmicro v3.10\qemu\qemu.exe] => (Allow) C:\users\smoking caterpillar\desktop\office\office64\office64\microsoft.office.professional.plus.2013.volume.license.x64.kmsmicro.v3.10.german-mcu\kmsmicro.v3.10\kmsmicro v3.10\qemu\qemu.exe
FirewallRules: [UDP Query User{6DA8183D-290D-4128-BBF2-244533346FF5}C:\users\smoking caterpillar\desktop\office\office64\office64\microsoft.office.professional.plus.2013.volume.license.x64.kmsmicro.v3.10.german-mcu\kmsmicro.v3.10\kmsmicro v3.10\qemu\qemu.exe] => (Allow) C:\users\smoking caterpillar\desktop\office\office64\office64\microsoft.office.professional.plus.2013.volume.license.x64.kmsmicro.v3.10.german-mcu\kmsmicro.v3.10\kmsmicro v3.10\qemu\qemu.exe
FirewallRules: [{4B9A0515-9B15-408A-A838-EDE247044266}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{9DA1ABBD-C689-4E41-9180-F559018EDF98}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{D4050F6A-B239-43F3-9C1D-637F55B46A3F}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{0AAFBF66-F341-4192-BAFF-D15CFA5AE88B}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [TCP Query User{D80B6665-5D95-4F6D-9EB3-E122D2123E59}C:\users\smoking caterpillar\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\smoking caterpillar\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{1E176D0A-880A-4C2F-8341-565F2857591E}C:\users\smoking caterpillar\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\smoking caterpillar\appdata\roaming\spotify\spotify.exe
FirewallRules: [{F7C46FA3-E72E-489C-8166-321A25B8D17B}] => (Allow) C:\ProgramData\eSafe\eGdpSvc.exe
FirewallRules: [TCP Query User{8AD58572-D2A0-4FC0-9719-81215409B842}C:\users\smoking caterpillar\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\smoking caterpillar\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{3AF580CC-7E10-4459-ACF7-DF5847E84413}C:\users\smoking caterpillar\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\smoking caterpillar\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{5AA2F6F5-765F-4E6E-BA2C-B69478A470D6}C:\program files\java\jre7\bin\javaw.exe] => (Block) C:\program files\java\jre7\bin\javaw.exe
FirewallRules: [UDP Query User{AA553062-DFBC-4FB8-82F4-A762D8A2225B}C:\program files\java\jre7\bin\javaw.exe] => (Block) C:\program files\java\jre7\bin\javaw.exe
FirewallRules: [TCP Query User{55D11AFC-710A-4937-833D-9354BFD6D045}C:\users\smoking caterpillar\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\smoking caterpillar\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [UDP Query User{C0462DDF-DD4B-4922-8EEA-C96E74743953}C:\users\smoking caterpillar\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\smoking caterpillar\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [{236CC93D-C9A0-4EB2-8A2F-713940BC2D37}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{F5E7A86C-B841-4FC2-9FB2-FC4CA8E994D2}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{DDC9FE58-B159-474C-94D8-A25F63648F3C}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{E117C392-9482-4C22-9F83-EC529D0DD482}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{074D7FC5-B419-4153-B28B-CD130662B2C6}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{444A5458-11AD-4902-BC05-139660519445}] => (Allow) LPort=2869
FirewallRules: [{174B014D-B56F-40B9-A420-EE89496B16D9}] => (Allow) LPort=1900
FirewallRules: [{5E5E5BBC-F27A-4C89-A9D2-3A5B47B6DFA9}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [TCP Query User{7CBBC330-6E60-43B0-9AD7-7C337940901B}C:\users\smoking caterpillar\appdata\roaming\mozilla\firefox\profiles\smf00mp5.default\extensions\jid1-4p0kohsjxu1qgg@jetpack\resources\hola_firefox_ext\data\plugins\hola_plugin_x64.exe] => (Allow) C:\users\smoking caterpillar\appdata\roaming\mozilla\firefox\profiles\smf00mp5.default\extensions\jid1-4p0kohsjxu1qgg@jetpack\resources\hola_firefox_ext\data\plugins\hola_plugin_x64.exe
FirewallRules: [UDP Query User{E3207F35-AC55-4E8C-885F-8F17EAA33D21}C:\users\smoking caterpillar\appdata\roaming\mozilla\firefox\profiles\smf00mp5.default\extensions\jid1-4p0kohsjxu1qgg@jetpack\resources\hola_firefox_ext\data\plugins\hola_plugin_x64.exe] => (Allow) C:\users\smoking caterpillar\appdata\roaming\mozilla\firefox\profiles\smf00mp5.default\extensions\jid1-4p0kohsjxu1qgg@jetpack\resources\hola_firefox_ext\data\plugins\hola_plugin_x64.exe
FirewallRules: [TCP Query User{E12707AF-EB9C-46E1-972F-CF046FBEF3C9}C:\users\smoking caterpillar\appdata\roaming\mozilla\firefox\profiles\smf00mp5.default\extensions\jid1-4p0kohsjxu1qgg@jetpack\resources\hola_firefox_ext\data\plugins\hola_plugin_x64.exe] => (Allow) C:\users\smoking caterpillar\appdata\roaming\mozilla\firefox\profiles\smf00mp5.default\extensions\jid1-4p0kohsjxu1qgg@jetpack\resources\hola_firefox_ext\data\plugins\hola_plugin_x64.exe
FirewallRules: [UDP Query User{30600CB9-FE30-4630-AA07-5EBFAE58C51B}C:\users\smoking caterpillar\appdata\roaming\mozilla\firefox\profiles\smf00mp5.default\extensions\jid1-4p0kohsjxu1qgg@jetpack\resources\hola_firefox_ext\data\plugins\hola_plugin_x64.exe] => (Allow) C:\users\smoking caterpillar\appdata\roaming\mozilla\firefox\profiles\smf00mp5.default\extensions\jid1-4p0kohsjxu1qgg@jetpack\resources\hola_firefox_ext\data\plugins\hola_plugin_x64.exe
FirewallRules: [{95FEAB33-36C5-4163-BB9C-6B2FFDDA898D}] => (Allow) C:\Users\smoking caterpillar\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{41CB992D-616F-4C65-BB3A-AD85726305FE}] => (Allow) C:\Users\smoking caterpillar\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{7727E00F-212D-45F9-87ED-1938925F83D5}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{ACC6BC00-DA18-468F-8488-DE5E58AC24F4}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{7E2D7CAF-DDF0-4C23-9D00-4AB8CD518330}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{E04C6467-E6B9-4685-9EE7-58A922134570}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [TCP Query User{72627C23-02EF-47A7-8231-BCAB4A07B94B}C:\users\smoking caterpillar\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\smoking caterpillar\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{6A9FDE97-E126-4D89-81B9-04FAEA69DC47}C:\users\smoking caterpillar\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\smoking caterpillar\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [{283B11D4-6737-4647-8B22-16A32867BF53}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{9F144C31-1407-424F-B445-090879431234}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{CEA84FCA-0299-4CB4-86FC-FBA756B97170}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{CB908B9E-50C5-4C18-9338-A8F46FD583F9}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (05/30/2015 02:34:16 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (05/30/2015 00:47:34 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (05/30/2015 07:36:16 AM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073418154
Error: (05/30/2015 07:27:47 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (05/30/2015 00:15:06 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.CRT,processorArchitecture="x86",type="win32",version="8.0.50727.762"1".
Die abhängige Assemblierung "Microsoft.VC80.CRT,processorArchitecture="x86",type="win32",version="8.0.50727.762"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
Error: (05/30/2015 00:15:06 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.CRT,processorArchitecture="x86",type="win32",version="8.0.50727.762"1".
Die abhängige Assemblierung "Microsoft.VC80.CRT,processorArchitecture="x86",type="win32",version="8.0.50727.762"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
Error: (05/29/2015 10:46:19 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (05/29/2015 09:44:05 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (05/29/2015 04:16:33 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (05/29/2015 07:51:43 AM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073418154
System errors:
=============
Error: (05/30/2015 02:33:05 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am 30.05.2015 um 14:31:39 unerwartet heruntergefahren.
Error: (05/30/2015 02:31:39 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am 30.05.2015 um 14:30:38 unerwartet heruntergefahren.
Error: (05/30/2015 00:56:04 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: Der Aufruf "ScRegSetValueExW" ist für "FailureCommand" aufgrund folgenden Fehlers fehlgeschlagen:
%%5
Error: (05/30/2015 00:55:59 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: Der Aufruf "ScRegSetValueExW" ist für "Start" aufgrund folgenden Fehlers fehlgeschlagen:
%%5
Error: (05/30/2015 00:46:49 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: Der Aufruf "ScRegSetValueExW" ist für "Start" aufgrund folgenden Fehlers fehlgeschlagen:
%%5
Error: (05/30/2015 00:46:49 PM) (Source: Microsoft Antimalware) (EventID: 3002) (User: )
Description: Vom Echtzeitschutz-Feature von %%860 wurde ein Fehler festgestellt
Feature: %%886
Fehlercode: 0x80070005
Fehlerbeschreibung: Zugriff verweigert
Grund: %%892
Error: (05/29/2015 10:44:41 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am 29.05.2015 um 22:43:12 unerwartet heruntergefahren.
Error: (05/29/2015 09:42:25 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am 29.05.2015 um 21:39:23 unerwartet heruntergefahren.
Error: (05/28/2015 11:59:35 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am 28.05.2015 um 23:58:01 unerwartet heruntergefahren.
Error: (05/27/2015 03:08:21 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am 27.05.2015 um 15:06:44 unerwartet heruntergefahren.
Microsoft Office:
=========================
Error: (05/30/2015 02:34:16 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (05/30/2015 00:47:34 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (05/30/2015 07:36:16 AM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073418154
Error: (05/30/2015 07:27:47 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (05/30/2015 00:15:06 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC80.CRT,processorArchitecture="x86",type="win32",version="8.0.50727.762"c:\program files (x86)\Last.fm\ext_skypenotify.dll
Error: (05/30/2015 00:15:06 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC80.CRT,processorArchitecture="x86",type="win32",version="8.0.50727.762"c:\program files (x86)\Last.fm\ext_messengernotify.dll
Error: (05/29/2015 10:46:19 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (05/29/2015 09:44:05 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (05/29/2015 04:16:33 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (05/29/2015 07:51:43 AM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073418154
CodeIntegrity Errors:
===================================
Date: 2014-12-10 14:26:41.191
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2014-12-10 14:26:41.151
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i3-2310M CPU @ 2.10GHz
Percentage of memory in use: 61%
Total physical RAM: 4000.13 MB
Available physical RAM: 1523.19 MB
Total Pagefile: 7998.44 MB
Available Pagefile: 5897.75 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:119.24 GB) (Free:23.6 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (layby) (Fixed) (Total:153.85 GB) (Free:153.76 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 496B9619)
Partition 1: (Not Active) - (Size=25 GB) - (Type=1C)
Partition 2: (Active) - (Size=119.2 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=153.9 GB) - (Type=07 NTFS)
==================== End of log ============================
|
|
31.05.2015, 05:56
| #4 |
| /// the machine /// TB-Ausbilder | Glaube, mein Rechner ist verseucht. hi, Downloade dir bitte  Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
31.05.2015, 08:40
| #5 |
| | Glaube, mein Rechner ist verseucht.Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.09.1.1004
www.malwarebytes.org
Database version:
main: v2015.05.30.06
rootkit: v2015.05.24.01
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.17801
smoking caterpillar :: SMOKINGCATERPIL [administrator]
31.05.2015 08:50:16
mbar-log-2015-05-31 (08-50-16).txt
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 423724
Time elapsed: 40 minute(s), 23 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
Physical Sectors Detected: 0
(No malicious items detected)
(end)
Code:
ATTFilter 09:36:29.0476 0x02f8 TDSS rootkit removing tool 3.0.0.44 Jan 22 2015 08:27:04
09:37:02.0738 0x02f8 ============================================================
09:37:02.0738 0x02f8 Current date / time: 2015/05/31 09:37:02.0738
09:37:02.0738 0x02f8 SystemInfo:
09:37:02.0738 0x02f8
09:37:02.0738 0x02f8 OS Version: 6.1.7601 ServicePack: 1.0
09:37:02.0738 0x02f8 Product type: Workstation
09:37:02.0738 0x02f8 ComputerName: SMOKINGCATERPIL
09:37:02.0739 0x02f8 UserName: smoking caterpillar
09:37:02.0739 0x02f8 Windows directory: C:\Windows
09:37:02.0739 0x02f8 System windows directory: C:\Windows
09:37:02.0739 0x02f8 Running under WOW64
09:37:02.0739 0x02f8 Processor architecture: Intel x64
09:37:02.0739 0x02f8 Number of processors: 4
09:37:02.0739 0x02f8 Page size: 0x1000
09:37:02.0739 0x02f8 Boot type: Normal boot
09:37:02.0739 0x02f8 ============================================================
09:37:03.0722 0x02f8 KLMD registered as C:\Windows\system32\drivers\25696244.sys
09:37:04.0267 0x02f8 System UUID: {5846AD24-FAA6-4647-2747-3BDE21C9250C}
09:37:06.0364 0x02f8 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 ( 298.09 Gb ), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
09:37:06.0399 0x02f8 ============================================================
09:37:06.0399 0x02f8 \Device\Harddisk0\DR0:
09:37:06.0399 0x02f8 MBR partitions:
09:37:06.0399 0x02f8 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3200800, BlocksNum 0xEE79000
09:37:06.0399 0x02f8 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x12079800, BlocksNum 0x133B4800
09:37:06.0399 0x02f8 ============================================================
09:37:06.0446 0x02f8 C: <-> \Device\Harddisk0\DR0\Partition1
09:37:06.0505 0x02f8 D: <-> \Device\Harddisk0\DR0\Partition2
09:37:06.0619 0x02f8 ============================================================
09:37:06.0619 0x02f8 Initialize success
09:37:06.0619 0x02f8 ============================================================
09:38:03.0993 0x0afc ============================================================
09:38:03.0993 0x0afc Scan started
09:38:03.0993 0x0afc Mode: Manual; SigCheck; TDLFS;
09:38:03.0993 0x0afc ============================================================
09:38:03.0993 0x0afc KSN ping started
09:38:06.0924 0x0afc KSN ping finished: true
09:38:07.0575 0x0afc ================ Scan system memory ========================
09:38:07.0575 0x0afc System memory - ok
09:38:07.0576 0x0afc ================ Scan services =============================
09:38:07.0740 0x0afc [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
09:38:07.0956 0x0afc 1394ohci - ok
09:38:08.0045 0x0afc [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI C:\Windows\system32\drivers\ACPI.sys
09:38:08.0092 0x0afc ACPI - ok
09:38:08.0107 0x0afc [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
09:38:08.0201 0x0afc AcpiPmi - ok
09:38:08.0339 0x0afc [ FC5B75CA6A1DA31EDD4F8D53F5540B98, CDC445F2790ADFC4C5568C40D4DA8BB95CD71991665B38AEC3D84571C99C3520 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
09:38:08.0383 0x0afc AdobeARMservice - ok
09:38:08.0532 0x0afc [ 00CC35F515079F5F94FABC3AC5C7D363, 7CE8B1715009602059DEDD6CBCA9C18EF079EDA344E7809813D6C0A395622B82 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
09:38:08.0548 0x0afc AdobeFlashPlayerUpdateSvc - ok
09:38:08.0611 0x0afc [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
09:38:08.0645 0x0afc adp94xx - ok
09:38:08.0669 0x0afc [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci C:\Windows\system32\drivers\adpahci.sys
09:38:08.0691 0x0afc adpahci - ok
09:38:08.0734 0x0afc [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
09:38:08.0751 0x0afc adpu320 - ok
09:38:08.0774 0x0afc [ 4B78B431F225FD8624C5655CB1DE7B61, 198A5AF2125C7C41F531A652D200C083A55A97DC541E3C0B5B253C7329949156 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
09:38:08.0899 0x0afc AeLookupSvc - ok
09:38:09.0030 0x0afc [ FA886682CFC5D36718D3E436AACF10B9, F80AB4F91AA6B5C7ECCB000D8E1BC2CF776DC3D69B3D9EBC2558C19035A6B3AB ] AFD C:\Windows\system32\drivers\afd.sys
09:38:09.0119 0x0afc AFD - ok
09:38:09.0161 0x0afc [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440 C:\Windows\system32\drivers\agp440.sys
09:38:09.0174 0x0afc agp440 - ok
09:38:09.0205 0x0afc [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG C:\Windows\System32\alg.exe
09:38:09.0262 0x0afc ALG - ok
09:38:09.0296 0x0afc [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide C:\Windows\system32\drivers\aliide.sys
09:38:09.0307 0x0afc aliide - ok
09:38:09.0367 0x0afc [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide C:\Windows\system32\drivers\amdide.sys
09:38:09.0379 0x0afc amdide - ok
09:38:09.0398 0x0afc [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
09:38:09.0447 0x0afc AmdK8 - ok
09:38:09.0472 0x0afc [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys
09:38:09.0505 0x0afc AmdPPM - ok
09:38:09.0556 0x0afc [ D4121AE6D0C0E7E13AA221AA57EF2D49, 626F43C099BD197BE56648C367B711143C2BCCE96496BBDEF19F391D52FA01D0 ] amdsata C:\Windows\system32\drivers\amdsata.sys
09:38:09.0571 0x0afc amdsata - ok
09:38:09.0610 0x0afc [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
09:38:09.0629 0x0afc amdsbs - ok
09:38:09.0642 0x0afc [ 540DAF1CEA6094886D72126FD7C33048, 296578572A93F5B74E1AD443E000B79DC99D1CBD25082E02704800F886A3065F ] amdxata C:\Windows\system32\drivers\amdxata.sys
09:38:09.0653 0x0afc amdxata - ok
09:38:09.0695 0x0afc [ 90C53BD47979FB8814F465A08B885102, 5EDFC1909FC1FF9133A534DFCC5408CF3A777AC41FB21FAD375436E3D86C02EC ] AppID C:\Windows\system32\drivers\appid.sys
09:38:09.0746 0x0afc AppID - ok
09:38:09.0762 0x0afc [ 72D4757510FDA69D729169C00AFC211E, FB9686D0D94EE7C19A3994C29E8331A6EC3020B2980B2CC75F72F3AB25512C15 ] AppIDSvc C:\Windows\System32\appidsvc.dll
09:38:09.0795 0x0afc AppIDSvc - ok
09:38:09.0833 0x0afc [ 9D2A2369AB4B08A4905FE72DB104498F, D6FA1705018BABABFA2362E05691A0D6408D14DE7B76129B16D0A1DAD6378E58 ] Appinfo C:\Windows\System32\appinfo.dll
09:38:09.0884 0x0afc Appinfo - ok
09:38:09.0939 0x0afc [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc C:\Windows\system32\drivers\arc.sys
09:38:09.0953 0x0afc arc - ok
09:38:09.0988 0x0afc [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas C:\Windows\system32\drivers\arcsas.sys
09:38:10.0002 0x0afc arcsas - ok
09:38:10.0047 0x0afc [ 0D721BEDC99072972A1C09C9FE549B07, 1FAECF6BE04A8AA9B31AD155CECAE097E3FBF3AD90D3895CC8AAA12410966CF0 ] asmthub3 C:\Windows\system32\DRIVERS\asmthub3.sys
09:38:10.0142 0x0afc asmthub3 - ok
09:38:10.0205 0x0afc [ C401B8F26490DC3E5E47D3A91F87CD00, 6B0EF7097C0644CD0D7BD254729E3C43027F8A02FE6A368382E44077AE5D2085 ] asmtxhci C:\Windows\system32\DRIVERS\asmtxhci.sys
09:38:10.0280 0x0afc asmtxhci - ok
09:38:10.0468 0x0afc [ 9A262EDD17F8473B91B333D6B031A901, 05DFBD3A7D83FDE1D062EA719ACA9EC48CB7FD42D17DDD88B82E5D25469ADD23 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
09:38:10.0497 0x0afc aspnet_state - ok
09:38:10.0547 0x0afc [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
09:38:10.0605 0x0afc AsyncMac - ok
09:38:10.0659 0x0afc [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi C:\Windows\system32\drivers\atapi.sys
09:38:10.0670 0x0afc atapi - ok
09:38:10.0825 0x0afc [ A5E770426D18F8EF332A593F3289DA91, 87AC97758618765814B630CB1A189CD690DC6B0EAAE93D80EDE7771FB362C9AF ] athr C:\Windows\system32\DRIVERS\athrx.sys
09:38:11.0018 0x0afc athr - ok
09:38:11.0085 0x0afc [ 6968D02DC38757C3FBE7ED7C2F9670AA, C8B3115DDB32EFBE8C56C5AA78EEA05BBB77DF3F75CC2A04532EB32327E4735A ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
09:38:11.0133 0x0afc AudioEndpointBuilder - ok
09:38:11.0174 0x0afc [ 6968D02DC38757C3FBE7ED7C2F9670AA, C8B3115DDB32EFBE8C56C5AA78EEA05BBB77DF3F75CC2A04532EB32327E4735A ] AudioSrv C:\Windows\System32\Audiosrv.dll
09:38:11.0202 0x0afc AudioSrv - ok
09:38:11.0249 0x0afc [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV C:\Windows\System32\AxInstSV.dll
09:38:11.0332 0x0afc AxInstSV - ok
09:38:11.0375 0x0afc [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
09:38:11.0443 0x0afc b06bdrv - ok
09:38:11.0480 0x0afc [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
09:38:11.0503 0x0afc b57nd60a - ok
09:38:11.0550 0x0afc [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC C:\Windows\System32\bdesvc.dll
09:38:11.0600 0x0afc BDESVC - ok
09:38:11.0628 0x0afc [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep C:\Windows\system32\drivers\Beep.sys
09:38:11.0690 0x0afc Beep - ok
09:38:11.0755 0x0afc [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE C:\Windows\System32\bfe.dll
09:38:11.0830 0x0afc BFE - ok
09:38:11.0889 0x0afc [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS C:\Windows\System32\qmgr.dll
09:38:12.0123 0x0afc BITS - ok
09:38:12.0157 0x0afc [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
09:38:12.0194 0x0afc blbdrive - ok
09:38:12.0259 0x0afc [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
09:38:12.0309 0x0afc bowser - ok
09:38:12.0416 0x0afc [ 9E3CBFDFB9F9667519060223167A232C, C5E18338084DA0F48283FA46239C5C7E3F09FA8F93A8E19DE2C92B44370A75A2 ] BoxSyncUpdateService C:\Program Files\Box\Box Sync\SyncUpdaterService.exe
09:38:12.0438 0x0afc BoxSyncUpdateService - detected UnsignedFile.Multi.Generic ( 1 )
09:38:15.0160 0x0afc BoxSyncUpdateService ( UnsignedFile.Multi.Generic ) - warning
09:38:17.0950 0x0afc [ 56E4345F392F17D66683225E214840CB, 76B30C48BBF06B8A52F9E4502D10A776930C4F509C5493A63A846FD706DB41DB ] bpenum C:\Windows\system32\DRIVERS\bpenum.sys
09:38:18.0000 0x0afc bpenum - ok
09:38:18.0027 0x0afc [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
09:38:18.0071 0x0afc BrFiltLo - ok
09:38:18.0093 0x0afc [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
09:38:18.0136 0x0afc BrFiltUp - ok
09:38:18.0201 0x0afc [ 5C2F352A4E961D72518261257AAE204B, 9EE1001E1D46A414A7A86FE1DBBE232203E26F54D9EF43ED31ED8EACD4D09853 ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
09:38:18.0241 0x0afc BridgeMP - ok
09:38:18.0306 0x0afc [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser C:\Windows\System32\browser.dll
09:38:18.0364 0x0afc Browser - ok
09:38:18.0403 0x0afc [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid C:\Windows\System32\Drivers\Brserid.sys
09:38:18.0461 0x0afc Brserid - ok
09:38:18.0475 0x0afc [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
09:38:18.0509 0x0afc BrSerWdm - ok
09:38:18.0540 0x0afc [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
09:38:18.0573 0x0afc BrUsbMdm - ok
09:38:18.0592 0x0afc [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
09:38:18.0609 0x0afc BrUsbSer - ok
09:38:18.0623 0x0afc [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
09:38:18.0662 0x0afc BTHMODEM - ok
09:38:18.0696 0x0afc [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv C:\Windows\system32\bthserv.dll
09:38:18.0754 0x0afc bthserv - ok
09:38:18.0785 0x0afc catchme - ok
09:38:18.0859 0x0afc [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
09:38:18.0921 0x0afc cdfs - ok
09:38:18.0967 0x0afc [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
09:38:19.0004 0x0afc cdrom - ok
09:38:19.0039 0x0afc [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc C:\Windows\System32\certprop.dll
09:38:19.0102 0x0afc CertPropSvc - ok
09:38:19.0138 0x0afc [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass C:\Windows\system32\drivers\circlass.sys
09:38:19.0173 0x0afc circlass - ok
09:38:19.0266 0x0afc [ 404B7DF9CA4D1CB675045AF220FF3285, 91FFADE2ABE5C48849E63134D5FFD20671FE0D1720F7D486F904391B3D142C96 ] CLFS C:\Windows\system32\CLFS.sys
09:38:19.0299 0x0afc CLFS - ok
09:38:19.0362 0x0afc [ F13EC8A783E0CB0D6DC26A3CA848B7B8, 0809E3B71709F1343086EEB6C820543C1A7119E74EEF8AC1AEE1F81093ABEC66 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
09:38:19.0373 0x0afc clr_optimization_v2.0.50727_32 - ok
09:38:19.0456 0x0afc [ B4D73F04E9BC076F7CDAC4327DF636BB, 1ADED20D5A0D0A76E2F85CB778FD06BAB814868D35F8532E17D67045FF4770C2 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
09:38:19.0468 0x0afc clr_optimization_v2.0.50727_64 - ok
09:38:19.0561 0x0afc [ E87213F37A13E2B54391E40934F071D0, 7EB221127EFB5BF158FB03D18EFDA2C55FB6CE3D1A1FE69C01D70DBED02C87E5 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
09:38:19.0578 0x0afc clr_optimization_v4.0.30319_32 - ok
09:38:19.0592 0x0afc [ 4AEDAB50F83580D0B4D6CF78191F92AA, D113C47013B018B45161911B96E93AF96A2F3B34FA47061BF6E7A71FBA03194A ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
09:38:19.0619 0x0afc clr_optimization_v4.0.30319_64 - ok
09:38:19.0664 0x0afc [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
09:38:19.0694 0x0afc CmBatt - ok
09:38:19.0727 0x0afc [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide C:\Windows\system32\drivers\cmdide.sys
09:38:19.0740 0x0afc cmdide - ok
09:38:19.0803 0x0afc [ 27667A788130A7F7A5858DE27572E6D7, 5501D80BCCB7A811ECCED3828DFD0A5D948BBED8504E9BCC4A3BFB840DD41CBC ] CNG C:\Windows\system32\Drivers\cng.sys
09:38:19.0857 0x0afc CNG - ok
09:38:19.0891 0x0afc [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
09:38:19.0902 0x0afc Compbatt - ok
09:38:19.0922 0x0afc [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
09:38:19.0958 0x0afc CompositeBus - ok
09:38:19.0961 0x0afc COMSysApp - ok
09:38:20.0037 0x0afc [ 08F934092E0429BADF88E9F91DB0F61E, 6E9091C006FFFF261DC61C8E9A45219E47C351296E5355FC4B7242F30E1DDFE3 ] cphs C:\Windows\SysWow64\IntelCpHeciSvc.exe
09:38:20.0058 0x0afc cphs - ok
09:38:20.0069 0x0afc [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
09:38:20.0080 0x0afc crcdisk - ok
09:38:20.0132 0x0afc [ 1CD76A83B9E8E9A5A3519B39E28354D9, F9931743B99820FFBFB13136DFFD92F86802D543F9D8478648CDC554FB38899D ] CryptSvc C:\Windows\system32\cryptsvc.dll
09:38:20.0188 0x0afc CryptSvc - ok
09:38:20.0236 0x0afc [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] DcomLaunch C:\Windows\system32\rpcss.dll
09:38:20.0328 0x0afc DcomLaunch - ok
09:38:20.0377 0x0afc [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc C:\Windows\System32\defragsvc.dll
09:38:20.0441 0x0afc defragsvc - ok
09:38:20.0501 0x0afc [ 9BB2EF44EAA163B29C4A4587887A0FE4, 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F ] DfsC C:\Windows\system32\Drivers\dfsc.sys
09:38:20.0539 0x0afc DfsC - ok
09:38:20.0571 0x0afc [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp C:\Windows\system32\dhcpcore.dll
09:38:20.0634 0x0afc Dhcp - ok
09:38:20.0646 0x0afc [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache C:\Windows\system32\drivers\discache.sys
09:38:20.0705 0x0afc discache - ok
09:38:20.0771 0x0afc [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk C:\Windows\system32\drivers\disk.sys
09:38:20.0785 0x0afc Disk - ok
09:38:20.0845 0x0afc [ E7B489FA5B15D2FEC3E52066E015B788, 0EFE49506FCF85ACD3DFC9AC0D3F5E4EE24AA14676027F62EC4798B1687C2249 ] DMAgent C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe
09:38:20.0903 0x0afc DMAgent - detected UnsignedFile.Multi.Generic ( 1 )
09:38:23.0546 0x0afc Detect skipped due to KSN trusted
09:38:23.0546 0x0afc DMAgent - ok
09:38:23.0650 0x0afc [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache C:\Windows\System32\dnsrslvr.dll
09:38:23.0707 0x0afc Dnscache - ok
09:38:23.0742 0x0afc [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc C:\Windows\System32\dot3svc.dll
09:38:23.0805 0x0afc dot3svc - ok
09:38:23.0832 0x0afc [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS C:\Windows\system32\dps.dll
09:38:23.0885 0x0afc DPS - ok
09:38:23.0918 0x0afc [ 9B19F34400D24DF84C858A421C205754, 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
09:38:23.0962 0x0afc drmkaud - ok
09:38:24.0058 0x0afc [ 87CE5C8965E101CCCED1F4675557E868, 077D98F0F130B2FC710208BA34016EF2B2506EE2BD71740B228145E34A3046F1 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
09:38:24.0116 0x0afc DXGKrnl - ok
09:38:24.0149 0x0afc [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost C:\Windows\System32\eapsvc.dll
09:38:24.0187 0x0afc EapHost - ok
09:38:24.0335 0x0afc [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv C:\Windows\system32\drivers\evbda.sys
09:38:24.0495 0x0afc ebdrv - ok
09:38:24.0536 0x0afc [ 4C3FAC816925F73A34AD52F1F7C0A7EA, 7E9B4F68E2ADABA3A9324DA16CF680D77CF2812D4BD0BFCFF0173CA61260A3FE ] EFS C:\Windows\System32\lsass.exe
09:38:24.0594 0x0afc EFS - ok
09:38:24.0673 0x0afc [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
09:38:24.0759 0x0afc ehRecvr - ok
09:38:24.0771 0x0afc [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched C:\Windows\ehome\ehsched.exe
09:38:24.0815 0x0afc ehSched - ok
09:38:24.0873 0x0afc [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor C:\Windows\system32\drivers\elxstor.sys
09:38:24.0919 0x0afc elxstor - ok
09:38:24.0933 0x0afc [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev C:\Windows\system32\drivers\errdev.sys
09:38:24.0966 0x0afc ErrDev - ok
09:38:25.0030 0x0afc [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem C:\Windows\system32\es.dll
09:38:25.0107 0x0afc EventSystem - ok
09:38:25.0132 0x0afc [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat C:\Windows\system32\drivers\exfat.sys
09:38:25.0191 0x0afc exfat - ok
09:38:25.0215 0x0afc [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat C:\Windows\system32\drivers\fastfat.sys
09:38:25.0274 0x0afc fastfat - ok
09:38:25.0339 0x0afc [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax C:\Windows\system32\fxssvc.exe
09:38:25.0395 0x0afc Fax - ok
09:38:25.0423 0x0afc [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc C:\Windows\system32\drivers\fdc.sys
09:38:25.0458 0x0afc fdc - ok
09:38:25.0483 0x0afc [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost C:\Windows\system32\fdPHost.dll
09:38:25.0538 0x0afc fdPHost - ok
09:38:25.0578 0x0afc [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub C:\Windows\system32\fdrespub.dll
09:38:25.0632 0x0afc FDResPub - ok
09:38:25.0673 0x0afc [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
09:38:25.0686 0x0afc FileInfo - ok
09:38:25.0706 0x0afc [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
09:38:25.0759 0x0afc Filetrace - ok
09:38:25.0785 0x0afc [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
09:38:25.0812 0x0afc flpydisk - ok
09:38:25.0846 0x0afc [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
09:38:25.0866 0x0afc FltMgr - ok
09:38:25.0957 0x0afc [ E612E86FA15EA1EF9A52433A2743C447, 8A66164541D2EE2334B6DE3995C31138EA85E3A06BC7FD901E60D345E4E1E8A8 ] FontCache C:\Windows\system32\FntCache.dll
09:38:26.0097 0x0afc FontCache - ok
09:38:26.0143 0x0afc [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
09:38:26.0153 0x0afc FontCache3.0.0.0 - ok
09:38:26.0168 0x0afc [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
09:38:26.0180 0x0afc FsDepends - ok
09:38:26.0213 0x0afc [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
09:38:26.0224 0x0afc Fs_Rec - ok
09:38:26.0281 0x0afc [ 8F6322049018354F45F05A2FD2D4E5E0, 73BF0FB4EBD7887E992DDEBB79E906958D6678F8D1107E8C368F5A0514D80359 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
09:38:26.0302 0x0afc fvevol - ok
09:38:26.0326 0x0afc [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
09:38:26.0339 0x0afc gagp30kx - ok
09:38:26.0392 0x0afc [ 277BBC7E1AA1EE957F573A10ECA7EF3A, 2EE60B924E583E847CC24E78B401EF95C69DB777A5B74E1EC963E18D47B94D24 ] gpsvc C:\Windows\System32\gpsvc.dll
09:38:26.0485 0x0afc gpsvc - ok
09:38:26.0510 0x0afc [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
09:38:26.0561 0x0afc hcw85cir - ok
09:38:26.0606 0x0afc [ 975761C778E33CD22498059B91E7373A, 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
09:38:26.0664 0x0afc HdAudAddService - ok
09:38:26.0706 0x0afc [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
09:38:26.0724 0x0afc HDAudBus - ok
09:38:26.0743 0x0afc [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
09:38:26.0778 0x0afc HidBatt - ok
09:38:26.0812 0x0afc [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth C:\Windows\system32\drivers\hidbth.sys
09:38:26.0847 0x0afc HidBth - ok
09:38:26.0869 0x0afc [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr C:\Windows\system32\drivers\hidir.sys
09:38:26.0903 0x0afc HidIr - ok
09:38:26.0943 0x0afc [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv C:\Windows\System32\hidserv.dll
09:38:26.0980 0x0afc hidserv - ok
09:38:27.0012 0x0afc [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
09:38:27.0038 0x0afc HidUsb - ok
09:38:27.0067 0x0afc [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc C:\Windows\system32\kmsvc.dll
09:38:27.0126 0x0afc hkmsvc - ok
09:38:27.0161 0x0afc [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
09:38:27.0222 0x0afc HomeGroupListener - ok
09:38:27.0262 0x0afc [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
09:38:27.0301 0x0afc HomeGroupProvider - ok
09:38:27.0331 0x0afc [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
09:38:27.0345 0x0afc HpSAMD - ok
09:38:27.0410 0x0afc [ F61634BEC53F73702A10DE69F6DCAF57, BBA7344CF3AB96A46D1A6F1D50F2758EA8D097FE558C38B4EF45C8C334AF96E1 ] HTTP C:\Windows\system32\drivers\HTTP.sys
09:38:27.0560 0x0afc HTTP - ok
09:38:27.0578 0x0afc [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
09:38:27.0589 0x0afc hwpolicy - ok
09:38:27.0614 0x0afc [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
09:38:27.0629 0x0afc i8042prt - ok
09:38:27.0684 0x0afc [ D7921D5A870B11CC1ADAB198A519D50A, 5DF99EB5D5504E9D9EB21658E8B4A58DEE2AD143A1875DB7F9B7BF4877FCB57F ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
09:38:27.0704 0x0afc iaStor - ok
09:38:27.0761 0x0afc [ AAAF44DB3BD0B9D1FB6969B23ECC8366, 805AA4A9464002D1AB3832E4106B2AAA1331F4281367E75956062AAE99699385 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
09:38:27.0797 0x0afc iaStorV - ok
09:38:27.0868 0x0afc [ C98A5B9D932430AD8EEBD3EF73756EF7, DF7E1D391A0F3345AD61154363922C27BD557DEEACE395A6A8A8A16BFD1BB9A8 ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
09:38:27.0925 0x0afc idsvc - ok
09:38:27.0966 0x0afc IEEtwCollectorService - ok
09:38:28.0197 0x0afc [ 8C44E6B688790E2AD3846C97661C54F1, CB487D167EDA3C1E30BD5FB8F98C15EB9E75A6FB793009C2F1BBCAAB4285F772 ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
09:38:28.0537 0x0afc igfx - ok
09:38:28.0578 0x0afc [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp C:\Windows\system32\drivers\iirsp.sys
09:38:28.0590 0x0afc iirsp - ok
09:38:28.0659 0x0afc [ 344789398EC3EE5A4E00C52B31847946, 3DA5F08E4B46F4E63456AA588D49E39A6A09A97D0509880C00F327623DB6122D ] IKEEXT C:\Windows\System32\ikeext.dll
09:38:28.0718 0x0afc IKEEXT - ok
09:38:28.0853 0x0afc [ CB7DADEF3D83FE2C12655A0BDCBA99F2, AD55A578986F008ED01635D3BB26414D71F418640099BFA92D9CABAB6A88E01D ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
09:38:28.0998 0x0afc IntcAzAudAddService - ok
09:38:29.0051 0x0afc [ FC727061C0F47C8059E88E05D5C8E381, C7A3782F5D86C7FDE57AA1F2EE81638C5FC3072ACC6E572BA2EC7B3CFF389800 ] IntcDAud C:\Windows\system32\DRIVERS\IntcDAud.sys
09:38:29.0066 0x0afc IntcDAud - detected UnsignedFile.Multi.Generic ( 1 )
09:38:31.0701 0x0afc Detect skipped due to KSN trusted
09:38:31.0701 0x0afc IntcDAud - ok
09:38:31.0773 0x0afc [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide C:\Windows\system32\drivers\intelide.sys
09:38:31.0785 0x0afc intelide - ok
09:38:31.0809 0x0afc [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
09:38:31.0824 0x0afc intelppm - ok
09:38:31.0916 0x0afc [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum C:\Windows\system32\ipbusenum.dll
09:38:31.0976 0x0afc IPBusEnum - ok
09:38:31.0992 0x0afc [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
09:38:32.0074 0x0afc IpFilterDriver - ok
09:38:32.0155 0x0afc [ 08C2957BB30058E663720C5606885653, E13EDF6701512E2A9977A531454932CA5023087CB50E1D2F416B8BCDD92B67BE ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
09:38:32.0235 0x0afc iphlpsvc - ok
09:38:32.0250 0x0afc [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
09:38:32.0291 0x0afc IPMIDRV - ok
09:38:32.0354 0x0afc [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT C:\Windows\system32\drivers\ipnat.sys
09:38:32.0406 0x0afc IPNAT - ok
09:38:32.0426 0x0afc [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM C:\Windows\system32\drivers\irenum.sys
09:38:32.0456 0x0afc IRENUM - ok
09:38:32.0478 0x0afc [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp C:\Windows\system32\drivers\isapnp.sys
09:38:32.0491 0x0afc isapnp - ok
09:38:32.0536 0x0afc [ 96BB922A0981BC7432C8CF52B5410FE6, 236C05509B1040059B15021CBBDBDAF3B9C0F00910142BE5887B2C7561BAAFBA ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
09:38:32.0557 0x0afc iScsiPrt - ok
09:38:32.0584 0x0afc [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
09:38:32.0596 0x0afc kbdclass - ok
09:38:32.0605 0x0afc [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
09:38:32.0618 0x0afc kbdhid - ok
09:38:32.0625 0x0afc [ 4C3FAC816925F73A34AD52F1F7C0A7EA, 7E9B4F68E2ADABA3A9324DA16CF680D77CF2812D4BD0BFCFF0173CA61260A3FE ] KeyIso C:\Windows\system32\lsass.exe
09:38:32.0636 0x0afc KeyIso - ok
09:38:32.0685 0x0afc [ C93EB3A92540830168F2057ECA7DE49A, 91DAEAD52B517E1E7CE9AAAE478493732156AA3122E6D16F7E8BD37116BB501C ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
09:38:32.0700 0x0afc KSecDD - ok
09:38:32.0723 0x0afc [ 43F45C59A472993E5063F2DB2D22C509, E21B48733619B49272F46E01432D76072AC9241F55CDF08E84AF6277E3BF972A ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
09:38:32.0739 0x0afc KSecPkg - ok
09:38:32.0756 0x0afc [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
09:38:32.0792 0x0afc ksthunk - ok
09:38:32.0825 0x0afc [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm C:\Windows\system32\msdtckrm.dll
09:38:32.0897 0x0afc KtmRm - ok
09:38:32.0932 0x0afc [ A4A9CA24E54E81C6C3E469EAEB4B3F42, FB6B72BF973EC2EE2D81AAAF47B030C0A5E7E7B079DAB257C52FEFC3F222CDC8 ] L1C C:\Windows\system32\DRIVERS\L1C62x64.sys
09:38:32.0944 0x0afc L1C - ok
09:38:33.0001 0x0afc [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer C:\Windows\System32\srvsvc.dll
09:38:33.0045 0x0afc LanmanServer - ok
09:38:33.0084 0x0afc [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
09:38:33.0138 0x0afc LanmanWorkstation - ok
09:38:33.0238 0x0afc [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
09:38:33.0292 0x0afc lltdio - ok
09:38:33.0374 0x0afc [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc C:\Windows\System32\lltdsvc.dll
09:38:33.0472 0x0afc lltdsvc - ok
09:38:33.0500 0x0afc [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts C:\Windows\System32\lmhsvc.dll
09:38:33.0569 0x0afc lmhosts - ok
09:38:33.0589 0x0afc [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
09:38:33.0604 0x0afc LSI_FC - ok
09:38:33.0638 0x0afc [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
09:38:33.0652 0x0afc LSI_SAS - ok
09:38:33.0663 0x0afc [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
09:38:33.0675 0x0afc LSI_SAS2 - ok
09:38:33.0694 0x0afc [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
09:38:33.0708 0x0afc LSI_SCSI - ok
09:38:33.0745 0x0afc [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv C:\Windows\system32\drivers\luafv.sys
09:38:33.0802 0x0afc luafv - ok
09:38:33.0873 0x0afc [ CF12E148C6FC151335B7D7FE03F1C7A2, 7087DF6D884AF0A57AC22D7AE9C2903913AAB4CE52D19666B6513C3D5706E43C ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
09:38:33.0884 0x0afc MBAMProtector - ok
09:38:34.0022 0x0afc [ E27891A49DF92004041FEC5C3A2D4230, A4679A1F10F84935875E35A83FC7075499B8F4CBB543209A38C0D946347CD264 ] MBAMService C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe
09:38:34.0079 0x0afc MBAMService - ok
09:38:34.0109 0x0afc [ 0CE2F3E26C770CBAEB50787A2C1FD09E, 2DDB1827027D2CC8E78FE737B5DA21783EFCD13430DBB140C34DAACACD6EF492 ] MBAMWebAccessControl C:\Windows\system32\drivers\mwac.sys
09:38:34.0120 0x0afc MBAMWebAccessControl - ok
09:38:34.0143 0x0afc [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
09:38:34.0159 0x0afc Mcx2Svc - ok
09:38:34.0189 0x0afc [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas C:\Windows\system32\drivers\megasas.sys
09:38:34.0201 0x0afc megasas - ok
09:38:34.0227 0x0afc [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
09:38:34.0247 0x0afc MegaSR - ok
09:38:34.0265 0x0afc [ A6518DCC42F7A6E999BB3BEA8FD87567, 8A9AE992F93F37E0723761EA271A7E1AA8172702C471041A17324474FC96B9BC ] MEIx64 C:\Windows\system32\DRIVERS\HECIx64.sys
09:38:34.0275 0x0afc MEIx64 - ok
09:38:34.0306 0x0afc [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS C:\Windows\system32\mmcss.dll
09:38:34.0343 0x0afc MMCSS - ok
09:38:34.0362 0x0afc [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem C:\Windows\system32\drivers\modem.sys
09:38:34.0415 0x0afc Modem - ok
09:38:34.0465 0x0afc [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
09:38:34.0481 0x0afc monitor - ok
09:38:34.0493 0x0afc [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
09:38:34.0505 0x0afc mouclass - ok
09:38:34.0514 0x0afc [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
09:38:34.0526 0x0afc mouhid - ok
09:38:34.0568 0x0afc [ 87BCD1034CBF33537D4D4C251D39BA26, CB9DD235B62B79383F99873D75E26EEA5EE7914CA89E4B75992207F83420437F ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
09:38:34.0644 0x0afc mountmgr - ok
09:38:34.0688 0x0afc [ DD370A8148862150BA81A3F5C56A1E40, F56B84297BDC32266CB69D10FB2D66B8B332D60CAB7E64E4E3AC2BB749BBD31B ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
09:38:34.0703 0x0afc MozillaMaintenance - ok
09:38:34.0765 0x0afc [ 73150F67D20270FF95A021A22E64F28A, A8878DEFBE437FB453F8E9243FB5C787D07AC7415A4475388D479C10417C524F ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys
09:38:34.0786 0x0afc MpFilter - ok
09:38:34.0823 0x0afc [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio C:\Windows\system32\drivers\mpio.sys
09:38:34.0840 0x0afc mpio - ok
09:38:34.0859 0x0afc [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
09:38:34.0896 0x0afc mpsdrv - ok
09:38:34.0953 0x0afc [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc C:\Windows\system32\mpssvc.dll
09:38:35.0034 0x0afc MpsSvc - ok
09:38:35.0079 0x0afc [ AE3334958D8F631FF14A0AEB3D7EFB3A, F5FD6B61F896104C20DFC43FEE2FCE6930B73F78DF876BD19A333EABB9139C6D ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
09:38:35.0134 0x0afc MRxDAV - ok
09:38:35.0182 0x0afc [ A5D9106A73DC88564C825D317CAC68AC, 0457B2AEA4E05A91D0E43F317894A614434D8CEBE35020785387F307E231FBE4 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
09:38:35.0209 0x0afc mrxsmb - ok
09:38:35.0245 0x0afc [ D711B3C1D5F42C0C2415687BE09FC163, 9B3013AC60BD2D0FF52086658BA5FF486ADE15954A552D7DD590580E8BAE3EFF ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
09:38:35.0279 0x0afc mrxsmb10 - ok
09:38:35.0311 0x0afc [ 9423E9D355C8D303E76B8CFBD8A5C30C, 220B33F120C2DD937FE4D5664F4B581DC0ACF78D62EB56B7720888F67B9644CC ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
09:38:35.0327 0x0afc mrxsmb20 - ok
09:38:35.0365 0x0afc [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci C:\Windows\system32\drivers\msahci.sys
09:38:35.0376 0x0afc msahci - ok
09:38:35.0399 0x0afc [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm C:\Windows\system32\drivers\msdsm.sys
09:38:35.0414 0x0afc msdsm - ok
09:38:35.0435 0x0afc [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC C:\Windows\System32\msdtc.exe
09:38:35.0453 0x0afc MSDTC - ok
09:38:35.0478 0x0afc [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs C:\Windows\system32\drivers\Msfs.sys
09:38:35.0534 0x0afc Msfs - ok
09:38:35.0550 0x0afc [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
09:38:35.0586 0x0afc mshidkmdf - ok
09:38:35.0594 0x0afc [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
09:38:35.0606 0x0afc msisadrv - ok
09:38:35.0639 0x0afc [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
09:38:35.0702 0x0afc MSiSCSI - ok
09:38:35.0705 0x0afc msiserver - ok
09:38:35.0722 0x0afc [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
09:38:35.0759 0x0afc MSKSSRV - ok
09:38:35.0880 0x0afc [ CE996C1821021ADF8E28E80A54E846A8, 99042E895B6C2EA80F3BA65563A12C8EBA882E3AD6A21DD8E799B0112C75DDD2 ] MsMpSvc C:\Program Files\Microsoft Security Client\MsMpEng.exe
09:38:35.0891 0x0afc MsMpSvc - ok
09:38:35.0905 0x0afc [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
09:38:35.0961 0x0afc MSPCLOCK - ok
09:38:35.0981 0x0afc [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
09:38:36.0031 0x0afc MSPQM - ok
09:38:36.0068 0x0afc [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
09:38:36.0091 0x0afc MsRPC - ok
09:38:36.0107 0x0afc [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
09:38:36.0118 0x0afc mssmbios - ok
09:38:36.0136 0x0afc [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
09:38:36.0191 0x0afc MSTEE - ok
09:38:36.0223 0x0afc [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
09:38:36.0235 0x0afc MTConfig - ok
09:38:36.0257 0x0afc [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup C:\Windows\system32\Drivers\mup.sys
09:38:36.0270 0x0afc Mup - ok
09:38:36.0313 0x0afc [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent C:\Windows\system32\qagentRT.dll
09:38:36.0400 0x0afc napagent - ok
09:38:36.0437 0x0afc [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
09:38:36.0478 0x0afc NativeWifiP - ok
09:38:36.0551 0x0afc [ 760E38053BF56E501D562B70AD796B88, F856E81A975D44F8684A6F2466549CEEDFAEB3950191698555A93A1206E0A42D ] NDIS C:\Windows\system32\drivers\ndis.sys
09:38:36.0612 0x0afc NDIS - ok
09:38:36.0628 0x0afc [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
09:38:36.0681 0x0afc NdisCap - ok
09:38:36.0708 0x0afc [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
09:38:36.0744 0x0afc NdisTapi - ok
09:38:36.0754 0x0afc [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
09:38:36.0815 0x0afc Ndisuio - ok
09:38:36.0841 0x0afc [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
09:38:36.0893 0x0afc NdisWan - ok
09:38:36.0918 0x0afc [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
09:38:36.0960 0x0afc NDProxy - ok
09:38:36.0971 0x0afc [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
09:38:37.0022 0x0afc NetBIOS - ok
09:38:37.0061 0x0afc [ 09594D1089C523423B32A4229263F068, 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
09:38:37.0123 0x0afc NetBT - ok
09:38:37.0148 0x0afc [ 4C3FAC816925F73A34AD52F1F7C0A7EA, 7E9B4F68E2ADABA3A9324DA16CF680D77CF2812D4BD0BFCFF0173CA61260A3FE ] Netlogon C:\Windows\system32\lsass.exe
09:38:37.0159 0x0afc Netlogon - ok
09:38:37.0195 0x0afc [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman C:\Windows\System32\netman.dll
09:38:37.0274 0x0afc Netman - ok
09:38:37.0330 0x0afc [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
09:38:37.0365 0x0afc NetMsmqActivator - ok
09:38:37.0397 0x0afc [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
09:38:37.0412 0x0afc NetPipeActivator - ok
09:38:37.0453 0x0afc [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm C:\Windows\System32\netprofm.dll
09:38:37.0538 0x0afc netprofm - ok
09:38:37.0546 0x0afc [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
09:38:37.0559 0x0afc NetTcpActivator - ok
09:38:37.0566 0x0afc [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
09:38:37.0580 0x0afc NetTcpPortSharing - ok
09:38:37.0609 0x0afc [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
09:38:37.0621 0x0afc nfrd960 - ok
09:38:37.0701 0x0afc [ 4774AD83C650001B337B92E5E5DA337B, 138ECC7F556D8A12AE58B78B68F6515BE4C00F9F062596B48B6CA6C010F13035 ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys
09:38:37.0717 0x0afc NisDrv - ok
09:38:37.0786 0x0afc [ 96B7D15161A778B359E707796CCEA646, 9E4A25D9848FAECC517474EAD548E7975CBE3F41AAA964E5245E78F2A723925E ] NisSrv C:\Program Files\Microsoft Security Client\NisSrv.exe
09:38:37.0808 0x0afc NisSrv - ok
09:38:37.0867 0x0afc [ 8B301D474B478E9A92823BAB50A7BC49, 8181816035F41B1DABEC05E65E4F67BCD785F56760A61F1049E91BA39D42F01D ] NlaSvc C:\Windows\System32\nlasvc.dll
09:38:37.0924 0x0afc NlaSvc - ok
09:38:37.0935 0x0afc [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs C:\Windows\system32\drivers\Npfs.sys
09:38:37.0987 0x0afc Npfs - ok
09:38:38.0021 0x0afc [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi C:\Windows\system32\nsisvc.dll
09:38:38.0059 0x0afc nsi - ok
09:38:38.0081 0x0afc [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
09:38:38.0132 0x0afc nsiproxy - ok
09:38:38.0238 0x0afc [ 1A29A59A4C5BA6F8C85062A613B7E2B2, CC137F499A12C724D4166C2D85E9F447413419A0683DAC6F1A802B7F210C77F1 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
09:38:38.0324 0x0afc Ntfs - ok
09:38:38.0348 0x0afc [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null C:\Windows\system32\drivers\Null.sys
09:38:38.0398 0x0afc Null - ok
09:38:38.0420 0x0afc [ 0A92CB65770442ED0DC44834632F66AD, 581327F07A68DBD5CC749214BE5F1211FC2CE41C7A4F0656B680AFB51A35ACE7 ] nvraid C:\Windows\system32\drivers\nvraid.sys
09:38:38.0436 0x0afc nvraid - ok
09:38:38.0479 0x0afc [ DAB0E87525C10052BF65F06152F37E4A, AD9BFF0D5FD3FFB95C758B478E1F6A9FE45E7B37AEC71EB5070D292FEAAEDF37 ] nvstor C:\Windows\system32\drivers\nvstor.sys
09:38:38.0495 0x0afc nvstor - ok
09:38:38.0516 0x0afc [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
09:38:38.0532 0x0afc nv_agp - ok
09:38:38.0549 0x0afc [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
09:38:38.0582 0x0afc ohci1394 - ok
09:38:38.0674 0x0afc [ 11E0B35479C895888BA3D7F619DCFFF3, 6ED82C19898101EC00BD64A9F90595C3D20AD2D2902AA8765B740FB3B9312DDF ] ose64 C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
09:38:38.0691 0x0afc ose64 - ok
09:38:38.0973 0x0afc [ FE9C0029E1AF26350D9985D00520E5C8, 967079CCF7B2CBD4B48C9F076675C26AF93A1CEC26C96811F279414E34004EE6 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
09:38:39.0210 0x0afc osppsvc - ok
09:38:39.0255 0x0afc [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
09:38:39.0317 0x0afc p2pimsvc - ok
09:38:39.0346 0x0afc [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc C:\Windows\system32\p2psvc.dll
09:38:39.0386 0x0afc p2psvc - ok
09:38:39.0414 0x0afc [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport C:\Windows\system32\drivers\parport.sys
09:38:39.0432 0x0afc Parport - ok
09:38:39.0473 0x0afc [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr C:\Windows\system32\drivers\partmgr.sys
09:38:39.0487 0x0afc partmgr - ok
09:38:39.0538 0x0afc [ DB2D62AA2DF6B1F3D690A9EC9701AA2C, BEAC55E1AA0494565F1547DF5E6FE20FCEA66461764C016FCB68D8BFF0F0C375 ] PcaSvc C:\Windows\System32\pcasvc.dll
09:38:39.0590 0x0afc PcaSvc - ok
09:38:39.0606 0x0afc [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci C:\Windows\system32\drivers\pci.sys
09:38:39.0623 0x0afc pci - ok
09:38:39.0664 0x0afc [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide C:\Windows\system32\drivers\pciide.sys
09:38:39.0676 0x0afc pciide - ok
09:38:39.0701 0x0afc [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
09:38:39.0720 0x0afc pcmcia - ok
09:38:39.0756 0x0afc [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw C:\Windows\system32\drivers\pcw.sys
09:38:39.0768 0x0afc pcw - ok
09:38:39.0828 0x0afc [ ED6E75158D28D33A2E2A020AC5B2B59D, 0F364D9A88304C45F31318605C417A70A9D0E4CF087D73E949B42C12CC76CD6C ] PEAUTH C:\Windows\system32\drivers\peauth.sys
09:38:39.0898 0x0afc PEAUTH - ok
09:38:39.0980 0x0afc [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost C:\Windows\SysWow64\perfhost.exe
09:38:39.0995 0x0afc PerfHost - ok
09:38:40.0076 0x0afc [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla C:\Windows\system32\pla.dll
09:38:40.0172 0x0afc pla - ok
09:38:40.0224 0x0afc [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
09:38:40.0305 0x0afc PlugPlay - ok
09:38:40.0319 0x0afc [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
09:38:40.0333 0x0afc PNRPAutoReg - ok
09:38:40.0358 0x0afc [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
09:38:40.0379 0x0afc PNRPsvc - ok
09:38:40.0418 0x0afc [ 4F15D75ADF6156BF56ECED6D4A55C389, 2ADA3EA69A5D7EC2A4D2DD89178DB94EAFDDF95F07B0070D654D9F7A5C12A044 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
09:38:40.0510 0x0afc PolicyAgent - ok
09:38:40.0552 0x0afc [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power C:\Windows\system32\umpo.dll
09:38:40.0616 0x0afc Power - ok
09:38:40.0667 0x0afc [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
09:38:40.0706 0x0afc PptpMiniport - ok
09:38:40.0741 0x0afc [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor C:\Windows\system32\drivers\processr.sys
09:38:40.0756 0x0afc Processor - ok
09:38:40.0805 0x0afc [ B6A58491307B4CADA572583D863DC602, 5C44936605E52C9533E4CE22F18FAB8211475877F71EFD88DA4D02FD608C90A3 ] ProfSvc C:\Windows\system32\profsvc.dll
09:38:40.0868 0x0afc ProfSvc - ok
09:38:40.0880 0x0afc [ 4C3FAC816925F73A34AD52F1F7C0A7EA, 7E9B4F68E2ADABA3A9324DA16CF680D77CF2812D4BD0BFCFF0173CA61260A3FE ] ProtectedStorage C:\Windows\system32\lsass.exe
09:38:40.0892 0x0afc ProtectedStorage - ok
09:38:40.0909 0x0afc [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched C:\Windows\system32\DRIVERS\pacer.sys
09:38:40.0970 0x0afc Psched - ok
09:38:41.0053 0x0afc [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
09:38:41.0137 0x0afc ql2300 - ok
09:38:41.0170 0x0afc [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
09:38:41.0186 0x0afc ql40xx - ok
09:38:41.0211 0x0afc [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE C:\Windows\system32\qwave.dll
09:38:41.0238 0x0afc QWAVE - ok
09:38:41.0260 0x0afc [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
09:38:41.0295 0x0afc QWAVEdrv - ok
09:38:41.0317 0x0afc [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
09:38:41.0372 0x0afc RasAcd - ok
09:38:41.0407 0x0afc [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
09:38:41.0445 0x0afc RasAgileVpn - ok
09:38:41.0462 0x0afc [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto C:\Windows\System32\rasauto.dll
09:38:41.0502 0x0afc RasAuto - ok
09:38:41.0514 0x0afc [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
09:38:41.0576 0x0afc Rasl2tp - ok
09:38:41.0612 0x0afc [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan C:\Windows\System32\rasmans.dll
09:38:41.0674 0x0afc RasMan - ok
09:38:41.0699 0x0afc [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
09:38:41.0756 0x0afc RasPppoe - ok
09:38:41.0783 0x0afc [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
09:38:41.0834 0x0afc RasSstp - ok
09:38:41.0894 0x0afc [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
09:38:41.0964 0x0afc rdbss - ok
09:38:41.0981 0x0afc [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus C:\Windows\system32\drivers\rdpbus.sys
09:38:42.0011 0x0afc rdpbus - ok
09:38:42.0029 0x0afc [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
09:38:42.0080 0x0afc RDPCDD - ok
09:38:42.0106 0x0afc [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
09:38:42.0142 0x0afc RDPENCDD - ok
09:38:42.0158 0x0afc [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
09:38:42.0217 0x0afc RDPREFMP - ok
09:38:42.0329 0x0afc [ 313F68E1A3E6345A4F47A36B07062F34, B8318A0AE06BDE278931CA52F960B9FE226FD9894B076858DDB755AE26E1E66F ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
09:38:42.0390 0x0afc RdpVideoMiniport - ok
09:38:42.0444 0x0afc [ FE571E088C2D83619D2D48D4E961BF41, 88C5A2FCB1D0E528657842E39963471A6E42FCA3FCDF37955AEC8258AB4C48EA ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
09:38:42.0507 0x0afc RDPWD - ok
09:38:42.0538 0x0afc [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
09:38:42.0557 0x0afc rdyboost - ok
09:38:42.0585 0x0afc [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess C:\Windows\System32\mprdim.dll
09:38:42.0643 0x0afc RemoteAccess - ok
09:38:42.0686 0x0afc [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry C:\Windows\system32\regsvc.dll
09:38:42.0728 0x0afc RemoteRegistry - ok
09:38:42.0750 0x0afc [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
09:38:42.0802 0x0afc RpcEptMapper - ok
09:38:42.0824 0x0afc [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator C:\Windows\system32\locator.exe
09:38:42.0855 0x0afc RpcLocator - ok
09:38:42.0900 0x0afc [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] RpcSs C:\Windows\system32\rpcss.dll
09:38:42.0947 0x0afc RpcSs - ok
09:38:42.0987 0x0afc [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
09:38:43.0024 0x0afc rspndr - ok
09:38:43.0088 0x0afc [ 6C90231046FB9FC4123C42179832817F, 68161EC19787C074B9B3B3426E744FBDD637E8A72ABB51436ED83DD1554A68C6 ] s117bus C:\Windows\system32\DRIVERS\s117bus.sys
09:38:43.0102 0x0afc s117bus - ok
09:38:43.0133 0x0afc [ 3279341C90EF8F226AF77623039F4495, DAE52030277454601A401DBCE8ABACB9952362968C2C1D848AD594DC7CBB478D ] s117mdfl C:\Windows\system32\DRIVERS\s117mdfl.sys
09:38:43.0144 0x0afc s117mdfl - ok
09:38:43.0164 0x0afc [ 73E331F555279E753B312675DDAF4516, 07592A944057B613E5BC19BE459F221423A16E792A3B0421DABE6D74A414C147 ] s117mdm C:\Windows\system32\DRIVERS\s117mdm.sys
09:38:43.0180 0x0afc s117mdm - ok
09:38:43.0195 0x0afc [ D420731FD2880F0F40F20771EFAAD671, 6CFE6B5FD22530A6BD55BC0E7C1BB4A3701D51F36613FAB07BB1E361C1B0A7A1 ] s117mgmt C:\Windows\system32\DRIVERS\s117mgmt.sys
09:38:43.0208 0x0afc s117mgmt - ok
09:38:43.0247 0x0afc [ 98236CA5A9A77D0983AC3F6D6527C796, D27C1C123CC4FCDF2EC54C12EE1A60FBCA9252EDA3D5635A45C2CDAF5763AE9E ] s117nd5 C:\Windows\system32\DRIVERS\s117nd5.sys
09:38:43.0258 0x0afc s117nd5 - ok
09:38:43.0280 0x0afc [ 1DD613909477AE298C98E86617EC356B, FA848B6BFB0C5313BB9AC37B0196D2B49F4AE0E8906C92624F10E602614654D3 ] s117obex C:\Windows\system32\DRIVERS\s117obex.sys
09:38:43.0293 0x0afc s117obex - ok
09:38:43.0310 0x0afc [ 9A22DF5FE9B6BE279D820776A6ADB56F, 77790E331C7C10850B40EBE8FD99A536BB467935832D895D082639DAA3A86E6A ] s117unic C:\Windows\system32\DRIVERS\s117unic.sys
09:38:43.0323 0x0afc s117unic - ok
09:38:43.0334 0x0afc [ 4C3FAC816925F73A34AD52F1F7C0A7EA, 7E9B4F68E2ADABA3A9324DA16CF680D77CF2812D4BD0BFCFF0173CA61260A3FE ] SamSs C:\Windows\system32\lsass.exe
09:38:43.0345 0x0afc SamSs - ok
09:38:43.0382 0x0afc [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
09:38:43.0398 0x0afc sbp2port - ok
09:38:43.0429 0x0afc [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr C:\Windows\System32\SCardSvr.dll
09:38:43.0487 0x0afc SCardSvr - ok
09:38:43.0524 0x0afc [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
09:38:43.0561 0x0afc scfilter - ok
09:38:43.0667 0x0afc [ 262F6592C3299C005FD6BEC90FC4463A, 54095E37F0B6CC677A3E9BDD40F4647C713273D197DB341063AA7F342A60C4A7 ] Schedule C:\Windows\system32\schedsvc.dll
09:38:43.0780 0x0afc Schedule - ok
09:38:43.0814 0x0afc [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc C:\Windows\System32\certprop.dll
09:38:43.0851 0x0afc SCPolicySvc - ok
09:38:43.0866 0x0afc [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC C:\Windows\System32\SDRSVC.dll
09:38:43.0898 0x0afc SDRSVC - ok
09:38:43.0941 0x0afc [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv C:\Windows\system32\drivers\secdrv.sys
09:38:43.0998 0x0afc secdrv - ok
09:38:44.0024 0x0afc [ BC617A4E1B4FA8DF523A061739A0BD87, 10C4057F6B321EB5237FF619747B74F5401BC17D15A8C7060829E8204A2297F9 ] seclogon C:\Windows\system32\seclogon.dll
09:38:44.0077 0x0afc seclogon - ok
09:38:44.0101 0x0afc [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS C:\Windows\system32\sens.dll
09:38:44.0140 0x0afc SENS - ok
09:38:44.0160 0x0afc [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc C:\Windows\system32\sensrsvc.dll
09:38:44.0211 0x0afc SensrSvc - ok
09:38:44.0236 0x0afc [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum C:\Windows\system32\drivers\serenum.sys
09:38:44.0250 0x0afc Serenum - ok
09:38:44.0267 0x0afc [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial C:\Windows\system32\drivers\serial.sys
09:38:44.0302 0x0afc Serial - ok
09:38:44.0327 0x0afc [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse C:\Windows\system32\drivers\sermouse.sys
09:38:44.0353 0x0afc sermouse - ok
09:38:44.0396 0x0afc [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv C:\Windows\system32\sessenv.dll
09:38:44.0436 0x0afc SessionEnv - ok
09:38:44.0454 0x0afc [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
09:38:44.0482 0x0afc sffdisk - ok
09:38:44.0500 0x0afc [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
09:38:44.0542 0x0afc sffp_mmc - ok
09:38:44.0573 0x0afc [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
09:38:44.0590 0x0afc sffp_sd - ok
09:38:44.0603 0x0afc [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
09:38:44.0616 0x0afc sfloppy - ok
09:38:44.0655 0x0afc [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess C:\Windows\System32\ipnathlp.dll
09:38:44.0730 0x0afc SharedAccess - ok
09:38:44.0797 0x0afc [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
09:38:44.0870 0x0afc ShellHWDetection - ok
09:38:44.0895 0x0afc [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
09:38:44.0906 0x0afc SiSRaid2 - ok
09:38:44.0938 0x0afc [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
09:38:44.0951 0x0afc SiSRaid4 - ok
09:38:45.0048 0x0afc [ 050A4112B00BCA2E13314CDE48C1DEEE, 86C679CD494DEEB984372BF954EFBB8982AC7995FBF89FCF83BC228991D1B825 ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
09:38:45.0111 0x0afc SkypeUpdate - ok
09:38:45.0140 0x0afc [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb C:\Windows\system32\DRIVERS\smb.sys
09:38:45.0233 0x0afc Smb - ok
09:38:45.0284 0x0afc [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
09:38:45.0333 0x0afc SNMPTRAP - ok
09:38:45.0391 0x0afc [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr C:\Windows\system32\drivers\spldr.sys
09:38:45.0419 0x0afc spldr - ok
09:38:45.0508 0x0afc [ 85DAA09A98C9286D4EA2BA8D0E644377, F9C324E2EF81193FE831C7EECC44A100CA06F82FA731BF555D9EA4D91DA13329 ] Spooler C:\Windows\System32\spoolsv.exe
09:38:45.0650 0x0afc Spooler - ok
09:38:45.0954 0x0afc [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc C:\Windows\system32\sppsvc.exe
09:38:46.0170 0x0afc sppsvc - ok
09:38:46.0210 0x0afc [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify C:\Windows\system32\sppuinotify.dll
09:38:46.0272 0x0afc sppuinotify - ok
09:38:46.0346 0x0afc [ 441FBA48BFF01FDB9D5969EBC1838F0B, 306128F1AD489F87161A089D1BDC1542A4CB742D91A0C12A7CD1863FDB8932C0 ] srv C:\Windows\system32\DRIVERS\srv.sys
09:38:46.0390 0x0afc srv - ok
09:38:46.0439 0x0afc [ B4ADEBBF5E3677CCE9651E0F01F7CC28, 726DB2283113AB2A9681E8E9F61132303D6D86E9CD034C40EE4A8C9DB29E87F7 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
09:38:46.0492 0x0afc srv2 - ok
09:38:46.0537 0x0afc [ 27E461F0BE5BFF5FC737328F749538C3, AFA4704ED8FFC1A0BAB40DFB81D3AE3F3D933A3C9BF54DDAF39FF9AF3646D9E6 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
09:38:46.0555 0x0afc srvnet - ok
09:38:46.0591 0x0afc [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
09:38:46.0650 0x0afc SSDPSRV - ok
09:38:46.0670 0x0afc [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc C:\Windows\system32\sstpsvc.dll
09:38:46.0708 0x0afc SstpSvc - ok
09:38:46.0747 0x0afc [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor C:\Windows\system32\drivers\stexstor.sys
09:38:46.0759 0x0afc stexstor - ok
09:38:46.0793 0x0afc [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc C:\Windows\System32\wiaservc.dll
09:38:46.0846 0x0afc stisvc - ok
09:38:46.0860 0x0afc [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
09:38:46.0871 0x0afc swenum - ok
09:38:46.0904 0x0afc [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv C:\Windows\System32\swprv.dll
09:38:46.0975 0x0afc swprv - ok
09:38:47.0051 0x0afc [ BF9CCC0BF39B418C8D0AE8B05CF95B7D, 3C13217548BE61F2BDB8BD41F77345CDDA1F97BF0AE17241C335B9807EB3DBB8 ] SysMain C:\Windows\system32\sysmain.dll
09:38:47.0155 0x0afc SysMain - ok
09:38:47.0176 0x0afc [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\Windows\System32\TabSvc.dll
09:38:47.0197 0x0afc TabletInputService - ok
09:38:47.0219 0x0afc [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv C:\Windows\System32\tapisrv.dll
09:38:47.0291 0x0afc TapiSrv - ok
09:38:47.0310 0x0afc [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS C:\Windows\System32\tbssvc.dll
09:38:47.0350 0x0afc TBS - ok
09:38:47.0453 0x0afc [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
09:38:47.0561 0x0afc Tcpip - ok
09:38:47.0673 0x0afc [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
09:38:47.0770 0x0afc TCPIP6 - ok
09:38:47.0842 0x0afc [ 1B16D0BD9841794A6E0CDE0CEF744ABC, 7EB8BA97339199EEE7F2B09DA2DA6279DA64A510D4598D42CF86415D67CD674C ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
09:38:47.0855 0x0afc tcpipreg - ok
09:38:47.0880 0x0afc [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
09:38:47.0938 0x0afc TDPIPE - ok
09:38:47.0976 0x0afc [ 51C5ECEB1CDEE2468A1748BE550CFBC8, 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
09:38:48.0007 0x0afc TDTCP - ok
09:38:48.0050 0x0afc [ DDAD5A7AB24D8B65F8D724F5C20FD806, B71F2967A4EE7395E4416C1526CB85368AEA988BDD1F2C9719C48B08FAFA9661 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
09:38:48.0114 0x0afc tdx - ok
09:38:48.0444 0x0afc [ C0C121B537DA3AD87481C0502CACE462, E0FC2AC71B60C796DCD03217A510C47425FB7783713FCCC477130E69715D2B8D ] TeamViewer C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
09:38:48.0607 0x0afc TeamViewer - ok
09:38:48.0635 0x0afc [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
09:38:48.0649 0x0afc TermDD - ok
09:38:48.0710 0x0afc [ 008CD4EBFABCF78D0F19B3778492648C, 9050490EEE0AD86E73F0A82D83E4FC29DF84F6B6FDB389AE135FD712B5F425BE ] TermService C:\Windows\System32\termsrv.dll
09:38:48.0768 0x0afc TermService - ok
09:38:48.0799 0x0afc [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes C:\Windows\system32\themeservice.dll
09:38:48.0836 0x0afc Themes - ok
09:38:48.0867 0x0afc [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER C:\Windows\system32\mmcss.dll
09:38:48.0905 0x0afc THREADORDER - ok
09:38:48.0919 0x0afc [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks C:\Windows\System32\trkwks.dll
09:38:48.0958 0x0afc TrkWks - ok
09:38:49.0008 0x0afc [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
09:38:49.0072 0x0afc TrustedInstaller - ok
09:38:49.0112 0x0afc [ E232A3B43A894BB327FC161529BD9ED1, F2673DA8C920F21ACCECC25F7C59A05822E5E577D47F126EDF9C94FEB4B30C5F ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
09:38:49.0148 0x0afc tssecsrv - ok
09:38:49.0174 0x0afc [ E9981ECE8D894CEF7038FD1D040EB426, DCDDCE933CAECE8180A3447199B07F2F0413704EEC1A09606EE357901A84A7CF ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
09:38:49.0228 0x0afc TsUsbFlt - ok
09:38:49.0273 0x0afc [ AD64450A4ABE076F5CB34CC08EEACB07, B5C386635441A19178E7FEEE299BA430C8D72F9110866C13A216B12A1080AD12 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
09:38:49.0291 0x0afc TsUsbGD - ok
09:38:49.0332 0x0afc [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
09:38:49.0393 0x0afc tunnel - ok
09:38:49.0414 0x0afc [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
09:38:49.0428 0x0afc uagp35 - ok
09:38:49.0459 0x0afc [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
09:38:49.0522 0x0afc udfs - ok
09:38:49.0559 0x0afc [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect C:\Windows\system32\UI0Detect.exe
09:38:49.0573 0x0afc UI0Detect - ok
09:38:49.0586 0x0afc [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
09:38:49.0599 0x0afc uliagpkx - ok
09:38:49.0615 0x0afc [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus C:\Windows\system32\DRIVERS\umbus.sys
09:38:49.0633 0x0afc umbus - ok
09:38:49.0665 0x0afc [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass C:\Windows\system32\drivers\umpass.sys
09:38:49.0691 0x0afc UmPass - ok
09:38:49.0725 0x0afc [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost C:\Windows\System32\upnphost.dll
09:38:49.0800 0x0afc upnphost - ok
09:38:49.0841 0x0afc [ DCA68B0943D6FA415F0C56C92158A83A, BEE5A5B33B22D1DF50B884D46D89FC3B8286EB16E38AD5A20F0A49E5C6766C57 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
09:38:49.0863 0x0afc usbccgp - ok
09:38:49.0904 0x0afc [ 80B0F7D5CCF86CEB5D402EAAF61FEC31, 140C62116A425DEAD25FE8D82DE283BC92C482A9F643658D512F9F67061F28AD ] usbcir C:\Windows\system32\drivers\usbcir.sys
09:38:49.0959 0x0afc usbcir - ok
09:38:50.0028 0x0afc [ 18A85013A3E0F7E1755365D287443965, 811C5EDF38C765BCF71BCE25CB6626FF6988C3699F5EF1846240EA0052F34C33 ] usbehci C:\Windows\system32\drivers\usbehci.sys
09:38:50.0074 0x0afc usbehci - ok
09:38:50.0137 0x0afc [ 8D1196CFBB223621F2C67D45710F25BA, B5D7AFE51833B24FC9576F3AED3D8A2B290E5846060E73F9FFFAC1890A8B6003 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
09:38:50.0219 0x0afc usbhub - ok
09:38:50.0281 0x0afc [ 765A92D428A8DB88B960DA5A8D6089DC, 56DE8A2ED58E53B202C399CA7BACB1551136303C2EE0AB426BDBBF880E3C542C ] usbohci C:\Windows\system32\drivers\usbohci.sys
09:38:50.0367 0x0afc usbohci - ok
09:38:50.0411 0x0afc [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
09:38:50.0463 0x0afc usbprint - ok
09:38:50.0506 0x0afc [ 9661DA76B4531B2DA272ECCE25A8AF24, FEA93254A21E71A7EB8AD35FCCAD2C1E41F7329EC33B1734F5B41307A34D8637 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
09:38:50.0551 0x0afc usbscan - ok
09:38:50.0593 0x0afc [ FED648B01349A3C8395A5169DB5FB7D6, DC4D7594C24ADD076927B9347F1B50B91CF03A4ABDB284248D5711D9C19DEB96 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
09:38:50.0641 0x0afc USBSTOR - ok
09:38:50.0687 0x0afc [ DD253AFC3BC6CBA412342DE60C3647F3, 146F8613F1057AC054DC3593E84BC52899DA27EA33B0E72ACFB78C3699ADCDE7 ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
09:38:50.0738 0x0afc usbuhci - ok
09:38:50.0806 0x0afc [ 1F775DA4CF1A3A1834207E975A72E9D7, 6D3DE5BD3EF3A76E997E5BAF900C51D25308F5A9682D1F62017F577A24095B90 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
09:38:50.0893 0x0afc usbvideo - ok
09:38:50.0930 0x0afc [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms C:\Windows\System32\uxsms.dll
09:38:51.0023 0x0afc UxSms - ok
09:38:51.0048 0x0afc [ 4C3FAC816925F73A34AD52F1F7C0A7EA, 7E9B4F68E2ADABA3A9324DA16CF680D77CF2812D4BD0BFCFF0173CA61260A3FE ] VaultSvc C:\Windows\system32\lsass.exe
09:38:51.0061 0x0afc VaultSvc - ok
09:38:51.0095 0x0afc [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
09:38:51.0106 0x0afc vdrvroot - ok
09:38:51.0138 0x0afc [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds C:\Windows\System32\vds.exe
09:38:51.0233 0x0afc vds - ok
09:38:51.0258 0x0afc [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
09:38:51.0274 0x0afc vga - ok
09:38:51.0290 0x0afc [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave C:\Windows\System32\drivers\vga.sys
09:38:51.0351 0x0afc VgaSave - ok
09:38:51.0379 0x0afc [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
09:38:51.0399 0x0afc vhdmp - ok
09:38:51.0443 0x0afc [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide C:\Windows\system32\drivers\viaide.sys
09:38:51.0455 0x0afc viaide - ok
09:38:51.0480 0x0afc [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr C:\Windows\system32\drivers\volmgr.sys
09:38:51.0492 0x0afc volmgr - ok
09:38:51.0516 0x0afc [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
09:38:51.0549 0x0afc volmgrx - ok
09:38:51.0573 0x0afc [ 0D08D2F3B3FF84E433346669B5E0F639, 3D6716CEC95B8861A7CC5778E91F310528DC6BEE0E57A3C8757FC675154EBDEC ] volsnap C:\Windows\system32\drivers\volsnap.sys
09:38:51.0595 0x0afc volsnap - ok
09:38:51.0629 0x0afc [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
09:38:51.0645 0x0afc vsmraid - ok
09:38:51.0727 0x0afc [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS C:\Windows\system32\vssvc.exe
09:38:51.0834 0x0afc VSS - ok
09:38:51.0849 0x0afc [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
09:38:51.0864 0x0afc vwifibus - ok
09:38:51.0878 0x0afc [ 6A3D66263414FF0D6FA754C646612F3F, 30F6BA594B0D3B94113064015A16D97811CD989DF1715CCE21CEAB9894C1B4FB ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
09:38:51.0896 0x0afc vwififlt - ok
09:38:51.0926 0x0afc [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time C:\Windows\system32\w32time.dll
09:38:51.0979 0x0afc W32Time - ok
09:38:52.0001 0x0afc [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
09:38:52.0036 0x0afc WacomPen - ok
09:38:52.0057 0x0afc [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
09:38:52.0115 0x0afc WANARP - ok
09:38:52.0120 0x0afc [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
09:38:52.0155 0x0afc Wanarpv6 - ok
09:38:52.0241 0x0afc [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine C:\Windows\system32\wbengine.exe
09:38:52.0365 0x0afc wbengine - ok
09:38:52.0389 0x0afc [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
09:38:52.0415 0x0afc WbioSrvc - ok
09:38:52.0440 0x0afc [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc C:\Windows\System32\wcncsvc.dll
09:38:52.0496 0x0afc wcncsvc - ok
09:38:52.0517 0x0afc [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
09:38:52.0559 0x0afc WcsPlugInService - ok
09:38:52.0592 0x0afc [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd C:\Windows\system32\drivers\wd.sys
09:38:52.0603 0x0afc Wd - ok
09:38:52.0667 0x0afc [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
09:38:52.0717 0x0afc Wdf01000 - ok
09:38:52.0732 0x0afc [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiServiceHost C:\Windows\system32\wdi.dll
09:38:52.0815 0x0afc WdiServiceHost - ok
09:38:52.0822 0x0afc [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiSystemHost C:\Windows\system32\wdi.dll
09:38:52.0842 0x0afc WdiSystemHost - ok
09:38:52.0885 0x0afc [ 0EB0E5D22B1760F2DBCE632F2DD7A54D, B8A4CC62F88768947FB0A161CF9564DB28FD9C1C037B5475DF192982DE035C22 ] WebClient C:\Windows\System32\webclnt.dll
09:38:52.0948 0x0afc WebClient - ok
09:38:52.0980 0x0afc [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc C:\Windows\system32\wecsvc.dll
09:38:53.0043 0x0afc Wecsvc - ok
09:38:53.0067 0x0afc [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport C:\Windows\System32\wercplsupport.dll
09:38:53.0127 0x0afc wercplsupport - ok
09:38:53.0152 0x0afc [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc C:\Windows\System32\WerSvc.dll
09:38:53.0191 0x0afc WerSvc - ok
09:38:53.0212 0x0afc [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
09:38:53.0249 0x0afc WfpLwf - ok
09:38:53.0323 0x0afc [ 245EA6A2CFAE7B183EE9A14A4673B1F1, EED4B8FBB3B0802F64FE68018AA46F7326F851F26B05ABEAA40B59394B02C15F ] WiMAXAppSrv C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe
09:38:53.0389 0x0afc WiMAXAppSrv - detected UnsignedFile.Multi.Generic ( 1 )
09:38:56.0131 0x0afc Detect skipped due to KSN trusted
09:38:56.0131 0x0afc WiMAXAppSrv - ok
09:38:56.0228 0x0afc [ 52DED146E4797E6CCF94799E8E22BB2A, 57A29260D81AA3AD3F8C29E9CFA7CE3970D7A8BF673ADD9B256EE76C7DEC080E ] WimFltr C:\Windows\system32\DRIVERS\wimfltr.sys
09:38:56.0245 0x0afc WimFltr - ok
09:38:56.0261 0x0afc [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount C:\Windows\system32\drivers\wimmount.sys
09:38:56.0273 0x0afc WIMMount - ok
09:38:56.0303 0x0afc WinDefend - ok
09:38:56.0308 0x0afc WinHttpAutoProxySvc - ok
09:38:56.0384 0x0afc [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
09:38:56.0448 0x0afc Winmgmt - ok
09:38:56.0553 0x0afc [ BCB1310604AA415C4508708975B3931E, 9D943F086D454345153A0DD426B4432532A44FD87950386B186E1CAD2AC70565 ] WinRM C:\Windows\system32\WsmSvc.dll
09:38:56.0685 0x0afc WinRM - ok
09:38:56.0730 0x0afc [ FE88B288356E7B47B74B13372ADD906D, A16B166F6BB32EF9D2A142F27B9EC54CBC7B3AC915799783CF4C40E525BC9E03 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
09:38:56.0746 0x0afc WinUsb - ok
09:38:56.0797 0x0afc [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc C:\Windows\System32\wlansvc.dll
09:38:56.0880 0x0afc Wlansvc - ok
09:38:57.0068 0x0afc [ 357CABBF155AFD1D3926E62539D2A3A7, C43CFF84E7D930B4999DC061AB0766B57AAD7540B3E6EE54605B10ECE90825F5 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
09:38:57.0138 0x0afc wlidsvc - ok
09:38:57.0148 0x0afc [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
09:38:57.0160 0x0afc WmiAcpi - ok
09:38:57.0193 0x0afc [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
09:38:57.0212 0x0afc wmiApSrv - ok
09:38:57.0231 0x0afc WMPNetworkSvc - ok
09:38:57.0251 0x0afc [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc C:\Windows\System32\wpcsvc.dll
09:38:57.0275 0x0afc WPCSvc - ok
09:38:57.0294 0x0afc [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
09:38:57.0331 0x0afc WPDBusEnum - ok
09:38:57.0367 0x0afc [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
09:38:57.0419 0x0afc ws2ifsl - ok
09:38:57.0464 0x0afc [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc C:\Windows\system32\wscsvc.dll
09:38:57.0506 0x0afc wscsvc - ok
09:38:57.0509 0x0afc WSearch - ok
09:38:57.0677 0x0afc [ 0814A74C853F50B354F08F83DDA9F7FB, 0A63BAA8DE451B8C2C71FEF961718E769B9BAC305C76D24048C664CB27D0DF28 ] wuauserv C:\Windows\system32\wuaueng.dll
09:38:57.0839 0x0afc wuauserv - ok
09:38:57.0881 0x0afc [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
09:38:57.0933 0x0afc WudfPf - ok
09:38:57.0965 0x0afc [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
09:38:57.0983 0x0afc WUDFRd - ok
09:38:58.0026 0x0afc [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
09:38:58.0041 0x0afc wudfsvc - ok
09:38:58.0094 0x0afc [ 04F82965C09CBDF646B487E145060301, 2CD8533EDBE24C3E42EB7550E20F8A2EB9E5E345B165DEF543163A6BC1FDD18B ] WwanSvc C:\Windows\System32\wwansvc.dll
09:38:58.0148 0x0afc WwanSvc - ok
09:38:58.0160 0x0afc ================ Scan global ===============================
09:38:58.0208 0x0afc [ BA0CD8C393E8C9F83354106093832C7B, 18D8A4780A2BAA6CEF7FBBBDA0EF6BF2DADF146E1E578A618DD5859E8ADBF1A8 ] C:\Windows\system32\basesrv.dll
09:38:58.0253 0x0afc [ EA32F4EA3AE06EDD122FBCD5A489E457, C6E464170121D1714A367CFC80C5EA15D42AD34909039FDB114EAD3B878A47F6 ] C:\Windows\system32\winsrv.dll
09:38:58.0269 0x0afc [ EA32F4EA3AE06EDD122FBCD5A489E457, C6E464170121D1714A367CFC80C5EA15D42AD34909039FDB114EAD3B878A47F6 ] C:\Windows\system32\winsrv.dll
09:38:58.0305 0x0afc [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\Windows\system32\sxssrv.dll
09:38:58.0356 0x0afc [ 71C85477DF9347FE8E7BC55768473FCA, A86D6A6D1F5A0EFCD649792A06F3AE9B37158D48493D2ECA7F52DCC1CB9B6536 ] C:\Windows\system32\services.exe
09:38:58.0367 0x0afc [ Global ] - ok
09:38:58.0368 0x0afc ================ Scan MBR ==================================
09:38:58.0379 0x0afc [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
09:38:58.0778 0x0afc \Device\Harddisk0\DR0 - ok
09:38:58.0778 0x0afc ================ Scan VBR ==================================
09:38:58.0780 0x0afc [ 381E67F1A4677E515FCDE0F677D8711E ] \Device\Harddisk0\DR0\Partition1
09:38:58.0782 0x0afc \Device\Harddisk0\DR0\Partition1 - ok
09:38:58.0806 0x0afc [ 6E74C47ED5DE82FB6561E758378B54FC ] \Device\Harddisk0\DR0\Partition2
09:38:58.0809 0x0afc \Device\Harddisk0\DR0\Partition2 - ok
09:38:58.0810 0x0afc ================ Scan generic autorun ======================
09:38:58.0935 0x0afc [ 35BA4E6632BA690EA6421C1E03537D0E, 99D6B4DB12ABE3A7F44AB1B2D626978E85231185AE280D9516986027BC8385CB ] C:\Program Files\Microsoft Security Client\msseces.exe
09:38:58.0997 0x0afc MSC - ok
09:38:59.0021 0x0afc [ DD81D91FF3B0763C392422865C9AC12E, F5691B8F200E3196E6808E932630E862F8F26F31CD949981373F23C9D87DB8B9 ] C:\Windows\system32\rundll32.exe
09:38:59.0035 0x0afc Logitech Download Assistant - ok
09:38:59.0073 0x0afc [ 28062B17191C9450BF6C6C3EF8C7EB27, 4859C5708DFD119021F7B7FFB38F0B316675E1E4D5D51A10D4265F712CF8CDB6 ] C:\Windows\system32\igfxtray.exe
09:38:59.0086 0x0afc IgfxTray - ok
09:38:59.0117 0x0afc [ 28FC280487F0BAAE5E8119257C4EEF8C, F574BC70B79B77912FC683B3EB0BE6929E7758284ED5B47008E18B0E4A4A09FD ] C:\Windows\system32\hkcmd.exe
09:38:59.0136 0x0afc HotKeysCmds - ok
09:38:59.0185 0x0afc [ F29BEA821C753E4F00177690F70CDC13, 0EDB40F4A4C23553C0288E6E3AD65E7B523F6764C87C6C36C3ECB0C1940C5176 ] C:\Windows\system32\igfxpers.exe
09:38:59.0206 0x0afc Persistence - ok
09:38:59.0318 0x0afc [ 3E04F1E482357B1FC8B088197C3D9FF8, 85524ADDC27ADC831EBBD24E079B412CFDC69E5F594BD153319087665A28D546 ] C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
09:38:59.0374 0x0afc Adobe ARM - ok
09:38:59.0517 0x0afc [ 1B7406B1EEF9924D589A7007C3733877, A11A823B6213A3AB6B4516662AE48D35E971E0C93D6A1C9D9CECF27F9D0B0523 ] C:\Program Files (x86)\Rainlendar2\Rainlendar2.exe
09:38:59.0596 0x0afc Rainlendar2 - ok
09:38:59.0684 0x0afc [ 059C2F55E82C8EDB20E8F26B2A7D2B19, BC323A8B8E0C3A5C2ABF23EDA0314A6117B9C2BC417A66CA5D6B25773E84E8F1 ] C:\Program Files (x86)\Ruiware\WinPatrol\winpatrol.exe
09:38:59.0761 0x0afc WinPatrol - ok
09:38:59.0763 0x0afc Waiting for KSN requests completion. In queue: 26
09:39:00.0763 0x0afc Waiting for KSN requests completion. In queue: 26
09:39:01.0763 0x0afc Waiting for KSN requests completion. In queue: 26
09:39:02.0962 0x0afc AV detected via SS2: Microsoft Security Essentials, C:\Program Files\Microsoft Security Client\msseces.exe ( 4.8.204.0 ), 0x61000 ( enabled : updated )
09:39:03.0003 0x0afc Win FW state via NFP2: enabled
09:39:05.0657 0x0afc ============================================================
09:39:05.0657 0x0afc Scan finished
09:39:05.0657 0x0afc ============================================================
09:39:05.0664 0x0a9c Detected object count: 1
09:39:05.0664 0x0a9c Actual detected object count: 1
09:39:18.0011 0x0a9c BoxSyncUpdateService ( UnsignedFile.Multi.Generic ) - skipped by user
09:39:18.0011 0x0a9c BoxSyncUpdateService ( UnsignedFile.Multi.Generic ) - User select action: Skip
|
|
31.05.2015, 14:39
| #6 |
| /// the machine /// TB-Ausbilder | Glaube, mein Rechner ist verseucht. hi, Scan mit Combofix
__________________ --> Glaube, mein Rechner ist verseucht. |
|
31.05.2015, 16:03
| #7 |
| | Glaube, mein Rechner ist verseucht.Code:
ATTFilter ComboFix 15-05-28.01 - smoking caterpillar 31.05.2015 16:29:23.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.4000.1954 [GMT 2:00]
ausgeführt von:: c:\users\smoking caterpillar\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
SP: Microsoft Security Essentials *Disabled/Updated* {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\uninstall.exe
c:\uninstall.exe\023.dat
c:\uninstall.exe\023v.dat
c:\uninstall.exe\023w7.dat
c:\uninstall.exe\ActiveDrv.vbs
c:\uninstall.exe\AppDataFile.cfx
c:\uninstall.exe\AppDataFolder.cfx
c:\uninstall.exe\appinit.bad
c:\uninstall.exe\asp.str
c:\uninstall.exe\Assoc.cmd
c:\uninstall.exe\ATTRIB.3XE
c:\uninstall.exe\Auto-RC.cmd
c:\uninstall.exe\av.cmd
c:\uninstall.exe\av.vbs
c:\uninstall.exe\AWF.cmd
c:\uninstall.exe\badclsid
c:\uninstall.exe\BFE.dat
c:\uninstall.exe\Boot-Rk.cmd
c:\uninstall.exe\Boot.bat
c:\uninstall.exe\BootDrv.vbs
c:\uninstall.exe\c.bat
c:\uninstall.exe\c.mrk
c:\uninstall.exe\Catch-sub.cmd
c:\uninstall.exe\catchme.3XE
c:\uninstall.exe\CCS.bat
c:\uninstall.exe\CF-Script.cmd
c:\uninstall.exe\CF27003.3XE
c:\uninstall.exe\CHCP.bat
c:\uninstall.exe\clsid.c
c:\uninstall.exe\clsid.dat
c:\uninstall.exe\Clsid.hiv
c:\uninstall.exe\Combobatch.bat
c:\uninstall.exe\ComboFix-Download.3XE
c:\uninstall.exe\Create.cmd
c:\uninstall.exe\Creg.dat
c:\uninstall.exe\CregC.cmd
c:\uninstall.exe\CregC.dat
c:\uninstall.exe\CregC_.dat
c:\uninstall.exe\CSCRIPT.3XE
c:\uninstall.exe\d-delA.dat
c:\uninstall.exe\dd.3XE
c:\uninstall.exe\ddsDo.sed
c:\uninstall.exe\de-DE\ATTRIB.3XE.mui
c:\uninstall.exe\de-DE\CF27003.3XE.mui
c:\uninstall.exe\de-DE\cmd.3XE.mui
c:\uninstall.exe\de-DE\CSCRIPT.3XE.mui
c:\uninstall.exe\de-DE\PING.3XE.mui
c:\uninstall.exe\de-DE\REGT.3XE.mui
c:\uninstall.exe\de-DE\ROUTE.3XE.mui
c:\uninstall.exe\DelClsid.bat
c:\uninstall.exe\DelClsid64.bat
c:\uninstall.exe\desktop.ini
c:\uninstall.exe\DesktopFile.cfx
c:\uninstall.exe\DisclaimED.dat
c:\uninstall.exe\DPF.str
c:\uninstall.exe\DrvRun.vbs
c:\uninstall.exe\dumphive.3XE
c:\uninstall.exe\embedded.sed
c:\uninstall.exe\en-US\iexplore.exe
c:\uninstall.exe\ERDNT.e_e
c:\uninstall.exe\ERDNTDOS.LOC
c:\uninstall.exe\ERDNTWIN.LOC
c:\uninstall.exe\ERUNT.3XE
c:\uninstall.exe\erunt.dat
c:\uninstall.exe\ERUNT.LOC
c:\uninstall.exe\Exe.reg
c:\uninstall.exe\extract.3XE
c:\uninstall.exe\FavoriteFolder.cfx
c:\uninstall.exe\FavoritesFile.cfx
c:\uninstall.exe\FD-SV.cmd
c:\uninstall.exe\ffdefstr.dll
c:\uninstall.exe\ffext.pif
c:\uninstall.exe\FileKill.3XE
c:\uninstall.exe\files.pif
c:\uninstall.exe\Fin.dat
c:\uninstall.exe\FIND3M.bat
c:\uninstall.exe\FIXLSP.bat
c:\uninstall.exe\FIXLSP64.cmd
c:\uninstall.exe\FKMGen.cmd
c:\uninstall.exe\ForeignWht
c:\uninstall.exe\GetHive.cmd
c:\uninstall.exe\grep.3XE
c:\uninstall.exe\gsar.3XE
c:\uninstall.exe\handle.3XE
c:\uninstall.exe\hidec.3XE
c:\uninstall.exe\history.bat
c:\uninstall.exe\hwid.pif
c:\uninstall.exe\iexplore.exe
c:\uninstall.exe\image001.gif
c:\uninstall.exe\Imefile.dat
c:\uninstall.exe\Install-RC.cmd
c:\uninstall.exe\iphlpsvc.vista.dat
c:\uninstall.exe\iphlpsvc.w7.dat
c:\uninstall.exe\iphlpsvc.w8.dat
c:\uninstall.exe\katch.cmd
c:\uninstall.exe\Kill-All.cmd
c:\uninstall.exe\kmd.dat
c:\uninstall.exe\KNetSvcs.vbs
c:\uninstall.exe\Lang.bat
c:\uninstall.exe\List-B.bat
c:\uninstall.exe\List-C.bat
c:\uninstall.exe\List-D.bat
c:\uninstall.exe\List.bat
c:\uninstall.exe\lnkread.vbs
c:\uninstall.exe\LocalAppDataFile.cfx
c:\uninstall.exe\LocalAppDataFolder.cfx
c:\uninstall.exe\LocalService.dat
c:\uninstall.exe\LocalServiceNetworkRestricted.dat
c:\uninstall.exe\LocalSettingsFile.cfx
c:\uninstall.exe\LocalSettingsFolder.cfx
c:\uninstall.exe\LocalSystemNetworkRestricted.dat
c:\uninstall.exe\mbr.3XE
c:\uninstall.exe\mbr.chk
c:\uninstall.exe\md5sum.pif
c:\uninstall.exe\MDWht.dat
c:\uninstall.exe\MoveIt.bat
c:\uninstall.exe\MpsSvc.dat
c:\uninstall.exe\mtee.3XE
c:\uninstall.exe\MUI
c:\uninstall.exe\MWindows.dat
c:\uninstall.exe\mynul.dat
c:\uninstall.exe\MZChanged.dat
c:\uninstall.exe\N_\10094
c:\uninstall.exe\N_\11256
c:\uninstall.exe\N_\13145
c:\uninstall.exe\N_\1393
c:\uninstall.exe\N_\14148
c:\uninstall.exe\N_\15645
c:\uninstall.exe\N_\21484
c:\uninstall.exe\N_\21886
c:\uninstall.exe\N_\22695
c:\uninstall.exe\N_\22911
c:\uninstall.exe\N_\25476
c:\uninstall.exe\N_\26467
c:\uninstall.exe\N_\26943
c:\uninstall.exe\N_\27344
c:\uninstall.exe\N_\27747
c:\uninstall.exe\N_\32339
c:\uninstall.exe\N_\3499
c:\uninstall.exe\N_\4653
c:\uninstall.exe\N_\532
c:\uninstall.exe\N_\7183
c:\uninstall.exe\N_\828
c:\uninstall.exe\N_\9659
c:\uninstall.exe\N_\Path$
c:\uninstall.exe\ncmd.com
c:\uninstall.exe\ND_.bat
c:\uninstall.exe\ND_64.bat
c:\uninstall.exe\ndis_combofix.dat
c:\uninstall.exe\netsvc.bad.dat
c:\uninstall.exe\netsvc.dat
c:\uninstall.exe\NetworkService.dat
c:\uninstall.exe\NirCmd.3XE
c:\uninstall.exe\NircmdB.exe
c:\uninstall.exe\NirCmdC.3XE
c:\uninstall.exe\NIRKMD.3XE
c:\uninstall.exe\NlsLanguageDefault
c:\uninstall.exe\NT-OS.cmd
c:\uninstall.exe\NULL
c:\uninstall.exe\OSid.vbs
c:\uninstall.exe\pausep.3XE
c:\uninstall.exe\PersonalFile.cfx
c:\uninstall.exe\PersonalFolder.cfx
c:\uninstall.exe\pev.3XE
c:\uninstall.exe\PEV.exe
c:\uninstall.exe\pevb.3XE
c:\uninstall.exe\PING.3XE
c:\uninstall.exe\Policies.dat
c:\uninstall.exe\powp.dat
c:\uninstall.exe\Prep.inf
c:\uninstall.exe\ProfilesFile.cfx
c:\uninstall.exe\ProfilesFolder.cfx
c:\uninstall.exe\ProgramsFile.cfx
c:\uninstall.exe\ProgramsFolder.cfx
c:\uninstall.exe\Purity.dat
c:\uninstall.exe\PV.3XE
c:\uninstall.exe\pv.com
c:\uninstall.exe\rar_sfx.cmd
c:\uninstall.exe\RCLink.dat
c:\uninstall.exe\REGDACL.sed
c:\uninstall.exe\RegDo.sed
c:\uninstall.exe\region.dat
c:\uninstall.exe\RegScan.cmd
c:\uninstall.exe\RegScan64.cmd
c:\uninstall.exe\REGT.3XE
c:\uninstall.exe\Resident.txt
c:\uninstall.exe\restore_pt.vbs
c:\uninstall.exe\Rkey.cmd
c:\uninstall.exe\rmbr.3XE
c:\uninstall.exe\RNullFix64.3XE
c:\uninstall.exe\rogues.dat
c:\uninstall.exe\ROUTE.3XE
c:\uninstall.exe\run2.sed
c:\uninstall.exe\Rust.str
c:\uninstall.exe\s0rt.3XE
c:\uninstall.exe\safeboot.dat
c:\uninstall.exe\safeboot.def.dat
c:\uninstall.exe\sed.3XE
c:\uninstall.exe\SetEnvmt.bat
c:\uninstall.exe\setpath.3XE
c:\uninstall.exe\setpath_N.cmd
c:\uninstall.exe\SF.exe
c:\uninstall.exe\sfx.cmd
c:\uninstall.exe\ShAccess.dat
c:\uninstall.exe\smoking caterpillar.user.cf
c:\uninstall.exe\SnapShot.cmd
c:\uninstall.exe\sqlite3.3XE
c:\uninstall.exe\SRestore.cmd
c:\uninstall.exe\srizbi.md5
c:\uninstall.exe\Start_dat
c:\uninstall.exe\StartMenuFile.cfx
c:\uninstall.exe\StartMenuFolder.cfx
c:\uninstall.exe\StartUpFile.cfx
c:\uninstall.exe\SuppScan.cmd
c:\uninstall.exe\svc_wht.dat
c:\uninstall.exe\SvcDrv.vbs
c:\uninstall.exe\svchost.dat
c:\uninstall.exe\swreg.3XE
c:\uninstall.exe\swsc.3XE
c:\uninstall.exe\swxcacls.3XE
c:\uninstall.exe\system_ini.dat
c:\uninstall.exe\tail.3XE
c:\uninstall.exe\TemplatesFile.cfx
c:\uninstall.exe\TemplatesFolder.cfx
c:\uninstall.exe\toolbar.sed
c:\uninstall.exe\Update-CF.cmd
c:\uninstall.exe\VBR.pif
c:\uninstall.exe\VerCF.bat
c:\uninstall.exe\VikPev00
c:\uninstall.exe\VInfo
c:\uninstall.exe\VInfo2
c:\uninstall.exe\VINFO3
c:\uninstall.exe\Vipev.dat
c:\uninstall.exe\Vista.krl
c:\uninstall.exe\vistaMcode.dat
c:\uninstall.exe\vun.dat
c:\uninstall.exe\VwinTemp.dacl
c:\uninstall.exe\W6432.dat
c:\uninstall.exe\W7.mac
c:\uninstall.exe\w7Mcode.dat
c:\uninstall.exe\w7reg.dat
c:\uninstall.exe\w8reg.dat
c:\uninstall.exe\Wmi_rem.vbs
c:\uninstall.exe\xpmcode.dat
c:\uninstall.exe\XPSBoot.reg
c:\uninstall.exe\zDomain.dat
c:\uninstall.exe\zhsvc.dat
c:\uninstall.exe\zip.3XE
c:\users\SMOKIN~1\AppData\Local\Temp\WLZ11D3.tmp\auth.lng
c:\users\SMOKIN~1\AppData\Local\Temp\WLZ11D3.tmp\burnlib.lng
c:\users\SMOKIN~1\AppData\Local\Temp\WLZ11D3.tmp\dsp_sps.lng
c:\users\SMOKIN~1\AppData\Local\Temp\WLZ11D3.tmp\enc_fhgaac.lng
c:\users\SMOKIN~1\AppData\Local\Temp\WLZ11D3.tmp\enc_flac.lng
c:\users\SMOKIN~1\AppData\Local\Temp\WLZ11D3.tmp\enc_lame.lng
c:\users\SMOKIN~1\AppData\Local\Temp\WLZ11D3.tmp\enc_vorbis.lng
c:\users\SMOKIN~1\AppData\Local\Temp\WLZ11D3.tmp\enc_wav.lng
c:\users\SMOKIN~1\AppData\Local\Temp\WLZ11D3.tmp\enc_wma.lng
c:\users\SMOKIN~1\AppData\Local\Temp\WLZ11D3.tmp\gen_classicart.lng
c:\users\SMOKIN~1\AppData\Local\Temp\WLZ11D3.tmp\gen_crasher.lng
c:\users\SMOKIN~1\AppData\Local\Temp\WLZ11D3.tmp\gen_ff.lng
c:\users\SMOKIN~1\AppData\Local\Temp\WLZ11D3.tmp\gen_find_on_disk.lng
c:\users\SMOKIN~1\AppData\Local\Temp\WLZ11D3.tmp\gen_hotkeys.lng
c:\users\SMOKIN~1\AppData\Local\Temp\WLZ11D3.tmp\gen_jumpex.lng
c:\users\SMOKIN~1\AppData\Local\Temp\WLZ11D3.tmp\gen_jumpex_original.lng
c:\users\SMOKIN~1\AppData\Local\Temp\WLZ11D3.tmp\gen_ml.lng
c:\users\SMOKIN~1\AppData\Local\Temp\WLZ11D3.tmp\gen_nopro.lng
c:\users\SMOKIN~1\AppData\Local\Temp\WLZ11D3.tmp\gen_orgler.lng
c:\users\SMOKIN~1\AppData\Local\Temp\WLZ11D3.tmp\gen_play_remove.lng
c:\users\SMOKIN~1\AppData\Local\Temp\WLZ11D3.tmp\gen_skinmanager.lng
c:\users\SMOKIN~1\AppData\Local\Temp\WLZ11D3.tmp\gen_timerestore.lng
c:\users\SMOKIN~1\AppData\Local\Temp\WLZ11D3.tmp\gen_tray.lng
c:\users\SMOKIN~1\AppData\Local\Temp\WLZ11D3.tmp\gen_undo.lng
c:\users\SMOKIN~1\AppData\Local\Temp\WLZ11D3.tmp\in_avi.lng
c:\users\SMOKIN~1\AppData\Local\Temp\WLZ11D3.tmp\in_cdda.lng
c:\users\SMOKIN~1\AppData\Local\Temp\WLZ11D3.tmp\in_dshow.lng
c:\users\SMOKIN~1\AppData\Local\Temp\WLZ11D3.tmp\in_flac.lng
c:\users\SMOKIN~1\AppData\Local\Temp\WLZ11D3.tmp\in_flv.lng
c:\users\SMOKIN~1\AppData\Local\Temp\WLZ11D3.tmp\in_linein.lng
c:\users\SMOKIN~1\AppData\Local\Temp\WLZ11D3.tmp\in_midi.lng
c:\users\SMOKIN~1\AppData\Local\Temp\WLZ11D3.tmp\in_mkv.lng
c:\users\SMOKIN~1\AppData\Local\Temp\WLZ11D3.tmp\in_mod.lng
c:\users\SMOKIN~1\AppData\Local\Temp\WLZ11D3.tmp\in_mp3.lng
c:\users\SMOKIN~1\AppData\Local\Temp\WLZ11D3.tmp\in_mp4.lng
c:\users\SMOKIN~1\AppData\Local\Temp\WLZ11D3.tmp\in_nsv.lng
c:\users\SMOKIN~1\AppData\Local\Temp\WLZ11D3.tmp\in_swf.lng
c:\users\SMOKIN~1\AppData\Local\Temp\WLZ11D3.tmp\in_vorbis.lng
c:\users\SMOKIN~1\AppData\Local\Temp\WLZ11D3.tmp\in_wav.lng
c:\users\SMOKIN~1\AppData\Local\Temp\WLZ11D3.tmp\in_wave.lng
c:\users\SMOKIN~1\AppData\Local\Temp\WLZ11D3.tmp\in_wm.lng
c:\users\SMOKIN~1\AppData\Local\Temp\WLZ11D3.tmp\in_wv.lng
c:\users\SMOKIN~1\AppData\Local\Temp\WLZ11D3.tmp\ml_addons.lng
c:\users\SMOKIN~1\AppData\Local\Temp\WLZ11D3.tmp\ml_autotag.lng
c:\users\SMOKIN~1\AppData\Local\Temp\WLZ11D3.tmp\ml_bookmarks.lng
c:\users\SMOKIN~1\AppData\Local\Temp\WLZ11D3.tmp\ml_devices.lng
c:\users\SMOKIN~1\AppData\Local\Temp\WLZ11D3.tmp\ml_disc.lng
c:\users\SMOKIN~1\AppData\Local\Temp\WLZ11D3.tmp\ml_downloads.lng
c:\users\SMOKIN~1\AppData\Local\Temp\WLZ11D3.tmp\ml_enqplay.lng
c:\users\SMOKIN~1\AppData\Local\Temp\WLZ11D3.tmp\ml_history.lng
c:\users\SMOKIN~1\AppData\Local\Temp\WLZ11D3.tmp\ml_impex.lng
c:\users\SMOKIN~1\AppData\Local\Temp\WLZ11D3.tmp\ml_local.lng
c:\users\SMOKIN~1\AppData\Local\Temp\WLZ11D3.tmp\ml_nowplaying.lng
c:\users\SMOKIN~1\AppData\Local\Temp\WLZ11D3.tmp\ml_online.lng
c:\users\SMOKIN~1\AppData\Local\Temp\WLZ11D3.tmp\ml_orb.lng
c:\users\SMOKIN~1\AppData\Local\Temp\WLZ11D3.tmp\ml_playlists.lng
c:\users\SMOKIN~1\AppData\Local\Temp\WLZ11D3.tmp\ml_plg.lng
c:\users\SMOKIN~1\AppData\Local\Temp\WLZ11D3.tmp\ml_pmp.lng
c:\users\SMOKIN~1\AppData\Local\Temp\WLZ11D3.tmp\ml_rg.lng
c:\users\SMOKIN~1\AppData\Local\Temp\WLZ11D3.tmp\ml_transcode.lng
c:\users\SMOKIN~1\AppData\Local\Temp\WLZ11D3.tmp\ml_wire.lng
c:\users\SMOKIN~1\AppData\Local\Temp\WLZ11D3.tmp\ombrowser.lng
c:\users\SMOKIN~1\AppData\Local\Temp\WLZ11D3.tmp\out_disk.lng
c:\users\SMOKIN~1\AppData\Local\Temp\WLZ11D3.tmp\out_ds.lng
c:\users\SMOKIN~1\AppData\Local\Temp\WLZ11D3.tmp\out_wave.lng
c:\users\SMOKIN~1\AppData\Local\Temp\WLZ11D3.tmp\playlist.lng
c:\users\SMOKIN~1\AppData\Local\Temp\WLZ11D3.tmp\pmp_activesync.lng
c:\users\SMOKIN~1\AppData\Local\Temp\WLZ11D3.tmp\pmp_android.lng
c:\users\SMOKIN~1\AppData\Local\Temp\WLZ11D3.tmp\pmp_ipod.lng
c:\users\SMOKIN~1\AppData\Local\Temp\WLZ11D3.tmp\pmp_njb.lng
c:\users\SMOKIN~1\AppData\Local\Temp\WLZ11D3.tmp\pmp_p4s.lng
c:\users\SMOKIN~1\AppData\Local\Temp\WLZ11D3.tmp\pmp_usb.lng
c:\users\SMOKIN~1\AppData\Local\Temp\WLZ11D3.tmp\pmp_wifi.lng
c:\users\SMOKIN~1\AppData\Local\Temp\WLZ11D3.tmp\tagz.lng
c:\users\SMOKIN~1\AppData\Local\Temp\WLZ11D3.tmp\vis_avs.lng
c:\users\SMOKIN~1\AppData\Local\Temp\WLZ11D3.tmp\vis_milk2.lng
c:\users\SMOKIN~1\AppData\Local\Temp\WLZ11D3.tmp\vis_nsfs.lng
c:\users\SMOKIN~1\AppData\Local\Temp\WLZ11D3.tmp\winamp.lng
c:\users\SMOKIN~1\AppData\Local\Temp\WLZ11D3.tmp\winampa.lng
c:\users\smoking caterpillar\AppData\Local\Temp\WLZ11D3.tmp\auth.lng
c:\users\smoking caterpillar\AppData\Local\Temp\WLZ11D3.tmp\burnlib.lng
c:\users\smoking caterpillar\AppData\Local\Temp\WLZ11D3.tmp\dsp_sps.lng
c:\users\smoking caterpillar\AppData\Local\Temp\WLZ11D3.tmp\enc_fhgaac.lng
c:\users\smoking caterpillar\AppData\Local\Temp\WLZ11D3.tmp\enc_flac.lng
c:\users\smoking caterpillar\AppData\Local\Temp\WLZ11D3.tmp\enc_lame.lng
c:\users\smoking caterpillar\AppData\Local\Temp\WLZ11D3.tmp\enc_vorbis.lng
c:\users\smoking caterpillar\AppData\Local\Temp\WLZ11D3.tmp\enc_wav.lng
c:\users\smoking caterpillar\AppData\Local\Temp\WLZ11D3.tmp\enc_wma.lng
c:\users\smoking caterpillar\AppData\Local\Temp\WLZ11D3.tmp\gen_classicart.lng
c:\users\smoking caterpillar\AppData\Local\Temp\WLZ11D3.tmp\gen_crasher.lng
c:\users\smoking caterpillar\AppData\Local\Temp\WLZ11D3.tmp\gen_ff.lng
c:\users\smoking caterpillar\AppData\Local\Temp\WLZ11D3.tmp\gen_find_on_disk.lng
c:\users\smoking caterpillar\AppData\Local\Temp\WLZ11D3.tmp\gen_hotkeys.lng
c:\users\smoking caterpillar\AppData\Local\Temp\WLZ11D3.tmp\gen_jumpex.lng
c:\users\smoking caterpillar\AppData\Local\Temp\WLZ11D3.tmp\gen_jumpex_original.lng
c:\users\smoking caterpillar\AppData\Local\Temp\WLZ11D3.tmp\gen_ml.lng
c:\users\smoking caterpillar\AppData\Local\Temp\WLZ11D3.tmp\gen_nopro.lng
c:\users\smoking caterpillar\AppData\Local\Temp\WLZ11D3.tmp\gen_orgler.lng
c:\users\smoking caterpillar\AppData\Local\Temp\WLZ11D3.tmp\gen_play_remove.lng
c:\users\smoking caterpillar\AppData\Local\Temp\WLZ11D3.tmp\gen_skinmanager.lng
c:\users\smoking caterpillar\AppData\Local\Temp\WLZ11D3.tmp\gen_timerestore.lng
c:\users\smoking caterpillar\AppData\Local\Temp\WLZ11D3.tmp\gen_tray.lng
c:\users\smoking caterpillar\AppData\Local\Temp\WLZ11D3.tmp\gen_undo.lng
c:\users\smoking caterpillar\AppData\Local\Temp\WLZ11D3.tmp\in_avi.lng
c:\users\smoking caterpillar\AppData\Local\Temp\WLZ11D3.tmp\in_cdda.lng
c:\users\smoking caterpillar\AppData\Local\Temp\WLZ11D3.tmp\in_dshow.lng
c:\users\smoking caterpillar\AppData\Local\Temp\WLZ11D3.tmp\in_flac.lng
c:\users\smoking caterpillar\AppData\Local\Temp\WLZ11D3.tmp\in_flv.lng
c:\users\smoking caterpillar\AppData\Local\Temp\WLZ11D3.tmp\in_linein.lng
c:\users\smoking caterpillar\AppData\Local\Temp\WLZ11D3.tmp\in_midi.lng
c:\users\smoking caterpillar\AppData\Local\Temp\WLZ11D3.tmp\in_mkv.lng
c:\users\smoking caterpillar\AppData\Local\Temp\WLZ11D3.tmp\in_mod.lng
c:\users\smoking caterpillar\AppData\Local\Temp\WLZ11D3.tmp\in_mp3.lng
c:\users\smoking caterpillar\AppData\Local\Temp\WLZ11D3.tmp\in_mp4.lng
c:\users\smoking caterpillar\AppData\Local\Temp\WLZ11D3.tmp\in_nsv.lng
c:\users\smoking caterpillar\AppData\Local\Temp\WLZ11D3.tmp\in_swf.lng
c:\users\smoking caterpillar\AppData\Local\Temp\WLZ11D3.tmp\in_vorbis.lng
c:\users\smoking caterpillar\AppData\Local\Temp\WLZ11D3.tmp\in_wav.lng
c:\users\smoking caterpillar\AppData\Local\Temp\WLZ11D3.tmp\in_wave.lng
c:\users\smoking caterpillar\AppData\Local\Temp\WLZ11D3.tmp\in_wm.lng
c:\users\smoking caterpillar\AppData\Local\Temp\WLZ11D3.tmp\in_wv.lng
c:\users\smoking caterpillar\AppData\Local\Temp\WLZ11D3.tmp\ml_addons.lng
c:\users\smoking caterpillar\AppData\Local\Temp\WLZ11D3.tmp\ml_autotag.lng
c:\users\smoking caterpillar\AppData\Local\Temp\WLZ11D3.tmp\ml_bookmarks.lng
c:\users\smoking caterpillar\AppData\Local\Temp\WLZ11D3.tmp\ml_devices.lng
c:\users\smoking caterpillar\AppData\Local\Temp\WLZ11D3.tmp\ml_disc.lng
c:\users\smoking caterpillar\AppData\Local\Temp\WLZ11D3.tmp\ml_downloads.lng
c:\users\smoking caterpillar\AppData\Local\Temp\WLZ11D3.tmp\ml_enqplay.lng
c:\users\smoking caterpillar\AppData\Local\Temp\WLZ11D3.tmp\ml_history.lng
c:\users\smoking caterpillar\AppData\Local\Temp\WLZ11D3.tmp\ml_impex.lng
c:\users\smoking caterpillar\AppData\Local\Temp\WLZ11D3.tmp\ml_local.lng
c:\users\smoking caterpillar\AppData\Local\Temp\WLZ11D3.tmp\ml_nowplaying.lng
c:\users\smoking caterpillar\AppData\Local\Temp\WLZ11D3.tmp\ml_online.lng
c:\users\smoking caterpillar\AppData\Local\Temp\WLZ11D3.tmp\ml_orb.lng
c:\users\smoking caterpillar\AppData\Local\Temp\WLZ11D3.tmp\ml_playlists.lng
c:\users\smoking caterpillar\AppData\Local\Temp\WLZ11D3.tmp\ml_plg.lng
c:\users\smoking caterpillar\AppData\Local\Temp\WLZ11D3.tmp\ml_pmp.lng
c:\users\smoking caterpillar\AppData\Local\Temp\WLZ11D3.tmp\ml_rg.lng
c:\users\smoking caterpillar\AppData\Local\Temp\WLZ11D3.tmp\ml_transcode.lng
c:\users\smoking caterpillar\AppData\Local\Temp\WLZ11D3.tmp\ml_wire.lng
c:\users\smoking caterpillar\AppData\Local\Temp\WLZ11D3.tmp\ombrowser.lng
c:\users\smoking caterpillar\AppData\Local\Temp\WLZ11D3.tmp\out_disk.lng
c:\users\smoking caterpillar\AppData\Local\Temp\WLZ11D3.tmp\out_ds.lng
c:\users\smoking caterpillar\AppData\Local\Temp\WLZ11D3.tmp\out_wave.lng
c:\users\smoking caterpillar\AppData\Local\Temp\WLZ11D3.tmp\playlist.lng
c:\users\smoking caterpillar\AppData\Local\Temp\WLZ11D3.tmp\pmp_activesync.lng
c:\users\smoking caterpillar\AppData\Local\Temp\WLZ11D3.tmp\pmp_android.lng
c:\users\smoking caterpillar\AppData\Local\Temp\WLZ11D3.tmp\pmp_ipod.lng
c:\users\smoking caterpillar\AppData\Local\Temp\WLZ11D3.tmp\pmp_njb.lng
c:\users\smoking caterpillar\AppData\Local\Temp\WLZ11D3.tmp\pmp_p4s.lng
c:\users\smoking caterpillar\AppData\Local\Temp\WLZ11D3.tmp\pmp_usb.lng
c:\users\smoking caterpillar\AppData\Local\Temp\WLZ11D3.tmp\pmp_wifi.lng
c:\users\smoking caterpillar\AppData\Local\Temp\WLZ11D3.tmp\tagz.lng
c:\users\smoking caterpillar\AppData\Local\Temp\WLZ11D3.tmp\vis_avs.lng
c:\users\smoking caterpillar\AppData\Local\Temp\WLZ11D3.tmp\vis_milk2.lng
c:\users\smoking caterpillar\AppData\Local\Temp\WLZ11D3.tmp\vis_nsfs.lng
c:\users\smoking caterpillar\AppData\Local\Temp\WLZ11D3.tmp\winamp.lng
c:\users\smoking caterpillar\AppData\Local\Temp\WLZ11D3.tmp\winampa.lng
.
.
((((((((((((((((((((((( Dateien erstellt von 2015-04-28 bis 2015-05-31 ))))))))))))))))))))))))))))))
.
.
2015-05-31 14:49 . 2015-05-31 14:49 -------- d-----w- c:\users\Public\AppData\Local\temp
2015-05-31 14:49 . 2015-05-31 14:49 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-05-31 14:49 . 2015-05-31 14:49 -------- d-----w- c:\users\Ich\AppData\Local\temp
2015-05-31 06:58 . 2015-05-03 03:16 12214312 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{46E370E7-D744-4459-98A3-0D795FEFC870}\mpengine.dll
2015-05-31 06:50 . 2015-05-31 07:33 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
2015-05-30 13:14 . 2015-05-30 13:17 -------- d-----w- C:\FRST
2015-05-29 19:57 . 2015-05-03 03:16 12214312 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2015-05-24 08:09 . 2015-03-26 18:36 1187344 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E059CAD5-D857-4CEB-93B2-5B54FE637F52}\gapaengine.dll
2015-05-24 07:51 . 2015-05-24 07:51 -------- d-----w- C:\found.001
2015-05-13 01:11 . 2015-05-01 13:17 124112 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-13 01:11 . 2015-05-01 13:16 102608 ----a-w- c:\windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
2015-05-12 21:31 . 2015-04-21 17:14 24971776 ----a-w- c:\windows\system32\mshtml.dll
2015-05-12 04:43 . 2015-05-12 04:43 -------- d-----w- C:\found.000
2015-05-01 18:10 . 2015-05-01 18:10 229608 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\nppdf32.dll
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-05-31 06:50 . 2015-03-27 14:41 136408 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-05-31 06:48 . 2015-03-27 14:40 107736 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2015-05-31 06:44 . 2012-10-02 16:24 778416 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2015-05-31 06:44 . 2012-10-02 16:24 142512 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-05-13 01:21 . 2012-10-02 15:28 140425016 ----a-w- c:\windows\system32\MRT.exe
2015-04-19 08:23 . 2014-01-15 18:53 111016 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll
2015-04-19 08:22 . 2014-10-20 15:19 98216 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2015-03-26 18:36 . 2012-10-05 06:17 1187344 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2015-03-25 03:24 . 2015-04-15 14:37 3298816 ----a-w- c:\windows\system32\wucltux.dll
2015-03-25 03:24 . 2015-04-15 14:36 98304 ----a-w- c:\windows\system32\wudriver.dll
2015-03-25 03:24 . 2015-04-15 14:36 37376 ----a-w- c:\windows\system32\wups2.dll
2015-03-25 03:24 . 2015-04-15 14:36 35328 ----a-w- c:\windows\system32\wups.dll
2015-03-25 03:24 . 2015-04-15 14:36 2553856 ----a-w- c:\windows\system32\wuaueng.dll
2015-03-25 03:24 . 2015-04-15 14:36 191488 ----a-w- c:\windows\system32\wuwebv.dll
2015-03-25 03:24 . 2015-04-15 14:37 696320 ----a-w- c:\windows\system32\wuapi.dll
2015-03-25 03:24 . 2015-04-15 14:37 60416 ----a-w- c:\windows\system32\WinSetupUI.dll
2015-03-25 03:23 . 2015-04-15 14:36 12288 ----a-w- c:\windows\system32\wu.upgrade.ps.dll
2015-03-25 03:23 . 2015-04-15 14:37 36864 ----a-w- c:\windows\system32\wuapp.exe
2015-03-25 03:23 . 2015-04-15 14:37 135168 ----a-w- c:\windows\system32\wuauclt.exe
2015-03-25 03:00 . 2015-04-15 14:37 92672 ----a-w- c:\windows\SysWow64\wudriver.dll
2015-03-25 03:00 . 2015-04-15 14:37 29696 ----a-w- c:\windows\SysWow64\wups.dll
2015-03-25 03:00 . 2015-04-15 14:37 173056 ----a-w- c:\windows\SysWow64\wuwebv.dll
2015-03-25 03:00 . 2015-04-15 14:37 566784 ----a-w- c:\windows\SysWow64\wuapi.dll
2015-03-25 03:00 . 2015-04-15 14:37 33792 ----a-w- c:\windows\SysWow64\wuapp.exe
2015-03-17 05:22 . 2015-04-15 14:36 5557696 ----a-w- c:\windows\system32\ntoskrnl.exe
2015-03-17 05:19 . 2015-04-15 14:36 1727904 ----a-w- c:\windows\system32\ntdll.dll
2015-03-17 05:17 . 2015-04-15 14:36 362496 ----a-w- c:\windows\system32\wow64win.dll
2015-03-17 05:17 . 2015-04-15 14:36 243712 ----a-w- c:\windows\system32\wow64.dll
2015-03-17 05:17 . 2015-04-15 14:36 13312 ----a-w- c:\windows\system32\wow64cpu.dll
2015-03-17 05:16 . 2015-04-15 14:36 215040 ----a-w- c:\windows\system32\winsrv.dll
2015-03-17 05:16 . 2015-04-15 14:36 503808 ----a-w- c:\windows\system32\srcore.dll
2015-03-17 05:16 . 2015-04-15 14:36 50176 ----a-w- c:\windows\system32\srclient.dll
2015-03-17 05:16 . 2015-04-15 14:36 16384 ----a-w- c:\windows\system32\ntvdm64.dll
2015-03-17 05:16 . 2015-04-15 14:36 424448 ----a-w- c:\windows\system32\KernelBase.dll
2015-03-17 05:16 . 2015-04-15 14:36 1163264 ----a-w- c:\windows\system32\kernel32.dll
2015-03-17 05:16 . 2015-04-15 14:36 43520 ----a-w- c:\windows\system32\csrsrv.dll
2015-03-17 05:16 . 2015-04-15 14:36 112640 ----a-w- c:\windows\system32\smss.exe
2015-03-17 05:16 . 2015-04-15 14:36 296960 ----a-w- c:\windows\system32\rstrui.exe
2015-03-17 05:15 . 2015-04-15 14:36 338432 ----a-w- c:\windows\system32\conhost.exe
2015-03-17 05:15 . 2015-03-27 14:40 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
2015-03-17 05:15 . 2015-03-27 14:40 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2015-03-17 05:11 . 2015-04-15 14:36 3584 ---ha-w- c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-03-17 05:11 . 2015-04-15 14:36 5120 ---ha-w- c:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-03-17 05:11 . 2015-04-15 14:36 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-03-17 05:11 . 2015-04-15 14:36 4096 ---ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-03-17 05:11 . 2015-04-15 14:36 3072 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-03-17 05:11 . 2015-04-15 14:36 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-03-17 05:11 . 2015-04-15 14:36 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-03-17 05:11 . 2015-04-15 14:36 4096 ---ha-w- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-03-17 05:11 . 2015-04-15 14:36 3584 ---ha-w- c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-03-17 05:11 . 2015-04-15 14:36 3584 ---ha-w- c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-03-17 05:11 . 2015-04-15 14:36 3072 ---ha-w- c:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-03-17 05:11 . 2015-04-15 14:36 3072 ---ha-w- c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-03-17 05:11 . 2015-04-15 14:36 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-03-17 05:11 . 2015-04-15 14:36 3584 ---ha-w- c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-03-17 05:11 . 2015-04-15 14:36 3584 ---ha-w- c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-03-17 05:11 . 2015-04-15 14:36 3584 ---ha-w- c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-03-17 05:11 . 2015-04-15 14:36 3584 ---ha-w- c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-03-17 05:11 . 2015-04-15 14:36 3072 ---ha-w- c:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-03-17 05:11 . 2015-04-15 14:36 3072 ---ha-w- c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-03-17 05:11 . 2015-04-15 14:36 3072 ---ha-w- c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-03-17 05:11 . 2015-04-15 14:36 3072 ---ha-w- c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-03-17 05:11 . 2015-04-15 14:36 3072 ---ha-w- c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-03-17 05:11 . 2015-04-15 14:36 3072 ---ha-w- c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-03-17 05:11 . 2015-04-15 14:36 3072 ---ha-w- c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-03-17 05:11 . 2015-04-15 14:36 3072 ---ha-w- c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-03-17 05:11 . 2015-04-15 14:36 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-03-17 05:11 . 2015-04-15 14:36 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-03-17 05:11 . 2015-04-15 14:36 3072 ---ha-w- c:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-03-17 05:11 . 2015-04-15 14:36 6656 ----a-w- c:\windows\system32\apisetschema.dll
2015-03-17 05:01 . 2015-04-15 14:36 3920824 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2015-03-17 05:01 . 2015-04-15 14:36 3976632 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2015-03-17 04:59 . 2015-04-15 14:36 1309696 ----a-w- c:\windows\SysWow64\ntdll.dll
2015-03-17 04:57 . 2015-04-15 14:36 43008 ----a-w- c:\windows\SysWow64\srclient.dll
2015-03-17 04:57 . 2015-04-15 14:36 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll
2015-03-17 04:56 . 2015-04-15 14:36 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2015-03-17 04:56 . 2015-04-15 14:36 25600 ----a-w- c:\windows\SysWow64\setup16.exe
2015-03-17 04:56 . 2015-04-15 14:36 5120 ----a-w- c:\windows\SysWow64\wow32.dll
2015-03-17 04:56 . 2015-04-15 14:36 274944 ----a-w- c:\windows\SysWow64\KernelBase.dll
2015-03-17 04:50 . 2015-04-15 14:36 6656 ----a-w- c:\windows\SysWow64\apisetschema.dll
2015-03-17 04:50 . 2015-04-15 14:36 5120 ---ha-w- c:\windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
2015-03-17 04:50 . 2015-04-15 14:36 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-03-17 04:50 . 2015-04-15 14:36 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
2015-03-17 04:50 . 2015-04-15 14:36 4608 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
2015-03-17 04:50 . 2015-04-15 14:36 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-03-17 04:50 . 2015-04-15 14:36 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
2015-03-17 04:50 . 2015-04-15 14:36 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-03-17 04:50 . 2015-04-15 14:36 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
2015-03-17 04:50 . 2015-04-15 14:36 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
2015-03-17 04:50 . 2015-04-15 14:36 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
2015-03-17 04:50 . 2015-04-15 14:36 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-03-17 04:50 . 2015-04-15 14:36 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
2015-03-17 04:50 . 2015-04-15 14:36 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
2015-03-17 04:50 . 2015-04-15 14:36 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
2015-03-17 04:50 . 2015-04-15 14:36 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
2015-03-17 04:50 . 2015-04-15 14:36 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
2015-03-17 04:50 . 2015-04-15 14:36 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
2015-03-17 04:50 . 2015-04-15 14:36 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-03-17 04:50 . 2015-04-15 14:36 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-03-17 04:50 . 2015-04-15 14:36 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2015-04-14 15:19 1729752 ----a-w- c:\progra~2\MICROS~3\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2015-04-14 15:19 1729752 ----a-w- c:\progra~2\MICROS~3\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2015-04-14 15:19 1729752 ----a-w- c:\progra~2\MICROS~3\Office15\GROOVEEX.DLL
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Rainlendar2"="c:\program files (x86)\Rainlendar2\Rainlendar2.exe" [2013-03-10 2598496]
"WinPatrol"="c:\program files (x86)\Ruiware\WinPatrol\winpatrol.exe" [2014-07-21 1154112]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-12-19 1022152]
.
c:\users\smoking caterpillar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\smoking caterpillar\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2015-5-5 43374104]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableSecureUIAPath"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe;c:\program files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft-Netzwerkinspektion;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R4 DMAgent;Intel® PROSet/Wireless WiMAX Red Bend Device Management Service;c:\program files\Intel\WiMAX\Bin\DMAgent.exe;c:\program files\Intel\WiMAX\Bin\DMAgent.exe [x]
R4 WiMAXAppSrv;Intel® PROSet/Wireless WiMAX Service;c:\program files\Intel\WiMAX\Bin\AppSrv.exe;c:\program files\Intel\WiMAX\Bin\AppSrv.exe [x]
S2 BoxSyncUpdateService;Box Sync Update Service;c:\program files\Box\Box Sync\SyncUpdaterService.exe;c:\program files\Box\Box Sync\SyncUpdaterService.exe [x]
S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys;c:\windows\SYSNATIVE\DRIVERS\asmthub3.sys [x]
S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys;c:\windows\SYSNATIVE\DRIVERS\asmtxhci.sys [x]
S3 bpenum;Intel(R) Centrino(R) WiMAX Enumerator;c:\windows\system32\DRIVERS\bpenum.sys;c:\windows\SYSNATIVE\DRIVERS\bpenum.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
.
.
Inhalt des "geplante Tasks" Ordners
.
2015-05-31 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-02 06:44]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\000BoxSyncFileLocked]
@="{C253B817-3A00-475f-A5A3-6F2DD704B48D}"
[HKEY_CLASSES_ROOT\CLSID\{C253B817-3A00-475f-A5A3-6F2DD704B48D}]
2010-11-21 03:23 444752 ----a-w- c:\windows\System32\mscoree.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\000BoxSyncNotSynced]
@="{19ACC806-F7AA-46AA-A80A-726A07CA6637}"
[HKEY_CLASSES_ROOT\CLSID\{19ACC806-F7AA-46AA-A80A-726A07CA6637}]
2010-11-21 03:23 444752 ----a-w- c:\windows\System32\mscoree.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\000BoxSyncProblem]
@="{8CEE0157-49FA-4ACE-87AF-C01BCA971E26}"
[HKEY_CLASSES_ROOT\CLSID\{8CEE0157-49FA-4ACE-87AF-C01BCA971E26}]
2010-11-21 03:23 444752 ----a-w- c:\windows\System32\mscoree.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\000BoxSyncSynced]
@="{B7AC9C6D-F15B-4B1A-A88D-F518D13861D9}"
[HKEY_CLASSES_ROOT\CLSID\{B7AC9C6D-F15B-4B1A-A88D-F518D13861D9}]
2010-11-21 03:23 444752 ----a-w- c:\windows\System32\mscoree.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2015-04-29 1337000]
"Logitech Download Assistant"="c:\windows\System32\LogiLDA.dll" [2012-09-20 1832760]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2014-01-29 171992]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2014-01-29 399832]
"Persistence"="c:\windows\system32\igfxpers.exe" [2014-01-29 442328]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = www.google.com
mDefault_Search_URL = www.google.com
mDefault_Page_URL = www.google.com
mStart Page = www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearch Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = localhost;127.0.0.1
IE: Mit Mipony herunterladen - file://c:\program files (x86)\MiPony\Browser\IEContext.htm
IE: Nach Microsoft E&xcel exportieren - c:\progra~1\MICROS~3\Office15\EXCEL.EXE/3000
Trusted Zone: secunia.com
TCP: DhcpNameServer = 192.168.2.1
Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - c:\program files (x86)\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL
FF - ProfilePath - c:\users\smoking caterpillar\AppData\Roaming\Mozilla\Firefox\Profiles\cnfbof9z.default-1414958804586\
FF - prefs.js: browser.startup.homepage - about:home
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDD-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDE-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDF-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EE0-A251-47B7-93E1-CDD82E34AF8B} - (no file)
AddRemove-Debut - c:\program files (x86)\NCH Software\Debut\debut.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_14_0_0_145_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_14_0_0_145_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{1171A62F-05D2-11D1-83FC-00A0C9089C5A}]
@Denied: (A 2) (Everyone)
@="FlashProp Class"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{1171A62F-05D2-11D1-83FC-00A0C9089C5A}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash9.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_14_0_0_145_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_14_0_0_145_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.14"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\TeamViewer\TeamViewer_Service.exe
c:\program files (x86)\Panda USB Vaccine\USBVaccine.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2015-05-31 17:01:12 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2015-05-31 15:01
.
Vor Suchlauf: 13 Verzeichnis(se), 27.514.548.224 Bytes frei
Nach Suchlauf: 18 Verzeichnis(se), 30.046.830.592 Bytes frei
.
- - End Of File - - 3B73A029945A252265930CA878B5CF16
|
|
01.06.2015, 09:23
| #8 |
| /// the machine /// TB-Ausbilder | Glaube, mein Rechner ist verseucht. Downloade Dir bitte  Malwarebytes Anti-Malware
Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
01.06.2015, 17:19
| #9 |
| | Glaube, mein Rechner ist verseucht.Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Error, 01.06.2015 05:31:06, SYSTEM, SMOKINGCATERPIL, Protection, IsLicensed, 13, Protection, 01.06.2015 05:31:06, SYSTEM, SMOKINGCATERPIL, Protection, Malware Protection, Stopping, Protection, 01.06.2015 05:31:06, SYSTEM, SMOKINGCATERPIL, Protection, Malware Protection, Stopped, Error, 01.06.2015 15:26:23, SYSTEM, SMOKINGCATERPIL, Protection, IsLicensed, 13, Protection, 01.06.2015 15:26:23, SYSTEM, SMOKINGCATERPIL, Protection, Malware Protection, Stopping, Protection, 01.06.2015 15:26:23, SYSTEM, SMOKINGCATERPIL, Protection, Malware Protection, Stopped, Update, 01.06.2015 15:41:35, SYSTEM, SMOKINGCATERPIL, Manual, Remediation Database, 2015.4.6.2, 2015.5.13.1, Update, 01.06.2015 15:41:35, SYSTEM, SMOKINGCATERPIL, Manual, Rootkit Database, 2015.3.31.1, 2015.5.31.1, Update, 01.06.2015 15:41:55, SYSTEM, SMOKINGCATERPIL, Manual, Malware Database, 2015.4.13.5, 2015.6.1.2, Update, 01.06.2015 15:42:10, SYSTEM, SMOKINGCATERPIL, Manual, program, 2.1.4.1018, 2.1.6.0, Update, 01.06.2015 15:43:56, SYSTEM, SMOKINGCATERPIL, Manual, Rootkit Database, 2015.2.25.1, 2015.5.31.1, Update, 01.06.2015 15:43:56, SYSTEM, SMOKINGCATERPIL, Manual, Remediation Database, 2015.3.9.1, 2015.5.13.1, Update, 01.06.2015 15:44:06, SYSTEM, SMOKINGCATERPIL, Manual, Malware Database, 2015.3.9.5, 2015.6.1.2, Scan, 01.06.2015 17:58:50, SYSTEM, SMOKINGCATERPIL, Manual, Start: 01.06.2015 15:44:28, Dauer: 33 Minuten 18 Sekunden, Bedrohungs-Suchlauf, Abgeschlossen, 0 Malwareerkennung, "8" nicht-Malwareerkennung, Error, 01.06.2015 18:00:37, SYSTEM, SMOKINGCATERPIL, Protection, IsLicensed, 13, Protection, 01.06.2015 18:00:37, SYSTEM, SMOKINGCATERPIL, Protection, Malware Protection, Stopping, Protection, 01.06.2015 18:00:37, SYSTEM, SMOKINGCATERPIL, Protection, Malware Protection, Stopped, (end) Code:
ATTFilter # AdwCleaner v4.206 - Bericht erstellt 01/06/2015 um 18:08:22
# Aktualisiert 01/06/2015 von Xplode
# Datenbank : 2015-06-01.1 [Server]
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (x64)
# Benutzername : smoking caterpillar - SMOKINGCATERPIL
# Gestarted von : C:\Users\smoking caterpillar\Desktop\AdwCleaner_4.206.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\Users\smoking caterpillar\AppData\Roaming\ProgSense
***** [ Geplante Tasks ] *****
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Schlüssel Gelöscht : HKCU\Software\ProgSense
Schlüssel Gelöscht : HKLM\SOFTWARE\Conduit
Schlüssel Gelöscht : HKLM\SOFTWARE\Taronja
Daten Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - localhost;127.0.0.1
***** [ Internetbrowser ] *****
-\\ Internet Explorer v11.0.9600.17801
-\\ Mozilla Firefox v38.0.1 (x86 de)
*************************
AdwCleaner[R0].txt - [1210 Bytes] - [01/06/2015 18:05:23]
AdwCleaner[S0].txt - [1078 Bytes] - [01/06/2015 18:08:22]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1137 Bytes] ##########
Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.8.6 (05.31.2015:1)
OS: Windows 7 Home Premium x64
Ran by smoking caterpillar on 01.06.2015 at 18:13:01,12
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Tasks
~~~ Registry Values
~~~ Registry Keys
~~~ Files
~~~ Folders
~~~ FireFox
Successfully deleted: [Folder] C:\Users\smoking caterpillar\AppData\Roaming\mozilla\firefox\profiles\ugu86ww1.default\extensions\staged
Emptied folder: C:\Users\smoking caterpillar\AppData\Roaming\mozilla\firefox\profiles\cnfbof9z.default-1414958804586\minidumps [51 files]
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 01.06.2015 at 18:16:05,60
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 29-05-2015
Ran by smoking caterpillar (administrator) on SMOKINGCATERPIL on 01-06-2015 18:17:36
Running from C:\Users\smoking caterpillar\Desktop
Loaded Profiles: smoking caterpillar (Available Profiles: smoking caterpillar)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1337000 2015-04-30] (Microsoft Corporation)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3093878258-50056534-2936666279-1000\...\Run: [Rainlendar2] => C:\Program Files (x86)\Rainlendar2\Rainlendar2.exe [2598496 2013-03-10] ()
HKU\S-1-5-21-3093878258-50056534-2936666279-1000\...\Run: [WinPatrol] => C:\Program Files (x86)\Ruiware\WinPatrol\winpatrol.exe [1154112 2014-07-21] (Ruiware LLC)
Startup: C:\Users\smoking caterpillar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2015-01-07]
ShortcutTarget: Dropbox.lnk -> C:\Users\smoking caterpillar\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: [000BoxSyncFileLocked] -> {C253B817-3A00-475f-A5A3-6F2DD704B48D} => C:\Windows\system32\mscoree.dll [2010-11-21] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [000BoxSyncNotSynced] -> {19ACC806-F7AA-46AA-A80A-726A07CA6637} => C:\Windows\system32\mscoree.dll [2010-11-21] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [000BoxSyncProblem] -> {8CEE0157-49FA-4ACE-87AF-C01BCA971E26} => C:\Windows\system32\mscoree.dll [2010-11-21] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [000BoxSyncSynced] -> {B7AC9C6D-F15B-4B1A-A88D-F518D13861D9} => C:\Windows\system32\mscoree.dll [2010-11-21] (Microsoft Corporation)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\S-1-5-21-3093878258-50056534-2936666279-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3093878258-50056534-2936666279-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2015-04-22] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_45\bin\ssv.dll [2015-04-19] (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2014-01-23] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-04-19] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-04-19] (Oracle Corporation)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2014-01-22] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2015-04-14] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-04-19] (Oracle Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2014-03-12] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
FireFox:
========
FF ProfilePath: C:\Users\smoking caterpillar\AppData\Roaming\Mozilla\Firefox\Profiles\cnfbof9z.default-1414958804586
FF Homepage: about:home
FF NetworkProxy: "backup.ftp", "76.181.194.34"
FF NetworkProxy: "backup.ftp_port", 3128
FF NetworkProxy: "backup.socks", "76.181.194.34"
FF NetworkProxy: "backup.socks_port", 3128
FF NetworkProxy: "backup.ssl", "76.181.194.34"
FF NetworkProxy: "backup.ssl_port", 3128
FF NetworkProxy: "ftp", "212.82.126.32"
FF NetworkProxy: "ftp_port", 80
FF NetworkProxy: "http", "212.82.126.32"
FF NetworkProxy: "http_port", 80
FF NetworkProxy: "share_proxy_settings", true
FF NetworkProxy: "socks", "212.82.126.32"
FF NetworkProxy: "socks_port", 80
FF NetworkProxy: "ssl", "212.82.126.32"
FF NetworkProxy: "ssl_port", 80
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_188.dll [2015-05-31] ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [2014-05-22] (DivX, LLC.)
FF Plugin: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-04-19] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-04-19] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~3\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2012-06-28] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.0.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2012-06-28] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.0.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2012-06-28] (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_188.dll [2015-05-31] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1214154.dll [2014-11-26] (Adobe Systems, Inc.)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll [2014-05-22] (DivX, LLC.)
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll [2014-08-13] (DivX, LLC)
FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-04-19] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-04-19] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-04-22] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office15\NPSPWRAP.DLL [2014-01-22] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2015-04-22] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\smoking caterpillar\AppData\Roaming\Mozilla\Firefox\Profiles\ugu86ww1.default\searchplugins\{10EAE007-E823-4FBA-96D3-2A6A8ECF38BB}.xml [2012-10-02]
FF SearchPlugin: C:\Users\smoking caterpillar\AppData\Roaming\Mozilla\Firefox\Profiles\ugu86ww1.default\searchplugins\{822630B8-4A7C-4A90-93A7-EBA67A4B226F}.xml [2012-10-02]
FF SearchPlugin: C:\Users\smoking caterpillar\AppData\Roaming\Mozilla\Firefox\Profiles\ugu86ww1.default\searchplugins\{99712A85-9A13-483E-8B77-0E84CA887CE1}.xml [2012-10-02]
FF Extension: LavaFox V2-Purple - C:\Users\smoking caterpillar\AppData\Roaming\Mozilla\Firefox\Profiles\cnfbof9z.default-1414958804586\Extensions\zigboom555@aol.com [2015-05-02]
FF Extension: WOT - C:\Users\smoking caterpillar\AppData\Roaming\Mozilla\Firefox\Profiles\cnfbof9z.default-1414958804586\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2015-05-29]
FF Extension: Speed Dial - C:\Users\smoking caterpillar\AppData\Roaming\Mozilla\Firefox\Profiles\cnfbof9z.default-1414958804586\Extensions\{64161300-e22b-11db-8314-0800200c9a66}.xpi [2014-11-08]
FF Extension: CookieCuller - C:\Users\smoking caterpillar\AppData\Roaming\Mozilla\Firefox\Profiles\cnfbof9z.default-1414958804586\Extensions\{99B98C2C-7274-45a3-A640-D9DF1A1C8460}.xpi [2014-11-08]
FF Extension: Adblock Edge - C:\Users\smoking caterpillar\AppData\Roaming\Mozilla\Firefox\Profiles\cnfbof9z.default-1414958804586\Extensions\{fe272bd1-5f76-4ea4-8501-a05d35d823fc}.xpi [2014-11-02]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S2 BoxSyncUpdateService; C:\Program Files\Box\Box Sync\SyncUpdaterService.exe [18944 2013-09-26] (Box Inc.) [File not signed]
S4 DMAgent; C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe [498688 2011-06-14] (Red Bend Ltd.) [File not signed]
S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2015-04-30] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [366544 2015-04-30] (Microsoft Corporation)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5426448 2014-12-15] (TeamViewer GmbH)
S4 WiMAXAppSrv; C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe [986112 2011-06-14] (Intel(R) Corporation) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S3 IntcDAud; C:\Windows\System32\DRIVERS\IntcDAud.sys [317440 2010-10-15] (Intel(R) Corporation) [File not signed]
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-04-14] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [280376 2015-03-04] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124568 2015-03-04] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-06-01 18:16 - 2015-06-01 18:16 - 00000911 _____ () C:\Users\smoking caterpillar\Desktop\JRT.txt
2015-06-01 18:13 - 2015-06-01 18:13 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-SMOKINGCATERPIL-Windows-7-Home-Premium-(64-bit).dat
2015-06-01 18:13 - 2015-06-01 18:13 - 00000000 ____D () C:\RegBackup
2015-06-01 18:12 - 2015-06-01 18:12 - 02947675 _____ (Thisisu) C:\Users\smoking caterpillar\Desktop\JRT.exe
2015-06-01 18:05 - 2015-06-01 18:08 - 00000000 ____D () C:\AdwCleaner
2015-06-01 18:04 - 2015-06-01 18:04 - 02231296 _____ () C:\Users\smoking caterpillar\Desktop\AdwCleaner_4.206.exe
2015-06-01 18:03 - 2015-06-01 18:03 - 00001868 _____ () C:\Users\smoking caterpillar\Desktop\mbam.txt
2015-06-01 15:43 - 2015-06-01 15:43 - 00001102 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-05-31 17:01 - 2015-05-31 17:01 - 00045450 _____ () C:\ComboFix.txt
2015-05-31 16:27 - 2015-05-31 17:01 - 00000000 ____D () C:\Qoobox
2015-05-31 16:27 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-05-31 16:27 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-05-31 16:27 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-05-31 16:27 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-05-31 16:27 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-05-31 16:27 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2015-05-31 16:27 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2015-05-31 16:27 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2015-05-31 16:26 - 2015-05-31 16:26 - 05628678 ____R (Swearware) C:\Users\smoking caterpillar\Desktop\ComboFix.exe
2015-05-31 09:35 - 2015-05-31 09:35 - 04197016 _____ (Kaspersky Lab ZAO) C:\Users\smoking caterpillar\Desktop\tdsskiller.exe
2015-05-31 08:50 - 2015-05-31 09:33 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-05-31 08:47 - 2015-05-31 09:33 - 00000000 ____D () C:\Users\smoking caterpillar\Desktop\mbar
2015-05-31 08:47 - 2015-05-31 08:47 - 16502728 _____ (Malwarebytes Corp.) C:\Users\smoking caterpillar\Desktop\mbar-1.09.1.1004.exe
2015-05-30 16:29 - 2015-05-30 16:29 - 00002783 _____ () C:\Users\smoking caterpillar\AppData\Local\recently-used.xbel
2015-05-30 15:16 - 2015-05-30 15:17 - 00057898 _____ () C:\Users\smoking caterpillar\Desktop\Addition.txt
2015-05-30 15:15 - 2015-06-01 18:17 - 00015502 _____ () C:\Users\smoking caterpillar\Desktop\FRST.txt
2015-05-30 15:14 - 2015-06-01 18:17 - 00000000 ____D () C:\FRST
2015-05-30 15:12 - 2015-05-30 15:12 - 02108928 _____ (Farbar) C:\Users\smoking caterpillar\Desktop\FRST64.exe
2015-05-24 09:51 - 2015-05-24 09:51 - 00000000 ____D () C:\found.001
2015-05-13 03:11 - 2015-05-01 15:17 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-13 03:11 - 2015-05-01 15:16 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-05-12 23:32 - 2015-05-05 03:29 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-05-12 23:32 - 2015-05-05 03:12 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-05-12 23:32 - 2015-04-22 04:28 - 00389840 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-05-12 23:32 - 2015-04-22 03:48 - 00342736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-05-12 23:32 - 2015-04-21 19:08 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-05-12 23:32 - 2015-04-21 19:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-05-12 23:32 - 2015-04-21 18:51 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-05-12 23:32 - 2015-04-21 18:50 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-05-12 23:32 - 2015-04-21 18:50 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-05-12 23:32 - 2015-04-21 18:50 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-05-12 23:32 - 2015-04-21 18:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-05-12 23:32 - 2015-04-21 18:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-05-12 23:32 - 2015-04-21 18:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-05-12 23:32 - 2015-04-21 18:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-05-12 23:32 - 2015-04-21 18:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-05-12 23:32 - 2015-04-21 18:35 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-05-12 23:32 - 2015-04-21 18:35 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-05-12 23:32 - 2015-04-21 18:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-05-12 23:32 - 2015-04-21 18:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-05-12 23:32 - 2015-04-21 18:31 - 06025728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-05-12 23:32 - 2015-04-21 18:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-05-12 23:32 - 2015-04-21 18:25 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-05-12 23:32 - 2015-04-21 18:24 - 19691008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-05-12 23:32 - 2015-04-21 18:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-05-12 23:32 - 2015-04-21 18:14 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-05-12 23:32 - 2015-04-21 18:11 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-05-12 23:32 - 2015-04-21 18:11 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-05-12 23:32 - 2015-04-21 18:10 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-05-12 23:32 - 2015-04-21 18:09 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-05-12 23:32 - 2015-04-21 18:09 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-05-12 23:32 - 2015-04-21 18:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-05-12 23:32 - 2015-04-21 18:08 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-05-12 23:32 - 2015-04-21 18:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-05-12 23:32 - 2015-04-21 18:04 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-05-12 23:32 - 2015-04-21 18:03 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-05-12 23:32 - 2015-04-21 18:02 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-05-12 23:32 - 2015-04-21 18:00 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-05-12 23:32 - 2015-04-21 17:58 - 00664576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-05-12 23:32 - 2015-04-21 17:58 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-05-12 23:32 - 2015-04-21 17:57 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-05-12 23:32 - 2015-04-21 17:49 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-05-12 23:32 - 2015-04-21 17:49 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-05-12 23:32 - 2015-04-21 17:48 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-05-12 23:32 - 2015-04-21 17:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-05-12 23:32 - 2015-04-21 17:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-05-12 23:32 - 2015-04-21 17:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-05-12 23:32 - 2015-04-21 17:40 - 14401536 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-05-12 23:32 - 2015-04-21 17:39 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-05-12 23:32 - 2015-04-21 17:38 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-05-12 23:32 - 2015-04-21 17:36 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-05-12 23:32 - 2015-04-21 17:31 - 04305920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-05-12 23:32 - 2015-04-21 17:27 - 02352128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-05-12 23:32 - 2015-04-21 17:26 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-05-12 23:32 - 2015-04-21 17:25 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-05-12 23:32 - 2015-04-21 17:24 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-05-12 23:32 - 2015-04-21 17:17 - 12828672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-05-12 23:32 - 2015-04-21 17:15 - 01547264 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-05-12 23:32 - 2015-04-21 17:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-05-12 23:32 - 2015-04-21 17:02 - 01882112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-05-12 23:32 - 2015-04-21 16:58 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-05-12 23:32 - 2015-04-21 16:56 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-05-12 23:32 - 2015-04-18 05:10 - 00460800 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2015-05-12 23:32 - 2015-04-18 04:56 - 00342016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2015-05-12 23:32 - 2015-04-04 05:29 - 00155576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-05-12 23:32 - 2015-04-04 05:29 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-05-12 23:32 - 2015-04-04 05:22 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-05-12 23:32 - 2015-04-04 05:22 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-05-12 23:32 - 2015-04-04 05:22 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-05-12 23:32 - 2015-04-04 05:22 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-05-12 23:32 - 2015-04-04 05:22 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-05-12 23:32 - 2015-04-04 05:22 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-05-12 23:32 - 2015-04-04 05:22 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-05-12 23:32 - 2015-04-04 05:22 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-05-12 23:32 - 2015-04-04 05:22 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-05-12 23:32 - 2015-04-04 05:22 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-05-12 23:32 - 2015-04-04 05:20 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-05-12 23:32 - 2015-04-04 05:20 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-05-12 23:32 - 2015-04-04 05:17 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-05-12 23:32 - 2015-04-04 05:17 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-05-12 23:32 - 2015-04-04 05:15 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-05-12 23:32 - 2015-04-04 05:05 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-05-12 23:32 - 2015-04-04 05:05 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-05-12 23:32 - 2015-04-04 05:05 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-05-12 23:32 - 2015-04-04 05:05 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-05-12 23:32 - 2015-04-04 05:05 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-05-12 23:32 - 2015-04-04 05:05 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-05-12 23:32 - 2015-04-04 05:05 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-05-12 23:32 - 2015-04-04 05:04 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-05-12 23:32 - 2015-04-04 05:04 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-05-12 23:32 - 2015-04-04 05:01 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-05-12 23:32 - 2015-04-04 05:01 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-05-12 23:32 - 2015-04-04 04:59 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-05-12 23:31 - 2015-04-21 19:14 - 24971776 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-05-12 23:31 - 2015-04-20 05:17 - 01647104 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-05-12 23:31 - 2015-04-20 05:17 - 01179136 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-05-12 23:31 - 2015-04-20 04:56 - 01250816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-05-12 23:31 - 2015-04-20 04:11 - 03204608 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-05-12 23:31 - 2015-04-13 05:28 - 00328704 _____ (Microsoft Corporation) C:\Windows\system32\services.exe
2015-05-12 23:31 - 2015-04-08 05:29 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2015-05-12 23:31 - 2015-04-08 05:29 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll
2015-05-12 23:31 - 2015-04-08 05:14 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
2015-05-12 23:31 - 2015-02-18 09:06 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2015-05-12 23:31 - 2015-02-18 09:04 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2015-05-12 06:43 - 2015-05-12 06:43 - 00000000 ____D () C:\found.000
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-06-01 18:16 - 2010-11-21 08:50 - 00906770 _____ () C:\Windows\system32\perfh007.dat
2015-06-01 18:16 - 2010-11-21 08:50 - 00216094 _____ () C:\Windows\system32\perfc007.dat
2015-06-01 18:16 - 2009-07-14 07:13 - 00006264 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-06-01 18:13 - 2009-07-14 06:45 - 00022512 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-06-01 18:13 - 2009-07-14 06:45 - 00022512 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-06-01 18:10 - 2015-03-02 07:31 - 00000000 ____D () C:\Users\smoking caterpillar\.rainlendar2
2015-06-01 18:10 - 2014-10-11 12:19 - 00000000 ___RD () C:\Users\smoking caterpillar\Dropbox
2015-06-01 18:10 - 2014-10-11 12:11 - 00000000 ____D () C:\Users\smoking caterpillar\AppData\Roaming\Dropbox
2015-06-01 18:09 - 2012-10-01 21:19 - 01145287 _____ () C:\Windows\WindowsUpdate.log
2015-06-01 18:09 - 2010-11-21 05:47 - 00160602 _____ () C:\Windows\PFRO.log
2015-06-01 18:09 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-06-01 18:09 - 2009-07-14 06:51 - 00199827 _____ () C:\Windows\setupact.log
2015-06-01 18:03 - 2015-03-27 16:41 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-06-01 17:59 - 2012-10-02 20:00 - 00000000 ____D () C:\Users\smoking caterpillar\AppData\Local\Last.fm
2015-06-01 17:24 - 2012-10-02 18:24 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-06-01 16:04 - 2015-04-26 11:46 - 00000000 ____D () C:\Users\smoking caterpillar\Desktop\Praktikum
2015-06-01 15:43 - 2015-03-27 16:40 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2015-05-31 16:51 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini
2015-05-31 08:45 - 2014-08-17 13:18 - 00000000 ____D () C:\Users\smoking caterpillar\AppData\Local\Adobe
2015-05-31 08:44 - 2012-10-02 18:24 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-05-31 08:44 - 2012-10-02 18:24 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-05-31 08:44 - 2012-10-02 18:24 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-05-30 16:30 - 2012-11-27 03:58 - 00000000 ____D () C:\Users\smoking caterpillar\.gimp-2.8
2015-05-27 16:57 - 2012-10-02 20:10 - 00000000 ____D () C:\Users\smoking caterpillar\AppData\Roaming\vlc
2015-05-25 04:16 - 2012-11-15 20:11 - 00000000 ____D () C:\Users\smoking caterpillar\AppData\Roaming\Mipony
2015-05-25 00:44 - 2014-12-06 15:01 - 00000000 ____D () C:\Users\smoking caterpillar\AppData\Local\Captcha_Brotherhood
2015-05-23 17:53 - 2014-02-21 21:07 - 00000000 ____D () C:\Users\smoking caterpillar\AppData\Local\gtk-2.0
2015-05-20 16:08 - 2012-10-02 17:13 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-05-20 06:40 - 2012-10-06 21:48 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2015-05-17 14:30 - 2015-03-22 03:40 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-05-15 23:46 - 2012-12-10 19:22 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-05-13 11:30 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2015-05-13 08:53 - 2009-07-14 07:08 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-05-13 08:53 - 2009-07-14 06:45 - 00389040 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-05-13 08:51 - 2014-04-11 03:00 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2015-05-13 08:51 - 2014-04-11 03:00 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2015-05-13 03:37 - 2010-11-21 09:00 - 00000000 ____D () C:\Program Files\Windows Journal
2015-05-13 03:34 - 2013-06-24 08:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2015-05-13 03:34 - 2013-06-21 13:49 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-05-13 03:33 - 2012-10-04 00:03 - 00002117 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2015-05-13 03:33 - 2012-10-04 00:03 - 00001912 _____ () C:\Windows\epplauncher.mif
2015-05-13 03:32 - 2012-10-04 00:02 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2015-05-13 03:32 - 2012-10-04 00:02 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client
2015-05-13 03:28 - 2013-07-24 08:32 - 00000000 ____D () C:\Windows\system32\MRT
2015-05-13 03:21 - 2012-10-02 17:28 - 140425016 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-05-13 03:07 - 2014-04-11 03:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-05-09 21:42 - 2013-11-04 17:53 - 00000000 ____D () C:\Users\smoking caterpillar\AppData\Roaming\Aquamarin Haushaltsbuch
2015-05-08 15:56 - 2014-10-11 12:18 - 00000000 ____D () C:\Users\smoking caterpillar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-05-02 22:33 - 2013-06-21 13:49 - 00000000 ____D () C:\Users\smoking caterpillar\AppData\Local\Microsoft Help
==================== Files in the root of some directories =======
2014-02-28 17:55 - 2014-12-07 13:05 - 0023978 _____ () C:\Users\smoking caterpillar\AppData\Roaming\Notepad2.ini
2015-03-22 03:23 - 2015-03-22 03:23 - 0000043 _____ () C:\Users\smoking caterpillar\AppData\Roaming\WB.CFG
2012-10-02 00:32 - 2012-10-02 00:32 - 0003584 _____ () C:\Users\smoking caterpillar\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-10-07 23:44 - 2013-10-07 23:44 - 0001480 _____ () C:\Users\smoking caterpillar\AppData\Local\RecConfig.xml
2015-05-30 16:29 - 2015-05-30 16:29 - 0002783 _____ () C:\Users\smoking caterpillar\AppData\Local\recently-used.xbel
2013-10-05 22:14 - 2013-10-05 22:14 - 0007605 _____ () C:\Users\smoking caterpillar\AppData\Local\Resmon.ResmonCfg
Some files in TEMP:
====================
C:\Users\smoking caterpillar\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpiat8px.dll
C:\Users\smoking caterpillar\AppData\Local\Temp\Quarantine.exe
C:\Users\smoking caterpillar\AppData\Local\Temp\sqlite3.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-05-24 03:38
==================== End of log ============================
|
|
02.06.2015, 07:35
| #10 |
| /// the machine /// TB-Ausbilder | Glaube, mein Rechner ist verseucht.ESET Online Scanner
Downloade Dir bitte  SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
03.06.2015, 05:22
| #11 |
| | Glaube, mein Rechner ist verseucht.Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=8e5493fd3d290c4da224e543520ec91d
# end=init
# utc_time=2015-06-02 08:44:23
# local_time=2015-06-02 10:44:23 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# osver=6.1.7601 NT Service Pack 1
Update Init
Update Download
Update Finalize
Updated modules version: 24140
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=8e5493fd3d290c4da224e543520ec91d
# end=updated
# utc_time=2015-06-02 08:49:18
# local_time=2015-06-02 10:49:18 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# osver=6.1.7601 NT Service Pack 1
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7777
# api_version=3.1.1
# EOSSerial=8e5493fd3d290c4da224e543520ec91d
# engine=24140
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-06-02 10:20:58
# local_time=2015-06-03 12:20:58 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Microsoft Security Essentials'
# compatibility_mode=5895 16777213 100 100 967684 104577280 0 0
# scanned=176859
# found=0
# cleaned=0
# scan_time=5499
Code:
ATTFilter Results of screen317's Security Check version 1.002
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Microsoft Security Essentials
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Java 8 Update 45
Adobe Flash Player 17.0.0.188
Adobe Reader XI
Mozilla Firefox (38.0.1)
Mozilla Thunderbird (31.7.0)
````````Process Check: objlist.exe by Laurent````````
Microsoft Security Essentials MSMpEng.exe
Microsoft Security Essentials msseces.exe
WinPatrol winpatrol.exe
Ruiware WinPatrol WinPatrol.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:
````````````````````End of Log``````````````````````
Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 29-05-2015
Ran by smoking caterpillar (administrator) on SMOKINGCATERPIL on 03-06-2015 06:18:28
Running from C:\Users\smoking caterpillar\Desktop
Loaded Profiles: smoking caterpillar (Available Profiles: smoking caterpillar)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Box Inc.) C:\Program Files\Box\Box Sync\SyncUpdaterService.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Panda Security) C:\Program Files (x86)\Panda USB Vaccine\USBVaccine.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
() C:\Program Files (x86)\Rainlendar2\Rainlendar2.exe
(Ruiware LLC) C:\Program Files (x86)\Ruiware\WinPatrol\WinPatrol.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Dropbox, Inc.) C:\Users\smoking caterpillar\AppData\Roaming\Dropbox\bin\Dropbox.exe
() C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1337000 2015-04-30] (Microsoft Corporation)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3093878258-50056534-2936666279-1000\...\Run: [Rainlendar2] => C:\Program Files (x86)\Rainlendar2\Rainlendar2.exe [2598496 2013-03-10] ()
HKU\S-1-5-21-3093878258-50056534-2936666279-1000\...\Run: [WinPatrol] => C:\Program Files (x86)\Ruiware\WinPatrol\winpatrol.exe [1154112 2014-07-21] (Ruiware LLC)
Startup: C:\Users\smoking caterpillar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2015-01-07]
ShortcutTarget: Dropbox.lnk -> C:\Users\smoking caterpillar\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: [000BoxSyncFileLocked] -> {C253B817-3A00-475f-A5A3-6F2DD704B48D} => C:\Windows\system32\mscoree.dll [2010-11-21] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [000BoxSyncNotSynced] -> {19ACC806-F7AA-46AA-A80A-726A07CA6637} => C:\Windows\system32\mscoree.dll [2010-11-21] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [000BoxSyncProblem] -> {8CEE0157-49FA-4ACE-87AF-C01BCA971E26} => C:\Windows\system32\mscoree.dll [2010-11-21] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [000BoxSyncSynced] -> {B7AC9C6D-F15B-4B1A-A88D-F518D13861D9} => C:\Windows\system32\mscoree.dll [2010-11-21] (Microsoft Corporation)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\S-1-5-21-3093878258-50056534-2936666279-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3093878258-50056534-2936666279-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2015-04-22] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_45\bin\ssv.dll [2015-04-19] (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2014-01-23] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-04-19] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-04-19] (Oracle Corporation)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2014-01-22] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2015-04-14] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-04-19] (Oracle Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2014-03-12] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
FireFox:
========
FF ProfilePath: C:\Users\smoking caterpillar\AppData\Roaming\Mozilla\Firefox\Profiles\cnfbof9z.default-1414958804586
FF Homepage: about:home
FF NetworkProxy: "backup.ftp", "76.181.194.34"
FF NetworkProxy: "backup.ftp_port", 3128
FF NetworkProxy: "backup.socks", "76.181.194.34"
FF NetworkProxy: "backup.socks_port", 3128
FF NetworkProxy: "backup.ssl", "76.181.194.34"
FF NetworkProxy: "backup.ssl_port", 3128
FF NetworkProxy: "ftp", "212.82.126.32"
FF NetworkProxy: "ftp_port", 80
FF NetworkProxy: "http", "212.82.126.32"
FF NetworkProxy: "http_port", 80
FF NetworkProxy: "share_proxy_settings", true
FF NetworkProxy: "socks", "212.82.126.32"
FF NetworkProxy: "socks_port", 80
FF NetworkProxy: "ssl", "212.82.126.32"
FF NetworkProxy: "ssl_port", 80
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_188.dll [2015-05-31] ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [2014-05-22] (DivX, LLC.)
FF Plugin: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-04-19] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-04-19] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~3\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2012-06-28] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.0.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2012-06-28] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.0.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2012-06-28] (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_188.dll [2015-05-31] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1214154.dll [2014-11-26] (Adobe Systems, Inc.)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll [2014-05-22] (DivX, LLC.)
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll [2014-08-13] (DivX, LLC)
FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-04-19] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-04-19] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-04-22] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office15\NPSPWRAP.DLL [2014-01-22] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2015-04-22] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\smoking caterpillar\AppData\Roaming\Mozilla\Firefox\Profiles\ugu86ww1.default\searchplugins\{10EAE007-E823-4FBA-96D3-2A6A8ECF38BB}.xml [2012-10-02]
FF SearchPlugin: C:\Users\smoking caterpillar\AppData\Roaming\Mozilla\Firefox\Profiles\ugu86ww1.default\searchplugins\{822630B8-4A7C-4A90-93A7-EBA67A4B226F}.xml [2012-10-02]
FF SearchPlugin: C:\Users\smoking caterpillar\AppData\Roaming\Mozilla\Firefox\Profiles\ugu86ww1.default\searchplugins\{99712A85-9A13-483E-8B77-0E84CA887CE1}.xml [2012-10-02]
FF Extension: LavaFox V2-Purple - C:\Users\smoking caterpillar\AppData\Roaming\Mozilla\Firefox\Profiles\cnfbof9z.default-1414958804586\Extensions\zigboom555@aol.com [2015-05-02]
FF Extension: WOT - C:\Users\smoking caterpillar\AppData\Roaming\Mozilla\Firefox\Profiles\cnfbof9z.default-1414958804586\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2015-05-29]
FF Extension: Speed Dial - C:\Users\smoking caterpillar\AppData\Roaming\Mozilla\Firefox\Profiles\cnfbof9z.default-1414958804586\Extensions\{64161300-e22b-11db-8314-0800200c9a66}.xpi [2014-11-08]
FF Extension: CookieCuller - C:\Users\smoking caterpillar\AppData\Roaming\Mozilla\Firefox\Profiles\cnfbof9z.default-1414958804586\Extensions\{99B98C2C-7274-45a3-A640-D9DF1A1C8460}.xpi [2014-11-08]
FF Extension: Adblock Edge - C:\Users\smoking caterpillar\AppData\Roaming\Mozilla\Firefox\Profiles\cnfbof9z.default-1414958804586\Extensions\{fe272bd1-5f76-4ea4-8501-a05d35d823fc}.xpi [2014-11-02]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 BoxSyncUpdateService; C:\Program Files\Box\Box Sync\SyncUpdaterService.exe [18944 2013-09-26] (Box Inc.) [File not signed]
S4 DMAgent; C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe [498688 2011-06-14] (Red Bend Ltd.) [File not signed]
S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2015-04-30] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [366544 2015-04-30] (Microsoft Corporation)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5426448 2014-12-15] (TeamViewer GmbH)
S4 WiMAXAppSrv; C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe [986112 2011-06-14] (Intel(R) Corporation) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S3 IntcDAud; C:\Windows\System32\DRIVERS\IntcDAud.sys [317440 2010-10-15] (Intel(R) Corporation) [File not signed]
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-04-14] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [280376 2015-03-04] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124568 2015-03-04] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-06-03 05:46 - 2015-06-03 05:46 - 00852639 _____ () C:\Users\smoking caterpillar\Desktop\SecurityCheck.exe
2015-06-02 22:44 - 2015-06-02 22:44 - 02870984 _____ (ESET) C:\Users\smoking caterpillar\Desktop\esetsmartinstaller_deu.exe
2015-06-01 18:16 - 2015-06-01 18:16 - 00000911 _____ () C:\Users\smoking caterpillar\Desktop\JRT.txt
2015-06-01 18:13 - 2015-06-01 18:13 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-SMOKINGCATERPIL-Windows-7-Home-Premium-(64-bit).dat
2015-06-01 18:13 - 2015-06-01 18:13 - 00000000 ____D () C:\RegBackup
2015-06-01 18:12 - 2015-06-01 18:12 - 02947675 _____ (Thisisu) C:\Users\smoking caterpillar\Desktop\JRT.exe
2015-06-01 18:05 - 2015-06-01 18:08 - 00000000 ____D () C:\AdwCleaner
2015-06-01 18:04 - 2015-06-01 18:04 - 02231296 _____ () C:\Users\smoking caterpillar\Desktop\AdwCleaner_4.206.exe
2015-06-01 18:03 - 2015-06-01 18:03 - 00001868 _____ () C:\Users\smoking caterpillar\Desktop\mbam.txt
2015-06-01 15:43 - 2015-06-01 15:43 - 00001102 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-05-31 17:01 - 2015-05-31 17:01 - 00045450 _____ () C:\ComboFix.txt
2015-05-31 16:27 - 2015-05-31 17:01 - 00000000 ____D () C:\Qoobox
2015-05-31 16:27 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-05-31 16:27 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-05-31 16:27 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-05-31 16:27 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-05-31 16:27 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-05-31 16:27 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2015-05-31 16:27 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2015-05-31 16:27 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2015-05-31 16:26 - 2015-05-31 16:26 - 05628678 ____R (Swearware) C:\Users\smoking caterpillar\Desktop\ComboFix.exe
2015-05-31 09:35 - 2015-05-31 09:35 - 04197016 _____ (Kaspersky Lab ZAO) C:\Users\smoking caterpillar\Desktop\tdsskiller.exe
2015-05-31 08:50 - 2015-05-31 09:33 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-05-31 08:47 - 2015-05-31 09:33 - 00000000 ____D () C:\Users\smoking caterpillar\Desktop\mbar
2015-05-31 08:47 - 2015-05-31 08:47 - 16502728 _____ (Malwarebytes Corp.) C:\Users\smoking caterpillar\Desktop\mbar-1.09.1.1004.exe
2015-05-30 16:29 - 2015-05-30 16:29 - 00002783 _____ () C:\Users\smoking caterpillar\AppData\Local\recently-used.xbel
2015-05-30 15:16 - 2015-05-30 15:17 - 00057898 _____ () C:\Users\smoking caterpillar\Desktop\Addition.txt
2015-05-30 15:15 - 2015-06-03 06:18 - 00016083 _____ () C:\Users\smoking caterpillar\Desktop\FRST.txt
2015-05-30 15:14 - 2015-06-03 06:18 - 00000000 ____D () C:\FRST
2015-05-30 15:12 - 2015-05-30 15:12 - 02108928 _____ (Farbar) C:\Users\smoking caterpillar\Desktop\FRST64.exe
2015-05-24 09:51 - 2015-05-24 09:51 - 00000000 ____D () C:\found.001
2015-05-13 03:11 - 2015-05-01 15:17 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-13 03:11 - 2015-05-01 15:16 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-05-12 23:32 - 2015-05-05 03:29 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-05-12 23:32 - 2015-05-05 03:12 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-05-12 23:32 - 2015-04-22 04:28 - 00389840 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-05-12 23:32 - 2015-04-22 03:48 - 00342736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-05-12 23:32 - 2015-04-21 19:08 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-05-12 23:32 - 2015-04-21 19:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-05-12 23:32 - 2015-04-21 18:51 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-05-12 23:32 - 2015-04-21 18:50 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-05-12 23:32 - 2015-04-21 18:50 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-05-12 23:32 - 2015-04-21 18:50 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-05-12 23:32 - 2015-04-21 18:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-05-12 23:32 - 2015-04-21 18:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-05-12 23:32 - 2015-04-21 18:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-05-12 23:32 - 2015-04-21 18:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-05-12 23:32 - 2015-04-21 18:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-05-12 23:32 - 2015-04-21 18:35 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-05-12 23:32 - 2015-04-21 18:35 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-05-12 23:32 - 2015-04-21 18:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-05-12 23:32 - 2015-04-21 18:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-05-12 23:32 - 2015-04-21 18:31 - 06025728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-05-12 23:32 - 2015-04-21 18:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-05-12 23:32 - 2015-04-21 18:25 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-05-12 23:32 - 2015-04-21 18:24 - 19691008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-05-12 23:32 - 2015-04-21 18:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-05-12 23:32 - 2015-04-21 18:14 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-05-12 23:32 - 2015-04-21 18:11 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-05-12 23:32 - 2015-04-21 18:11 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-05-12 23:32 - 2015-04-21 18:10 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-05-12 23:32 - 2015-04-21 18:09 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-05-12 23:32 - 2015-04-21 18:09 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-05-12 23:32 - 2015-04-21 18:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-05-12 23:32 - 2015-04-21 18:08 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-05-12 23:32 - 2015-04-21 18:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-05-12 23:32 - 2015-04-21 18:04 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-05-12 23:32 - 2015-04-21 18:03 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-05-12 23:32 - 2015-04-21 18:02 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-05-12 23:32 - 2015-04-21 18:00 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-05-12 23:32 - 2015-04-21 17:58 - 00664576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-05-12 23:32 - 2015-04-21 17:58 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-05-12 23:32 - 2015-04-21 17:57 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-05-12 23:32 - 2015-04-21 17:49 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-05-12 23:32 - 2015-04-21 17:49 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-05-12 23:32 - 2015-04-21 17:48 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-05-12 23:32 - 2015-04-21 17:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-05-12 23:32 - 2015-04-21 17:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-05-12 23:32 - 2015-04-21 17:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-05-12 23:32 - 2015-04-21 17:40 - 14401536 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-05-12 23:32 - 2015-04-21 17:39 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-05-12 23:32 - 2015-04-21 17:38 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-05-12 23:32 - 2015-04-21 17:36 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-05-12 23:32 - 2015-04-21 17:31 - 04305920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-05-12 23:32 - 2015-04-21 17:27 - 02352128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-05-12 23:32 - 2015-04-21 17:26 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-05-12 23:32 - 2015-04-21 17:25 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-05-12 23:32 - 2015-04-21 17:24 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-05-12 23:32 - 2015-04-21 17:17 - 12828672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-05-12 23:32 - 2015-04-21 17:15 - 01547264 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-05-12 23:32 - 2015-04-21 17:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-05-12 23:32 - 2015-04-21 17:02 - 01882112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-05-12 23:32 - 2015-04-21 16:58 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-05-12 23:32 - 2015-04-21 16:56 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-05-12 23:32 - 2015-04-18 05:10 - 00460800 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2015-05-12 23:32 - 2015-04-18 04:56 - 00342016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2015-05-12 23:32 - 2015-04-04 05:29 - 00155576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-05-12 23:32 - 2015-04-04 05:29 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-05-12 23:32 - 2015-04-04 05:22 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-05-12 23:32 - 2015-04-04 05:22 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-05-12 23:32 - 2015-04-04 05:22 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-05-12 23:32 - 2015-04-04 05:22 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-05-12 23:32 - 2015-04-04 05:22 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-05-12 23:32 - 2015-04-04 05:22 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-05-12 23:32 - 2015-04-04 05:22 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-05-12 23:32 - 2015-04-04 05:22 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-05-12 23:32 - 2015-04-04 05:22 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-05-12 23:32 - 2015-04-04 05:22 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-05-12 23:32 - 2015-04-04 05:20 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-05-12 23:32 - 2015-04-04 05:20 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-05-12 23:32 - 2015-04-04 05:17 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-05-12 23:32 - 2015-04-04 05:17 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-05-12 23:32 - 2015-04-04 05:15 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-05-12 23:32 - 2015-04-04 05:05 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-05-12 23:32 - 2015-04-04 05:05 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-05-12 23:32 - 2015-04-04 05:05 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-05-12 23:32 - 2015-04-04 05:05 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-05-12 23:32 - 2015-04-04 05:05 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-05-12 23:32 - 2015-04-04 05:05 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-05-12 23:32 - 2015-04-04 05:05 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-05-12 23:32 - 2015-04-04 05:04 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-05-12 23:32 - 2015-04-04 05:04 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-05-12 23:32 - 2015-04-04 05:01 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-05-12 23:32 - 2015-04-04 05:01 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-05-12 23:32 - 2015-04-04 04:59 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-05-12 23:31 - 2015-04-21 19:14 - 24971776 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-05-12 23:31 - 2015-04-20 05:17 - 01647104 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-05-12 23:31 - 2015-04-20 05:17 - 01179136 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-05-12 23:31 - 2015-04-20 04:56 - 01250816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-05-12 23:31 - 2015-04-20 04:11 - 03204608 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-05-12 23:31 - 2015-04-13 05:28 - 00328704 _____ (Microsoft Corporation) C:\Windows\system32\services.exe
2015-05-12 23:31 - 2015-04-08 05:29 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2015-05-12 23:31 - 2015-04-08 05:29 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll
2015-05-12 23:31 - 2015-04-08 05:14 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
2015-05-12 23:31 - 2015-02-18 09:06 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2015-05-12 23:31 - 2015-02-18 09:04 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2015-05-12 06:43 - 2015-05-12 06:43 - 00000000 ____D () C:\found.000
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-06-03 05:56 - 2012-10-01 21:19 - 01206387 _____ () C:\Windows\WindowsUpdate.log
2015-06-03 05:44 - 2012-10-02 20:10 - 00000000 ____D () C:\Users\smoking caterpillar\AppData\Roaming\vlc
2015-06-03 05:41 - 2012-10-02 18:24 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-06-02 09:26 - 2009-07-14 06:45 - 00022512 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-06-02 09:26 - 2009-07-14 06:45 - 00022512 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-06-02 04:32 - 2010-11-21 08:50 - 00936354 _____ () C:\Windows\system32\perfh007.dat
2015-06-02 04:32 - 2010-11-21 08:50 - 00225566 _____ () C:\Windows\system32\perfc007.dat
2015-06-02 04:32 - 2009-07-14 07:13 - 00006264 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-06-02 04:28 - 2015-03-02 07:31 - 00000000 ____D () C:\Users\smoking caterpillar\.rainlendar2
2015-06-02 04:28 - 2014-10-11 12:19 - 00000000 ___RD () C:\Users\smoking caterpillar\Dropbox
2015-06-02 04:28 - 2014-10-11 12:11 - 00000000 ____D () C:\Users\smoking caterpillar\AppData\Roaming\Dropbox
2015-06-02 04:28 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-06-02 04:27 - 2009-07-14 06:51 - 00199883 _____ () C:\Windows\setupact.log
2015-06-02 00:23 - 2015-04-26 11:46 - 00000000 ____D () C:\Users\smoking caterpillar\Desktop\Praktikum
2015-06-01 18:54 - 2012-10-02 20:00 - 00000000 ____D () C:\Users\smoking caterpillar\AppData\Local\Last.fm
2015-06-01 18:09 - 2010-11-21 05:47 - 00160602 _____ () C:\Windows\PFRO.log
2015-06-01 18:03 - 2015-03-27 16:41 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-06-01 15:43 - 2015-03-27 16:40 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2015-05-31 16:51 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini
2015-05-31 08:45 - 2014-08-17 13:18 - 00000000 ____D () C:\Users\smoking caterpillar\AppData\Local\Adobe
2015-05-31 08:44 - 2012-10-02 18:24 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-05-31 08:44 - 2012-10-02 18:24 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-05-31 08:44 - 2012-10-02 18:24 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-05-30 16:30 - 2012-11-27 03:58 - 00000000 ____D () C:\Users\smoking caterpillar\.gimp-2.8
2015-05-25 04:16 - 2012-11-15 20:11 - 00000000 ____D () C:\Users\smoking caterpillar\AppData\Roaming\Mipony
2015-05-25 00:44 - 2014-12-06 15:01 - 00000000 ____D () C:\Users\smoking caterpillar\AppData\Local\Captcha_Brotherhood
2015-05-23 17:53 - 2014-02-21 21:07 - 00000000 ____D () C:\Users\smoking caterpillar\AppData\Local\gtk-2.0
2015-05-20 16:08 - 2012-10-02 17:13 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-05-20 06:40 - 2012-10-06 21:48 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2015-05-17 14:30 - 2015-03-22 03:40 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-05-15 23:46 - 2012-12-10 19:22 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-05-13 11:30 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2015-05-13 08:53 - 2009-07-14 07:08 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-05-13 08:53 - 2009-07-14 06:45 - 00389040 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-05-13 08:51 - 2014-04-11 03:00 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2015-05-13 08:51 - 2014-04-11 03:00 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2015-05-13 03:37 - 2010-11-21 09:00 - 00000000 ____D () C:\Program Files\Windows Journal
2015-05-13 03:34 - 2013-06-24 08:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2015-05-13 03:34 - 2013-06-21 13:49 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-05-13 03:33 - 2012-10-04 00:03 - 00002117 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2015-05-13 03:33 - 2012-10-04 00:03 - 00001912 _____ () C:\Windows\epplauncher.mif
2015-05-13 03:32 - 2012-10-04 00:02 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2015-05-13 03:32 - 2012-10-04 00:02 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client
2015-05-13 03:28 - 2013-07-24 08:32 - 00000000 ____D () C:\Windows\system32\MRT
2015-05-13 03:21 - 2012-10-02 17:28 - 140425016 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-05-13 03:07 - 2014-04-11 03:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-05-09 21:42 - 2013-11-04 17:53 - 00000000 ____D () C:\Users\smoking caterpillar\AppData\Roaming\Aquamarin Haushaltsbuch
2015-05-08 15:56 - 2014-10-11 12:18 - 00000000 ____D () C:\Users\smoking caterpillar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
==================== Files in the root of some directories =======
2014-02-28 17:55 - 2014-12-07 13:05 - 0023978 _____ () C:\Users\smoking caterpillar\AppData\Roaming\Notepad2.ini
2015-03-22 03:23 - 2015-03-22 03:23 - 0000043 _____ () C:\Users\smoking caterpillar\AppData\Roaming\WB.CFG
2012-10-02 00:32 - 2012-10-02 00:32 - 0003584 _____ () C:\Users\smoking caterpillar\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-10-07 23:44 - 2013-10-07 23:44 - 0001480 _____ () C:\Users\smoking caterpillar\AppData\Local\RecConfig.xml
2015-05-30 16:29 - 2015-05-30 16:29 - 0002783 _____ () C:\Users\smoking caterpillar\AppData\Local\recently-used.xbel
2013-10-05 22:14 - 2013-10-05 22:14 - 0007605 _____ () C:\Users\smoking caterpillar\AppData\Local\Resmon.ResmonCfg
Some files in TEMP:
====================
C:\Users\smoking caterpillar\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpfs50u3.dll
C:\Users\smoking caterpillar\AppData\Local\Temp\Quarantine.exe
C:\Users\smoking caterpillar\AppData\Local\Temp\sqlite3.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-06-03 00:46
==================== End of log ============================
|
|
03.06.2015, 19:39
| #12 |
| /// the machine /// TB-Ausbilder | Glaube, mein Rechner ist verseucht. Cleanup: (Die Reihenfolge ist hier entscheidend) Falls Defogger verwendet wurde: Erneut starten und auf Re-enable klicken. Falls Combofix verwendet wurde:  Combofix deinstallieren
Alle Logs gepostet? Dann lade Dir bitte  DelFix herunter.
Hinweis: DelFix entfernt u.a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst. Starte Deinen Rechner abschließend neu. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein, kannst Du diese bedenkenlos löschen. Wenn Du möchtest, kannst Du hier sagen, ob Du mit mir und meiner Hilfe zufrieden warst...  und/oder das Forum mit einer kleinen Spende  unterstützen.   Absicherung: Beim Betriebsystem Windows die automatischen Updates aktivieren. Auch die sicherheitsrelevante Software sollte immer nur in der aktuellsten Version vorliegen: Browser Java Flash-Player PDF-Reader Sicherheitslücken in deren alten Versionen werden dazu ausgenutzt, um beim einfachen Besuch einer manipulierten Website per "Drive-by" Malware zu installieren. Ich empfehle z.B. die Verwendung von Mozilla Firefox statt des Internet Explorers. Zudem lassen sich mit dem Firefox auch PDF-Dokumente öffnen. Aktiviere eine Firewall. Die in Windows integrierte genügt im Normalfall völlig. Verwende ein Antivirusprogramm mit Echtzeitscanner und stets aktueller Signaturendatenbank. Meine Empfehlung:  Emsisoft Zusätzlich kannst Du Deinen PC regelmäßig mit Malwarebytes Anti-Malware und ESET scannen. Optional:  NoScript verhindert das Ausführen von aktiven Inhalten (Java, JavaScript, Flash,...) für sämtliche Websites. Man kann aber nach dem Prinzip einer Whitelist festlegen, auf welchen Seiten Scripts erlaubt werden sollen. Malwarebytes Anti Exploit: Schützt die Anwendungen des Computers vor der Ausnutzung bekannter Schwachstellen.Lade Software von einem sauberen Portal wie  .Wähle beim Installieren von Software immer die benutzerdefinierte Option und entferne den Haken bei allen optional angebotenen Toolbars oder sonstigen, fürs Programm, irrelevanten Ergänzungen. Um Adware wieder los zu werden, empfiehlt sich zunächst die Deinstallation sowie die anschließende Resteentfernung mit Adwcleaner . Abschließend noch ein paar grundsätzliche Bemerkungen: Ändere regelmäßig Deine wichtigen Online-Passwörter und erstelle regelmäßig Backups Deiner wichtigen Dateien oder des Systems. Der Nutzen von Registry-Cleanern, Optimizern usw. zur Performancesteigerung ist umstritten. Ich empfehle deshalb, die Finger von der Registry zu lassen und lieber die windowseigene Datenträgerbereinigung zu verwenden.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
| Themen zu Glaube, mein Rechner ist verseucht. |
| brauch, dinge, downloaden, eurer, experte, experten, gestern, glaube, grund, kleine, laptop, neue, neuen, ordner, rechner, surfe, surfen, tab, tab öffnen, verseucht, würde, öffen, öffnen |
WARNUNG an die MITLESER: 
+ R Taste und schreibe Combofix /Uninstall in das 
Linear-Darstellung
