| |
| |||||||
Log-Analyse und Auswertung: Windows-kein-Originalprodukt-MeldungWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
| |
01.06.2015, 16:53
| #1 |
| |  Windows-kein-Originalprodukt-MeldungHallo, vor einigen Tagen begann Windows eine Meldung mit der Aussage "Windows [sei] kein Originalprodukt" zu öffnen. Alles begann mit einer Fehlfunktion von Skype, die ich seit Wochen zu beheben versuche und bei einer vermeintlichen Lösung in Form einer Anleitung innerhalb eines Forums führte ich einen Windowsinternen Scan via cmd aus. Dadurch entstand eine Logfile, die ich nicht öffnen konnte, worauf ich per Administratorenrecht die Leserechte aktivierte und anschliessend wieder abschaltete. Einen Tag später blinkte die Meldung auf "Windows ist kein Originalprodukt". Im Anhang findet ihr die FRST Logs. Vielen Dank für jegliche Hilfe, Euer Ratchigka  |
|
01.06.2015, 17:02
| #2 |
| /// the machine /// TB-Ausbilder    | Windows-kein-Originalprodukt-Meldung Hi,
__________________Logs bitte immer in den Thread posten. Zur Not aufteilen und mehrere Posts nutzen. Ich kann auf Arbeit keine Anhänge öffnen, danke.  So funktioniert es:Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
__________________ |
|
01.06.2015, 17:19
| #3 |
| | Windows-kein-Originalprodukt-Meldung Entschuldige bitte
__________________Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 29-05-2015
Ran by Aaron (administrator) on AARON-PC on 01-06-2015 17:44:45
Running from C:\Users\Aaron\Downloads
Loaded Profiles: Aaron (Available Profiles: Aaron)
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\avp.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(VIA Technologies, Inc.) C:\Windows\System32\ViakaraokeSrv.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.27.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.27.5\GoogleCrashHandler64.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\avpui.exe
() C:\Program Files (x86)\NETGEAR\WNA3100\WNA3100.exe
(VIA Technologies, Inc.) C:\VIA_XHCI\usb3Monitor.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-Agent.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\CCC.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Google Inc.) C:\Program Files (x86)\Google\Google Japanese Input\GoogleIMEJaCacheService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe
(Microsoft Corporation) C:\Windows\System32\slui.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-Service.exe
(BlueStack Systems) C:\Program Files (x86)\BlueStacks\HD-Network.exe
(BlueStack Systems) C:\Program Files (x86)\BlueStacks\HD-BlockDevice.exe
(BlueStack Systems) C:\Program Files (x86)\BlueStacks\HD-SharedFolder.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_188.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_188.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-Frontend.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [Platinum] => "C:\Program Files\Trend Micro\Titanium\plugin\Pt\PtSessionAgent.exe" -StartUp
HKLM\...\Run: [Trend Micro Client Framework] => "C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe"
HKLM-x32\...\Run: [Google Japanese Input Prelauncher] => C:\Program Files (x86)\Google\Google Japanese Input\GoogleIMEJaBroker32.exe [1435672 2013-12-18] (Google Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2014-11-20] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [VIAxHCUtl] => C:\VIA_XHCI\usb3Monitor.exe [331776 2015-03-12] (VIA Technologies, Inc.)
HKLM-x32\...\Run: [G Data ASM] => "C:\Program Files (x86)\G Data\InternetSecurity\DelayLoader\AutorunDelayLoader.exe" /autostart
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2015-04-07] (Apple Inc.)
HKLM-x32\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\BlueStacks\HD-Agent.exe [884440 2015-05-28] (BlueStack Systems, Inc.)
HKU\S-1-5-21-2455565853-2773199953-1460756191-1000\...\Run: [CyberGhost] => C:\Program Files\CyberGhost 5\CyberGhost.exe [430048 2015-05-21] (CyberGhost S.R.L.)
HKU\S-1-5-21-2455565853-2773199953-1460756191-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [28917376 2015-05-14] (Skype Technologies S.A.)
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2014-11-02] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NETGEAR WNA3100 Genie.lnk [2015-03-12]
ShortcutTarget: NETGEAR WNA3100 Genie.lnk -> C:\Program Files (x86)\NETGEAR\WNA3100\WNA3100.exe ()
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-2455565853-2773199953-1460756191-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKU\S-1-5-21-2455565853-2773199953-1460756191-1000 -> DefaultScope {FDE77B5B-F923-4C0E-BAD4-29914B67A6C0} URL = https://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=937811&p={searchTerms}
SearchScopes: HKU\S-1-5-21-2455565853-2773199953-1460756191-1000 -> {FDE77B5B-F923-4C0E-BAD4-29914B67A6C0} URL = https://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=937811&p={searchTerms}
BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll [2014-04-20] (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll [2015-05-17] (Kaspersky Lab ZAO)
BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\OnlineBanking\online_banking_bho.dll [2014-04-20] (Kaspersky Lab ZAO)
BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll [2014-04-20] (Kaspersky Lab ZAO)
BHO-x32: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll [2014-04-20] (Kaspersky Lab ZAO)
BHO-x32: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll [2015-05-17] (Kaspersky Lab ZAO)
BHO-x32: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\OnlineBanking\online_banking_bho.dll [2014-04-20] (Kaspersky Lab ZAO)
BHO-x32: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\UrlAdvisor\klwtbbho.dll [2014-04-20] (Kaspersky Lab ZAO)
Handler: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - C:\Program Files\Trend Micro\Titanium\UIFramework\ProToolbarIMRatingActiveX.dll No File
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{4857B833-3EF8-4626-880E-BEF4F16D68AD}: [NameServer] 95.169.183.219,89.41.60.38
FireFox:
========
FF ProfilePath: C:\Users\Aaron\AppData\Roaming\Mozilla\Firefox\Profiles\55itt523.default
FF DefaultSearchEngine: DuckDuckGo
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_188.dll [2015-05-26] ()
FF Plugin: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll [2015-05-20] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_188.dll [2015-05-26] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1214154.dll [2014-11-26] (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @kaspersky.com/content_blocker -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\content_blocker@kaspersky.com [2015-05-17] ()
FF Plugin-x32: @kaspersky.com/online_banking -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\online_banking@kaspersky.com [2015-05-17] ()
FF Plugin-x32: @kaspersky.com/virtual_keyboard -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\virtual_keyboard@kaspersky.com [2015-05-17] ()
FF Plugin-x32: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll [2015-05-20] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-20] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-20] (Google Inc.)
FF Plugin HKU\S-1-5-21-2455565853-2773199953-1460756191-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Aaron\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-12-05] (Unity Technologies ApS)
FF user.js: detected! => C:\Users\Aaron\AppData\Roaming\Mozilla\Firefox\Profiles\55itt523.default\user.js [2015-05-25]
FF user.js: detected! => C:\Users\Aaron\AppData\Roaming\Mozilla\Firefox\Profiles\ktw5ym78.dev-edition-default\user.js [2015-05-25]
FF SearchPlugin: C:\Users\Aaron\AppData\Roaming\Mozilla\Firefox\Profiles\55itt523.default\searchplugins\google-images.xml [2014-11-01]
FF SearchPlugin: C:\Users\Aaron\AppData\Roaming\Mozilla\Firefox\Profiles\55itt523.default\searchplugins\google-maps.xml [2014-11-01]
FF SearchPlugin: C:\Users\Aaron\AppData\Roaming\Mozilla\Firefox\Profiles\55itt523.default\searchplugins\youtube-video-search.xml [2015-05-29]
FF Extension: YouTube Unblocker - C:\Users\Aaron\AppData\Roaming\Mozilla\Firefox\Profiles\55itt523.default\Extensions\youtubeunblocker@unblocker.yt [2015-05-29]
FF Extension: Ghostery - C:\Users\Aaron\AppData\Roaming\Mozilla\Firefox\Profiles\55itt523.default\Extensions\firefox@ghostery.com.xpi [2015-01-18]
FF Extension: Tab for a Cause - C:\Users\Aaron\AppData\Roaming\Mozilla\Firefox\Profiles\55itt523.default\Extensions\tabforacause@tabforacause.org.xpi [2014-12-21]
FF Extension: NoScript - C:\Users\Aaron\AppData\Roaming\Mozilla\Firefox\Profiles\55itt523.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2014-11-01]
FF Extension: VideoService - C:\Users\Aaron\AppData\Roaming\Mozilla\Firefox\Profiles\55itt523.default\Extensions\{9d58e825-a4eb-4a2c-9736-3b0d51b3c8c5}.xpi [2014-12-20]
FF Extension: Adblock Plus - C:\Users\Aaron\AppData\Roaming\Mozilla\Firefox\Profiles\55itt523.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-11-01]
FF Extension: BetterPrivacy - C:\Users\Aaron\AppData\Roaming\Mozilla\Firefox\Profiles\55itt523.default\Extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi [2015-02-02]
FF Extension: {f9f3dafd-5da0-4d41-a597-c11bf9609e1b} - C:\Users\Aaron\AppData\Roaming\Mozilla\Firefox\Profiles\55itt523.default\Extensions\{f9f3dafd-5da0-4d41-a597-c11bf9609e1b}.xpi [2014-12-09]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2015-05-01]
FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\content_blocker@kaspersky.com
FF Extension: Dangerous Websites Blocker - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\content_blocker@kaspersky.com [2015-05-14]
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\virtual_keyboard@kaspersky.com [2015-05-14]
FF HKLM-x32\...\Firefox\Extensions: - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\url_advisor@kaspersky.com
FF Extension: Kaspersky URL Advisor - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\url_advisor@kaspersky.com [2015-05-14]
FF HKLM-x32\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\anti_banner@kaspersky.com
FF Extension: Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\anti_banner@kaspersky.com [2015-05-14]
FF HKLM-x32\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\online_banking@kaspersky.com
FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\online_banking@kaspersky.com [2015-05-14]
FF HKU\S-1-5-21-2455565853-2773199953-1460756191-1000\...\Firefox\Extensions: [cliqz@cliqz.com] - C:\Users\Aaron\AppData\Roaming\Mozilla\Firefox\Profiles\55itt523.default\extensions\cliqz@cliqz.com
StartMenuInternet: FIREFOX.EXE - C:\Program Files\Firefox Developer Edition\firefox.exe
Chrome:
=======
CHR HKLM\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho
CHR HKLM-x32\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] ()
R2 AVP15.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\avp.exe [233552 2014-04-20] (Kaspersky Lab ZAO)
R3 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [433880 2015-05-28] (BlueStack Systems, Inc.)
R3 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [413400 2015-05-28] (BlueStack Systems, Inc.)
R3 BstHdUpdaterSvc; C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [806616 2015-05-28] (BlueStack Systems, Inc.)
S2 CGVPNCliService; C:\Program Files\CyberGhost 5\Service.exe [63968 2015-05-21] (CyberGhost S.R.L)
R2 GoogleIMEJaCacheService; C:\Program Files (x86)\Google\Google Japanese Input\GoogleIMEJaCacheService.exe [754712 2013-12-18] (Google Inc.)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
R2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27792 2012-08-03] (VIA Technologies, Inc.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 WSWNA3100; C:\Program Files (x86)\NETGEAR\WNA3100\WifiSvc.exe [307928 2013-11-11] ()
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [22680 2012-10-25] ()
R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [88480 2015-05-31] ()
R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [145112 2015-05-28] (BlueStack Systems)
R1 GDKBFlt; C:\Windows\system32\drivers\GDKBFlt64.sys [20992 2015-04-15] (G Data Software AG)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [457824 2014-02-20] (Kaspersky Lab ZAO)
R3 klflt; C:\Windows\System32\DRIVERS\klflt.sys [141320 2015-05-17] (Kaspersky Lab ZAO)
R1 klhk; C:\Windows\System32\DRIVERS\klhk.sys [243808 2014-04-10] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [793800 2015-05-17] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [30304 2014-02-25] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [28768 2014-03-28] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-08-08] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [55904 2014-03-25] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [179296 2014-03-26] (Kaspersky Lab ZAO)
R3 L1C; C:\Windows\System32\DRIVERS\L1C62x64.sys [110744 2012-07-19] (Qualcomm Atheros Co., Ltd.)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [46400 2015-05-31] ()
S3 NPF; C:\Windows\System32\DRIVERS\npf.sys [47632 2010-02-03] (CACE Technologies, Inc.)
R3 VUSB3HUB; C:\Windows\System32\DRIVERS\ViaHub3.sys [205312 2012-01-20] (VIA Technologies, Inc.)
R3 xhcdrv; C:\Windows\System32\DRIVERS\xhcdrv.sys [254464 2012-01-20] (VIA Technologies, Inc.)
S3 gdrv; \??\C:\Windows\gdrv.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-05-31 20:10 - 2015-05-31 20:11 - 00029538 _____ () C:\Users\Aaron\Downloads\Addition.txt
2015-05-31 20:09 - 2015-06-01 17:44 - 00018619 _____ () C:\Users\Aaron\Downloads\FRST.txt
2015-05-31 20:09 - 2015-06-01 17:44 - 00000000 ____D () C:\FRST
2015-05-31 20:08 - 2015-05-31 20:08 - 02108928 _____ (Farbar) C:\Users\Aaron\Downloads\FRST64.exe
2015-05-31 10:47 - 2015-05-31 10:47 - 00235936 _____ (Tagès SA) C:\Users\Aaron\Downloads\TagesSetup_x64.exe
2015-05-29 20:40 - 2015-05-29 20:40 - 00159144 _____ (Microsoft Corporation) C:\Users\Aaron\Downloads\WindowsActivationUpdate.exe
2015-05-28 21:37 - 2015-05-28 21:37 - 00000000 ____D () C:\Users\Aaron\.android
2015-05-28 21:20 - 2015-05-29 22:22 - 00000000 ___RD () C:\Program Files (x86)\Skype
2015-05-28 21:20 - 2015-05-29 22:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-05-28 21:20 - 2015-05-28 21:20 - 00002699 _____ () C:\Users\Public\Desktop\Skype.lnk
2015-05-28 20:47 - 2015-05-29 22:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BlueStacks
2015-05-28 20:47 - 2015-05-29 22:22 - 00000000 ____D () C:\Program Files (x86)\BlueStacks
2015-05-28 20:47 - 2015-05-29 22:21 - 00000000 ____D () C:\ProgramData\BlueStacks
2015-05-28 20:47 - 2015-05-28 20:47 - 00001818 _____ () C:\Users\Public\Desktop\Apps.lnk
2015-05-28 20:47 - 2015-05-28 20:47 - 00001807 _____ () C:\Users\Public\Desktop\Start BlueStacks.lnk
2015-05-28 20:46 - 2015-05-28 20:46 - 00000000 ____D () C:\Users\Aaron\AppData\Local\Bluestacks
2015-05-28 20:44 - 2015-05-28 20:46 - 14155832 _____ (BlueStack Systems Inc.) C:\Users\Aaron\Downloads\BlueStacks-ThinInstaller(1).exe
2015-05-28 20:36 - 2015-05-28 20:36 - 01384064 _____ (Skype Technologies S.A.) C:\Users\Aaron\Downloads\SkypeSetup.exe
2015-05-26 22:15 - 2015-05-26 23:21 - 00020125 _____ () C:\Users\Aaron\Documents\SEminario.odt
2015-05-25 16:01 - 2015-05-25 16:01 - 00000000 ____D () C:\Users\Aaron\Downloads\Passage
2015-05-25 16:00 - 2015-05-25 16:00 - 00497214 _____ () C:\Users\Aaron\Downloads\Passage_v3_Windows(1).exe
2015-05-24 22:17 - 2015-05-24 22:17 - 00000592 _____ () C:\Users\Aaron\Documents\Taddl.txt
2015-05-20 17:08 - 2015-06-01 17:13 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-05-20 17:08 - 2015-06-01 17:13 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-05-20 17:08 - 2015-05-20 17:08 - 00004106 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-05-20 17:08 - 2015-05-20 17:08 - 00003854 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-05-19 19:22 - 2015-05-29 22:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-05-19 19:22 - 2015-05-19 19:22 - 00000000 ____D () C:\Users\Aaron\AppData\Roaming\Apple Computer
2015-05-19 19:22 - 2015-05-19 19:22 - 00000000 ____D () C:\Users\Aaron\AppData\Local\Apple Computer
2015-05-19 19:21 - 2015-05-19 19:21 - 00000000 ____D () C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2015-05-19 19:21 - 2015-05-19 19:21 - 00000000 ____D () C:\ProgramData\Apple Computer
2015-05-19 19:21 - 2015-05-19 19:21 - 00000000 ____D () C:\Program Files\iTunes
2015-05-19 19:21 - 2015-05-19 19:21 - 00000000 ____D () C:\Program Files\iPod
2015-05-19 19:21 - 2015-05-19 19:21 - 00000000 ____D () C:\Program Files (x86)\iTunes
2015-05-19 19:21 - 2012-10-03 16:14 - 00033240 _____ (GEAR Software Inc.) C:\Windows\system32\Drivers\GEARAspiWDM.sys
2015-05-19 19:20 - 2015-05-21 22:04 - 00000000 ____D () C:\Program Files\Common Files\Apple
2015-05-19 19:20 - 2015-05-19 19:20 - 00000000 ____D () C:\Users\Aaron\AppData\Local\Apple
2015-05-19 19:19 - 2015-05-21 22:03 - 00000000 ____D () C:\ProgramData\Apple
2015-05-19 19:02 - 2015-05-19 19:15 - 121283888 _____ (Apple Inc.) C:\Users\Aaron\Downloads\itunes64setup.exe
2015-05-19 18:40 - 2015-05-19 18:49 - 108728624 _____ (Apple Inc.) C:\Users\Aaron\Downloads\iTunesSetup.exe
2015-05-19 17:24 - 2015-05-31 10:49 - 00088480 _____ () C:\Windows\system32\Drivers\atksgt.sys
2015-05-19 17:24 - 2015-05-31 10:49 - 00046400 _____ () C:\Windows\system32\Drivers\lirsgt.sys
2015-05-19 17:24 - 2015-05-29 22:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AGEIA
2015-05-19 17:24 - 2015-05-19 17:24 - 00000000 ____D () C:\Windows\SysWOW64\AGEIA
2015-05-19 17:24 - 2015-05-19 17:24 - 00000000 ____D () C:\Windows\system32\AGEIA
2015-05-19 17:24 - 2015-05-19 17:24 - 00000000 ____D () C:\ProgramData\InstallShield
2015-05-19 17:24 - 2015-05-19 17:24 - 00000000 ____D () C:\Program Files (x86)\AGEIA Technologies
2015-05-19 17:23 - 2015-05-19 17:23 - 00002358 _____ () C:\Users\Public\Desktop\Sherlock Holmes jagt Arsene Lupin spielen.lnk
2015-05-19 17:23 - 2015-05-19 17:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Focus
2015-05-19 17:21 - 2015-05-19 17:21 - 00002068 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Program Updates.lnk
2015-05-19 17:21 - 2015-05-19 17:21 - 00000000 ____D () C:\Program Files (x86)\Focus
2015-05-19 17:21 - 2004-08-09 06:04 - 00073728 _____ (InstallShield Software Corporation) C:\Windows\SysWOW64\ISUSPM.cpl
2015-05-18 16:10 - 2015-05-18 16:10 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-05-14 22:53 - 2015-05-18 15:05 - 00002334 _____ () C:\Users\Aaron\Desktop\Sicherer Zahlungsverkehr.lnk
2015-05-14 22:52 - 2015-05-29 22:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Internet Security
2015-05-14 22:52 - 2015-05-14 22:52 - 00001196 _____ () C:\Users\Public\Desktop\Kaspersky Internet Security.lnk
2015-05-14 22:52 - 2013-05-06 09:13 - 00110176 _____ (Kaspersky Lab ZAO) C:\Windows\system32\klfphc.dll
2015-05-14 22:51 - 2015-06-01 17:09 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2015-05-14 22:51 - 2015-05-17 21:49 - 00793800 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klif.sys
2015-05-14 22:51 - 2015-05-17 21:49 - 00141320 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klflt.sys
2015-05-14 22:51 - 2015-05-14 22:51 - 00000000 ____D () C:\Windows\ELAMBKUP
2015-05-14 22:51 - 2015-05-14 22:51 - 00000000 ____D () C:\Program Files (x86)\Kaspersky Lab
2015-05-14 22:51 - 2014-04-10 17:25 - 00243808 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klhk.sys
2015-05-14 22:43 - 2015-05-14 22:48 - 176562784 _____ () C:\Users\Aaron\Downloads\kis15.0.0.463de_6508.exe
2015-05-13 13:20 - 2015-05-01 15:17 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-13 13:20 - 2015-05-01 15:16 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-05-13 10:59 - 2015-05-05 03:29 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-05-13 10:59 - 2015-05-05 03:12 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-05-13 10:59 - 2015-04-22 04:28 - 00389840 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-05-13 10:59 - 2015-04-22 03:48 - 00342736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-05-13 10:59 - 2015-04-21 19:14 - 24971776 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-05-13 10:59 - 2015-04-21 19:08 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-05-13 10:59 - 2015-04-21 19:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-05-13 10:59 - 2015-04-21 18:51 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-05-13 10:59 - 2015-04-21 18:50 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-05-13 10:59 - 2015-04-21 18:50 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-05-13 10:59 - 2015-04-21 18:50 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-05-13 10:59 - 2015-04-21 18:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-05-13 10:59 - 2015-04-21 18:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-05-13 10:59 - 2015-04-21 18:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-05-13 10:59 - 2015-04-21 18:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-05-13 10:59 - 2015-04-21 18:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-05-13 10:59 - 2015-04-21 18:35 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-05-13 10:59 - 2015-04-21 18:35 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-05-13 10:59 - 2015-04-21 18:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-05-13 10:59 - 2015-04-21 18:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-05-13 10:59 - 2015-04-21 18:31 - 06025728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-05-13 10:59 - 2015-04-21 18:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-05-13 10:59 - 2015-04-21 18:25 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-05-13 10:59 - 2015-04-21 18:24 - 19691008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-05-13 10:59 - 2015-04-21 18:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-05-13 10:59 - 2015-04-21 18:14 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-05-13 10:59 - 2015-04-21 18:11 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-05-13 10:59 - 2015-04-21 18:11 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-05-13 10:59 - 2015-04-21 18:10 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-05-13 10:59 - 2015-04-21 18:09 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-05-13 10:59 - 2015-04-21 18:09 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-05-13 10:59 - 2015-04-21 18:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-05-13 10:59 - 2015-04-21 18:08 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-05-13 10:59 - 2015-04-21 18:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-05-13 10:59 - 2015-04-21 18:04 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-05-13 10:59 - 2015-04-21 18:03 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-05-13 10:59 - 2015-04-21 18:02 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-05-13 10:59 - 2015-04-21 18:00 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-05-13 10:59 - 2015-04-21 17:58 - 00664576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-05-13 10:59 - 2015-04-21 17:58 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-05-13 10:59 - 2015-04-21 17:57 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-05-13 10:59 - 2015-04-21 17:49 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-05-13 10:59 - 2015-04-21 17:49 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-05-13 10:59 - 2015-04-21 17:48 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-05-13 10:59 - 2015-04-21 17:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-05-13 10:59 - 2015-04-21 17:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-05-13 10:59 - 2015-04-21 17:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-05-13 10:59 - 2015-04-21 17:40 - 14401536 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-05-13 10:59 - 2015-04-21 17:39 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-05-13 10:59 - 2015-04-21 17:38 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-05-13 10:59 - 2015-04-21 17:36 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-05-13 10:59 - 2015-04-21 17:31 - 04305920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-05-13 10:59 - 2015-04-21 17:27 - 02352128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-05-13 10:59 - 2015-04-21 17:26 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-05-13 10:59 - 2015-04-21 17:25 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-05-13 10:59 - 2015-04-21 17:24 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-05-13 10:59 - 2015-04-21 17:17 - 12828672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-05-13 10:59 - 2015-04-21 17:15 - 01547264 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-05-13 10:59 - 2015-04-21 17:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-05-13 10:59 - 2015-04-21 17:02 - 01882112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-05-13 10:59 - 2015-04-21 16:58 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-05-13 10:59 - 2015-04-21 16:56 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-05-13 10:59 - 2015-04-18 05:10 - 00460800 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2015-05-13 10:59 - 2015-04-18 04:56 - 00342016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2015-05-13 10:58 - 2015-04-27 21:28 - 05569984 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-05-13 10:58 - 2015-04-27 21:28 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-05-13 10:58 - 2015-04-27 21:28 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-05-13 10:58 - 2015-04-27 21:26 - 01728960 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-05-13 10:58 - 2015-04-27 21:23 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-05-13 10:58 - 2015-04-27 21:23 - 01254400 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2015-05-13 10:58 - 2015-04-27 21:23 - 01162752 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-05-13 10:58 - 2015-04-27 21:23 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2015-05-13 10:58 - 2015-04-27 21:23 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2015-05-13 10:58 - 2015-04-27 21:23 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-05-13 10:58 - 2015-04-27 21:23 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-05-13 10:58 - 2015-04-27 21:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-05-13 10:58 - 2015-04-27 21:23 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-05-13 10:58 - 2015-04-27 21:23 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-05-13 10:58 - 2015-04-27 21:23 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-05-13 10:58 - 2015-04-27 21:23 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-05-13 10:58 - 2015-04-27 21:23 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-05-13 10:58 - 2015-04-27 21:23 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-05-13 10:58 - 2015-04-27 21:23 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-05-13 10:58 - 2015-04-27 21:23 - 00113664 _____ (Microsoft Corporation) C:\Windows\system32\sechost.dll
2015-05-13 10:58 - 2015-04-27 21:23 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-05-13 10:58 - 2015-04-27 21:23 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-05-13 10:58 - 2015-04-27 21:23 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-05-13 10:58 - 2015-04-27 21:23 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-05-13 10:58 - 2015-04-27 21:23 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-05-13 10:58 - 2015-04-27 21:23 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-05-13 10:58 - 2015-04-27 21:23 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-05-13 10:58 - 2015-04-27 21:23 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-05-13 10:58 - 2015-04-27 21:22 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\tracerpt.exe
2015-05-13 10:58 - 2015-04-27 21:22 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-05-13 10:58 - 2015-04-27 21:22 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-05-13 10:58 - 2015-04-27 21:22 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-05-13 10:58 - 2015-04-27 21:22 - 00104448 _____ (Microsoft Corporation) C:\Windows\system32\logman.exe
2015-05-13 10:58 - 2015-04-27 21:22 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\typeperf.exe
2015-05-13 10:58 - 2015-04-27 21:22 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\relog.exe
2015-05-13 10:58 - 2015-04-27 21:22 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-05-13 10:58 - 2015-04-27 21:22 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\diskperf.exe
2015-05-13 10:58 - 2015-04-27 21:21 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-05-13 10:58 - 2015-04-27 21:18 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-05-13 10:58 - 2015-04-27 21:18 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-05-13 10:58 - 2015-04-27 21:16 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-05-13 10:58 - 2015-04-27 21:16 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-05-13 10:58 - 2015-04-27 21:16 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-05-13 10:58 - 2015-04-27 21:16 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-05-13 10:58 - 2015-04-27 21:16 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-05-13 10:58 - 2015-04-27 21:16 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-05-13 10:58 - 2015-04-27 21:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-05-13 10:58 - 2015-04-27 21:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-05-13 10:58 - 2015-04-27 21:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-05-13 10:58 - 2015-04-27 21:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-05-13 10:58 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-05-13 10:58 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-05-13 10:58 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-05-13 10:58 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-05-13 10:58 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-05-13 10:58 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-05-13 10:58 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-05-13 10:58 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-05-13 10:58 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-05-13 10:58 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-05-13 10:58 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-05-13 10:58 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-05-13 10:58 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-05-13 10:58 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-05-13 10:58 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-05-13 10:58 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-05-13 10:58 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-05-13 10:58 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-05-13 10:58 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-05-13 10:58 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-05-13 10:58 - 2015-04-27 21:11 - 03989440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-05-13 10:58 - 2015-04-27 21:11 - 03934144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-05-13 10:58 - 2015-04-27 21:08 - 01310744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-05-13 10:58 - 2015-04-27 21:05 - 00635392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2015-05-13 10:58 - 2015-04-27 21:05 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-05-13 10:58 - 2015-04-27 21:05 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-05-13 10:58 - 2015-04-27 21:05 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-05-13 10:58 - 2015-04-27 21:05 - 00092160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sechost.dll
2015-05-13 10:58 - 2015-04-27 21:05 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-05-13 10:58 - 2015-04-27 21:05 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-05-13 10:58 - 2015-04-27 21:05 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-05-13 10:58 - 2015-04-27 21:05 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-05-13 10:58 - 2015-04-27 21:04 - 00641536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2015-05-13 10:58 - 2015-04-27 21:04 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-05-13 10:58 - 2015-04-27 21:04 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tracerpt.exe
2015-05-13 10:58 - 2015-04-27 21:04 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\logman.exe
2015-05-13 10:58 - 2015-04-27 21:04 - 00040448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\typeperf.exe
2015-05-13 10:58 - 2015-04-27 21:04 - 00037888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\relog.exe
2015-05-13 10:58 - 2015-04-27 21:04 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-05-13 10:58 - 2015-04-27 21:04 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-05-13 10:58 - 2015-04-27 21:03 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-05-13 10:58 - 2015-04-27 21:03 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-05-13 10:58 - 2015-04-27 21:03 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-05-13 10:58 - 2015-04-27 21:03 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-05-13 10:58 - 2015-04-27 21:03 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\diskperf.exe
2015-05-13 10:58 - 2015-04-27 21:03 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-05-13 10:58 - 2015-04-27 21:01 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-05-13 10:58 - 2015-04-27 21:01 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-05-13 10:58 - 2015-04-27 20:59 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-05-13 10:58 - 2015-04-27 20:59 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-05-13 10:58 - 2015-04-27 20:59 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-05-13 10:58 - 2015-04-27 20:59 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-05-13 10:58 - 2015-04-27 20:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-05-13 10:58 - 2015-04-27 20:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-05-13 10:58 - 2015-04-27 20:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-05-13 10:58 - 2015-04-27 20:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-05-13 10:58 - 2015-04-27 20:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-05-13 10:58 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-05-13 10:58 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-05-13 10:58 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-05-13 10:58 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-05-13 10:58 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-05-13 10:58 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-05-13 10:58 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-05-13 10:58 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-05-13 10:58 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-05-13 10:58 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-05-13 10:58 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-05-13 10:58 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-05-13 10:58 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-05-13 10:58 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-05-13 10:58 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-05-13 10:58 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-05-13 10:58 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-05-13 10:58 - 2015-04-27 20:06 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2015-05-13 10:58 - 2015-04-27 19:57 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-05-13 10:58 - 2015-04-27 19:57 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-05-13 10:58 - 2015-04-27 19:55 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-05-13 10:58 - 2015-04-27 19:55 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-05-13 10:58 - 2015-04-27 19:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-05-13 10:58 - 2015-04-27 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-05-13 10:58 - 2015-04-20 05:17 - 01647104 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-05-13 10:58 - 2015-04-20 05:17 - 01179136 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-05-13 10:58 - 2015-04-20 04:56 - 01250816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-05-13 10:58 - 2015-04-20 04:11 - 03204608 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-05-13 10:58 - 2015-04-13 05:28 - 00328704 _____ (Microsoft Corporation) C:\Windows\system32\services.exe
2015-05-13 10:57 - 2015-04-08 05:29 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2015-05-13 10:57 - 2015-04-08 05:29 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll
2015-05-13 10:57 - 2015-04-08 05:14 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
2015-05-13 10:57 - 2015-03-04 06:41 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\apphelp.dll
2015-05-13 10:57 - 2015-03-04 06:41 - 00072192 _____ (Microsoft Corporation) C:\Windows\system32\aelupsvc.dll
2015-05-13 10:57 - 2015-03-04 06:41 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\sdbinst.exe
2015-05-13 10:57 - 2015-03-04 06:41 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\shimeng.dll
2015-05-13 10:57 - 2015-03-04 06:11 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shimeng.dll
2015-05-13 10:57 - 2015-03-04 06:10 - 00295936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apphelp.dll
2015-05-13 10:57 - 2015-03-04 06:10 - 00020992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sdbinst.exe
2015-05-13 10:57 - 2015-02-18 09:06 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2015-05-13 10:57 - 2015-02-18 09:04 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2015-05-13 10:57 - 2015-01-29 05:19 - 02543104 _____ (Microsoft Corporation) C:\Windows\system32\wpdshext.dll
2015-05-13 10:57 - 2015-01-29 05:02 - 02311168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wpdshext.dll
2015-05-12 17:23 - 2015-05-12 17:23 - 00005710 _____ () C:\Users\Aaron\Downloads\idlesave(1)
2015-05-10 21:09 - 2015-05-10 21:09 - 00003756 _____ () C:\Users\Aaron\Downloads\idlesave
2015-05-08 23:03 - 2015-05-08 23:03 - 00000000 ____D () C:\Users\Aaron\AppData\Local\Steam
2015-05-08 22:57 - 2015-05-08 22:57 - 01142128 _____ () C:\Users\Aaron\Downloads\SteamSetup.exe
2015-05-04 19:03 - 2015-05-29 22:22 - 00000000 ____D () C:\ProgramData\BlueStacksSetup
2015-05-04 18:54 - 2015-05-04 19:02 - 13611736 _____ (BlueStack Systems Inc.) C:\Users\Aaron\Downloads\BlueStacks-ThinInstaller.exe
2015-05-03 17:14 - 2015-05-03 17:14 - 00000000 ____D () C:\Users\Aaron\Tracing
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-06-01 17:10 - 2015-04-11 08:57 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-06-01 16:52 - 2009-07-14 06:45 - 00020704 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-06-01 16:52 - 2009-07-14 06:45 - 00020704 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-06-01 15:00 - 2014-11-01 14:00 - 01860963 _____ () C:\Windows\WindowsUpdate.log
2015-06-01 14:52 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-06-01 14:52 - 2009-07-14 06:51 - 00059294 _____ () C:\Windows\setupact.log
2015-05-29 22:26 - 2014-11-01 18:18 - 00000000 ____D () C:\Users\Aaron\AppData\Roaming\Skype
2015-05-29 22:23 - 2014-11-01 14:02 - 00000000 ____D () C:\Users\Aaron
2015-05-29 22:22 - 2015-04-04 15:17 - 00000000 ___SD () C:\Windows\system32\GWX
2015-05-29 22:22 - 2015-03-07 14:00 - 00000000 ____D () C:\Program Files\CyberGhost 5
2015-05-29 22:22 - 2014-12-26 22:24 - 00000000 ____D () C:\Users\Aaron\AppData\Local\fabi.me
2015-05-29 22:22 - 2014-11-01 23:20 - 00000000 ____D () C:\Users\Aaron\AppData\Local\Abelssoft
2015-05-29 22:22 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF
2015-05-29 22:22 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2015-05-29 22:22 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\registration
2015-05-29 22:21 - 2014-11-01 18:18 - 00000000 ____D () C:\ProgramData\Skype
2015-05-29 22:04 - 2009-07-14 20:18 - 00000000 ___RD () C:\Users\Public\Recorded TV
2015-05-28 22:56 - 2015-03-07 14:01 - 00000000 ____D () C:\Users\Aaron\AppData\Local\CyberGhost
2015-05-28 22:56 - 2014-11-01 14:02 - 00000000 ____D () C:\Users\Aaron\AppData\Local\VirtualStore
2015-05-28 20:47 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Public\Libraries
2015-05-26 23:25 - 2009-07-14 19:58 - 00699092 _____ () C:\Windows\system32\perfh007.dat
2015-05-26 23:25 - 2009-07-14 19:58 - 00149232 _____ () C:\Windows\system32\perfc007.dat
2015-05-26 23:25 - 2009-07-14 07:13 - 01619284 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-05-26 21:43 - 2015-03-08 17:37 - 00000000 ____D () C:\Users\Aaron\Desktop\Moot
2015-05-26 18:41 - 2014-11-01 14:15 - 00000000 ____D () C:\Users\Aaron\AppData\Local\Adobe
2015-05-26 18:16 - 2015-04-11 08:57 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-05-26 18:16 - 2014-11-01 14:17 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-05-26 18:16 - 2014-11-01 14:17 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-05-26 16:52 - 2009-07-14 07:08 - 00002898 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-05-24 22:17 - 2014-11-27 23:41 - 00006360 _____ () C:\Users\Aaron\Documents\SC.txt
2015-05-21 22:05 - 2015-02-05 09:08 - 00000000 ____D () C:\Users\Aaron\Desktop\EA
2015-05-20 23:50 - 2015-04-04 15:17 - 00000000 ___SD () C:\Windows\SysWOW64\GWX
2015-05-20 16:58 - 2014-11-01 15:06 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-05-19 17:21 - 2014-11-01 14:06 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-05-17 19:56 - 2015-04-14 18:27 - 00000000 ____D () C:\Program Files (x86)\G Data
2015-05-17 19:56 - 2014-11-01 14:33 - 01368830 _____ () C:\Windows\PFRO.log
2015-05-17 19:55 - 2015-04-14 18:17 - 00000000 ____D () C:\ProgramData\G Data
2015-05-17 19:55 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\Setup
2015-05-17 19:55 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\oobe
2015-05-17 19:55 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\MUI
2015-05-17 19:55 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\com
2015-05-17 19:42 - 2015-03-13 15:56 - 00000000 ____D () C:\ProgramData\Trend Micro
2015-05-17 19:38 - 2015-03-27 18:33 - 00000000 ____D () C:\Users\Aaron\AppData\Local\Trend Micro
2015-05-14 22:49 - 2015-03-30 19:05 - 00001161 _____ () C:\Users\Aaron\Desktop\VideoCacheView.cfg
2015-05-14 22:40 - 2015-04-26 21:54 - 00000962 _____ () C:\Users\Aaron\Documents\hahah.txt
2015-05-13 23:59 - 2014-11-07 23:14 - 00000000 ____D () C:\Users\Aaron\Documents\Anki
2015-05-13 17:05 - 2009-07-14 06:45 - 00298248 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-05-13 17:02 - 2009-07-14 20:18 - 00000000 ____D () C:\Program Files\Windows Journal
2015-05-13 17:02 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\AdvancedInstallers
2015-05-13 13:24 - 2014-11-01 14:50 - 00000000 ____D () C:\Windows\system32\MRT
2015-05-13 13:22 - 2009-10-14 07:12 - 140425016 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-05-11 09:58 - 2015-04-14 18:27 - 00006074 _____ () C:\Windows\DPINST.LOG
2015-05-05 20:14 - 2014-11-01 15:07 - 00000000 ____D () C:\Users\Aaron\Desktop\Neuer Ordner
==================== Files in the root of some directories =======
2015-04-14 18:27 - 2015-04-14 18:27 - 0000000 _____ () C:\Users\Aaron\AppData\Roaming\gdfw.log
2015-04-14 18:27 - 2015-04-14 18:27 - 0000779 _____ () C:\Users\Aaron\AppData\Roaming\gdscan.log
2015-03-13 15:56 - 2015-03-13 15:56 - 0000036 _____ () C:\Users\Aaron\AppData\Local\housecall.guid.cache
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-05-29 19:51
==================== End of log ============================
Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 29-05-2015
Ran by Aaron at 2015-06-01 17:45:02
Running from C:\Users\Aaron\Downloads
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Aaron (S-1-5-21-2455565853-2773199953-1460756191-1000 - Administrator - Enabled) => C:\Users\Aaron
Administrator (S-1-5-21-2455565853-2773199953-1460756191-500 - Administrator - Disabled)
Gast (S-1-5-21-2455565853-2773199953-1460756191-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2455565853-2773199953-1460756191-1002 - Limited - Enabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Kaspersky Internet Security (Enabled - Up to date) {179979E8-273D-D14E-0543-2861940E4886}
AS: Kaspersky Internet Security (Enabled - Up to date) {ACF8980C-0107-DEC0-3FF3-1313EF89023B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security (Enabled) {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Flash Player 17 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.188 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.4.154 - Adobe Systems, Inc.)
AGEIA PhysX v6.12.02 (HKLM-x32\...\{7032E73F-68A0-48F9-8100-E70E79169BAE}) (Version: 6.12.02 - AGEIA Technologies, Inc.)
AMD Catalyst Install Manager (HKLM\...\{F2A7CE36-57BF-5C86-952D-90DBF3746D82}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
Anki (HKLM-x32\...\Anki) (Version: - )
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.7 - Atheros Communications Inc.)
Blobby Volley 2 Version 1.0 (HKLM-x32\...\Blobby Volley 2 Version 1.0_is1) (Version: - )
BlueStacks App Player (HKLM-x32\...\BlueStacks App Player) (Version: 0.9.27.5408 - BlueStack Systems, Inc.)
BlueStacks Notification Center (HKLM-x32\...\{C1F53C9F-C560-4292-9237-12786FE6BF62}) (Version: 0.9.27.5408 - BlueStack Systems, Inc.)
CHIP Updater (HKLM-x32\...\CHIP Updater_is1) (Version: 2.42 - Abelssoft)
CyberGhost 5 (HKLM\...\CyberGhost 5_is1) (Version: - CyberGhost S.R.L.)
Die Sims™ 3 (HKLM-x32\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}) (Version: 1.67.2 - Electronic Arts)
Die Sims™ 3 Design-Garten-Accessoires (HKLM-x32\...\{117B6BF6-82C3-420C-B284-9247C8568E53}) (Version: 7.3.2 - Electronic Arts)
Die Sims™ 3 Gib Gas-Accessoires (HKLM-x32\...\{ED436EA8-4145-4703-AE5D-4D09DD24AF5A}) (Version: 5.0.44 - Electronic Arts)
Die Sims™ 3 Luxus-Accessoires (HKLM-x32\...\{71828142-5A24-4BD0-97E7-976DA08CE6CF}) (Version: 3.0.38 - Electronic Arts)
Die Sims™ 3 Reiseabenteuer (HKLM-x32\...\{BA26FFA5-6D47-47DB-BE56-34C357B5F8CC}) (Version: 2.0.86 - Electronic Arts)
Die Sims™ 3 Traumkarrieren (HKLM-x32\...\{910F4A29-1134-49E0-AD8B-56E4A3152BD1}) (Version: 4.0.87 - Electronic Arts)
Empire Earth (HKLM-x32\...\{2447500B-22D7-47BD-9B13-1A927F43A267}) (Version: - )
Firefox Developer Edition 38.0a2 (x64 de) (HKLM\...\Firefox Developer Edition 38.0a2 (x64 de)) (Version: 38.0a2 - Mozilla)
Free Audio Converter version 5.0.55.113 (HKLM-x32\...\Free Audio Converter_is1) (Version: 5.0.55.113 - DVDVideoSoft Ltd.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden
Google 日本語入力 (HKLM\...\{6A1E4EFB-3EE0-40A0-9D6D-E865370289DB}) (Version: 1.13.1641.0 - Google Inc.)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.1.0.1006 - Intel Corporation)
iTunes (HKLM\...\{5D239A92-31A4-4FCA-967D-F9EA8E1FDF6A}) (Version: 12.1.2.27 - Apple Inc.)
Kaspersky Internet Security (HKLM-x32\...\InstallWIX_{653C1B5A-3287-47B1-8613-0745D4E771C4}) (Version: 15.0.0.463 - Kaspersky Lab)
Kaspersky Internet Security (x32 Version: 15.0.0.463 - Kaspersky Lab) Hidden
marvell 91xx driver (HKLM-x32\...\MagniDriver) (Version: 1.2.0.1020 - Marvell)
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
MixMeister BPM Analyzer 1.0 (HKLM-x32\...\MixMeister BPM Analyzer_is1) (Version: - MixMeister Technology LLC)
Mozilla Firefox 38.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 38.0.1 (x86 de)) (Version: 38.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 38.0a2 - Mozilla)
NETGEAR WNA3100 wireless USB 2.0 adapter (HKLM-x32\...\{C2425F91-1F7B-4037-9A05-9F290184798D}) (Version: 2.2.0.2 - NETGEAR)
ON_OFF Charge B12.1025.1 (HKLM-x32\...\{3DECD372-76A1-4483-BF10-B547790A3261}) (Version: 1.00.0001 - GIGABYTE)
OpenOffice 4.1.1 (HKLM-x32\...\{ACD0FFF9-6B35-43C1-82DB-9FF6990E8602}) (Version: 4.11.9775 - Apache Software Foundation)
Pale Moon 25.3.1 (x86 en-US) (HKLM-x32\...\Pale Moon 25.3.1 (x86 en-US)) (Version: 25.3.1 - Moonchild Productions)
Platform (x32 Version: 1.39 - VIA Technologies, Inc.) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7246 - Realtek Semiconductor Corp.)
Sherlock Holmes jagt Arsene Lupin (HKLM-x32\...\{63686BEF-04CA-461C-B364-53BBC322F7BF}) (Version: 1.00.0777 - Frogwares)
Skype™ 7.5 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.5.101 - Skype Technologies S.A.)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TAP-Windows 9.9.2 (HKLM\...\TAP-Windows) (Version: 9.9.2 - )
Unity Web Player (HKU\S-1-5-21-2455565853-2773199953-1460756191-1000\...\UnityWebPlayer) (Version: 4.6.1f1 - Unity Technologies ApS)
VIA Plattform-Geräte-Manager (HKLM-x32\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.39 - VIA Technologies, Inc.)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
WinRAR 5.20 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.20.0 - win.rar GmbH)
YTD Video Downloader 4.8.9 (HKLM-x32\...\{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}) (Version: 4.8.9 - GreenTree Applications SRL) <==== ATTENTION
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-2455565853-2773199953-1460756191-1000_Classes\CLSID\{087B3AE3-E237-4467-B8DB-5A38AB959AC9}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-2455565853-2773199953-1460756191-1000_Classes\CLSID\{3B092F0C-7696-40E3-A80F-68D74DA84210}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-2455565853-2773199953-1460756191-1000_Classes\CLSID\{63542C48-9552-494A-84F7-73AA6A7C99C1}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-2455565853-2773199953-1460756191-1000_Classes\CLSID\{7BC0E710-5703-45BE-A29D-5D46D8B39262}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\ooofilt_x64.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-2455565853-2773199953-1460756191-1000_Classes\CLSID\{AE424E85-F6DF-4910-A6A9-438797986431}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\propertyhdl_x64.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-2455565853-2773199953-1460756191-1000_Classes\CLSID\{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dll (Apache Software Foundation)
==================== Restore Points =========================
20-05-2015 23:49:57 Windows Update
21-05-2015 17:35:47 Removed Apple Mobile Device Support
21-05-2015 21:58:17 Removed Bonjour
21-05-2015 22:01:20 Removed Apple Application Support (32-Bit)
21-05-2015 22:03:54 Removed Apple Software Update
21-05-2015 22:04:22 Removed Apple Mobile Device Support
26-05-2015 16:59:35 Windows Update
28-05-2015 20:30:45 Removed Skype™ 7.4
28-05-2015 20:33:46 Removed Skype Click to Call
28-05-2015 20:40:16 Removed BlueStacks Notification Center
29-05-2015 22:00:49 Wiederherstellungsvorgang
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {0E3E308E-ABEF-4846-89B8-278B4B018F87} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-05-07] (Microsoft Corporation)
Task: {0F88D255-2241-4208-8237-E341A4D7A173} - System32\Tasks\{5A57084D-AC5A-4D37-847B-140B7C012D90} => pcalua.exe -a D:\directx\dxsetup.exe -d D:\directx
Task: {1C4CB41F-68B8-4D5A-8A6F-F4C3AE36F657} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-11-23] (Google Inc.)
Task: {2A998A09-FB15-4811-A83D-3199505578DA} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\Logon => C:\Windows\system32\GWX\GWX.exe [2015-05-07] (Microsoft Corporation)
Task: {37FB0945-E77F-4D35-8BC0-D0235553AB98} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-05-26] (Adobe Systems Incorporated)
Task: {5038085A-5CF3-494E-A1B5-8BB30E207A17} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => schtasks
Task: {55A4219C-07FF-4C29-9BD8-3C619515A305} - System32\Tasks\Abelssoft\Updater scan => C:\Program Files (x86)\CHIP Updater\CHIPUpdater.exe [2015-03-27] (CHIP)
Task: {57F70703-9A44-4723-AB28-AFC48700A0A1} - \{1DFC94E0-EEB0-4BAF-A5B2-1F07400E5341} No Task File <==== ATTENTION
Task: {7C0BC5CD-DA14-4277-B6C1-E8744715E8FA} - \{EEF77C93-E979-49BA-8AA0-17E886F1EAEB} No Task File <==== ATTENTION
Task: {824BD7D4-3B9B-4A57-AB35-B82400A8F815} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle => C:\Windows\system32\GWX\GWX.exe [2015-05-07] (Microsoft Corporation)
Task: {8820FE82-E598-4326-954A-39452D194616} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-11-23] (Google Inc.)
Task: {9BEE7F76-659C-4C46-8456-C3F4C8407328} - \User_Feed_Synchronization-{600F234B-E5B6-4B2D-9EB7-84B30C9F11A3} No Task File <==== ATTENTION
Task: {B7FD4B15-9BA8-468C-A210-B505DCC89E9B} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-05-07] (Microsoft Corporation)
Task: {C713F4D1-F331-4653-B26A-F95CBFCB07D1} - System32\Tasks\Microsoft\Windows\Windows Activation Technologies\ValidationTask => C:\Windows\system32\Wat\WatAdminSvc.exe [2015-05-20] (Microsoft Corporation)
Task: {F99D18BE-4F1D-43A0-BD32-CC74BD35149D} - \CreateChoiceProcessTask No Task File <==== ATTENTION
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (Whitelisted) ==============
2015-03-12 19:25 - 2015-03-12 19:25 - 08266456 _____ () C:\Program Files (x86)\NETGEAR\WNA3100\WNA3100.exe
2014-03-06 15:00 - 2014-03-06 15:00 - 01269952 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\kpcengine.2.3.dll
2014-12-04 21:34 - 2013-11-01 18:31 - 00278528 _____ () C:\Program Files (x86)\NETGEAR\WNA3100\WifiSvcLib.dll
2014-04-20 01:42 - 2014-04-20 01:42 - 00468672 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\content_blocker@kaspersky.com\npcontentblocker.dll
2014-04-20 01:42 - 2015-05-17 21:23 - 00642344 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\virtual_keyboard@kaspersky.com\npvkplugin.dll
2014-04-20 01:42 - 2014-04-20 01:42 - 00347328 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\online_banking@kaspersky.com\nponlinebanking.dll
2014-11-01 14:09 - 2012-02-01 17:25 - 00059904 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
2015-05-26 18:16 - 2015-05-26 18:16 - 16867504 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_188.dll
2015-02-22 11:59 - 2015-02-22 11:59 - 02108488 _____ () C:\Users\Aaron\AppData\LocalLow\Unity\WebPlayer\mono\Release3.x.x\mono-1-vc.dll
2015-05-28 11:05 - 2015-05-28 20:47 - 00195584 _____ () C:\Program Files (x86)\BlueStacks\libEGL.dll
2015-05-28 11:05 - 2015-05-28 20:47 - 01467392 _____ () C:\Program Files (x86)\BlueStacks\libGLESv2.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
==================== Safe Mode (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-2455565853-2773199953-1460756191-1000\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 95.169.183.219 - 89.41.60.38
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
MSCONFIG\startupreg: HDAudDeck => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r
MSCONFIG\startupreg: IAStorIcon => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe "C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" 60
MSCONFIG\startupreg: USB3MON => "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{F910D0C9-262F-4427-9587-0E6D623BE027}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe
FirewallRules: [{A7CBF020-E154-4520-82A5-F40CD5A5B7F3}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe
FirewallRules: [{652FE1B6-04A6-4AB5-A263-EAA23ED5AF39}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe
FirewallRules: [{302EDD12-0AC8-4F32-8EC4-E7D89E05A27B}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe
FirewallRules: [{48181101-7CA1-47FF-92C4-661EC8D8CC94}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe
FirewallRules: [{CFA596B3-FE44-4054-8514-A491E93A548B}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe
FirewallRules: [TCP Query User{5203D9A2-92C6-4216-A0EA-872EF81D838F}C:\program files (x86)\electronic arts\eadm\core.exe] => (Allow) C:\program files (x86)\electronic arts\eadm\core.exe
FirewallRules: [UDP Query User{2F8E4ABE-8813-41DD-8D11-B5B91F771C53}C:\program files (x86)\electronic arts\eadm\core.exe] => (Allow) C:\program files (x86)\electronic arts\eadm\core.exe
FirewallRules: [{3E0A475E-F79E-4A19-8FC4-E6C041642D44}] => (Block) C:\program files (x86)\electronic arts\eadm\core.exe
FirewallRules: [{9B6DD1C2-563B-40A3-ACEE-ABC35DBF0A16}] => (Block) C:\program files (x86)\electronic arts\eadm\core.exe
FirewallRules: [{A1AC3D49-DA7E-4405-A0A8-0CB37F6567D6}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
FirewallRules: [{0A163EAF-70F4-49F4-AF3A-F3F0E347D685}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
FirewallRules: [{844A7132-5511-45ED-B0D3-A6A2CC5613A1}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgdiagex.exe
FirewallRules: [{6F80F7CA-4A0C-463F-998A-AEA71EFF8C3F}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgdiagex.exe
FirewallRules: [{3BC87F6A-8C1F-4599-B2B0-2061EAB55569}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
FirewallRules: [{C99151BB-774A-443B-A1DB-14A54D9B3201}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
FirewallRules: [{F34A9EC6-DD46-4BE9-91D3-081674BC78CF}] => (Allow) C:\Program Files\Hola\app\hola_updater.exe
FirewallRules: [{243C2F74-B1BD-4240-9D59-722D40F618E9}] => (Allow) C:\Program Files\Hola\app\hola_updater.exe
FirewallRules: [TCP Query User{BCA82D7E-E09E-4282-9713-9D5476F446F4}C:\program files (x86)\mozilla firefox\plugin-container.exe] => (Block) C:\program files (x86)\mozilla firefox\plugin-container.exe
FirewallRules: [UDP Query User{90985EBA-FDA7-4896-BABE-94A5AB81DFB3}C:\program files (x86)\mozilla firefox\plugin-container.exe] => (Block) C:\program files (x86)\mozilla firefox\plugin-container.exe
FirewallRules: [{227CD673-EFE0-4C39-95B8-CDC817BB04C7}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe
FirewallRules: [{7C632050-24B5-4D37-9BB9-0A8281082923}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe
FirewallRules: [{725EF301-0470-4F66-B155-EA5A4BAF23B3}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe
FirewallRules: [{92FDDB1F-16DB-4943-B6A6-A9B59D6C8EE2}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe
FirewallRules: [{77118A62-B07D-473F-8425-8026BDA0D373}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{719D0DC3-7F9C-4DF8-A244-1029DB8C5602}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{E3349BEC-5E4E-4AF9-87A3-EEC5AEA7F02D}] => (Allow) C:\Program Files\Firefox Developer Edition\firefox.exe
FirewallRules: [{CE52468E-665F-4C3F-9DC6-79F6AEF8553A}] => (Allow) C:\Program Files\Firefox Developer Edition\firefox.exe
FirewallRules: [TCP Query User{7D882834-5CE4-4B78-969E-3EE357EEC731}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{940AFD68-2716-4CD4-8E11-505371C53FC0}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{BA9A4195-2E37-460B-8CDD-DAADF45FD634}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{4BDA4317-797A-4D13-91A9-3862BCE7E88C}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{BFBDE6A1-CDF0-4FCC-9785-46D364151161}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{1E7CF97D-0B95-47BE-98C8-F2C5A31996FF}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{F55D7FA2-0F23-40CC-AC52-B93B705654C9}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe
FirewallRules: [{E9098807-5655-4DBD-B013-AB2A0FA29E2D}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (05/29/2015 10:28:04 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm Skype.exe, Version 7.5.0.101 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: d68
Startzeit: 01d09a4d6d5b3213
Endzeit: 5
Anwendungspfad: C:\Program Files (x86)\Skype\Phone\Skype.exe
Berichts-ID: 2867a548-0641-11e5-8dd8-94de80a96248
Error: (05/29/2015 10:06:50 PM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Der Dienst kann nicht gestartet werden. System.ApplicationException: Cannot start service. C:\ProgramData\BlueStacks\Android\kernel.elf.signature doesn't exist
bei BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)
Error: (05/29/2015 09:44:01 PM) (Source: Software Protection Platform Service) (EventID: 8208) (User: )
Description: Fehler bei der Erfassung des authentischen Tickets (hr=0xC004C4AB) für die Vorlagen-ID 66c92734-d682-4d71-983e-d6ec3f16059f.
Error: (05/29/2015 09:44:01 PM) (Source: Software Protection Platform Service) (EventID: 8209) (User: )
Description: Der Authentizitätsstatus ist auf nicht-authentisch (0x00000000) gesetzt für die Anwendungs-ID 55c92734-d682-4d71-983e-d6ec3f16059f.
Error: (05/29/2015 08:51:30 PM) (Source: Software Protection Platform Service) (EventID: 8208) (User: )
Description: Fehler bei der Erfassung des authentischen Tickets (hr=0xC004C4AB) für die Vorlagen-ID 66c92734-d682-4d71-983e-d6ec3f16059f.
Error: (05/29/2015 08:51:30 PM) (Source: Software Protection Platform Service) (EventID: 8209) (User: )
Description: Der Authentizitätsstatus ist auf nicht-authentisch (0x00000000) gesetzt für die Anwendungs-ID 55c92734-d682-4d71-983e-d6ec3f16059f.
Error: (05/29/2015 08:48:38 PM) (Source: Software Protection Platform Service) (EventID: 8208) (User: )
Description: Fehler bei der Erfassung des authentischen Tickets (hr=0xC004C4AB) für die Vorlagen-ID 66c92734-d682-4d71-983e-d6ec3f16059f.
Error: (05/29/2015 08:48:38 PM) (Source: Software Protection Platform Service) (EventID: 8209) (User: )
Description: Der Authentizitätsstatus ist auf nicht-authentisch (0x00000000) gesetzt für die Anwendungs-ID 55c92734-d682-4d71-983e-d6ec3f16059f.
Error: (05/29/2015 07:54:57 PM) (Source: Software Protection Platform Service) (EventID: 8208) (User: )
Description: Fehler bei der Erfassung des authentischen Tickets (hr=0xC004C4AB) für die Vorlagen-ID 66c92734-d682-4d71-983e-d6ec3f16059f.
Error: (05/29/2015 07:54:57 PM) (Source: Software Protection Platform Service) (EventID: 8209) (User: )
Description: Der Authentizitätsstatus ist auf nicht-authentisch (0x00000000) gesetzt für die Anwendungs-ID 55c92734-d682-4d71-983e-d6ec3f16059f.
System errors:
=============
Error: (06/01/2015 02:53:07 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "CyberGhost 5 Client Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error: (06/01/2015 02:53:07 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst CyberGhost 5 Client Service erreicht.
Error: (06/01/2015 02:52:36 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "WSWNA3100" wurde aufgrund folgenden Fehlers nicht gestartet:
%%5
Error: (05/31/2015 09:54:11 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "CyberGhost 5 Client Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error: (05/31/2015 09:54:11 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst CyberGhost 5 Client Service erreicht.
Error: (05/31/2015 09:53:40 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "WSWNA3100" wurde aufgrund folgenden Fehlers nicht gestartet:
%%5
Error: (05/31/2015 09:53:35 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "atksgt" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1275
Error: (05/31/2015 09:53:35 AM) (Source: Application Popup) (EventID: 875) (User: )
Description: Treiber atksgt.sys konnte nicht geladen werden.
Error: (05/30/2015 06:03:27 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "WSWNA3100" wurde aufgrund folgenden Fehlers nicht gestartet:
%%5
Error: (05/30/2015 06:03:15 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "atksgt" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1275
Microsoft Office:
=========================
Error: (05/29/2015 10:28:04 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Skype.exe7.5.0.101d6801d09a4d6d5b32135C:\Program Files (x86)\Skype\Phone\Skype.exe2867a548-0641-11e5-8dd8-94de80a96248
Error: (05/29/2015 10:06:50 PM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Der Dienst kann nicht gestartet werden. System.ApplicationException: Cannot start service. C:\ProgramData\BlueStacks\Android\kernel.elf.signature doesn't exist
bei BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)
Error: (05/29/2015 09:44:01 PM) (Source: Software Protection Platform Service) (EventID: 8208) (User: )
Description: hr=0xC004C4AB66c92734-d682-4d71-983e-d6ec3f16059f
Error: (05/29/2015 09:44:01 PM) (Source: Software Protection Platform Service) (EventID: 8209) (User: )
Description: 0x0000000055c92734-d682-4d71-983e-d6ec3f16059f
Error: (05/29/2015 08:51:30 PM) (Source: Software Protection Platform Service) (EventID: 8208) (User: )
Description: hr=0xC004C4AB66c92734-d682-4d71-983e-d6ec3f16059f
Error: (05/29/2015 08:51:30 PM) (Source: Software Protection Platform Service) (EventID: 8209) (User: )
Description: 0x0000000055c92734-d682-4d71-983e-d6ec3f16059f
Error: (05/29/2015 08:48:38 PM) (Source: Software Protection Platform Service) (EventID: 8208) (User: )
Description: hr=0xC004C4AB66c92734-d682-4d71-983e-d6ec3f16059f
Error: (05/29/2015 08:48:38 PM) (Source: Software Protection Platform Service) (EventID: 8209) (User: )
Description: 0x0000000055c92734-d682-4d71-983e-d6ec3f16059f
Error: (05/29/2015 07:54:57 PM) (Source: Software Protection Platform Service) (EventID: 8208) (User: )
Description: hr=0xC004C4AB66c92734-d682-4d71-983e-d6ec3f16059f
Error: (05/29/2015 07:54:57 PM) (Source: Software Protection Platform Service) (EventID: 8209) (User: )
Description: 0x0000000055c92734-d682-4d71-983e-d6ec3f16059f
CodeIntegrity Errors:
===================================
Date: 2014-11-01 13:48:42.936
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files (x86)\AVG\AVG2015\avghooka.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i5-3470 CPU @ 3.20GHz
Percentage of memory in use: 65%
Total physical RAM: 7656.09 MB
Available physical RAM: 2636.73 MB
Total Pagefile: 15310.39 MB
Available Pagefile: 9232.92 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:232.79 GB) (Free:116.94 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (SHERLOCKHOLMES4) (CDROM) (Total:6.84 GB) (Free:0 GB) UDF
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: F22B4E44)
Partition 1: (Active) - (Size=232.8 GB) - (Type=07 NTFS)
==================== End of log ============================
|
|
02.06.2015, 07:35
| #4 |
| /// the machine /// TB-Ausbilder | Windows-kein-Originalprodukt-Meldung Lade Dir bitte von hier  Revo Uninstaller (alternativ portable Revo Uninstaller) herunter.
Downloade dir bitte  Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
02.06.2015, 16:57
| #5 |
| | Windows-kein-Originalprodukt-Meldung Es wurden insgesamt keine Bedrohungen gefunden Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.09.1.1004
www.malwarebytes.org
Database version:
main: v2015.06.02.03
rootkit: v2015.06.02.01
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.17801
Aaron :: AARON-PC [administrator]
02.06.2015 17:29:51
mbar-log-2015-06-02 (17-29-51).txt
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 357855
Time elapsed: 18 minute(s), 53 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
Physical Sectors Detected: 0
(No malicious items detected)
(end)
Code:
ATTFilter 17:51:30.0372 0x0e48 TDSS rootkit removing tool 3.0.0.44 Jan 22 2015 08:27:04
17:51:34.0613 0x0e48 ============================================================
17:51:34.0613 0x0e48 Current date / time: 2015/06/02 17:51:34.0613
17:51:34.0613 0x0e48 SystemInfo:
17:51:34.0613 0x0e48
17:51:34.0613 0x0e48 OS Version: 6.1.7601 ServicePack: 1.0
17:51:34.0613 0x0e48 Product type: Workstation
17:51:34.0613 0x0e48 ComputerName: AARON-PC
17:51:34.0613 0x0e48 UserName: Aaron
17:51:34.0613 0x0e48 Windows directory: C:\Windows
17:51:34.0613 0x0e48 System windows directory: C:\Windows
17:51:34.0613 0x0e48 Running under WOW64
17:51:34.0613 0x0e48 Processor architecture: Intel x64
17:51:34.0613 0x0e48 Number of processors: 4
17:51:34.0613 0x0e48 Page size: 0x1000
17:51:34.0613 0x0e48 Boot type: Normal boot
17:51:34.0613 0x0e48 ============================================================
17:51:35.0059 0x0e48 KLMD registered as C:\Windows\system32\drivers\14790290.sys
17:51:35.0585 0x0e48 System UUID: {E94B2135-FA5D-0F23-A8C1-2762363C0878}
17:51:36.0332 0x0e48 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 ( 232.89 Gb ), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
17:51:36.0344 0x0e48 Drive \Device\Harddisk1\DR1 - Size: 0x77800000 ( 1.87 Gb ), SectorSize: 0x200, Cylinders: 0xF3, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
17:51:36.0346 0x0e48 ============================================================
17:51:36.0346 0x0e48 \Device\Harddisk0\DR0:
17:51:36.0356 0x0e48 MBR partitions:
17:51:36.0356 0x0e48 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x1D192800
17:51:36.0356 0x0e48 \Device\Harddisk1\DR1:
17:51:36.0356 0x0e48 MBR partitions:
17:51:36.0356 0x0e48 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x6, StartLBA 0x20, BlocksNum 0x3BBFE0
17:51:36.0356 0x0e48 ============================================================
17:51:36.0389 0x0e48 C: <-> \Device\Harddisk0\DR0\Partition1
17:51:36.0390 0x0e48 ============================================================
17:51:36.0390 0x0e48 Initialize success
17:51:36.0390 0x0e48 ============================================================
17:52:12.0917 0x0f80 ============================================================
17:52:12.0917 0x0f80 Scan started
17:52:12.0917 0x0f80 Mode: Manual; SigCheck; TDLFS;
17:52:12.0917 0x0f80 ============================================================
17:52:12.0917 0x0f80 KSN ping started
17:52:15.0392 0x0f80 KSN ping finished: true
17:52:16.0436 0x0f80 ================ Scan system memory ========================
17:52:16.0436 0x0f80 System memory - ok
17:52:16.0436 0x0f80 ================ Scan services =============================
17:52:16.0633 0x0f80 [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
17:52:16.0805 0x0f80 1394ohci - ok
17:52:16.0868 0x0f80 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI C:\Windows\system32\drivers\ACPI.sys
17:52:16.0885 0x0f80 ACPI - ok
17:52:16.0923 0x0f80 [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
17:52:17.0046 0x0f80 AcpiPmi - ok
17:52:17.0157 0x0f80 [ 00CC35F515079F5F94FABC3AC5C7D363, 7CE8B1715009602059DEDD6CBCA9C18EF079EDA344E7809813D6C0A395622B82 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
17:52:17.0181 0x0f80 AdobeFlashPlayerUpdateSvc - ok
17:52:17.0252 0x0f80 [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
17:52:17.0269 0x0f80 adp94xx - ok
17:52:17.0300 0x0f80 [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
17:52:17.0311 0x0f80 adpahci - ok
17:52:17.0356 0x0f80 [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
17:52:17.0364 0x0f80 adpu320 - ok
17:52:17.0408 0x0f80 [ 83BFCCAC53795E8A5055A93672D0C46C, B2B03473D950A5BA9DE59D81E7B14C1FAFF17B2A4D8A5808588F5CC21D63B291 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
17:52:17.0459 0x0f80 AeLookupSvc - ok
17:52:17.0510 0x0f80 [ FA886682CFC5D36718D3E436AACF10B9, F80AB4F91AA6B5C7ECCB000D8E1BC2CF776DC3D69B3D9EBC2558C19035A6B3AB ] AFD C:\Windows\system32\drivers\afd.sys
17:52:17.0561 0x0f80 AFD - ok
17:52:17.0623 0x0f80 [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440 C:\Windows\system32\drivers\agp440.sys
17:52:17.0631 0x0f80 agp440 - ok
17:52:17.0653 0x0f80 [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG C:\Windows\System32\alg.exe
17:52:17.0714 0x0f80 ALG - ok
17:52:17.0796 0x0f80 [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide C:\Windows\system32\drivers\aliide.sys
17:52:17.0804 0x0f80 aliide - ok
17:52:17.0942 0x0f80 [ 2998362D1E550F0C990D77E34415BEB6, 36BBC575DFE0CBD5BC4AF9AD8B54DCEF950E93AF48884D6523457071296514CC ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
17:52:18.0018 0x0f80 AMD External Events Utility - ok
17:52:18.0108 0x0f80 [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide C:\Windows\system32\drivers\amdide.sys
17:52:18.0115 0x0f80 amdide - ok
17:52:18.0152 0x0f80 [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
17:52:18.0267 0x0f80 AmdK8 - ok
17:52:19.0121 0x0f80 [ A87FC6E3670DB55788184FE3A3808712, 2366E7423B4EBC6E12F0C172246E4D2D3BDD702193FA6955A08180FFFCB217B9 ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
17:52:19.0511 0x0f80 amdkmdag - ok
17:52:19.0576 0x0f80 [ 971F3B12C24BB83B48F8CCA2ED019906, E4757480DFF2678E3C7897F6E720EEFF76D452707FC87401B209FE533BFC3210 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
17:52:19.0594 0x0f80 amdkmdap - ok
17:52:19.0628 0x0f80 [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
17:52:19.0656 0x0f80 AmdPPM - ok
17:52:19.0687 0x0f80 [ D4121AE6D0C0E7E13AA221AA57EF2D49, 626F43C099BD197BE56648C367B711143C2BCCE96496BBDEF19F391D52FA01D0 ] amdsata C:\Windows\system32\drivers\amdsata.sys
17:52:19.0698 0x0f80 amdsata - ok
17:52:19.0716 0x0f80 [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
17:52:19.0726 0x0f80 amdsbs - ok
17:52:19.0739 0x0f80 [ 540DAF1CEA6094886D72126FD7C33048, 296578572A93F5B74E1AD443E000B79DC99D1CBD25082E02704800F886A3065F ] amdxata C:\Windows\system32\drivers\amdxata.sys
17:52:19.0745 0x0f80 amdxata - ok
17:52:19.0787 0x0f80 [ 90C53BD47979FB8814F465A08B885102, 5EDFC1909FC1FF9133A534DFCC5408CF3A777AC41FB21FAD375436E3D86C02EC ] AppID C:\Windows\system32\drivers\appid.sys
17:52:19.0839 0x0f80 AppID - ok
17:52:19.0868 0x0f80 [ 72D4757510FDA69D729169C00AFC211E, FB9686D0D94EE7C19A3994C29E8331A6EC3020B2980B2CC75F72F3AB25512C15 ] AppIDSvc C:\Windows\System32\appidsvc.dll
17:52:19.0913 0x0f80 AppIDSvc - ok
17:52:19.0966 0x0f80 [ 9D2A2369AB4B08A4905FE72DB104498F, D6FA1705018BABABFA2362E05691A0D6408D14DE7B76129B16D0A1DAD6378E58 ] Appinfo C:\Windows\System32\appinfo.dll
17:52:20.0024 0x0f80 Appinfo - ok
17:52:20.0091 0x0f80 [ CC19A6452BA688EA32D14D8DBEC190F4, 6D52B63926E1766DB8BD00CC5CC0AD9EA3B68FC1E6C66FAF4E899606437468A3 ] AppleCharger C:\Windows\system32\DRIVERS\AppleCharger.sys
17:52:20.0105 0x0f80 AppleCharger - ok
17:52:20.0133 0x0f80 [ 95EF7247C50C7241FDAE39A9B3AFF4AE, 6E08FB095C04B2E217B139D6431336C0F24C128A2A83082A3085DC8C44AA247D ] AppleChargerSrv C:\Windows\system32\AppleChargerSrv.exe
17:52:20.0141 0x0f80 AppleChargerSrv - ok
17:52:20.0324 0x0f80 [ 4ABA3E75A76195A3E38ED2766C962899, E2001ACD44DA270B8289DA362D26416676301773AB22616C211F31CF2E7869AA ] AppMgmt C:\Windows\System32\appmgmts.dll
17:52:20.0407 0x0f80 AppMgmt - ok
17:52:20.0448 0x0f80 [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc C:\Windows\system32\DRIVERS\arc.sys
17:52:20.0457 0x0f80 arc - ok
17:52:20.0463 0x0f80 [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
17:52:20.0472 0x0f80 arcsas - ok
17:52:20.0605 0x0f80 [ 9A262EDD17F8473B91B333D6B031A901, 05DFBD3A7D83FDE1D062EA719ACA9EC48CB7FD42D17DDD88B82E5D25469ADD23 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
17:52:20.0621 0x0f80 aspnet_state - ok
17:52:20.0655 0x0f80 [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
17:52:20.0773 0x0f80 AsyncMac - ok
17:52:20.0821 0x0f80 [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi C:\Windows\system32\drivers\atapi.sys
17:52:20.0834 0x0f80 atapi - ok
17:52:20.0890 0x0f80 [ 33497249626E7787AA5CEA99B226CCA6, EF6213B79F83334CD95E4A58A4FE64190AA3FEFF590E41C4BF302FC4A8F6D6D6 ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys
17:52:20.0943 0x0f80 AtiHDAudioService - ok
17:52:21.0017 0x0f80 [ B4BDE3F758A34658A37DFED3D9783CD8, BC9F6B9BDD639457894DE0F596AB3A655374E078796762FE5E8E5414F0481208 ] atksgt C:\Windows\system32\DRIVERS\atksgt.sys
17:52:21.0025 0x0f80 atksgt - ok
17:52:21.0085 0x0f80 [ 6968D02DC38757C3FBE7ED7C2F9670AA, C8B3115DDB32EFBE8C56C5AA78EEA05BBB77DF3F75CC2A04532EB32327E4735A ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
17:52:21.0143 0x0f80 AudioEndpointBuilder - ok
17:52:21.0177 0x0f80 [ 6968D02DC38757C3FBE7ED7C2F9670AA, C8B3115DDB32EFBE8C56C5AA78EEA05BBB77DF3F75CC2A04532EB32327E4735A ] AudioSrv C:\Windows\System32\Audiosrv.dll
17:52:21.0195 0x0f80 AudioSrv - ok
17:52:21.0442 0x0f80 [ 058734C95991F6BEBF3D3075B8776234, D94A0E5893723C0F30D8215F001039AE9D903BF8EC3782D9583DEFD9B304B0CA ] AVP15.0.0 C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\avp.exe
17:52:21.0453 0x0f80 AVP15.0.0 - ok
17:52:21.0502 0x0f80 [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV C:\Windows\System32\AxInstSV.dll
17:52:21.0625 0x0f80 AxInstSV - ok
17:52:21.0675 0x0f80 [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
17:52:21.0744 0x0f80 b06bdrv - ok
17:52:21.0787 0x0f80 [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
17:52:21.0833 0x0f80 b57nd60a - ok
17:52:21.0958 0x0f80 [ 44E6E51AEDBF3E0B38A6CD5432649E57, AB7F3EF0F5859B6C759BF1B9704C2F839166905C02300057997836C4B07A2221 ] BCMH43XX C:\Windows\system32\DRIVERS\bcmwlhigh664.sys
17:52:21.0986 0x0f80 BCMH43XX - ok
17:52:22.0024 0x0f80 [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC C:\Windows\System32\bdesvc.dll
17:52:22.0083 0x0f80 BDESVC - ok
17:52:22.0133 0x0f80 [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep C:\Windows\system32\drivers\Beep.sys
17:52:22.0190 0x0f80 Beep - ok
17:52:22.0283 0x0f80 [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE C:\Windows\System32\bfe.dll
17:52:22.0397 0x0f80 BFE - ok
17:52:22.0598 0x0f80 [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS C:\Windows\System32\qmgr.dll
17:52:23.0688 0x0f80 BITS - ok
17:52:23.0715 0x0f80 [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
17:52:23.0737 0x0f80 blbdrive - ok
17:52:23.0772 0x0f80 [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
17:52:23.0790 0x0f80 bowser - ok
17:52:23.0830 0x0f80 [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
17:52:23.0910 0x0f80 BrFiltLo - ok
17:52:23.0914 0x0f80 [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
17:52:23.0943 0x0f80 BrFiltUp - ok
17:52:23.0977 0x0f80 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser C:\Windows\System32\browser.dll
17:52:24.0047 0x0f80 Browser - ok
17:52:24.0103 0x0f80 [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid C:\Windows\System32\Drivers\Brserid.sys
17:52:24.0225 0x0f80 Brserid - ok
17:52:24.0246 0x0f80 [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
17:52:24.0278 0x0f80 BrSerWdm - ok
17:52:24.0304 0x0f80 [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
17:52:24.0329 0x0f80 BrUsbMdm - ok
17:52:24.0331 0x0f80 [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
17:52:24.0339 0x0f80 BrUsbSer - ok
17:52:24.0510 0x0f80 [ D06D2E9564B8EB6EFDAF6E44E358C52B, CB9791A28BC255E5C47F19F0345BE796226D0956E33942CB21CA113A1E7867AB ] BstHdAndroidSvc C:\Program Files (x86)\BlueStacks\HD-Service.exe
17:52:24.0528 0x0f80 BstHdAndroidSvc - ok
17:52:24.0592 0x0f80 [ 0BEBC1455AD308493CC5AAB69789A251, 9E72FC030FF8D778C400FC347AC038E2C81278CAA55788A769BC55D6FD80A8F4 ] BstHdDrv C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys
17:52:24.0603 0x0f80 BstHdDrv - ok
17:52:24.0655 0x0f80 [ 0592A705BBDFD7563F3055FD02C939BB, 4712407ACAB144E64A8D130DD271A54FD4495E470A6A8A676E70EA57956B6F90 ] BstHdLogRotatorSvc C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
17:52:24.0671 0x0f80 BstHdLogRotatorSvc - ok
17:52:24.0741 0x0f80 [ 2E0CED88F254A3929AE3167456768992, A7CB4F246DEB84FAF77E5CF7A5EA4DD457CE33EFE3009FD5645CF45D78DF1C0C ] BstHdUpdaterSvc C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe
17:52:24.0768 0x0f80 BstHdUpdaterSvc - ok
17:52:24.0797 0x0f80 [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
17:52:24.0825 0x0f80 BTHMODEM - ok
17:52:24.0906 0x0f80 [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv C:\Windows\system32\bthserv.dll
17:52:24.0948 0x0f80 bthserv - ok
17:52:24.0996 0x0f80 [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
17:52:25.0039 0x0f80 cdfs - ok
17:52:25.0116 0x0f80 [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
17:52:25.0153 0x0f80 cdrom - ok
17:52:25.0203 0x0f80 [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc C:\Windows\System32\certprop.dll
17:52:25.0243 0x0f80 CertPropSvc - ok
17:52:25.0404 0x0f80 [ 23E65CFFB215D4A2A3DCA8E8A0017E5B, A28772C37BCDE7710600948AA7FAD21EEF01646CC219BD8E3D09B493D2F73243 ] CGVPNCliService C:\Program Files\CyberGhost 5\Service.exe
17:52:25.0413 0x0f80 CGVPNCliService - ok
17:52:25.0455 0x0f80 [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass C:\Windows\system32\DRIVERS\circlass.sys
17:52:25.0485 0x0f80 circlass - ok
17:52:25.0557 0x0f80 [ 404B7DF9CA4D1CB675045AF220FF3285, 91FFADE2ABE5C48849E63134D5FFD20671FE0D1720F7D486F904391B3D142C96 ] CLFS C:\Windows\system32\CLFS.sys
17:52:25.0577 0x0f80 CLFS - ok
17:52:25.0629 0x0f80 [ F13EC8A783E0CB0D6DC26A3CA848B7B8, 0809E3B71709F1343086EEB6C820543C1A7119E74EEF8AC1AEE1F81093ABEC66 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
17:52:25.0642 0x0f80 clr_optimization_v2.0.50727_32 - ok
17:52:25.0682 0x0f80 [ B4D73F04E9BC076F7CDAC4327DF636BB, 1ADED20D5A0D0A76E2F85CB778FD06BAB814868D35F8532E17D67045FF4770C2 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
17:52:25.0692 0x0f80 clr_optimization_v2.0.50727_64 - ok
17:52:25.0770 0x0f80 [ E87213F37A13E2B54391E40934F071D0, 7EB221127EFB5BF158FB03D18EFDA2C55FB6CE3D1A1FE69C01D70DBED02C87E5 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
17:52:25.0791 0x0f80 clr_optimization_v4.0.30319_32 - ok
17:52:25.0843 0x0f80 [ 4AEDAB50F83580D0B4D6CF78191F92AA, D113C47013B018B45161911B96E93AF96A2F3B34FA47061BF6E7A71FBA03194A ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
17:52:25.0865 0x0f80 clr_optimization_v4.0.30319_64 - ok
17:52:25.0896 0x0f80 [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
17:52:25.0926 0x0f80 CmBatt - ok
17:52:25.0950 0x0f80 [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide C:\Windows\system32\drivers\cmdide.sys
17:52:25.0957 0x0f80 cmdide - ok
17:52:26.0052 0x0f80 [ 27667A788130A7F7A5858DE27572E6D7, 5501D80BCCB7A811ECCED3828DFD0A5D948BBED8504E9BCC4A3BFB840DD41CBC ] CNG C:\Windows\system32\Drivers\cng.sys
17:52:26.0091 0x0f80 CNG - ok
17:52:26.0148 0x0f80 [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
17:52:26.0154 0x0f80 Compbatt - ok
17:52:26.0185 0x0f80 [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
17:52:26.0227 0x0f80 CompositeBus - ok
17:52:26.0255 0x0f80 COMSysApp - ok
17:52:26.0297 0x0f80 [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
17:52:26.0309 0x0f80 crcdisk - ok
17:52:26.0360 0x0f80 [ 1CD76A83B9E8E9A5A3519B39E28354D9, F9931743B99820FFBFB13136DFFD92F86802D543F9D8478648CDC554FB38899D ] CryptSvc C:\Windows\system32\cryptsvc.dll
17:52:26.0405 0x0f80 CryptSvc - ok
17:52:26.0437 0x0f80 [ 54DA3DFD29ED9F1619B6F53F3CE55E49, 9177C6907A983296BF188892A894B668A09FFA058FD56B50FE12940D54B0FA5E ] CSC C:\Windows\system32\drivers\csc.sys
17:52:26.0494 0x0f80 CSC - ok
17:52:26.0622 0x0f80 [ 3AB183AB4D2C79DCF459CD2C1266B043, 72B0187EBA9DC74E61EC5CB3DC24058DDB768843E865801894AAEAA211610C56 ] CscService C:\Windows\System32\cscsvc.dll
17:52:26.0681 0x0f80 CscService - ok
17:52:26.0756 0x0f80 [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] DcomLaunch C:\Windows\system32\rpcss.dll
17:52:26.0789 0x0f80 DcomLaunch - ok
17:52:26.0810 0x0f80 [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc C:\Windows\System32\defragsvc.dll
17:52:26.0854 0x0f80 defragsvc - ok
17:52:26.0880 0x0f80 [ 9BB2EF44EAA163B29C4A4587887A0FE4, 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F ] DfsC C:\Windows\system32\Drivers\dfsc.sys
17:52:26.0936 0x0f80 DfsC - ok
17:52:26.0990 0x0f80 [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp C:\Windows\system32\dhcpcore.dll
17:52:27.0063 0x0f80 Dhcp - ok
17:52:27.0172 0x0f80 [ EA8A3E8C674B03CB4AFA1D344DBD7BC1, 564D9370AE4D12973647997684B9637B2A5A7480F66B87018F789CE4E43C8191 ] DiagTrack C:\Windows\system32\diagtrack.dll
17:52:27.0280 0x0f80 DiagTrack - ok
17:52:27.0302 0x0f80 [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache C:\Windows\system32\drivers\discache.sys
17:52:27.0352 0x0f80 discache - ok
17:52:27.0386 0x0f80 [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk C:\Windows\system32\DRIVERS\disk.sys
17:52:27.0393 0x0f80 Disk - ok
17:52:27.0466 0x0f80 [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache C:\Windows\System32\dnsrslvr.dll
17:52:27.0536 0x0f80 Dnscache - ok
17:52:27.0567 0x0f80 [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc C:\Windows\System32\dot3svc.dll
17:52:27.0635 0x0f80 dot3svc - ok
17:52:27.0676 0x0f80 [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS C:\Windows\system32\dps.dll
17:52:27.0739 0x0f80 DPS - ok
17:52:27.0785 0x0f80 [ 9B19F34400D24DF84C858A421C205754, 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
17:52:27.0834 0x0f80 drmkaud - ok
17:52:27.0880 0x0f80 [ 87CE5C8965E101CCCED1F4675557E868, 077D98F0F130B2FC710208BA34016EF2B2506EE2BD71740B228145E34A3046F1 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
17:52:27.0901 0x0f80 DXGKrnl - ok
17:52:27.0950 0x0f80 [ EDC6E9C057C9D7F83EEA22B4CEF5DCAD, 967829CE37158020F6026C588260FCFC6F9852DDDACD622FAF7AB75121DF5B3D ] E1G60 C:\Windows\system32\DRIVERS\E1G6032E.sys
17:52:27.0988 0x0f80 E1G60 - ok
17:52:28.0030 0x0f80 [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost C:\Windows\System32\eapsvc.dll
17:52:28.0095 0x0f80 EapHost - ok
17:52:28.0269 0x0f80 [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
17:52:28.0326 0x0f80 ebdrv - ok
17:52:28.0352 0x0f80 [ 9262D6E2C239EDD6D87B080F2BCCEC9F, 4947F2C3DD9D2D08CBB03FCA822C78B24F841464FF52FDBFF7D34AC7EB484104 ] EFS C:\Windows\System32\lsass.exe
17:52:28.0394 0x0f80 EFS - ok
17:52:28.0494 0x0f80 [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
17:52:28.0630 0x0f80 ehRecvr - ok
17:52:28.0660 0x0f80 [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched C:\Windows\ehome\ehsched.exe
17:52:28.0713 0x0f80 ehSched - ok
17:52:28.0761 0x0f80 [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
17:52:28.0774 0x0f80 elxstor - ok
17:52:28.0791 0x0f80 [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev C:\Windows\system32\drivers\errdev.sys
17:52:28.0799 0x0f80 ErrDev - ok
17:52:28.0938 0x0f80 [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem C:\Windows\system32\es.dll
17:52:29.0000 0x0f80 EventSystem - ok
17:52:29.0023 0x0f80 [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat C:\Windows\system32\drivers\exfat.sys
17:52:29.0066 0x0f80 exfat - ok
17:52:29.0091 0x0f80 [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat C:\Windows\system32\drivers\fastfat.sys
17:52:29.0116 0x0f80 fastfat - ok
17:52:29.0180 0x0f80 [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax C:\Windows\system32\fxssvc.exe
17:52:29.0250 0x0f80 Fax - ok
17:52:29.0265 0x0f80 [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc C:\Windows\system32\DRIVERS\fdc.sys
17:52:29.0287 0x0f80 fdc - ok
17:52:29.0328 0x0f80 [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost C:\Windows\system32\fdPHost.dll
17:52:29.0368 0x0f80 fdPHost - ok
17:52:29.0391 0x0f80 [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub C:\Windows\system32\fdrespub.dll
17:52:29.0435 0x0f80 FDResPub - ok
17:52:29.0453 0x0f80 [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
17:52:29.0460 0x0f80 FileInfo - ok
17:52:29.0482 0x0f80 [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
17:52:29.0503 0x0f80 Filetrace - ok
17:52:29.0539 0x0f80 [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
17:52:29.0566 0x0f80 flpydisk - ok
17:52:29.0605 0x0f80 [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
17:52:29.0616 0x0f80 FltMgr - ok
17:52:29.0690 0x0f80 [ E612E86FA15EA1EF9A52433A2743C447, 8A66164541D2EE2334B6DE3995C31138EA85E3A06BC7FD901E60D345E4E1E8A8 ] FontCache C:\Windows\system32\FntCache.dll
17:52:29.0796 0x0f80 FontCache - ok
17:52:29.0837 0x0f80 [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
17:52:29.0844 0x0f80 FontCache3.0.0.0 - ok
17:52:29.0856 0x0f80 [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
17:52:29.0863 0x0f80 FsDepends - ok
17:52:29.0886 0x0f80 [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
17:52:29.0893 0x0f80 Fs_Rec - ok
17:52:29.0942 0x0f80 [ 8F6322049018354F45F05A2FD2D4E5E0, 73BF0FB4EBD7887E992DDEBB79E906958D6678F8D1107E8C368F5A0514D80359 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
17:52:29.0952 0x0f80 fvevol - ok
17:52:29.0988 0x0f80 [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
17:52:29.0995 0x0f80 gagp30kx - ok
17:52:30.0034 0x0f80 [ 1543775197DD1A27D16C0FA0FF73CAFB, B149282AFA5A60CEC797B643207F2541722C360989148FBC7A06DA0EB501ABED ] GDKBFlt C:\Windows\system32\drivers\GDKBFlt64.sys
17:52:30.0039 0x0f80 GDKBFlt - ok
17:52:30.0064 0x0f80 gdrv - ok
17:52:30.0115 0x0f80 [ 8E98D21EE06192492A5671A6144D092F, B8F656B34D361EA5AFB47F3A67AB2221580DADA59C8CD0CB83181E4AD8B562B4 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
17:52:30.0120 0x0f80 GEARAspiWDM - ok
17:52:30.0254 0x0f80 [ 5AE64F0DDD7EBD1532FC70ECDB963023, 28D5F5B1B3AFC335EFC1ABD1B8EBA3C9629C6552F81670A4B5DBDFB18110C5D7 ] GoogleIMEJaCacheService C:\Program Files (x86)\Google\Google Japanese Input\GoogleIMEJaCacheService.exe
17:52:30.0283 0x0f80 GoogleIMEJaCacheService - ok
17:52:30.0338 0x0f80 [ 277BBC7E1AA1EE957F573A10ECA7EF3A, 2EE60B924E583E847CC24E78B401EF95C69DB777A5B74E1EC963E18D47B94D24 ] gpsvc C:\Windows\System32\gpsvc.dll
17:52:30.0423 0x0f80 gpsvc - ok
17:52:30.0484 0x0f80 [ F172AD4E906D97ED8F071896FC6789DC, FC10B3CE3DB0D3BF84DFD28E900EB6A11EDAAE32AC50F23CB03AACC6AA496911 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
17:52:30.0492 0x0f80 gupdate - ok
17:52:30.0501 0x0f80 [ F172AD4E906D97ED8F071896FC6789DC, FC10B3CE3DB0D3BF84DFD28E900EB6A11EDAAE32AC50F23CB03AACC6AA496911 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
17:52:30.0507 0x0f80 gupdatem - ok
17:52:30.0531 0x0f80 [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
17:52:30.0573 0x0f80 hcw85cir - ok
17:52:30.0632 0x0f80 [ 975761C778E33CD22498059B91E7373A, 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
17:52:30.0661 0x0f80 HdAudAddService - ok
17:52:30.0722 0x0f80 [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
17:52:30.0746 0x0f80 HDAudBus - ok
17:52:30.0775 0x0f80 [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
17:52:30.0782 0x0f80 HidBatt - ok
17:52:30.0787 0x0f80 [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
17:52:30.0796 0x0f80 HidBth - ok
17:52:30.0800 0x0f80 [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
17:52:30.0825 0x0f80 HidIr - ok
17:52:30.0858 0x0f80 [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv C:\Windows\system32\hidserv.dll
17:52:30.0919 0x0f80 hidserv - ok
17:52:30.0975 0x0f80 [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb C:\Windows\system32\drivers\hidusb.sys
17:52:30.0992 0x0f80 HidUsb - ok
17:52:31.0011 0x0f80 [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc C:\Windows\system32\kmsvc.dll
17:52:31.0056 0x0f80 hkmsvc - ok
17:52:31.0122 0x0f80 [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
17:52:31.0197 0x0f80 HomeGroupListener - ok
17:52:31.0220 0x0f80 [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
17:52:31.0251 0x0f80 HomeGroupProvider - ok
17:52:31.0311 0x0f80 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
17:52:31.0318 0x0f80 HpSAMD - ok
17:52:31.0355 0x0f80 [ F61634BEC53F73702A10DE69F6DCAF57, BBA7344CF3AB96A46D1A6F1D50F2758EA8D097FE558C38B4EF45C8C334AF96E1 ] HTTP C:\Windows\system32\drivers\HTTP.sys
17:52:31.0405 0x0f80 HTTP - ok
17:52:31.0425 0x0f80 [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
17:52:31.0431 0x0f80 hwpolicy - ok
17:52:31.0478 0x0f80 [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
17:52:31.0487 0x0f80 i8042prt - ok
17:52:31.0528 0x0f80 [ D1753C06EE17E29352B065EACF3F10D0, 4DD4C991FAA3CCF99DF8DC9F8F5DEEDEECD55977F0C3AA8C404DEFD21E32A62B ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
17:52:31.0542 0x0f80 iaStor - ok
17:52:31.0657 0x0f80 [ 545462D0DBE24AF379BA869B7C185CCD, 056F9D0D5FD4FEF37665A35A4029722FF60D02A69854E952DC361CC0E5CD26F9 ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
17:52:31.0668 0x0f80 IAStorDataMgrSvc - ok
17:52:31.0711 0x0f80 [ AAAF44DB3BD0B9D1FB6969B23ECC8366, 805AA4A9464002D1AB3832E4106B2AAA1331F4281367E75956062AAE99699385 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
17:52:31.0724 0x0f80 iaStorV - ok
17:52:31.0852 0x0f80 [ C98A5B9D932430AD8EEBD3EF73756EF7, DF7E1D391A0F3345AD61154363922C27BD557DEEACE395A6A8A8A16BFD1BB9A8 ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
17:52:31.0953 0x0f80 idsvc - ok
17:52:31.0975 0x0f80 IEEtwCollectorService - ok
17:52:32.0000 0x0f80 [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
17:52:32.0006 0x0f80 iirsp - ok
17:52:32.0063 0x0f80 [ 344789398EC3EE5A4E00C52B31847946, 3DA5F08E4B46F4E63456AA588D49E39A6A09A97D0509880C00F327623DB6122D ] IKEEXT C:\Windows\System32\ikeext.dll
17:52:32.0155 0x0f80 IKEEXT - ok
17:52:32.0260 0x0f80 [ C99F8E90DE4B8F0C7FE15BB1CBCD29DC, F791EE101EEF8B9F48102B6C63A89B78F7C0041C750C4F4C0D16D54B583B7B5C ] Intel(R) Capability Licensing Service Interface C:\Program Files\Intel\iCLS Client\HeciServer.exe
17:52:32.0275 0x0f80 Intel(R) Capability Licensing Service Interface - ok
17:52:32.0303 0x0f80 [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide C:\Windows\system32\drivers\intelide.sys
17:52:32.0309 0x0f80 intelide - ok
17:52:32.0345 0x0f80 [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
17:52:32.0353 0x0f80 intelppm - ok
17:52:32.0394 0x0f80 [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum C:\Windows\system32\ipbusenum.dll
17:52:32.0443 0x0f80 IPBusEnum - ok
17:52:32.0511 0x0f80 [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
17:52:32.0555 0x0f80 IpFilterDriver - ok
17:52:32.0604 0x0f80 [ 08C2957BB30058E663720C5606885653, E13EDF6701512E2A9977A531454932CA5023087CB50E1D2F416B8BCDD92B67BE ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
17:52:32.0641 0x0f80 iphlpsvc - ok
17:52:32.0664 0x0f80 [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
17:52:32.0696 0x0f80 IPMIDRV - ok
17:52:32.0760 0x0f80 [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT C:\Windows\system32\drivers\ipnat.sys
17:52:32.0782 0x0f80 IPNAT - ok
17:52:32.0925 0x0f80 [ E61BB95A7CB49696D25A0C4EBD108156, 65D95A0DBC408AD18D5E344A5E875551E6CC044038DE438E4EA1102A234FC529 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
17:52:32.0949 0x0f80 iPod Service - ok
17:52:32.0973 0x0f80 [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM C:\Windows\system32\drivers\irenum.sys
17:52:33.0050 0x0f80 IRENUM - ok
17:52:33.0095 0x0f80 [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp C:\Windows\system32\drivers\isapnp.sys
17:52:33.0101 0x0f80 isapnp - ok
17:52:33.0129 0x0f80 [ 96BB922A0981BC7432C8CF52B5410FE6, 236C05509B1040059B15021CBBDBDAF3B9C0F00910142BE5887B2C7561BAAFBA ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
17:52:33.0138 0x0f80 iScsiPrt - ok
17:52:33.0172 0x0f80 [ D596D915CF091DA1F8CE4BD38BB5D509, 9B4D246B6886FFD9BE329F3543B819FC010661B0F70206F16ECBF25A7B12AA6F ] iusb3hcs C:\Windows\system32\DRIVERS\iusb3hcs.sys
17:52:33.0178 0x0f80 iusb3hcs - ok
17:52:33.0235 0x0f80 [ 023896E23B61543A15A230EED996D911, 2F8D15B67AB2C1E87EA46F2CB9DBA564865D89DEA93A83B44A9B148883B96731 ] iusb3hub C:\Windows\system32\DRIVERS\iusb3hub.sys
17:52:33.0245 0x0f80 iusb3hub - ok
17:52:33.0264 0x0f80 [ 7FAEC13F1ADD619F4B5B2D2CBF841E8E, E7ED64DD26FD4EA04C2C32C33BDA16FB985F3C6F1F8451480A0D24375B7F57AC ] iusb3xhc C:\Windows\system32\DRIVERS\iusb3xhc.sys
17:52:33.0281 0x0f80 iusb3xhc - ok
17:52:33.0348 0x0f80 [ 78ABBE558F57144047F10A0F50FE4B2F, 6BE608F7697D83FD6C7E6EA422AC5637933BDC96B1044C12DE9A419CE7D6F6CE ] jhi_service C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
17:52:33.0356 0x0f80 jhi_service - ok
17:52:33.0380 0x0f80 [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
17:52:33.0386 0x0f80 kbdclass - ok
17:52:33.0420 0x0f80 [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
17:52:33.0448 0x0f80 kbdhid - ok
17:52:33.0475 0x0f80 [ 9262D6E2C239EDD6D87B080F2BCCEC9F, 4947F2C3DD9D2D08CBB03FCA822C78B24F841464FF52FDBFF7D34AC7EB484104 ] KeyIso C:\Windows\system32\lsass.exe
17:52:33.0483 0x0f80 KeyIso - ok
17:52:33.0537 0x0f80 [ 67D1F7FA1DF9502DE12027D7C7782863, BCB92C1C11A7576FD7E91B160CBC3FB5A0C31FE028305021D7C10EC40C4D5013 ] kl1 C:\Windows\system32\DRIVERS\kl1.sys
17:52:33.0550 0x0f80 kl1 - ok
17:52:33.0653 0x0f80 [ 2A88EFE87B5F23BA47FF7AF2DEAEB98F, 8D702249A462F8A233B594DF1B7C843A2C90F8A0D4FA7358B096020FF2C3E115 ] klflt C:\Windows\system32\DRIVERS\klflt.sys
17:52:33.0662 0x0f80 klflt - ok
17:52:33.0702 0x0f80 [ 7ED6B6805B3E1BC9DC2418F1C5C920B4, 7FF90C32C95E2141A3D3B378DDE8035C8C6EB811C087A9AF7D20C735CB74142A ] klhk C:\Windows\system32\DRIVERS\klhk.sys
17:52:33.0712 0x0f80 klhk - ok
17:52:33.0755 0x0f80 [ CD81447AB991F3E7F1FCF59CEA07D1E0, FB6EDDCA703952FAD7FEE24A75DB5C957C45C83B17D4871D1009CA24450CB040 ] KLIF C:\Windows\system32\DRIVERS\klif.sys
17:52:33.0775 0x0f80 KLIF - ok
17:52:33.0810 0x0f80 [ FEAD1F401CBE9383A642877A6EA1398F, 0529A96D406DAB1C0715692441BDBC1C05123EB62005B806A8EFF5B0B6DCD5DB ] KLIM6 C:\Windows\system32\DRIVERS\klim6.sys
17:52:33.0817 0x0f80 KLIM6 - ok
17:52:33.0831 0x0f80 [ 3FAE739F2AFEA18BCBB9C5E7DC6E889D, 5990C074BCB8E2172AE0A2AC0A31E6636B3C3EF0A5BB1F593E62D22D53FC5BF0 ] klkbdflt C:\Windows\system32\DRIVERS\klkbdflt.sys
17:52:33.0837 0x0f80 klkbdflt - ok
17:52:33.0863 0x0f80 [ 72CF64FBF38CD681FA7F37176047E967, BE5683C119DCEF7E678EE477D6CADF873E32D42372A253B7E86B8C335DF28E1C ] klmouflt C:\Windows\system32\DRIVERS\klmouflt.sys
17:52:33.0869 0x0f80 klmouflt - ok
17:52:33.0907 0x0f80 [ 8C0EC95AD65A0DE3D6C040591D02BF02, 272FB83752B73684FA7BDBE256FAFD56138E4755AAEFED9E7EF8F0E3D0ACFAF2 ] klpd C:\Windows\system32\DRIVERS\klpd.sys
17:52:33.0913 0x0f80 klpd - ok
17:52:33.0931 0x0f80 [ 5BB9E329FE48904108BBBF9C73073920, 402E88770C12C9E8D809D2A8C130CA9E5083CDB1D50C38D4CE2F0D24F2D32E82 ] kltdi C:\Windows\system32\DRIVERS\kltdi.sys
17:52:33.0938 0x0f80 kltdi - ok
17:52:33.0966 0x0f80 [ D043624FE4AE0A4894A785097C02EF09, 2259CA9BAC73902D291176AB689C101CACE115A8A1C2E6824CC66E928FA27552 ] kneps C:\Windows\system32\DRIVERS\kneps.sys
17:52:33.0974 0x0f80 kneps - ok
17:52:34.0005 0x0f80 [ F7DFAE6040AC910B7C64EE208A34157D, AEF1100F12391692D9DB78519D843A90C97E199A80DDC4D43E3AF1919A9E8E56 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
17:52:34.0012 0x0f80 KSecDD - ok
17:52:34.0074 0x0f80 [ 8FE94F2EF9BF444E93E35D87E210D02F, 78E8F6FD7C1EA3556194947707BE6893538A9E25A550C22045866C5B30251D14 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
17:52:34.0090 0x0f80 KSecPkg - ok
17:52:34.0107 0x0f80 [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
17:52:34.0149 0x0f80 ksthunk - ok
17:52:34.0200 0x0f80 [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm C:\Windows\system32\msdtckrm.dll
17:52:34.0251 0x0f80 KtmRm - ok
17:52:34.0291 0x0f80 [ A43A9920D2409BB9DA747D2FD20A2E61, 6D48897F3B9F0D04FC0C09017A34F1614C708476829F275682963F162BCBE8A0 ] L1C C:\Windows\system32\DRIVERS\L1C62x64.sys
17:52:34.0299 0x0f80 L1C - ok
17:52:34.0363 0x0f80 [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer C:\Windows\system32\srvsvc.dll
17:52:34.0399 0x0f80 LanmanServer - ok
17:52:34.0488 0x0f80 [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
17:52:34.0536 0x0f80 LanmanWorkstation - ok
17:52:34.0611 0x0f80 [ 955982BF4421B77722196552B62E8DC2, 3732449ACDBB78E1ED8436DF153C899C28573F458FDCFE345DFA1B305D085033 ] lirsgt C:\Windows\system32\DRIVERS\lirsgt.sys
17:52:34.0618 0x0f80 lirsgt - ok
17:52:34.0664 0x0f80 [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
17:52:34.0705 0x0f80 lltdio - ok
17:52:34.0794 0x0f80 [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc C:\Windows\System32\lltdsvc.dll
17:52:34.0847 0x0f80 lltdsvc - ok
17:52:34.0869 0x0f80 [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts C:\Windows\System32\lmhsvc.dll
17:52:34.0890 0x0f80 lmhosts - ok
17:52:34.0936 0x0f80 [ 2C24DC448DBE8DB9BE1441B824C57E79, DA2257EEC964A47D03C2BB13317FD788E51D4685E2395B303ED7B2575FEF3B19 ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
17:52:34.0945 0x0f80 LMS - ok
17:52:34.0975 0x0f80 [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
17:52:34.0983 0x0f80 LSI_FC - ok
17:52:35.0003 0x0f80 [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
17:52:35.0010 0x0f80 LSI_SAS - ok
17:52:35.0017 0x0f80 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
17:52:35.0024 0x0f80 LSI_SAS2 - ok
17:52:35.0032 0x0f80 [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
17:52:35.0039 0x0f80 LSI_SCSI - ok
17:52:35.0081 0x0f80 [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv C:\Windows\system32\drivers\luafv.sys
17:52:35.0124 0x0f80 luafv - ok
17:52:35.0155 0x0f80 [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
17:52:35.0179 0x0f80 Mcx2Svc - ok
17:52:35.0197 0x0f80 [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
17:52:35.0204 0x0f80 megasas - ok
17:52:35.0238 0x0f80 [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
17:52:35.0249 0x0f80 MegaSR - ok
17:52:35.0271 0x0f80 [ 772A1DEEDFDBC244183B5C805D1B7D85, 7D821B8DF1F174E5414FFDEAB5207DB687740E9842F7203600AEBA086945AFC9 ] MEIx64 C:\Windows\system32\DRIVERS\HECIx64.sys
17:52:35.0277 0x0f80 MEIx64 - ok
17:52:35.0333 0x0f80 [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS C:\Windows\system32\mmcss.dll
17:52:35.0375 0x0f80 MMCSS - ok
17:52:35.0398 0x0f80 [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem C:\Windows\system32\drivers\modem.sys
17:52:35.0418 0x0f80 Modem - ok
17:52:35.0456 0x0f80 [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
17:52:35.0465 0x0f80 monitor - ok
17:52:35.0493 0x0f80 [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass C:\Windows\system32\drivers\mouclass.sys
17:52:35.0500 0x0f80 mouclass - ok
17:52:35.0532 0x0f80 [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
17:52:35.0553 0x0f80 mouhid - ok
17:52:35.0588 0x0f80 [ 87BCD1034CBF33537D4D4C251D39BA26, CB9DD235B62B79383F99873D75E26EEA5EE7914CA89E4B75992207F83420437F ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
17:52:35.0595 0x0f80 mountmgr - ok
17:52:35.0645 0x0f80 [ DD370A8148862150BA81A3F5C56A1E40, F56B84297BDC32266CB69D10FB2D66B8B332D60CAB7E64E4E3AC2BB749BBD31B ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
17:52:35.0655 0x0f80 MozillaMaintenance - ok
17:52:35.0676 0x0f80 [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio C:\Windows\system32\drivers\mpio.sys
17:52:35.0684 0x0f80 mpio - ok
17:52:35.0718 0x0f80 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
17:52:35.0740 0x0f80 mpsdrv - ok
17:52:35.0816 0x0f80 [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc C:\Windows\system32\mpssvc.dll
17:52:35.0892 0x0f80 MpsSvc - ok
17:52:35.0929 0x0f80 [ AE3334958D8F631FF14A0AEB3D7EFB3A, F5FD6B61F896104C20DFC43FEE2FCE6930B73F78DF876BD19A333EABB9139C6D ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
17:52:35.0970 0x0f80 MRxDAV - ok
17:52:35.0989 0x0f80 [ A5D9106A73DC88564C825D317CAC68AC, 0457B2AEA4E05A91D0E43F317894A614434D8CEBE35020785387F307E231FBE4 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
17:52:36.0034 0x0f80 mrxsmb - ok
17:52:36.0096 0x0f80 [ D711B3C1D5F42C0C2415687BE09FC163, 9B3013AC60BD2D0FF52086658BA5FF486ADE15954A552D7DD590580E8BAE3EFF ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
17:52:36.0131 0x0f80 mrxsmb10 - ok
17:52:36.0154 0x0f80 [ 9423E9D355C8D303E76B8CFBD8A5C30C, 220B33F120C2DD937FE4D5664F4B581DC0ACF78D62EB56B7720888F67B9644CC ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
17:52:36.0181 0x0f80 mrxsmb20 - ok
17:52:36.0222 0x0f80 [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci C:\Windows\system32\drivers\msahci.sys
17:52:36.0229 0x0f80 msahci - ok
17:52:36.0246 0x0f80 [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm C:\Windows\system32\drivers\msdsm.sys
17:52:36.0254 0x0f80 msdsm - ok
17:52:36.0265 0x0f80 [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC C:\Windows\System32\msdtc.exe
17:52:36.0294 0x0f80 MSDTC - ok
17:52:36.0323 0x0f80 [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs C:\Windows\system32\drivers\Msfs.sys
17:52:36.0360 0x0f80 Msfs - ok
17:52:36.0381 0x0f80 [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
17:52:36.0423 0x0f80 mshidkmdf - ok
17:52:36.0449 0x0f80 [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
17:52:36.0455 0x0f80 msisadrv - ok
17:52:36.0521 0x0f80 [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
17:52:36.0608 0x0f80 MSiSCSI - ok
17:52:36.0612 0x0f80 msiserver - ok
17:52:36.0651 0x0f80 [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
17:52:36.0673 0x0f80 MSKSSRV - ok
17:52:36.0676 0x0f80 [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
17:52:36.0697 0x0f80 MSPCLOCK - ok
17:52:36.0700 0x0f80 [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
17:52:36.0729 0x0f80 MSPQM - ok
17:52:36.0769 0x0f80 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
17:52:36.0781 0x0f80 MsRPC - ok
17:52:36.0801 0x0f80 [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
17:52:36.0807 0x0f80 mssmbios - ok
17:52:36.0828 0x0f80 [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
17:52:36.0861 0x0f80 MSTEE - ok
17:52:36.0871 0x0f80 [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
17:52:36.0902 0x0f80 MTConfig - ok
17:52:36.0923 0x0f80 [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup C:\Windows\system32\Drivers\mup.sys
17:52:36.0930 0x0f80 Mup - ok
17:52:36.0977 0x0f80 [ 7EAE8A7EE4955DC1439E6C93D5CC7EE4, 2A967660945080C6176E508DA2133F5DF00E944130453119B03E86D157645032 ] mvs91xx C:\Windows\system32\DRIVERS\mvs91xx.sys
17:52:36.0999 0x0f80 mvs91xx - ok
17:52:37.0064 0x0f80 [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent C:\Windows\system32\qagentRT.dll
17:52:37.0124 0x0f80 napagent - ok
17:52:37.0179 0x0f80 [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
17:52:37.0221 0x0f80 NativeWifiP - ok
17:52:37.0367 0x0f80 [ 760E38053BF56E501D562B70AD796B88, F856E81A975D44F8684A6F2466549CEEDFAEB3950191698555A93A1206E0A42D ] NDIS C:\Windows\system32\drivers\ndis.sys
17:52:37.0387 0x0f80 NDIS - ok
17:52:37.0403 0x0f80 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
17:52:37.0442 0x0f80 NdisCap - ok
17:52:37.0477 0x0f80 [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
17:52:37.0498 0x0f80 NdisTapi - ok
17:52:37.0533 0x0f80 [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
17:52:37.0553 0x0f80 Ndisuio - ok
17:52:37.0599 0x0f80 [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
17:52:37.0622 0x0f80 NdisWan - ok
17:52:37.0661 0x0f80 [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
17:52:37.0702 0x0f80 NDProxy - ok
17:52:37.0746 0x0f80 [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
17:52:37.0787 0x0f80 NetBIOS - ok
17:52:37.0850 0x0f80 [ 09594D1089C523423B32A4229263F068, 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
17:52:37.0936 0x0f80 NetBT - ok
17:52:37.0982 0x0f80 [ 9262D6E2C239EDD6D87B080F2BCCEC9F, 4947F2C3DD9D2D08CBB03FCA822C78B24F841464FF52FDBFF7D34AC7EB484104 ] Netlogon C:\Windows\system32\lsass.exe
17:52:37.0989 0x0f80 Netlogon - ok
17:52:38.0062 0x0f80 [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman C:\Windows\System32\netman.dll
17:52:38.0120 0x0f80 Netman - ok
17:52:38.0161 0x0f80 [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
17:52:38.0172 0x0f80 NetMsmqActivator - ok
17:52:38.0178 0x0f80 [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
17:52:38.0186 0x0f80 NetPipeActivator - ok
17:52:38.0208 0x0f80 [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm C:\Windows\System32\netprofm.dll
17:52:38.0246 0x0f80 netprofm - ok
17:52:38.0261 0x0f80 [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
17:52:38.0270 0x0f80 NetTcpActivator - ok
17:52:38.0276 0x0f80 [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
17:52:38.0285 0x0f80 NetTcpPortSharing - ok
17:52:38.0332 0x0f80 [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
17:52:38.0338 0x0f80 nfrd960 - ok
17:52:38.0381 0x0f80 [ 8B301D474B478E9A92823BAB50A7BC49, 8181816035F41B1DABEC05E65E4F67BCD785F56760A61F1049E91BA39D42F01D ] NlaSvc C:\Windows\System32\nlasvc.dll
17:52:38.0443 0x0f80 NlaSvc - ok
17:52:38.0493 0x0f80 [ C31FA031335EFF434B2D94278E74BCCE, F5DFD40C16E4013CBAD0E4FB8EF2B4419702B9C215218F69C4A2DD7C4C4C1E2B ] NPF C:\Windows\system32\DRIVERS\npf.sys
17:52:38.0499 0x0f80 NPF - ok
17:52:38.0518 0x0f80 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs C:\Windows\system32\drivers\Npfs.sys
17:52:38.0539 0x0f80 Npfs - ok
17:52:38.0574 0x0f80 [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi C:\Windows\system32\nsisvc.dll
17:52:38.0629 0x0f80 nsi - ok
17:52:38.0652 0x0f80 [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
17:52:38.0678 0x0f80 nsiproxy - ok
17:52:38.0751 0x0f80 [ 1A29A59A4C5BA6F8C85062A613B7E2B2, CC137F499A12C724D4166C2D85E9F447413419A0683DAC6F1A802B7F210C77F1 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
17:52:38.0782 0x0f80 Ntfs - ok
17:52:38.0797 0x0f80 [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null C:\Windows\system32\drivers\Null.sys
17:52:38.0833 0x0f80 Null - ok
17:52:38.0861 0x0f80 [ 0A92CB65770442ED0DC44834632F66AD, 581327F07A68DBD5CC749214BE5F1211FC2CE41C7A4F0656B680AFB51A35ACE7 ] nvraid C:\Windows\system32\drivers\nvraid.sys
17:52:38.0871 0x0f80 nvraid - ok
17:52:38.0908 0x0f80 [ DAB0E87525C10052BF65F06152F37E4A, AD9BFF0D5FD3FFB95C758B478E1F6A9FE45E7B37AEC71EB5070D292FEAAEDF37 ] nvstor C:\Windows\system32\drivers\nvstor.sys
17:52:38.0916 0x0f80 nvstor - ok
17:52:38.0965 0x0f80 [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
17:52:38.0973 0x0f80 nv_agp - ok
17:52:38.0986 0x0f80 [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
17:52:38.0994 0x0f80 ohci1394 - ok
17:52:39.0021 0x0f80 [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
17:52:39.0095 0x0f80 p2pimsvc - ok
17:52:39.0131 0x0f80 [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc C:\Windows\system32\p2psvc.dll
17:52:39.0178 0x0f80 p2psvc - ok
17:52:39.0221 0x0f80 [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport C:\Windows\system32\DRIVERS\parport.sys
17:52:39.0241 0x0f80 Parport - ok
17:52:39.0257 0x0f80 [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr C:\Windows\system32\drivers\partmgr.sys
17:52:39.0264 0x0f80 partmgr - ok
17:52:39.0292 0x0f80 [ DB2D62AA2DF6B1F3D690A9EC9701AA2C, BEAC55E1AA0494565F1547DF5E6FE20FCEA66461764C016FCB68D8BFF0F0C375 ] PcaSvc C:\Windows\System32\pcasvc.dll
17:52:39.0337 0x0f80 PcaSvc - ok
17:52:39.0369 0x0f80 [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci C:\Windows\system32\drivers\pci.sys
17:52:39.0378 0x0f80 pci - ok
17:52:39.0398 0x0f80 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide C:\Windows\system32\drivers\pciide.sys
17:52:39.0404 0x0f80 pciide - ok
17:52:39.0430 0x0f80 [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
17:52:39.0440 0x0f80 pcmcia - ok
17:52:39.0453 0x0f80 [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw C:\Windows\system32\drivers\pcw.sys
17:52:39.0461 0x0f80 pcw - ok
17:52:39.0490 0x0f80 [ ED6E75158D28D33A2E2A020AC5B2B59D, 0F364D9A88304C45F31318605C417A70A9D0E4CF087D73E949B42C12CC76CD6C ] PEAUTH C:\Windows\system32\drivers\peauth.sys
17:52:39.0506 0x0f80 PEAUTH - ok
17:52:39.0614 0x0f80 [ B9B0A4299DD2D76A4243F75FD54DC680, BBF62E9628131FA396EB08D63B76D2D5FBDD61339E92B759125A066470D1C039 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
17:52:39.0727 0x0f80 PeerDistSvc - ok
17:52:39.0852 0x0f80 [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost C:\Windows\SysWow64\perfhost.exe
17:52:39.0882 0x0f80 PerfHost - ok
17:52:40.0001 0x0f80 [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla C:\Windows\system32\pla.dll
17:52:40.0076 0x0f80 pla - ok
17:52:40.0156 0x0f80 [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
17:52:40.0208 0x0f80 PlugPlay - ok
17:52:40.0230 0x0f80 [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
17:52:40.0238 0x0f80 PNRPAutoReg - ok
17:52:40.0253 0x0f80 [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
17:52:40.0265 0x0f80 PNRPsvc - ok
17:52:40.0308 0x0f80 [ 4F15D75ADF6156BF56ECED6D4A55C389, 2ADA3EA69A5D7EC2A4D2DD89178DB94EAFDDF95F07B0070D654D9F7A5C12A044 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
17:52:40.0362 0x0f80 PolicyAgent - ok
17:52:40.0401 0x0f80 [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power C:\Windows\system32\umpo.dll
17:52:40.0426 0x0f80 Power - ok
17:52:40.0472 0x0f80 [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
17:52:40.0509 0x0f80 PptpMiniport - ok
17:52:40.0531 0x0f80 [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor C:\Windows\system32\DRIVERS\processr.sys
17:52:40.0554 0x0f80 Processor - ok
17:52:40.0591 0x0f80 [ B6A58491307B4CADA572583D863DC602, 5C44936605E52C9533E4CE22F18FAB8211475877F71EFD88DA4D02FD608C90A3 ] ProfSvc C:\Windows\system32\profsvc.dll
17:52:40.0610 0x0f80 ProfSvc - ok
17:52:40.0622 0x0f80 [ 9262D6E2C239EDD6D87B080F2BCCEC9F, 4947F2C3DD9D2D08CBB03FCA822C78B24F841464FF52FDBFF7D34AC7EB484104 ] ProtectedStorage C:\Windows\system32\lsass.exe
17:52:40.0629 0x0f80 ProtectedStorage - ok
17:52:40.0719 0x0f80 [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched C:\Windows\system32\DRIVERS\pacer.sys
17:52:40.0763 0x0f80 Psched - ok
17:52:40.0880 0x0f80 [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
17:52:40.0908 0x0f80 ql2300 - ok
17:52:40.0934 0x0f80 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
17:52:40.0943 0x0f80 ql40xx - ok
17:52:40.0966 0x0f80 [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE C:\Windows\system32\qwave.dll
17:52:40.0981 0x0f80 QWAVE - ok
17:52:40.0987 0x0f80 [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
17:52:41.0011 0x0f80 QWAVEdrv - ok
17:52:41.0036 0x0f80 [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
17:52:41.0086 0x0f80 RasAcd - ok
17:52:41.0120 0x0f80 [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
17:52:41.0168 0x0f80 RasAgileVpn - ok
17:52:41.0221 0x0f80 [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto C:\Windows\System32\rasauto.dll
17:52:41.0264 0x0f80 RasAuto - ok
17:52:41.0306 0x0f80 [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
17:52:41.0327 0x0f80 Rasl2tp - ok
17:52:41.0386 0x0f80 [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan C:\Windows\System32\rasmans.dll
17:52:41.0444 0x0f80 RasMan - ok
17:52:41.0484 0x0f80 [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
17:52:41.0519 0x0f80 RasPppoe - ok
17:52:41.0539 0x0f80 [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
17:52:41.0560 0x0f80 RasSstp - ok
17:52:41.0604 0x0f80 [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
17:52:41.0640 0x0f80 rdbss - ok
17:52:41.0658 0x0f80 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
17:52:41.0667 0x0f80 rdpbus - ok
17:52:41.0676 0x0f80 [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
17:52:41.0712 0x0f80 RDPCDD - ok
17:52:41.0743 0x0f80 [ 1B6163C503398B23FF8B939C67747683, 339A5AA7970FF34FAAB213B655860C5B0DEC5F983A4A11A088017D849F320ACE ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
17:52:41.0785 0x0f80 RDPDR - ok
17:52:41.0815 0x0f80 [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
17:52:41.0850 0x0f80 RDPENCDD - ok
17:52:41.0862 0x0f80 [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
17:52:41.0900 0x0f80 RDPREFMP - ok
17:52:41.0953 0x0f80 [ 76D8CC526512ECAE2AEF63B1A6D018A1, 7281AFEBA5455BB879D4BA2DBADDCF6DAC87C1040605907CC907142609985B17 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
17:52:42.0016 0x0f80 RdpVideoMiniport - ok
17:52:42.0052 0x0f80 [ FE571E088C2D83619D2D48D4E961BF41, 88C5A2FCB1D0E528657842E39963471A6E42FCA3FCDF37955AEC8258AB4C48EA ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
17:52:42.0114 0x0f80 RDPWD - ok
17:52:42.0148 0x0f80 [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
17:52:42.0158 0x0f80 rdyboost - ok
17:52:42.0178 0x0f80 [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess C:\Windows\System32\mprdim.dll
17:52:42.0218 0x0f80 RemoteAccess - ok
17:52:42.0297 0x0f80 [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry C:\Windows\system32\regsvc.dll
17:52:42.0351 0x0f80 RemoteRegistry - ok
17:52:42.0387 0x0f80 [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
17:52:42.0435 0x0f80 RpcEptMapper - ok
17:52:42.0453 0x0f80 [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator C:\Windows\system32\locator.exe
17:52:42.0476 0x0f80 RpcLocator - ok
17:52:42.0570 0x0f80 [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] RpcSs C:\Windows\system32\rpcss.dll
17:52:42.0610 0x0f80 RpcSs - ok
17:52:42.0653 0x0f80 [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
17:52:42.0694 0x0f80 rspndr - ok
17:52:42.0710 0x0f80 [ E60C0A09F997826C7627B244195AB581, E8630ED74B38B98BF584E353D992C1311BC36AB7F20A1BB66C9CD65CE1E46F8D ] s3cap C:\Windows\system32\drivers\vms3cap.sys
17:52:42.0722 0x0f80 s3cap - ok
17:52:42.0737 0x0f80 [ 9262D6E2C239EDD6D87B080F2BCCEC9F, 4947F2C3DD9D2D08CBB03FCA822C78B24F841464FF52FDBFF7D34AC7EB484104 ] SamSs C:\Windows\system32\lsass.exe
17:52:42.0745 0x0f80 SamSs - ok
17:52:42.0764 0x0f80 [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
17:52:42.0771 0x0f80 sbp2port - ok
17:52:42.0825 0x0f80 [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr C:\Windows\System32\SCardSvr.dll
17:52:42.0855 0x0f80 SCardSvr - ok
17:52:42.0878 0x0f80 [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
17:52:42.0899 0x0f80 scfilter - ok
17:52:43.0094 0x0f80 [ 262F6592C3299C005FD6BEC90FC4463A, 54095E37F0B6CC677A3E9BDD40F4647C713273D197DB341063AA7F342A60C4A7 ] Schedule C:\Windows\system32\schedsvc.dll
17:52:43.0179 0x0f80 Schedule - ok
17:52:43.0222 0x0f80 [ 2A50BE713FAF033420466C25979C028E, 46EAF744B8EB23F5D134D63C4600EE46662FAB28282CD762945DFB448D2463B3 ] SCMNdisP C:\Windows\system32\DRIVERS\scmndisp.sys
17:52:43.0228 0x0f80 SCMNdisP - ok
17:52:43.0245 0x0f80 [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc C:\Windows\System32\certprop.dll
17:52:43.0265 0x0f80 SCPolicySvc - ok
17:52:43.0289 0x0f80 [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC C:\Windows\System32\SDRSVC.dll
17:52:43.0340 0x0f80 SDRSVC - ok
17:52:43.0373 0x0f80 [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv C:\Windows\system32\drivers\secdrv.sys
17:52:43.0424 0x0f80 secdrv - ok
17:52:43.0452 0x0f80 [ BC617A4E1B4FA8DF523A061739A0BD87, 10C4057F6B321EB5237FF619747B74F5401BC17D15A8C7060829E8204A2297F9 ] seclogon C:\Windows\system32\seclogon.dll
17:52:43.0487 0x0f80 seclogon - ok
17:52:43.0523 0x0f80 [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS C:\Windows\System32\sens.dll
17:52:43.0564 0x0f80 SENS - ok
17:52:43.0583 0x0f80 [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc C:\Windows\system32\sensrsvc.dll
17:52:43.0626 0x0f80 SensrSvc - ok
17:52:43.0674 0x0f80 [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
17:52:43.0706 0x0f80 Serenum - ok
17:52:43.0727 0x0f80 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial C:\Windows\system32\DRIVERS\serial.sys
17:52:43.0742 0x0f80 Serial - ok
17:52:43.0783 0x0f80 [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
17:52:43.0791 0x0f80 sermouse - ok
17:52:43.0817 0x0f80 [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv C:\Windows\system32\sessenv.dll
17:52:43.0862 0x0f80 SessionEnv - ok
17:52:43.0880 0x0f80 [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
17:52:43.0915 0x0f80 sffdisk - ok
17:52:43.0934 0x0f80 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
17:52:43.0978 0x0f80 sffp_mmc - ok
17:52:44.0004 0x0f80 [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
17:52:44.0015 0x0f80 sffp_sd - ok
17:52:44.0052 0x0f80 [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
17:52:44.0076 0x0f80 sfloppy - ok
17:52:44.0108 0x0f80 [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess C:\Windows\System32\ipnathlp.dll
17:52:44.0137 0x0f80 SharedAccess - ok
17:52:44.0170 0x0f80 [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
17:52:44.0229 0x0f80 ShellHWDetection - ok
17:52:44.0266 0x0f80 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
17:52:44.0293 0x0f80 SiSRaid2 - ok
17:52:44.0325 0x0f80 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
17:52:44.0333 0x0f80 SiSRaid4 - ok
17:52:44.0421 0x0f80 [ 704B4F81729F676BBF034529FC334D82, 1E50DAF97836807A500284385D99272780A8B69CA88761250451060B207824F8 ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
17:52:44.0435 0x0f80 SkypeUpdate - ok
17:52:44.0465 0x0f80 [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb C:\Windows\system32\DRIVERS\smb.sys
17:52:44.0486 0x0f80 Smb - ok
17:52:44.0505 0x0f80 [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
17:52:44.0530 0x0f80 SNMPTRAP - ok
17:52:44.0560 0x0f80 [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr C:\Windows\system32\drivers\spldr.sys
17:52:44.0566 0x0f80 spldr - ok
17:52:44.0643 0x0f80 [ 85DAA09A98C9286D4EA2BA8D0E644377, F9C324E2EF81193FE831C7EECC44A100CA06F82FA731BF555D9EA4D91DA13329 ] Spooler C:\Windows\System32\spoolsv.exe
17:52:44.0700 0x0f80 Spooler - ok
17:52:44.0860 0x0f80 [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc C:\Windows\system32\sppsvc.exe
17:52:44.0980 0x0f80 sppsvc - ok
17:52:45.0034 0x0f80 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify C:\Windows\system32\sppuinotify.dll
17:52:45.0072 0x0f80 sppuinotify - ok
17:52:45.0140 0x0f80 [ 441FBA48BFF01FDB9D5969EBC1838F0B, 306128F1AD489F87161A089D1BDC1542A4CB742D91A0C12A7CD1863FDB8932C0 ] srv C:\Windows\system32\DRIVERS\srv.sys
17:52:45.0202 0x0f80 srv - ok
17:52:45.0226 0x0f80 [ B4ADEBBF5E3677CCE9651E0F01F7CC28, 726DB2283113AB2A9681E8E9F61132303D6D86E9CD034C40EE4A8C9DB29E87F7 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
17:52:45.0265 0x0f80 srv2 - ok
17:52:45.0296 0x0f80 [ 27E461F0BE5BFF5FC737328F749538C3, AFA4704ED8FFC1A0BAB40DFB81D3AE3F3D933A3C9BF54DDAF39FF9AF3646D9E6 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
17:52:45.0327 0x0f80 srvnet - ok
17:52:45.0375 0x0f80 [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
17:52:45.0419 0x0f80 SSDPSRV - ok
17:52:45.0442 0x0f80 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc C:\Windows\system32\sstpsvc.dll
17:52:45.0479 0x0f80 SstpSvc - ok
17:52:45.0520 0x0f80 [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
17:52:45.0527 0x0f80 stexstor - ok
17:52:45.0553 0x0f80 [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc C:\Windows\System32\wiaservc.dll
17:52:45.0597 0x0f80 stisvc - ok
17:52:45.0628 0x0f80 [ 7785DC213270D2FC066538DAF94087E7, F09CB2895241719CA5147B2EE9F7ECBD0303AFFB5CD896F06D4D29BAAAFC207B ] storflt C:\Windows\system32\drivers\vmstorfl.sys
17:52:45.0636 0x0f80 storflt - ok
17:52:45.0681 0x0f80 [ D34E4943D5AC096C8EDEEBFD80D76E23, 1DD7F6F97060B5F763A04ACA1F75E59DAB09EF824FD09B83FC3C192837D006DE ] storvsc C:\Windows\system32\drivers\storvsc.sys
17:52:45.0688 0x0f80 storvsc - ok
17:52:45.0703 0x0f80 [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum C:\Windows\system32\drivers\swenum.sys
17:52:45.0709 0x0f80 swenum - ok
17:52:45.0745 0x0f80 [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv C:\Windows\System32\swprv.dll
17:52:45.0784 0x0f80 swprv - ok
17:52:45.0806 0x0f80 Synth3dVsc - ok
17:52:45.0989 0x0f80 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D, 3C13217548BE61F2BDB8BD41F77345CDDA1F97BF0AE17241C335B9807EB3DBB8 ] SysMain C:\Windows\system32\sysmain.dll
17:52:46.0100 0x0f80 SysMain - ok
17:52:46.0128 0x0f80 [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\Windows\System32\TabSvc.dll
17:52:46.0140 0x0f80 TabletInputService - ok
17:52:46.0180 0x0f80 [ 3C32FF010F869BC184DF71290477384E, 55CFCEC7F026C6E2E96A2FBE846AB513BB12BB0348735274FE1B71AF019C837B ] tap0901 C:\Windows\system32\DRIVERS\tap0901.sys
17:52:46.0189 0x0f80 tap0901 - ok
17:52:46.0243 0x0f80 [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv C:\Windows\System32\tapisrv.dll
17:52:46.0280 0x0f80 TapiSrv - ok
17:52:46.0302 0x0f80 [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS C:\Windows\System32\tbssvc.dll
17:52:46.0324 0x0f80 TBS - ok
17:52:46.0434 0x0f80 [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
17:52:46.0499 0x0f80 Tcpip - ok
17:52:46.0578 0x0f80 [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
17:52:46.0613 0x0f80 TCPIP6 - ok
17:52:46.0634 0x0f80 [ 1B16D0BD9841794A6E0CDE0CEF744ABC, 7EB8BA97339199EEE7F2B09DA2DA6279DA64A510D4598D42CF86415D67CD674C ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
17:52:46.0642 0x0f80 tcpipreg - ok
17:52:46.0663 0x0f80 [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
17:52:46.0703 0x0f80 TDPIPE - ok
17:52:46.0730 0x0f80 [ 51C5ECEB1CDEE2468A1748BE550CFBC8, 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
17:52:46.0773 0x0f80 TDTCP - ok
17:52:46.0831 0x0f80 [ 70988118145F5F10EF24720B97F35F65, F80C806417A68047FFB3D63214BC4AE5445315219AC594E043293006B704A63D ] tdx C:\Windows\system32\DRIVERS\tdx.sys
17:52:46.0879 0x0f80 tdx - ok
17:52:46.0898 0x0f80 [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD C:\Windows\system32\drivers\termdd.sys
17:52:46.0906 0x0f80 TermDD - ok
17:52:47.0115 0x0f80 [ 008CD4EBFABCF78D0F19B3778492648C, 9050490EEE0AD86E73F0A82D83E4FC29DF84F6B6FDB389AE135FD712B5F425BE ] TermService C:\Windows\System32\termsrv.dll
17:52:47.0162 0x0f80 TermService - ok
17:52:47.0184 0x0f80 [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes C:\Windows\system32\themeservice.dll
17:52:47.0197 0x0f80 Themes - ok
17:52:47.0218 0x0f80 [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER C:\Windows\system32\mmcss.dll
17:52:47.0239 0x0f80 THREADORDER - ok
17:52:47.0276 0x0f80 [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks C:\Windows\System32\trkwks.dll
17:52:47.0313 0x0f80 TrkWks - ok
17:52:47.0370 0x0f80 [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
17:52:47.0425 0x0f80 TrustedInstaller - ok
17:52:47.0448 0x0f80 [ E232A3B43A894BB327FC161529BD9ED1, F2673DA8C920F21ACCECC25F7C59A05822E5E577D47F126EDF9C94FEB4B30C5F ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
17:52:47.0492 0x0f80 tssecsrv - ok
17:52:47.0521 0x0f80 [ D11C783E3EF9A3C52C0EBE83CC5000E9, A136C355D4C8945729163D15801364A614E23217B15F9313C85BA45BB71A74EB ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
17:52:47.0569 0x0f80 TsUsbFlt - ok
17:52:47.0572 0x0f80 tsusbhub - ok
17:52:47.0645 0x0f80 [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
17:52:47.0679 0x0f80 tunnel - ok
17:52:47.0713 0x0f80 [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
17:52:47.0734 0x0f80 uagp35 - ok
17:52:47.0768 0x0f80 [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
17:52:47.0809 0x0f80 udfs - ok
17:52:47.0862 0x0f80 [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect C:\Windows\system32\UI0Detect.exe
17:52:47.0898 0x0f80 UI0Detect - ok
17:52:47.0954 0x0f80 [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
17:52:47.0976 0x0f80 uliagpkx - ok
17:52:48.0030 0x0f80 [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus C:\Windows\system32\drivers\umbus.sys
17:52:48.0067 0x0f80 umbus - ok
17:52:48.0104 0x0f80 [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
17:52:48.0134 0x0f80 UmPass - ok
17:52:48.0236 0x0f80 [ A293DCD756D04D8492A750D03B9A297C, 203600ED0B7F8BA4C6D6F4ED810F4DF5AB70928B06EC4131C5D8ADF628444ED1 ] UmRdpService C:\Windows\System32\umrdp.dll
17:52:48.0261 0x0f80 UmRdpService - ok
17:52:48.0316 0x0f80 [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost C:\Windows\System32\upnphost.dll
17:52:48.0390 0x0f80 upnphost - ok
17:52:48.0413 0x0f80 [ DCA68B0943D6FA415F0C56C92158A83A, BEE5A5B33B22D1DF50B884D46D89FC3B8286EB16E38AD5A20F0A49E5C6766C57 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
17:52:48.0472 0x0f80 usbccgp - ok
17:52:48.0518 0x0f80 [ 80B0F7D5CCF86CEB5D402EAAF61FEC31, 140C62116A425DEAD25FE8D82DE283BC92C482A9F643658D512F9F67061F28AD ] usbcir C:\Windows\system32\drivers\usbcir.sys
17:52:48.0592 0x0f80 usbcir - ok
17:52:48.0623 0x0f80 [ 18A85013A3E0F7E1755365D287443965, 811C5EDF38C765BCF71BCE25CB6626FF6988C3699F5EF1846240EA0052F34C33 ] usbehci C:\Windows\system32\drivers\usbehci.sys
17:52:48.0656 0x0f80 usbehci - ok
17:52:48.0720 0x0f80 [ 8D1196CFBB223621F2C67D45710F25BA, B5D7AFE51833B24FC9576F3AED3D8A2B290E5846060E73F9FFFAC1890A8B6003 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
17:52:48.0740 0x0f80 usbhub - ok
17:52:48.0774 0x0f80 [ 765A92D428A8DB88B960DA5A8D6089DC, 56DE8A2ED58E53B202C399CA7BACB1551136303C2EE0AB426BDBBF880E3C542C ] usbohci C:\Windows\system32\drivers\usbohci.sys
17:52:48.0794 0x0f80 usbohci - ok
17:52:48.0815 0x0f80 [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
17:52:48.0824 0x0f80 usbprint - ok
17:52:48.0868 0x0f80 [ FED648B01349A3C8395A5169DB5FB7D6, DC4D7594C24ADD076927B9347F1B50B91CF03A4ABDB284248D5711D9C19DEB96 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
17:52:48.0930 0x0f80 USBSTOR - ok
17:52:48.0953 0x0f80 [ DD253AFC3BC6CBA412342DE60C3647F3, 146F8613F1057AC054DC3593E84BC52899DA27EA33B0E72ACFB78C3699ADCDE7 ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
17:52:48.0989 0x0f80 usbuhci - ok
17:52:49.0023 0x0f80 [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms C:\Windows\System32\uxsms.dll
17:52:49.0064 0x0f80 UxSms - ok
17:52:49.0109 0x0f80 [ 9262D6E2C239EDD6D87B080F2BCCEC9F, 4947F2C3DD9D2D08CBB03FCA822C78B24F841464FF52FDBFF7D34AC7EB484104 ] VaultSvc C:\Windows\system32\lsass.exe
17:52:49.0116 0x0f80 VaultSvc - ok
17:52:49.0144 0x0f80 [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
17:52:49.0152 0x0f80 vdrvroot - ok
17:52:49.0186 0x0f80 [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds C:\Windows\System32\vds.exe
17:52:49.0218 0x0f80 vds - ok
17:52:49.0253 0x0f80 [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
17:52:49.0262 0x0f80 vga - ok
17:52:49.0284 0x0f80 [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave C:\Windows\System32\drivers\vga.sys
17:52:49.0326 0x0f80 VgaSave - ok
17:52:49.0328 0x0f80 VGPU - ok
17:52:49.0382 0x0f80 [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
17:52:49.0406 0x0f80 vhdmp - ok
17:52:49.0627 0x0f80 [ 3CCC0D9607419AC28B4216C18F6FA5E9, D51049B48EAC426C78C0651630BE6995E78E3E0E045AA4A8C7285A9941BF22A3 ] VIAHdAudAddService C:\Windows\system32\drivers\viahduaa.sys
17:52:49.0755 0x0f80 VIAHdAudAddService - ok
17:52:49.0776 0x0f80 [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide C:\Windows\system32\drivers\viaide.sys
17:52:49.0783 0x0f80 viaide - ok
17:52:49.0819 0x0f80 [ 888450E821E7A66CB8A4E5B7A01BA5C5, 9D78E82F533D045CB47E4BF452C1BF3F5451A71171D7D11E744CFA03C154D242 ] VIAKaraokeService C:\Windows\system32\viakaraokesrv.exe
17:52:49.0826 0x0f80 VIAKaraokeService - ok
17:52:49.0871 0x0f80 [ 86EA3E79AE350FEA5331A1303054005F, 7E7D6027EB41E591633C7383A5D29A3BA8ECFC08C177D2BCF741EE27686B1691 ] vmbus C:\Windows\system32\drivers\vmbus.sys
17:52:49.0887 0x0f80 vmbus - ok
17:52:49.0900 0x0f80 [ 7DE90B48F210D29649380545DB45A187, 09522F84285D62B961868DA98C40B82E746CA4D24A9780905673A2349D6B07F4 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
17:52:49.0907 0x0f80 VMBusHID - ok
17:52:49.0919 0x0f80 [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr C:\Windows\system32\drivers\volmgr.sys
17:52:49.0927 0x0f80 volmgr - ok
17:52:49.0952 0x0f80 [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
17:52:49.0972 0x0f80 volmgrx - ok
17:52:50.0003 0x0f80 [ 0D08D2F3B3FF84E433346669B5E0F639, 3D6716CEC95B8861A7CC5778E91F310528DC6BEE0E57A3C8757FC675154EBDEC ] volsnap C:\Windows\system32\drivers\volsnap.sys
17:52:50.0023 0x0f80 volsnap - ok
17:52:50.0066 0x0f80 [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
17:52:50.0076 0x0f80 vsmraid - ok
17:52:50.0221 0x0f80 [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS C:\Windows\system32\vssvc.exe
17:52:50.0319 0x0f80 VSS - ok
17:52:50.0393 0x0f80 [ 316A1762BD41C3DB06EB484527838E2D, D358F9008F347BCE673C9EA5027FE9A2C169943A775DF012364965643C9AB794 ] VUSB3HUB C:\Windows\system32\DRIVERS\ViaHub3.sys
17:52:50.0427 0x0f80 VUSB3HUB - ok
17:52:50.0458 0x0f80 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
17:52:50.0492 0x0f80 vwifibus - ok
17:52:50.0560 0x0f80 [ 6A3D66263414FF0D6FA754C646612F3F, 30F6BA594B0D3B94113064015A16D97811CD989DF1715CCE21CEAB9894C1B4FB ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
17:52:50.0571 0x0f80 vwififlt - ok
17:52:50.0636 0x0f80 [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time C:\Windows\system32\w32time.dll
17:52:50.0677 0x0f80 W32Time - ok
17:52:50.0696 0x0f80 [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
17:52:50.0722 0x0f80 WacomPen - ok
17:52:50.0774 0x0f80 [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
17:52:50.0830 0x0f80 WANARP - ok
17:52:50.0835 0x0f80 [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
17:52:50.0855 0x0f80 Wanarpv6 - ok
17:52:50.0999 0x0f80 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C, 4150DAB33E8D61076F1D4767BCAFC9B4ECCCCBD58FD4FB3CFE5B8D27DCDCAB61 ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
17:52:51.0050 0x0f80 WatAdminSvc - ok
17:52:51.0251 0x0f80 [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine C:\Windows\system32\wbengine.exe
17:52:51.0359 0x0f80 wbengine - ok
17:52:51.0384 0x0f80 [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
17:52:51.0419 0x0f80 WbioSrvc - ok
17:52:51.0524 0x0f80 [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc C:\Windows\System32\wcncsvc.dll
17:52:51.0574 0x0f80 wcncsvc - ok
17:52:51.0600 0x0f80 [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
17:52:51.0619 0x0f80 WcsPlugInService - ok
17:52:51.0639 0x0f80 [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd C:\Windows\system32\DRIVERS\wd.sys
17:52:51.0647 0x0f80 Wd - ok
17:52:51.0686 0x0f80 [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
17:52:51.0720 0x0f80 Wdf01000 - ok
17:52:51.0769 0x0f80 [ C6F7473B55510F0B93961DA03D8E3B38, 4BAB9274DED8F7AC4A52B8739F501323FFFA0367CAA24BFAFDB5523812E0CE39 ] WdiServiceHost C:\Windows\system32\wdi.dll
17:52:51.0821 0x0f80 WdiServiceHost - ok
17:52:51.0832 0x0f80 [ C6F7473B55510F0B93961DA03D8E3B38, 4BAB9274DED8F7AC4A52B8739F501323FFFA0367CAA24BFAFDB5523812E0CE39 ] WdiSystemHost C:\Windows\system32\wdi.dll
17:52:51.0841 0x0f80 WdiSystemHost - ok
17:52:51.0894 0x0f80 [ 0EB0E5D22B1760F2DBCE632F2DD7A54D, B8A4CC62F88768947FB0A161CF9564DB28FD9C1C037B5475DF192982DE035C22 ] WebClient C:\Windows\System32\webclnt.dll
17:52:51.0953 0x0f80 WebClient - ok
17:52:52.0001 0x0f80 [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc C:\Windows\system32\wecsvc.dll
17:52:52.0069 0x0f80 Wecsvc - ok
17:52:52.0088 0x0f80 [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport C:\Windows\System32\wercplsupport.dll
17:52:52.0126 0x0f80 wercplsupport - ok
17:52:52.0166 0x0f80 [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc C:\Windows\System32\WerSvc.dll
17:52:52.0195 0x0f80 WerSvc - ok
17:52:52.0228 0x0f80 [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
17:52:52.0275 0x0f80 WfpLwf - ok
17:52:52.0312 0x0f80 [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount C:\Windows\system32\drivers\wimmount.sys
17:52:52.0319 0x0f80 WIMMount - ok
17:52:52.0329 0x0f80 WinDefend - ok
17:52:52.0350 0x0f80 WinHttpAutoProxySvc - ok
17:52:52.0440 0x0f80 [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
17:52:52.0466 0x0f80 Winmgmt - ok
17:52:52.0767 0x0f80 [ D929ABD465A2DED963DA8B30946A8D5C, DE8DBFB01C11D2AE903CBD6A974D6F995E9813CE2D6484B7DA06EAE4C545842A ] WinRM C:\Windows\system32\WsmSvc.dll
17:52:52.0871 0x0f80 WinRM - ok
17:52:52.0937 0x0f80 [ FE88B288356E7B47B74B13372ADD906D, A16B166F6BB32EF9D2A142F27B9EC54CBC7B3AC915799783CF4C40E525BC9E03 ] WinUsb C:\Windows\system32\drivers\WinUsb.sys
17:52:52.0961 0x0f80 WinUsb - ok
17:52:53.0076 0x0f80 [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc C:\Windows\System32\wlansvc.dll
17:52:53.0139 0x0f80 Wlansvc - ok
17:52:53.0184 0x0f80 [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
17:52:53.0220 0x0f80 WmiAcpi - ok
17:52:53.0268 0x0f80 [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
17:52:53.0286 0x0f80 wmiApSrv - ok
17:52:53.0328 0x0f80 WMPNetworkSvc - ok
17:52:53.0353 0x0f80 [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc C:\Windows\System32\wpcsvc.dll
17:52:53.0405 0x0f80 WPCSvc - ok
17:52:53.0440 0x0f80 [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
17:52:53.0469 0x0f80 WPDBusEnum - ok
17:52:53.0496 0x0f80 [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
17:52:53.0536 0x0f80 ws2ifsl - ok
17:52:53.0571 0x0f80 [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc C:\Windows\System32\wscsvc.dll
17:52:53.0602 0x0f80 wscsvc - ok
17:52:53.0604 0x0f80 WSearch - ok
17:52:53.0785 0x0f80 [ E1C281225E6ECB16BC675D0687077E40, 79CD615FB6A05F791A554FC83717D2805829D07E16E96C2A9B41FF50847B5504 ] WSWNA3100 C:\Program Files (x86)\NETGEAR\WNA3100\WifiSvc.exe
17:52:53.0807 0x0f80 WSWNA3100 - ok
17:52:54.0121 0x0f80 [ 0814A74C853F50B354F08F83DDA9F7FB, 0A63BAA8DE451B8C2C71FEF961718E769B9BAC305C76D24048C664CB27D0DF28 ] wuauserv C:\Windows\system32\wuaueng.dll
17:52:54.0246 0x0f80 wuauserv - ok
17:52:54.0273 0x0f80 [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
17:52:54.0296 0x0f80 WudfPf - ok
17:52:54.0327 0x0f80 [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
17:52:54.0361 0x0f80 WUDFRd - ok
17:52:54.0391 0x0f80 [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
17:52:54.0424 0x0f80 wudfsvc - ok
17:52:54.0496 0x0f80 [ 04F82965C09CBDF646B487E145060301, 2CD8533EDBE24C3E42EB7550E20F8A2EB9E5E345B165DEF543163A6BC1FDD18B ] WwanSvc C:\Windows\System32\wwansvc.dll
17:52:54.0551 0x0f80 WwanSvc - ok
17:52:54.0625 0x0f80 [ FFDB0ED9D1D453F7F19DE55FE0706195, 926982B6204B3820AF3F9FE5A423938587E07CE1832B103AD77C5AEC2762DF3E ] xhcdrv C:\Windows\system32\DRIVERS\xhcdrv.sys
17:52:54.0668 0x0f80 xhcdrv - ok
17:52:54.0722 0x0f80 ================ Scan global ===============================
17:52:54.0761 0x0f80 [ BA0CD8C393E8C9F83354106093832C7B, 18D8A4780A2BAA6CEF7FBBBDA0EF6BF2DADF146E1E578A618DD5859E8ADBF1A8 ] C:\Windows\system32\basesrv.dll
17:52:54.0822 0x0f80 [ D17DD01601460F5899E5C154B3FD0BFA, B2FCFDE4B6F87634EA1F6D8AEA6D9B3C641D41D999C68B76F95491539B19D422 ] C:\Windows\system32\winsrv.dll
17:52:54.0842 0x0f80 [ D17DD01601460F5899E5C154B3FD0BFA, B2FCFDE4B6F87634EA1F6D8AEA6D9B3C641D41D999C68B76F95491539B19D422 ] C:\Windows\system32\winsrv.dll
17:52:54.0876 0x0f80 [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\Windows\system32\sxssrv.dll
17:52:54.0905 0x0f80 [ 71C85477DF9347FE8E7BC55768473FCA, A86D6A6D1F5A0EFCD649792A06F3AE9B37158D48493D2ECA7F52DCC1CB9B6536 ] C:\Windows\system32\services.exe
17:52:54.0913 0x0f80 [ Global ] - ok
17:52:54.0913 0x0f80 ================ Scan MBR ==================================
17:52:54.0930 0x0f80 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
17:52:55.0159 0x0f80 \Device\Harddisk0\DR0 - ok
17:52:55.0162 0x0f80 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk1\DR1
17:52:55.0237 0x0f80 \Device\Harddisk1\DR1 - ok
17:52:55.0238 0x0f80 ================ Scan VBR ==================================
17:52:55.0260 0x0f80 [ 8633AD49C0C5497AF10BBBAEF545ED92 ] \Device\Harddisk0\DR0\Partition1
17:52:55.0261 0x0f80 \Device\Harddisk0\DR0\Partition1 - ok
17:52:55.0264 0x0f80 [ 9A8777CC4D48614CE5FC2BF9183695C8 ] \Device\Harddisk1\DR1\Partition1
17:52:55.0265 0x0f80 \Device\Harddisk1\DR1\Partition1 - ok
17:52:55.0265 0x0f80 ================ Scan generic autorun ======================
17:52:55.0271 0x0f80 Platinum - ok
17:52:55.0271 0x0f80 Trend Micro Client Framework - ok
17:52:55.0363 0x0f80 [ 6B90AE01904E5071226E2D2C4397FE52, F58DEC674B2D30AD67347708E4739E9ED2D4774B48CFD30E6009F7412EC597BC ] C:\Program Files (x86)\Google\Google Japanese Input\GoogleIMEJaBroker32.exe
17:52:55.0419 0x0f80 Google Japanese Input Prelauncher - ok
17:52:55.0508 0x0f80 [ 5FC6AD6AE07F8827F954C4C6B73568E2, 6A2C1328BFBFB8D41CE268C2D1C26B1E2FCF2E426A98A740536689FB568ACFE9 ] C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe
17:52:55.0560 0x0f80 StartCCC - ok
17:52:55.0593 0x0f80 [ 968EDA6EA6E00DFAE78586BFA6322B74, 8F3A01704E67D2F9212A08F0D5B4FF15DEE4791E1BB303DF4C9CF7DD3871E6E5 ] C:\VIA_XHCI\usb3Monitor.exe
17:52:55.0628 0x0f80 VIAxHCUtl - detected UnsignedFile.Multi.Generic ( 1 )
17:52:58.0124 0x0f80 Detect skipped due to KSN trusted
17:52:58.0124 0x0f80 VIAxHCUtl - ok
17:52:58.0139 0x0f80 G Data ASM - ok
17:52:58.0194 0x0f80 [ 20769F05B2A6EBF78CF3D82ED0063236, 5D89FC2DF6E13BB062B723CA85C0EF10253ACE64EBA064A58A362DC581573C1E ] C:\Program Files (x86)\iTunes\iTunesHelper.exe
17:52:58.0204 0x0f80 iTunesHelper - ok
17:52:58.0343 0x0f80 [ 02926E66A3E909194725D30911C0AEEF, 88CC5FDD229A9FD2B0F6D628D27032901B5CA5B6815294EACCC8EEE65279F664 ] C:\Program Files (x86)\BlueStacks\HD-Agent.exe
17:52:58.0371 0x0f80 BlueStacks Agent - ok
17:52:58.0455 0x0f80 [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
17:52:58.0514 0x0f80 Sidebar - ok
17:52:58.0536 0x0f80 [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
17:52:58.0547 0x0f80 mctadmin - ok
17:52:58.0589 0x0f80 [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
17:52:58.0613 0x0f80 Sidebar - ok
17:52:58.0627 0x0f80 [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
17:52:58.0639 0x0f80 mctadmin - ok
17:52:58.0709 0x0f80 [ EF5B914540364AA5BA7672DFDFE5EEF1, 1A6CB9E88635849C6568E8748B3EF5E383EBF5E7C0299BBD3B8613EA6455024E ] C:\Program Files\CyberGhost 5\CyberGhost.exe
17:52:58.0756 0x0f80 CyberGhost - ok
17:52:58.0797 0x0f80 Skype - ok
17:52:58.0798 0x0f80 Waiting for KSN requests completion. In queue: 106
17:52:59.0798 0x0f80 Waiting for KSN requests completion. In queue: 106
17:53:00.0798 0x0f80 Waiting for KSN requests completion. In queue: 106
17:53:01.0798 0x0f80 Waiting for KSN requests completion. In queue: 106
17:53:02.0798 0x0f80 Waiting for KSN requests completion. In queue: 106
17:53:03.0798 0x0f80 Waiting for KSN requests completion. In queue: 106
17:53:04.0798 0x0f80 Waiting for KSN requests completion. In queue: 106
17:53:05.0798 0x0f80 Waiting for KSN requests completion. In queue: 106
17:53:06.0798 0x0f80 Waiting for KSN requests completion. In queue: 106
17:53:07.0799 0x0f80 Waiting for KSN requests completion. In queue: 106
17:53:08.0799 0x0f80 Waiting for KSN requests completion. In queue: 106
17:53:09.0799 0x0f80 Waiting for KSN requests completion. In queue: 106
17:53:10.0799 0x0f80 Waiting for KSN requests completion. In queue: 106
17:53:11.0799 0x0f80 Waiting for KSN requests completion. In queue: 106
17:53:12.0888 0x0f80 AV detected via SS2: Kaspersky Internet Security, C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\wmiav.exe ( 15.0.0.463 ), 0x41000 ( enabled : updated )
17:53:12.0974 0x0f80 FW detected via SS2: Kaspersky Internet Security, C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\wmifw.exe ( 15.0.0.463 ), 0x41010 ( enabled )
17:53:15.0441 0x0f80 ============================================================
17:53:15.0441 0x0f80 Scan finished
17:53:15.0441 0x0f80 ============================================================
17:53:15.0446 0x130c Detected object count: 0
17:53:15.0446 0x130c Actual detected object count: 0
|
|
03.06.2015, 11:46
| #6 |
| /// the machine /// TB-Ausbilder | Windows-kein-Originalprodukt-Meldung hi, Scan mit Combofix
__________________ --> Windows-kein-Originalprodukt-Meldung |
|
03.06.2015, 15:18
| #7 |
| | Windows-kein-Originalprodukt-Meldung Hi, [CODE] Combofix Logfile: Code:
ATTFilter ComboFix 15-05-31.01 - Aaron 03.06.2015 15:48:00.1.4 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.49.1031.18.7654.3626 [GMT 2:00]
ausgeführt von:: c:\users\Aaron\Downloads\ComboFix.exe
AV: Kaspersky Internet Security *Enabled/Updated* {179979E8-273D-D14E-0543-2861940E4886}
FW: Kaspersky Internet Security *Enabled* {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD}
SP: Kaspersky Internet Security *Enabled/Updated* {ACF8980C-0107-DEC0-3FF3-1313EF89023B}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\security\Database\tmp.edb
c:\windows\SysWow64\Packet.dll
c:\windows\SysWow64\pthreadVC.dll
c:\windows\SysWow64\wpcap.dll
.
.
((((((((((((((((((((((((((((((((((((((( Treiber/Dienste )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_NPF
.
.
((((((((((((((((((((((( Dateien erstellt von 2015-05-03 bis 2015-06-03 ))))))))))))))))))))))))))))))
.
.
2015-06-02 15:51 . 2015-06-02 15:51 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{DF0D3F8D-7C09-4A03-A073-D6AE0D7C802F}\offreg.5080.dll
2015-06-02 15:50 . 2015-06-02 15:50 136408 ----a-w- c:\windows\system32\drivers\20C31D9D.sys
2015-06-02 15:50 . 2015-06-02 15:50 107736 ----a-w- c:\windows\system32\drivers\7EF21D72.sys
2015-06-02 15:09 . 2015-06-02 15:09 -------- d-----w- c:\programdata\Malwarebytes
2015-06-02 15:09 . 2015-06-02 15:50 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
2015-06-02 15:09 . 2015-06-02 15:09 136408 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-06-02 15:07 . 2015-06-02 15:07 107736 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2015-06-02 15:00 . 2015-06-02 15:00 -------- d-----w- c:\program files (x86)\VS Revo Group
2015-05-31 18:09 . 2015-06-01 15:45 -------- d-----w- C:\FRST
2015-05-31 08:57 . 2015-05-31 08:57 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{DF0D3F8D-7C09-4A03-A073-D6AE0D7C802F}\offreg.4348.dll
2015-05-29 20:29 . 2015-05-03 03:16 12214312 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{DF0D3F8D-7C09-4A03-A073-D6AE0D7C802F}\mpengine.dll
2015-05-28 19:37 . 2015-05-28 19:37 -------- d-----w- c:\users\Aaron\.android
2015-05-28 19:20 . 2015-05-29 20:22 -------- d-----w- c:\program files (x86)\Common Files\Skype
2015-05-28 19:20 . 2015-05-29 20:22 -------- d-----r- c:\program files (x86)\Skype
2015-05-20 21:50 . 2015-05-20 21:50 -------- d-----w- c:\windows\SysWow64\Wat
2015-05-20 21:50 . 2015-05-20 21:50 -------- d-----w- c:\windows\system32\Wat
2015-05-19 17:22 . 2015-05-19 17:22 -------- d-----w- c:\users\Aaron\AppData\Local\Apple Computer
2015-05-19 17:22 . 2015-05-19 17:22 -------- d-----w- c:\users\Aaron\AppData\Roaming\Apple Computer
2015-05-19 17:21 . 2012-10-03 14:14 33240 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2015-05-19 17:21 . 2015-05-19 17:21 -------- dc----w- c:\windows\system32\DRVSTORE
2015-05-19 17:21 . 2015-05-19 17:21 -------- d-----w- c:\programdata\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2015-05-19 17:21 . 2015-05-19 17:21 -------- d-----w- c:\program files\iTunes
2015-05-19 17:21 . 2015-05-19 17:21 -------- d-----w- c:\program files (x86)\iTunes
2015-05-19 17:21 . 2015-05-19 17:21 -------- d-----w- c:\programdata\Apple Computer
2015-05-19 17:21 . 2015-05-19 17:21 -------- d-----w- c:\program files\iPod
2015-05-19 17:20 . 2015-05-19 17:20 -------- d-----w- c:\users\Aaron\AppData\Local\Apple
2015-05-19 17:20 . 2015-05-21 20:04 -------- d-----w- c:\program files\Common Files\Apple
2015-05-19 17:19 . 2015-05-21 20:04 -------- d-----w- c:\program files (x86)\Common Files\Apple
2015-05-19 17:19 . 2015-05-21 20:03 -------- d-----w- c:\programdata\Apple
2015-05-19 15:24 . 2015-05-19 15:24 -------- d-----w- c:\programdata\InstallShield
2015-05-19 15:24 . 2015-05-19 15:24 -------- d-----w- c:\windows\system32\AGEIA
2015-05-19 15:24 . 2015-05-19 15:24 -------- d-----w- c:\windows\SysWow64\AGEIA
2015-05-19 15:24 . 2015-05-19 15:24 -------- d-----w- c:\program files (x86)\AGEIA Technologies
2015-05-19 15:24 . 2015-05-19 15:24 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard
2015-05-19 15:24 . 2015-05-31 08:49 88480 ----a-w- c:\windows\system32\drivers\atksgt.sys
2015-05-19 15:24 . 2015-05-31 08:49 46400 ----a-w- c:\windows\system32\drivers\lirsgt.sys
2015-05-19 15:21 . 2015-05-19 15:21 -------- d-----w- c:\program files (x86)\Focus
2015-05-19 15:21 . 2004-08-09 04:04 73728 ----a-w- c:\windows\SysWow64\ISUSPM.cpl
2015-05-19 15:21 . 2004-08-09 04:03 221184 ----a-w- c:\program files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe
2015-05-19 15:21 . 2004-08-09 04:03 385024 ----a-w- c:\program files (x86)\Common Files\InstallShield\UpdateService\_ispmres.dll
2015-05-19 15:21 . 2004-08-09 04:03 368640 ----a-w- c:\program files (x86)\Common Files\InstallShield\UpdateService\_isusres.dll
2015-05-19 15:21 . 2004-08-09 04:03 81920 ----a-w- c:\program files (x86)\Common Files\InstallShield\UpdateService\issch.exe
2015-05-19 15:21 . 2004-08-09 04:02 217088 ----a-w- c:\program files (x86)\Common Files\InstallShield\UpdateService\ISDM.exe
2015-05-19 15:21 . 2004-08-09 04:03 512000 ----a-w- c:\program files (x86)\Common Files\InstallShield\UpdateService\agent.exe
2015-05-19 15:18 . 2004-10-22 00:17 69715 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\ctor.dll
2015-05-19 15:18 . 2004-10-22 00:17 274432 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iscript.dll
2015-05-19 15:18 . 2004-10-22 00:16 180224 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iuser.dll
2015-05-19 15:18 . 2004-10-22 00:16 5632 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\DotNetInstaller.exe
2015-05-19 15:18 . 2015-05-19 15:18 192644 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iGdi.dll
2015-05-19 15:18 . 2004-10-22 00:18 749568 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iKernel.dll
2015-05-19 15:18 . 2015-05-19 15:18 323716 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\setup.dll
2015-05-17 18:00 . 2015-05-17 18:00 -------- d-----w- c:\windows\SysWow64\wbem\Logs
2015-05-14 20:52 . 2013-05-06 07:13 110176 ----a-w- c:\windows\system32\klfphc.dll
2015-05-14 20:51 . 2015-05-14 20:51 -------- d-----w- c:\windows\ELAMBKUP
2015-05-14 20:51 . 2015-06-03 13:54 -------- d-----w- c:\programdata\Kaspersky Lab
2015-05-14 20:51 . 2015-05-14 20:51 -------- d-----w- c:\program files (x86)\Kaspersky Lab
2015-05-14 20:51 . 2015-05-17 19:49 793800 ----a-w- c:\windows\system32\drivers\klif.sys
2015-05-14 20:51 . 2015-05-17 19:49 141320 ----a-w- c:\windows\system32\drivers\klflt.sys
2015-05-14 20:51 . 2014-04-10 15:25 243808 ----a-w- c:\windows\system32\drivers\klhk.sys
2015-05-13 11:20 . 2015-05-01 13:17 124112 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-13 11:20 . 2015-05-01 13:16 102608 ----a-w- c:\windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
2015-05-13 08:58 . 2015-04-13 03:28 328704 ----a-w- c:\windows\system32\services.exe
2015-05-13 08:57 . 2015-04-08 03:29 169984 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\rtscom.dll
2015-05-08 21:03 . 2015-05-08 21:03 -------- d-----w- c:\users\Aaron\AppData\Local\Steam
2015-05-08 20:58 . 2015-05-10 16:42 -------- d-----w- c:\program files (x86)\Common Files\Steam
2015-05-04 17:03 . 2015-05-29 20:22 -------- d-----w- c:\programdata\BlueStacksSetup
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-05-26 16:16 . 2014-11-01 12:17 778416 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2015-05-26 16:16 . 2014-11-01 12:17 142512 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-05-13 11:22 . 2009-10-14 05:12 140425016 ----a-w- c:\windows\system32\MRT.exe
2015-05-01 09:56 . 2015-05-01 09:56 21840 ----a-w- c:\windows\SysWow64\SIntfNT.dll
2015-05-01 09:56 . 2015-05-01 09:56 17212 ----a-w- c:\windows\SysWow64\SIntf32.dll
2015-05-01 09:56 . 2015-05-01 09:56 12067 ----a-w- c:\windows\SysWow64\SIntf16.dll
2015-04-27 19:04 . 2015-05-13 08:58 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2015-04-15 15:40 . 2015-04-14 16:28 20992 ----a-w- c:\windows\system32\drivers\GDKBFlt64.sys
2015-03-25 03:24 . 2015-04-15 15:19 98304 ----a-w- c:\windows\system32\wudriver.dll
2015-03-25 03:24 . 2015-04-15 15:19 37376 ----a-w- c:\windows\system32\wups2.dll
2015-03-25 03:24 . 2015-04-15 15:19 35328 ----a-w- c:\windows\system32\wups.dll
2015-03-25 03:24 . 2015-04-15 15:19 3298816 ----a-w- c:\windows\system32\wucltux.dll
2015-03-25 03:24 . 2015-04-15 15:19 2553856 ----a-w- c:\windows\system32\wuaueng.dll
2015-03-25 03:24 . 2015-04-15 15:19 191488 ----a-w- c:\windows\system32\wuwebv.dll
2015-03-25 03:24 . 2015-04-15 15:19 696320 ----a-w- c:\windows\system32\wuapi.dll
2015-03-25 03:24 . 2015-04-15 15:19 60416 ----a-w- c:\windows\system32\WinSetupUI.dll
2015-03-25 03:23 . 2015-04-15 15:19 12288 ----a-w- c:\windows\system32\wu.upgrade.ps.dll
2015-03-25 03:23 . 2015-04-15 15:19 36864 ----a-w- c:\windows\system32\wuapp.exe
2015-03-25 03:23 . 2015-04-15 15:19 135168 ----a-w- c:\windows\system32\wuauclt.exe
2015-03-25 03:00 . 2015-04-15 15:19 92672 ----a-w- c:\windows\SysWow64\wudriver.dll
2015-03-25 03:00 . 2015-04-15 15:19 566784 ----a-w- c:\windows\SysWow64\wuapi.dll
2015-03-25 03:00 . 2015-04-15 15:19 29696 ----a-w- c:\windows\SysWow64\wups.dll
2015-03-25 03:00 . 2015-04-15 15:19 173056 ----a-w- c:\windows\SysWow64\wuwebv.dll
2015-03-25 03:00 . 2015-04-15 15:19 33792 ----a-w- c:\windows\SysWow64\wuapp.exe
2015-03-23 03:25 . 2015-04-15 15:19 726528 ----a-w- c:\windows\system32\generaltel.dll
2015-03-23 03:25 . 2015-04-15 15:19 769536 ----a-w- c:\windows\system32\invagent.dll
2015-03-23 03:24 . 2015-04-15 15:19 419840 ----a-w- c:\windows\system32\devinv.dll
2015-03-23 03:24 . 2015-04-15 15:19 957952 ----a-w- c:\windows\system32\appraiser.dll
2015-03-23 03:24 . 2015-04-15 15:19 30720 ----a-w- c:\windows\system32\acmigration.dll
2015-03-23 03:24 . 2015-04-15 15:19 227328 ----a-w- c:\windows\system32\aepdu.dll
2015-03-23 03:24 . 2015-04-15 15:19 192000 ----a-w- c:\windows\system32\aepic.dll
2015-03-23 03:17 . 2015-04-15 15:19 1111552 ----a-w- c:\windows\system32\aeinv.dll
2015-03-15 16:56 . 2015-03-15 16:56 236080 ----a-w- c:\windows\RegBootClean64.exe
2015-03-13 09:23 . 2015-03-13 09:23 4096 ----a-w- c:\windows\SysWow64\msdxm.ocx
2015-03-10 03:25 . 2015-04-15 15:19 1882624 ----a-w- c:\windows\system32\msxml3.dll
2015-03-10 03:21 . 2015-04-15 15:19 2048 ----a-w- c:\windows\system32\msxml3r.dll
2015-03-10 03:08 . 2015-04-15 15:19 1237504 ----a-w- c:\windows\SysWow64\msxml3.dll
2015-03-10 03:05 . 2015-04-15 15:19 2048 ----a-w- c:\windows\SysWow64\msxml3r.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CyberGhost"="c:\program files\CyberGhost 5\CyberGhost.exe" [2015-05-21 430048]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2015-05-14 28917376]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Google Japanese Input Prelauncher"="c:\program files (x86)\Google\Google Japanese Input\GoogleIMEJaBroker32.exe" [2013-12-18 1435672]
"StartCCC"="c:\program files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe" [2014-11-20 767176]
"VIAxHCUtl"="c:\via_xhci\usb3Monitor.exe" [2015-03-12 331776]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2015-04-06 157480]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
NETGEAR WNA3100 Genie.lnk - c:\program files (x86)\NETGEAR\WNA3100\WNA3100.exe [2015-3-12 8266456]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\keyboard layouts\e0200411]
Ime File REG_SZ GIMEJA.IME
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R2 WSWNA3100;WSWNA3100;c:\program files (x86)\NETGEAR\WNA3100\WifiSvc.exe;c:\program files (x86)\NETGEAR\WNA3100\WifiSvc.exe [x]
R3 AppleChargerSrv;AppleChargerSrv;c:\windows\system32\AppleChargerSrv.exe;c:\windows\SYSNATIVE\AppleChargerSrv.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 iusb3hcs;Intel(R) USB 3.0 Hostcontroller-Switchtreiber;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
S0 SCMNdisP;General NDIS Protocol Driver;c:\windows\system32\DRIVERS\scmndisp.sys;c:\windows\SYSNATIVE\DRIVERS\scmndisp.sys [x]
S1 AppleCharger;AppleCharger;c:\windows\system32\DRIVERS\AppleCharger.sys;c:\windows\SYSNATIVE\DRIVERS\AppleCharger.sys [x]
S1 GDKBFlt;G Data GDKBFlt Driver;c:\windows\system32\drivers\GDKBFlt64.sys;c:\windows\SYSNATIVE\drivers\GDKBFlt64.sys [x]
S1 klhk;klhk;c:\windows\system32\DRIVERS\klhk.sys;c:\windows\SYSNATIVE\DRIVERS\klhk.sys [x]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys;c:\windows\SYSNATIVE\DRIVERS\klim6.sys [x]
S1 klpd;klpd;c:\windows\system32\DRIVERS\klpd.sys;c:\windows\SYSNATIVE\DRIVERS\klpd.sys [x]
S1 kltdi;kltdi;c:\windows\system32\DRIVERS\kltdi.sys;c:\windows\SYSNATIVE\DRIVERS\kltdi.sys [x]
S1 kneps;kneps;c:\windows\system32\DRIVERS\kneps.sys;c:\windows\SYSNATIVE\DRIVERS\kneps.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AVP15.0.0;Kaspersky Anti-Virus Service 15.0.0;c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\avp.exe;c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\avp.exe [x]
S2 CGVPNCliService;CyberGhost 5 Client Service;c:\program files\CyberGhost 5\Service.exe;c:\program files\CyberGhost 5\Service.exe [x]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 GoogleIMEJaCacheService;Google Japanese Input Cache Service;c:\program files (x86)\Google\Google Japanese Input\GoogleIMEJaCacheService.exe;c:\program files (x86)\Google\Google Japanese Input\GoogleIMEJaCacheService.exe [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x]
S2 VIAKaraokeService;VIA Karaoke digital mixer Service;c:\windows\system32\viakaraokesrv.exe;c:\windows\SYSNATIVE\viakaraokesrv.exe [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 BCMH43XX;Treiber für Broadcom 802.11-USB-Netzwerkadapter;c:\windows\system32\DRIVERS\bcmwlhigh664.sys;c:\windows\SYSNATIVE\DRIVERS\bcmwlhigh664.sys [x]
S3 iusb3hub;Intel(R) USB 3.0-Hubtreiber;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Intel(R) USB 3.0 eXtensible-Hostcontrollertreiber;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
S3 klflt;Kaspersky Lab Kernel DLL;c:\windows\system32\DRIVERS\klflt.sys;c:\windows\SYSNATIVE\DRIVERS\klflt.sys [x]
S3 klkbdflt;Kaspersky Lab KLKBDFLT;c:\windows\system32\DRIVERS\klkbdflt.sys;c:\windows\SYSNATIVE\DRIVERS\klkbdflt.sys [x]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys;c:\windows\SYSNATIVE\DRIVERS\klmouflt.sys [x]
S3 L1C;NDIS Miniport Driver for Qualcomm Atheros AR81xx PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys;c:\windows\SYSNATIVE\drivers\viahduaa.sys [x]
S3 VUSB3HUB;VIA USB 3 Root Hub Service;c:\windows\system32\DRIVERS\ViaHub3.sys;c:\windows\SYSNATIVE\DRIVERS\ViaHub3.sys [x]
S3 xhcdrv;VIA USB eXtensible Host Controller Service;c:\windows\system32\DRIVERS\xhcdrv.sys;c:\windows\SYSNATIVE\DRIVERS\xhcdrv.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
Inhalt des "geplante Tasks" Ordners
.
2015-06-02 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-04-11 16:16]
.
2015-06-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-11-22 22:52]
.
2015-06-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-11-22 22:52]
.
.
--------- X64 Entries -----------
.
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
mStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Zu Anti-Banner hinzufügen - c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\ie_banner_deny.htm
TCP: DhcpNameServer = 192.168.178.1
TCP: Interfaces\{4857B833-3EF8-4626-880E-BEF4F16D68AD}: NameServer = 95.169.183.219,89.41.60.38
FF - ProfilePath - c:\users\Aaron\AppData\Roaming\Mozilla\Firefox\Profiles\55itt523.default\
FF - user.js: plugin.state.npcontentblocker - 2
FF - user.js: plugin.state.nponlinebanking - 2
FF - user.js: plugin.state.npvkplugin - 2
FF - user.js: plugin.state.anti_banner_native_proxy - 2
FF - user.js: plugin.state.url_advisor - 2
FF - user.js: plugin.state.anti_banner_native_proxy - 2
FF - user.js: plugin.state.url_advisor - 2
FF - user.js: plugin.state.anti_banner_native_proxy - 2
FF - user.js: plugin.state.url_advisor - 2
FF - user.js: plugin.state.anti_banner_native_proxy - 2
FF - user.js: plugin.state.url_advisor - 2
FF - user.js: plugin.state.anti_banner_native_proxy - 2
FF - user.js: plugin.state.url_advisor - 2
FF - user.js: plugin.state.nponlinebanking - 2
FF - user.js: plugin.state.npvkplugin - 2
FF - user.js: plugin.state.anti_banner_native_proxy - 2
FF - user.js: plugin.state.url_advisor - 2
.
.
------- Dateityp-Verknüpfung -------
.
inifile="%SystemRoot%\system32\NOTEPAD.EXE" %1
txtfile="%SystemRoot%\system32\NOTEPAD.EXE" %1
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKLM-Run-G Data ASM - c:\program files (x86)\G Data\InternetSecurity\DelayLoader\AutorunDelayLoader.exe
Wow6432Node-HKLM-Run-BlueStacks Agent - c:\program files (x86)\BlueStacks\HD-Agent.exe
Wow6432Node-HKU-Default-RunOnce-SPReview - c:\windows\System32\SPReview\SPReview.exe
HKLM-Run-Platinum - c:\program files\Trend Micro\Titanium\plugin\Pt\PtSessionAgent.exe
HKLM-Run-Trend Micro Client Framework - c:\program files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,89,d5,40,14,58,7c,c0,46,bd,f4,88,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,89,d5,40,14,58,7c,c0,46,bd,f4,88,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_17_0_0_169_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_17_0_0_169_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_17_0_0_169_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_17_0_0_169_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_17_0_0_169.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.17"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_17_0_0_169.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_17_0_0_169.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_17_0_0_169.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Google\Update\1.3.27.5\GoogleCrashHandler.exe
c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\avpui.exe
c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2015-06-03 15:59:34 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2015-06-03 13:59
.
Vor Suchlauf: 11 Verzeichnis(se), 130.554.417.152 Bytes frei
Nach Suchlauf: 16 Verzeichnis(se), 130.121.367.552 Bytes frei
.
- - End Of File - - 4B4BA47D141F2862242D316EE8F7BB99
|
|
04.06.2015, 10:59
| #8 |
| /// the machine /// TB-Ausbilder | Windows-kein-Originalprodukt-Meldung Downloade Dir bitte  Malwarebytes Anti-Malware
Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
04.06.2015, 17:28
| #9 |
| | Windows-kein-Originalprodukt-Meldung Hier die Ergebnisse Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: 04.06.2015 Suchlauf-Zeit: 17:08:40 Logdatei: MB.txt Administrator: Ja Version: 2.01.6.1022 Malware Datenbank: v2015.06.04.03 Rootkit Datenbank: v2015.06.02.01 Lizenz: Testversion Malware Schutz: Aktiviert Bösartiger Webseiten Schutz: Aktiviert Selbstschutz: Deaktiviert Betriebssystem: Windows 7 Service Pack 1 CPU: x64 Dateisystem: NTFS Benutzer: Aaron Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 359173 Verstrichene Zeit: 14 Min, 22 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Deaktiviert Heuristik: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (Keine schädliche Elemente gefunden) Module: 0 (Keine schädliche Elemente gefunden) Registrierungsschlüssel: 0 (Keine schädliche Elemente gefunden) Registrierungswerte: 0 (Keine schädliche Elemente gefunden) Registrierungsdaten: 0 (Keine schädliche Elemente gefunden) Ordner: 8 PUP.Optional.WPM.A, C:\ProgramData\WindowsMangerProtect, In Quarantäne, [0f6a88bbf09a122418874a361ae99d63], PUP.Optional.WPM.A, C:\ProgramData\WindowsMangerProtect\update, In Quarantäne, [0f6a88bbf09a122418874a361ae99d63], PUP.Optional.ViView.A, C:\Users\Aaron\AppData\Roaming\vi-view, In Quarantäne, [ee8b7ec5e6a4082e3123e6b644bf06fa], PUP.Optional.ViView.A, C:\Users\Aaron\AppData\Roaming\vi-view\log, In Quarantäne, [ee8b7ec5e6a4082e3123e6b644bf06fa], PUP.Optional.SolutionReal.A, C:\Program Files (x86)\Solution Real, In Quarantäne, [ccade1626a2032044232693343c0d22e], PUP.Optional.SolutionReal.A, C:\Program Files (x86)\Solution Real\bin, In Quarantäne, [ccade1626a2032044232693343c0d22e], PUP.Optional.IHProtectUpDate.A, C:\ProgramData\IHProtectUpDate, In Quarantäne, [651456edb4d6c96d2f077c211be8d030], PUP.Optional.IHProtectUpDate.A, C:\ProgramData\IHProtectUpDate\update, In Quarantäne, [651456edb4d6c96d2f077c211be8d030], Dateien: 2 PUP.Optional.ViView.A, C:\Users\Aaron\AppData\Roaming\vi-view\log\UninstallManager_2015-01-09[17-32-21-525].log, In Quarantäne, [ee8b7ec5e6a4082e3123e6b644bf06fa], PUP.Optional.SolutionReal.A, C:\Program Files (x86)\Solution Real\bin\BrowserAdapter.7z, In Quarantäne, [ccade1626a2032044232693343c0d22e], Physische Sektoren: 0 (Keine schädliche Elemente gefunden) (end) Code:
ATTFilter # AdwCleaner v4.206 - Bericht erstellt 04/06/2015 um 17:47:16
# Aktualisiert 01/06/2015 von Xplode
# Datenbank : 2015-06-01.1 [Server]
# Betriebssystem : Windows 7 Ultimate Service Pack 1 (x64)
# Benutzername : Aaron - HEIM
# Gestarted von : C:\Users\Aaron\Downloads\AdwCleaner_4.206.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\Program Files (x86)\XTab
Ordner Gelöscht : C:\Program Files\Hola
Ordner Gelöscht : C:\Users\Aaron\AppData\Local\Hola
Ordner Gelöscht : C:\Users\Aaron\AppData\Roaming\RHEng
Datei Gelöscht : C:\Users\Aaron\AppData\Roaming\Mozilla\Firefox\Profiles\55itt523.default\user.js
Datei Gelöscht : C:\Users\Aaron\AppData\Roaming\Mozilla\Firefox\Profiles\ktw5ym78.dev-edition-default\user.js
***** [ Geplante Tasks ] *****
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{00B11DA2-75ED-4364-ABA5-9A95B1F5E946}
Schlüssel Gelöscht : HKCU\Software\OCS
Daten Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - *.local
***** [ Internetbrowser ] *****
-\\ Internet Explorer v11.0.9600.17801
-\\ Mozilla Firefox v38.0.5 (x86 de)
-\\ Pale Moon v25.3.1 (en-US)
*************************
AdwCleaner[R0].txt - [1514 Bytes] - [04/06/2015 17:25:11]
AdwCleaner[R1].txt - [1573 Bytes] - [04/06/2015 17:31:02]
AdwCleaner[S0].txt - [1447 Bytes] - [04/06/2015 17:47:16]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1506 Bytes] ##########
Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.8.8 (06.03.2015:1)
OS: Windows 7 Ultimate x64
Ran by Aaron on 04.06.2015 at 18:06:20,35
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Tasks
~~~ Registry Values
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL
~~~ Registry Keys
~~~ Files
Successfully deleted: [File] C:\Windows\prefetch\SPEEDAUTOCLICKER.EXE-49C7D7B2.pf
~~~ Folders
~~~ FireFox
Successfully deleted: [File] C:\Users\Aaron\AppData\Roaming\mozilla\firefox\profiles\55itt523.default\searchplugins\youtube-video-search.xml
Emptied folder: C:\Users\Aaron\AppData\Roaming\mozilla\firefox\profiles\55itt523.default\minidumps [249 files]
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 04.06.2015 at 18:08:13,48
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 29-05-2015
Ran by Aaron (administrator) on HEIM on 04-06-2015 18:15:31
Running from C:\Users\Aaron\Downloads
Loaded Profiles: Aaron (Available Profiles: Aaron)
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Google Inc.) C:\Program Files (x86)\Google\Google Japanese Input\GoogleIMEJaCacheService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_188.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_188.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\avp.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\avpui.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [Platinum] => "C:\Program Files\Trend Micro\Titanium\plugin\Pt\PtSessionAgent.exe" -StartUp
HKLM\...\Run: [Trend Micro Client Framework] => "C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe"
HKLM-x32\...\Run: [Google Japanese Input Prelauncher] => C:\Program Files (x86)\Google\Google Japanese Input\GoogleIMEJaBroker32.exe [1435672 2013-12-18] (Google Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2014-11-20] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [VIAxHCUtl] => C:\VIA_XHCI\usb3Monitor.exe [331776 2015-03-12] (VIA Technologies, Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2015-04-07] (Apple Inc.)
HKU\S-1-5-21-2455565853-2773199953-1460756191-1000\...\Run: [CyberGhost] => C:\Program Files\CyberGhost 5\CyberGhost.exe [430048 2015-05-21] (CyberGhost S.R.L.)
HKU\S-1-5-21-2455565853-2773199953-1460756191-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [28917376 2015-05-14] (Skype Technologies S.A.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NETGEAR WNA3100 Genie.lnk [2015-03-12]
ShortcutTarget: NETGEAR WNA3100 Genie.lnk -> C:\Program Files (x86)\NETGEAR\WNA3100\WNA3100.exe ()
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\S-1-5-21-2455565853-2773199953-1460756191-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-2455565853-2773199953-1460756191-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-2455565853-2773199953-1460756191-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2455565853-2773199953-1460756191-1000 -> {FDE77B5B-F923-4C0E-BAD4-29914B67A6C0} URL = https://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=937811&p={searchTerms}
BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll [2014-04-20] (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll [2015-05-17] (Kaspersky Lab ZAO)
BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\OnlineBanking\online_banking_bho.dll [2014-04-20] (Kaspersky Lab ZAO)
BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll [2014-04-20] (Kaspersky Lab ZAO)
BHO-x32: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll [2014-04-20] (Kaspersky Lab ZAO)
BHO-x32: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll [2015-05-17] (Kaspersky Lab ZAO)
BHO-x32: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\OnlineBanking\online_banking_bho.dll [2014-04-20] (Kaspersky Lab ZAO)
BHO-x32: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\UrlAdvisor\klwtbbho.dll [2014-04-20] (Kaspersky Lab ZAO)
Handler: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - C:\Program Files\Trend Micro\Titanium\UIFramework\ProToolbarIMRatingActiveX.dll No File
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{4857B833-3EF8-4626-880E-BEF4F16D68AD}: [NameServer] 95.169.183.219,89.41.60.38
FireFox:
========
FF ProfilePath: C:\Users\Aaron\AppData\Roaming\Mozilla\Firefox\Profiles\55itt523.default
FF DefaultSearchEngine: DuckDuckGo
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_188.dll [2015-05-26] ()
FF Plugin: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll [2015-05-20] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_188.dll [2015-05-26] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1214154.dll [2014-11-26] (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @kaspersky.com/content_blocker -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\content_blocker@kaspersky.com [2015-05-17] ()
FF Plugin-x32: @kaspersky.com/online_banking -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\online_banking@kaspersky.com [2015-05-17] ()
FF Plugin-x32: @kaspersky.com/virtual_keyboard -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\virtual_keyboard@kaspersky.com [2015-05-17] ()
FF Plugin-x32: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll [2015-05-20] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-20] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-20] (Google Inc.)
FF Plugin HKU\S-1-5-21-2455565853-2773199953-1460756191-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Aaron\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-12-05] (Unity Technologies ApS)
FF SearchPlugin: C:\Users\Aaron\AppData\Roaming\Mozilla\Firefox\Profiles\55itt523.default\searchplugins\google-images.xml [2014-11-01]
FF SearchPlugin: C:\Users\Aaron\AppData\Roaming\Mozilla\Firefox\Profiles\55itt523.default\searchplugins\google-maps.xml [2014-11-01]
FF Extension: YouTube Unblocker - C:\Users\Aaron\AppData\Roaming\Mozilla\Firefox\Profiles\55itt523.default\Extensions\youtubeunblocker@unblocker.yt [2015-05-29]
FF Extension: Ghostery - C:\Users\Aaron\AppData\Roaming\Mozilla\Firefox\Profiles\55itt523.default\Extensions\firefox@ghostery.com.xpi [2015-01-18]
FF Extension: Tab for a Cause - C:\Users\Aaron\AppData\Roaming\Mozilla\Firefox\Profiles\55itt523.default\Extensions\tabforacause@tabforacause.org.xpi [2014-12-21]
FF Extension: NoScript - C:\Users\Aaron\AppData\Roaming\Mozilla\Firefox\Profiles\55itt523.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2014-11-01]
FF Extension: VideoService - C:\Users\Aaron\AppData\Roaming\Mozilla\Firefox\Profiles\55itt523.default\Extensions\{9d58e825-a4eb-4a2c-9736-3b0d51b3c8c5}.xpi [2014-12-20]
FF Extension: Adblock Plus - C:\Users\Aaron\AppData\Roaming\Mozilla\Firefox\Profiles\55itt523.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-11-01]
FF Extension: BetterPrivacy - C:\Users\Aaron\AppData\Roaming\Mozilla\Firefox\Profiles\55itt523.default\Extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi [2015-02-02]
FF Extension: {f9f3dafd-5da0-4d41-a597-c11bf9609e1b} - C:\Users\Aaron\AppData\Roaming\Mozilla\Firefox\Profiles\55itt523.default\Extensions\{f9f3dafd-5da0-4d41-a597-c11bf9609e1b}.xpi [2014-12-09]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2015-06-02]
FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\content_blocker@kaspersky.com
FF Extension: Dangerous Websites Blocker - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\content_blocker@kaspersky.com [2015-05-14]
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\virtual_keyboard@kaspersky.com [2015-05-14]
FF HKLM-x32\...\Firefox\Extensions: - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\url_advisor@kaspersky.com
FF Extension: Kaspersky URL Advisor - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\url_advisor@kaspersky.com [2015-05-14]
FF HKLM-x32\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\anti_banner@kaspersky.com
FF Extension: Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\anti_banner@kaspersky.com [2015-05-14]
FF HKLM-x32\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\online_banking@kaspersky.com
FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\online_banking@kaspersky.com [2015-05-14]
FF HKU\S-1-5-21-2455565853-2773199953-1460756191-1000\...\Firefox\Extensions: [cliqz@cliqz.com] - C:\Users\Aaron\AppData\Roaming\Mozilla\Firefox\Profiles\55itt523.default\extensions\cliqz@cliqz.com
StartMenuInternet: FIREFOX.EXE - C:\Program Files\Firefox Developer Edition\firefox.exe
Chrome:
=======
CHR HKLM\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho
CHR HKLM-x32\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] ()
R2 AVP15.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\avp.exe [233552 2014-04-20] (Kaspersky Lab ZAO)
S2 CGVPNCliService; C:\Program Files\CyberGhost 5\Service.exe [63968 2015-05-21] (CyberGhost S.R.L)
R2 GoogleIMEJaCacheService; C:\Program Files (x86)\Google\Google Japanese Input\GoogleIMEJaCacheService.exe [754712 2013-12-18] (Google Inc.)
S2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
S2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2015-04-14] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
S2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27792 2012-08-03] (VIA Technologies, Inc.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 WSWNA3100; C:\Program Files (x86)\NETGEAR\WNA3100\WifiSvc.exe [307928 2013-11-11] ()
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [22680 2012-10-25] ()
R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [88480 2015-05-31] ()
R1 GDKBFlt; C:\Windows\system32\drivers\GDKBFlt64.sys [20992 2015-04-15] (G Data Software AG)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [457824 2014-02-20] (Kaspersky Lab ZAO)
R3 klflt; C:\Windows\System32\DRIVERS\klflt.sys [141320 2015-05-17] (Kaspersky Lab ZAO)
R1 klhk; C:\Windows\System32\DRIVERS\klhk.sys [243808 2014-04-10] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [793800 2015-05-17] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [30304 2014-02-25] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [28768 2014-03-28] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-08-08] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [55904 2014-03-25] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [179296 2014-03-26] (Kaspersky Lab ZAO)
R3 L1C; C:\Windows\System32\DRIVERS\L1C62x64.sys [110744 2012-07-19] (Qualcomm Atheros Co., Ltd.)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [46400 2015-05-31] ()
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-04-14] (Malwarebytes Corporation)
R3 VUSB3HUB; C:\Windows\System32\DRIVERS\ViaHub3.sys [205312 2012-01-20] (VIA Technologies, Inc.)
R3 xhcdrv; C:\Windows\System32\DRIVERS\xhcdrv.sys [254464 2012-01-20] (VIA Technologies, Inc.)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 gdrv; \??\C:\Windows\gdrv.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-06-04 18:08 - 2015-06-04 18:08 - 00001090 _____ () C:\Users\Aaron\Desktop\JRT.txt
2015-06-04 18:06 - 2015-06-04 18:06 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-HEIM-Windows-7-Ultimate-(64-bit).dat
2015-06-04 18:06 - 2015-06-04 18:06 - 00000000 ____D () C:\RegBackup
2015-06-04 18:02 - 2015-06-04 18:03 - 02942610 _____ (Thisisu) C:\Users\Aaron\Downloads\JRT.exe
2015-06-04 17:51 - 2015-06-04 17:51 - 00001586 _____ () C:\Users\Aaron\Desktop\AdwCleaner[S0].txt
2015-06-04 17:25 - 2015-06-04 17:47 - 00000000 ____D () C:\AdwCleaner
2015-06-04 17:24 - 2015-06-04 17:24 - 02231296 _____ () C:\Users\Aaron\Downloads\AdwCleaner_4.206.exe
2015-06-04 17:24 - 2015-06-04 17:24 - 00002387 _____ () C:\Users\Aaron\Desktop\MB.txt
2015-06-04 17:07 - 2015-06-04 17:07 - 00001106 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-06-04 17:07 - 2015-06-04 17:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2015-06-04 17:07 - 2015-06-04 17:07 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2015-06-04 17:07 - 2015-04-14 09:37 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-06-04 17:07 - 2015-04-14 09:37 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-06-04 17:06 - 2015-06-04 17:07 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\Aaron\Downloads\mbam-setup-2.1.6.1022.exe
2015-06-03 22:41 - 2015-06-03 22:41 - 00000211 _____ () C:\Users\Aaron\Desktop\Idl.txt
2015-06-03 15:59 - 2015-06-03 15:59 - 00027183 _____ () C:\ComboFix.txt
2015-06-03 15:46 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-06-03 15:46 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-06-03 15:46 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-06-03 15:46 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-06-03 15:46 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-06-03 15:46 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2015-06-03 15:46 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2015-06-03 15:46 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2015-06-03 15:45 - 2015-06-03 15:59 - 00000000 ____D () C:\Qoobox
2015-06-03 15:45 - 2015-06-03 15:58 - 00000000 ____D () C:\Windows\erdnt
2015-06-03 15:44 - 2015-06-03 15:44 - 05628238 ____R (Swearware) C:\Users\Aaron\Downloads\ComboFix.exe
2015-06-02 17:50 - 2015-06-02 17:50 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\20C31D9D.sys
2015-06-02 17:50 - 2015-06-02 17:50 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\7EF21D72.sys
2015-06-02 17:24 - 2015-06-03 15:38 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-06-02 17:09 - 2015-06-04 17:50 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-06-02 17:09 - 2015-06-04 17:07 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-06-02 17:09 - 2015-06-02 17:50 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-06-02 17:08 - 2015-06-02 17:08 - 04197016 _____ (Kaspersky Lab ZAO) C:\Users\Aaron\Downloads\tdsskiller.exe
2015-06-02 17:07 - 2015-06-02 17:51 - 00000000 ____D () C:\Users\Aaron\Desktop\mbar
2015-06-02 17:07 - 2015-06-02 17:07 - 16502728 _____ (Malwarebytes Corp.) C:\Users\Aaron\Downloads\mbar-1.09.1.1004.exe
2015-06-02 17:07 - 2015-04-14 09:37 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-06-02 17:00 - 2015-06-02 17:00 - 00001268 _____ () C:\Users\Aaron\Desktop\Revo Uninstaller.lnk
2015-06-02 17:00 - 2015-06-02 17:00 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2015-06-02 16:59 - 2015-06-02 17:00 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Aaron\Downloads\revosetup95.exe
2015-06-01 17:50 - 2015-06-01 17:50 - 00057739 _____ () C:\Users\Aaron\Desktop\FRST.txt
2015-06-01 17:50 - 2015-06-01 17:50 - 00030288 _____ () C:\Users\Aaron\Desktop\Addition.txt
2015-05-31 20:10 - 2015-06-01 17:45 - 00030288 _____ () C:\Users\Aaron\Downloads\Addition.txt
2015-05-31 20:09 - 2015-06-04 18:15 - 00017020 _____ () C:\Users\Aaron\Downloads\FRST.txt
2015-05-31 20:09 - 2015-06-04 18:15 - 00000000 ____D () C:\FRST
2015-05-31 20:08 - 2015-05-31 20:08 - 02108928 _____ (Farbar) C:\Users\Aaron\Downloads\FRST64.exe
2015-05-31 10:47 - 2015-05-31 10:47 - 00235936 _____ (Tagès SA) C:\Users\Aaron\Downloads\TagesSetup_x64.exe
2015-05-29 20:40 - 2015-05-29 20:40 - 00159144 _____ (Microsoft Corporation) C:\Users\Aaron\Downloads\WindowsActivationUpdate.exe
2015-05-28 21:37 - 2015-05-28 21:37 - 00000000 ____D () C:\Users\Aaron\.android
2015-05-28 21:20 - 2015-05-29 22:22 - 00000000 ___RD () C:\Program Files (x86)\Skype
2015-05-28 21:20 - 2015-05-29 22:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-05-28 21:20 - 2015-05-28 21:20 - 00002699 _____ () C:\Users\Public\Desktop\Skype.lnk
2015-05-28 20:44 - 2015-05-28 20:46 - 14155832 _____ (BlueStack Systems Inc.) C:\Users\Aaron\Downloads\BlueStacks-ThinInstaller(1).exe
2015-05-28 20:36 - 2015-05-28 20:36 - 01384064 _____ (Skype Technologies S.A.) C:\Users\Aaron\Downloads\SkypeSetup.exe
2015-05-26 22:15 - 2015-05-26 23:21 - 00020125 _____ () C:\Users\Aaron\Documents\SEminario.odt
2015-05-25 16:01 - 2015-05-25 16:01 - 00000000 ____D () C:\Users\Aaron\Downloads\Passage
2015-05-25 16:00 - 2015-05-25 16:00 - 00497214 _____ () C:\Users\Aaron\Downloads\Passage_v3_Windows(1).exe
2015-05-24 22:17 - 2015-05-24 22:17 - 00000592 _____ () C:\Users\Aaron\Documents\Taddl.txt
2015-05-20 17:08 - 2015-06-04 18:13 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-05-20 17:08 - 2015-06-04 17:50 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-05-20 17:08 - 2015-05-20 17:08 - 00004106 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-05-20 17:08 - 2015-05-20 17:08 - 00003854 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-05-19 19:22 - 2015-05-29 22:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-05-19 19:22 - 2015-05-19 19:22 - 00000000 ____D () C:\Users\Aaron\AppData\Roaming\Apple Computer
2015-05-19 19:22 - 2015-05-19 19:22 - 00000000 ____D () C:\Users\Aaron\AppData\Local\Apple Computer
2015-05-19 19:21 - 2015-05-19 19:21 - 00000000 ____D () C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2015-05-19 19:21 - 2015-05-19 19:21 - 00000000 ____D () C:\ProgramData\Apple Computer
2015-05-19 19:21 - 2015-05-19 19:21 - 00000000 ____D () C:\Program Files\iTunes
2015-05-19 19:21 - 2015-05-19 19:21 - 00000000 ____D () C:\Program Files\iPod
2015-05-19 19:21 - 2015-05-19 19:21 - 00000000 ____D () C:\Program Files (x86)\iTunes
2015-05-19 19:21 - 2012-10-03 16:14 - 00033240 _____ (GEAR Software Inc.) C:\Windows\system32\Drivers\GEARAspiWDM.sys
2015-05-19 19:20 - 2015-05-21 22:04 - 00000000 ____D () C:\Program Files\Common Files\Apple
2015-05-19 19:20 - 2015-05-19 19:20 - 00000000 ____D () C:\Users\Aaron\AppData\Local\Apple
2015-05-19 19:19 - 2015-05-21 22:03 - 00000000 ____D () C:\ProgramData\Apple
2015-05-19 19:02 - 2015-05-19 19:15 - 121283888 _____ (Apple Inc.) C:\Users\Aaron\Downloads\itunes64setup.exe
2015-05-19 18:40 - 2015-05-19 18:49 - 108728624 _____ (Apple Inc.) C:\Users\Aaron\Downloads\iTunesSetup.exe
2015-05-19 17:24 - 2015-05-31 10:49 - 00088480 _____ () C:\Windows\system32\Drivers\atksgt.sys
2015-05-19 17:24 - 2015-05-31 10:49 - 00046400 _____ () C:\Windows\system32\Drivers\lirsgt.sys
2015-05-19 17:24 - 2015-05-29 22:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AGEIA
2015-05-19 17:24 - 2015-05-19 17:24 - 00000000 ____D () C:\Windows\SysWOW64\AGEIA
2015-05-19 17:24 - 2015-05-19 17:24 - 00000000 ____D () C:\Windows\system32\AGEIA
2015-05-19 17:24 - 2015-05-19 17:24 - 00000000 ____D () C:\ProgramData\InstallShield
2015-05-19 17:24 - 2015-05-19 17:24 - 00000000 ____D () C:\Program Files (x86)\AGEIA Technologies
2015-05-19 17:23 - 2015-05-19 17:23 - 00002358 _____ () C:\Users\Public\Desktop\Sherlock Holmes jagt Arsene Lupin spielen.lnk
2015-05-19 17:23 - 2015-05-19 17:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Focus
2015-05-19 17:21 - 2015-05-19 17:21 - 00002068 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Program Updates.lnk
2015-05-19 17:21 - 2015-05-19 17:21 - 00000000 ____D () C:\Program Files (x86)\Focus
2015-05-19 17:21 - 2004-08-09 06:04 - 00073728 _____ (InstallShield Software Corporation) C:\Windows\SysWOW64\ISUSPM.cpl
2015-05-14 22:53 - 2015-05-18 15:05 - 00002334 _____ () C:\Users\Aaron\Desktop\Sicherer Zahlungsverkehr.lnk
2015-05-14 22:52 - 2015-05-29 22:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Internet Security
2015-05-14 22:52 - 2015-05-14 22:52 - 00001196 _____ () C:\Users\Public\Desktop\Kaspersky Internet Security.lnk
2015-05-14 22:52 - 2013-05-06 09:13 - 00110176 _____ (Kaspersky Lab ZAO) C:\Windows\system32\klfphc.dll
2015-05-14 22:51 - 2015-06-04 18:09 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2015-05-14 22:51 - 2015-05-17 21:49 - 00793800 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klif.sys
2015-05-14 22:51 - 2015-05-17 21:49 - 00141320 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klflt.sys
2015-05-14 22:51 - 2015-05-14 22:51 - 00000000 ____D () C:\Windows\ELAMBKUP
2015-05-14 22:51 - 2015-05-14 22:51 - 00000000 ____D () C:\Program Files (x86)\Kaspersky Lab
2015-05-14 22:51 - 2014-04-10 17:25 - 00243808 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klhk.sys
2015-05-14 22:43 - 2015-05-14 22:48 - 176562784 _____ () C:\Users\Aaron\Downloads\kis15.0.0.463de_6508.exe
2015-05-13 13:20 - 2015-05-01 15:17 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-13 13:20 - 2015-05-01 15:16 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-05-13 10:59 - 2015-05-05 03:29 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-05-13 10:59 - 2015-05-05 03:12 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-05-13 10:59 - 2015-04-22 04:28 - 00389840 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-05-13 10:59 - 2015-04-22 03:48 - 00342736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-05-13 10:59 - 2015-04-21 19:14 - 24971776 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-05-13 10:59 - 2015-04-21 19:08 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-05-13 10:59 - 2015-04-21 19:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-05-13 10:59 - 2015-04-21 18:51 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-05-13 10:59 - 2015-04-21 18:50 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-05-13 10:59 - 2015-04-21 18:50 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-05-13 10:59 - 2015-04-21 18:50 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-05-13 10:59 - 2015-04-21 18:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-05-13 10:59 - 2015-04-21 18:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-05-13 10:59 - 2015-04-21 18:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-05-13 10:59 - 2015-04-21 18:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-05-13 10:59 - 2015-04-21 18:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-05-13 10:59 - 2015-04-21 18:35 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-05-13 10:59 - 2015-04-21 18:35 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-05-13 10:59 - 2015-04-21 18:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-05-13 10:59 - 2015-04-21 18:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-05-13 10:59 - 2015-04-21 18:31 - 06025728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-05-13 10:59 - 2015-04-21 18:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-05-13 10:59 - 2015-04-21 18:25 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-05-13 10:59 - 2015-04-21 18:24 - 19691008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-05-13 10:59 - 2015-04-21 18:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-05-13 10:59 - 2015-04-21 18:14 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-05-13 10:59 - 2015-04-21 18:11 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-05-13 10:59 - 2015-04-21 18:11 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-05-13 10:59 - 2015-04-21 18:10 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-05-13 10:59 - 2015-04-21 18:09 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-05-13 10:59 - 2015-04-21 18:09 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-05-13 10:59 - 2015-04-21 18:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-05-13 10:59 - 2015-04-21 18:08 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-05-13 10:59 - 2015-04-21 18:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-05-13 10:59 - 2015-04-21 18:04 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-05-13 10:59 - 2015-04-21 18:03 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-05-13 10:59 - 2015-04-21 18:02 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-05-13 10:59 - 2015-04-21 18:00 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-05-13 10:59 - 2015-04-21 17:58 - 00664576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-05-13 10:59 - 2015-04-21 17:58 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-05-13 10:59 - 2015-04-21 17:57 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-05-13 10:59 - 2015-04-21 17:49 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-05-13 10:59 - 2015-04-21 17:49 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-05-13 10:59 - 2015-04-21 17:48 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-05-13 10:59 - 2015-04-21 17:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-05-13 10:59 - 2015-04-21 17:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-05-13 10:59 - 2015-04-21 17:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-05-13 10:59 - 2015-04-21 17:40 - 14401536 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-05-13 10:59 - 2015-04-21 17:39 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-05-13 10:59 - 2015-04-21 17:38 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-05-13 10:59 - 2015-04-21 17:36 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-05-13 10:59 - 2015-04-21 17:31 - 04305920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-05-13 10:59 - 2015-04-21 17:27 - 02352128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-05-13 10:59 - 2015-04-21 17:26 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-05-13 10:59 - 2015-04-21 17:25 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-05-13 10:59 - 2015-04-21 17:24 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-05-13 10:59 - 2015-04-21 17:17 - 12828672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-05-13 10:59 - 2015-04-21 17:15 - 01547264 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-05-13 10:59 - 2015-04-21 17:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-05-13 10:59 - 2015-04-21 17:02 - 01882112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-05-13 10:59 - 2015-04-21 16:58 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-05-13 10:59 - 2015-04-21 16:56 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-05-13 10:59 - 2015-04-18 05:10 - 00460800 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2015-05-13 10:59 - 2015-04-18 04:56 - 00342016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2015-05-13 10:58 - 2015-04-27 21:28 - 05569984 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-05-13 10:58 - 2015-04-27 21:28 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-05-13 10:58 - 2015-04-27 21:28 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-05-13 10:58 - 2015-04-27 21:26 - 01728960 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-05-13 10:58 - 2015-04-27 21:23 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-05-13 10:58 - 2015-04-27 21:23 - 01254400 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2015-05-13 10:58 - 2015-04-27 21:23 - 01162752 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-05-13 10:58 - 2015-04-27 21:23 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2015-05-13 10:58 - 2015-04-27 21:23 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2015-05-13 10:58 - 2015-04-27 21:23 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-05-13 10:58 - 2015-04-27 21:23 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-05-13 10:58 - 2015-04-27 21:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-05-13 10:58 - 2015-04-27 21:23 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-05-13 10:58 - 2015-04-27 21:23 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-05-13 10:58 - 2015-04-27 21:23 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-05-13 10:58 - 2015-04-27 21:23 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-05-13 10:58 - 2015-04-27 21:23 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-05-13 10:58 - 2015-04-27 21:23 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-05-13 10:58 - 2015-04-27 21:23 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-05-13 10:58 - 2015-04-27 21:23 - 00113664 _____ (Microsoft Corporation) C:\Windows\system32\sechost.dll
2015-05-13 10:58 - 2015-04-27 21:23 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-05-13 10:58 - 2015-04-27 21:23 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-05-13 10:58 - 2015-04-27 21:23 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-05-13 10:58 - 2015-04-27 21:23 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-05-13 10:58 - 2015-04-27 21:23 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-05-13 10:58 - 2015-04-27 21:23 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-05-13 10:58 - 2015-04-27 21:23 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-05-13 10:58 - 2015-04-27 21:23 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-05-13 10:58 - 2015-04-27 21:22 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\tracerpt.exe
2015-05-13 10:58 - 2015-04-27 21:22 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-05-13 10:58 - 2015-04-27 21:22 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-05-13 10:58 - 2015-04-27 21:22 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-05-13 10:58 - 2015-04-27 21:22 - 00104448 _____ (Microsoft Corporation) C:\Windows\system32\logman.exe
2015-05-13 10:58 - 2015-04-27 21:22 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\typeperf.exe
2015-05-13 10:58 - 2015-04-27 21:22 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\relog.exe
2015-05-13 10:58 - 2015-04-27 21:22 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-05-13 10:58 - 2015-04-27 21:22 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\diskperf.exe
2015-05-13 10:58 - 2015-04-27 21:21 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-05-13 10:58 - 2015-04-27 21:18 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-05-13 10:58 - 2015-04-27 21:18 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-05-13 10:58 - 2015-04-27 21:16 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-05-13 10:58 - 2015-04-27 21:16 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-05-13 10:58 - 2015-04-27 21:16 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-05-13 10:58 - 2015-04-27 21:16 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-05-13 10:58 - 2015-04-27 21:16 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-05-13 10:58 - 2015-04-27 21:16 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-05-13 10:58 - 2015-04-27 21:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-05-13 10:58 - 2015-04-27 21:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-05-13 10:58 - 2015-04-27 21:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-05-13 10:58 - 2015-04-27 21:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-05-13 10:58 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-05-13 10:58 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-05-13 10:58 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-05-13 10:58 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-05-13 10:58 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-05-13 10:58 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-05-13 10:58 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-05-13 10:58 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-05-13 10:58 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-05-13 10:58 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-05-13 10:58 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-05-13 10:58 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-05-13 10:58 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-05-13 10:58 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-05-13 10:58 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-05-13 10:58 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-05-13 10:58 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-05-13 10:58 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-05-13 10:58 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-05-13 10:58 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-05-13 10:58 - 2015-04-27 21:11 - 03989440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-05-13 10:58 - 2015-04-27 21:11 - 03934144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-05-13 10:58 - 2015-04-27 21:08 - 01310744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-05-13 10:58 - 2015-04-27 21:05 - 00635392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2015-05-13 10:58 - 2015-04-27 21:05 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-05-13 10:58 - 2015-04-27 21:05 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-05-13 10:58 - 2015-04-27 21:05 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-05-13 10:58 - 2015-04-27 21:05 - 00092160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sechost.dll
2015-05-13 10:58 - 2015-04-27 21:05 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-05-13 10:58 - 2015-04-27 21:05 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-05-13 10:58 - 2015-04-27 21:05 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-05-13 10:58 - 2015-04-27 21:05 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-05-13 10:58 - 2015-04-27 21:04 - 00641536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2015-05-13 10:58 - 2015-04-27 21:04 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-05-13 10:58 - 2015-04-27 21:04 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tracerpt.exe
2015-05-13 10:58 - 2015-04-27 21:04 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\logman.exe
2015-05-13 10:58 - 2015-04-27 21:04 - 00040448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\typeperf.exe
2015-05-13 10:58 - 2015-04-27 21:04 - 00037888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\relog.exe
2015-05-13 10:58 - 2015-04-27 21:04 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-05-13 10:58 - 2015-04-27 21:04 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-05-13 10:58 - 2015-04-27 21:03 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-05-13 10:58 - 2015-04-27 21:03 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-05-13 10:58 - 2015-04-27 21:03 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-05-13 10:58 - 2015-04-27 21:03 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-05-13 10:58 - 2015-04-27 21:03 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\diskperf.exe
2015-05-13 10:58 - 2015-04-27 21:03 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-05-13 10:58 - 2015-04-27 21:01 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-05-13 10:58 - 2015-04-27 21:01 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-05-13 10:58 - 2015-04-27 20:59 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-05-13 10:58 - 2015-04-27 20:59 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-05-13 10:58 - 2015-04-27 20:59 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-05-13 10:58 - 2015-04-27 20:59 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-05-13 10:58 - 2015-04-27 20:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-05-13 10:58 - 2015-04-27 20:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-05-13 10:58 - 2015-04-27 20:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-05-13 10:58 - 2015-04-27 20:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-05-13 10:58 - 2015-04-27 20:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-05-13 10:58 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-05-13 10:58 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-05-13 10:58 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-05-13 10:58 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-05-13 10:58 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-05-13 10:58 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-05-13 10:58 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-05-13 10:58 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-05-13 10:58 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-05-13 10:58 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-05-13 10:58 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-05-13 10:58 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-05-13 10:58 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-05-13 10:58 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-05-13 10:58 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-05-13 10:58 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-05-13 10:58 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-05-13 10:58 - 2015-04-27 20:06 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2015-05-13 10:58 - 2015-04-27 19:57 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-05-13 10:58 - 2015-04-27 19:57 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-05-13 10:58 - 2015-04-27 19:55 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-05-13 10:58 - 2015-04-27 19:55 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-05-13 10:58 - 2015-04-27 19:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-05-13 10:58 - 2015-04-27 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-05-13 10:58 - 2015-04-20 05:17 - 01647104 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-05-13 10:58 - 2015-04-20 05:17 - 01179136 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-05-13 10:58 - 2015-04-20 04:56 - 01250816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-05-13 10:58 - 2015-04-20 04:11 - 03204608 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-05-13 10:58 - 2015-04-13 05:28 - 00328704 _____ (Microsoft Corporation) C:\Windows\system32\services.exe
2015-05-13 10:57 - 2015-04-08 05:29 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2015-05-13 10:57 - 2015-04-08 05:29 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll
2015-05-13 10:57 - 2015-04-08 05:14 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
2015-05-13 10:57 - 2015-03-04 06:41 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\apphelp.dll
2015-05-13 10:57 - 2015-03-04 06:41 - 00072192 _____ (Microsoft Corporation) C:\Windows\system32\aelupsvc.dll
2015-05-13 10:57 - 2015-03-04 06:41 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\sdbinst.exe
2015-05-13 10:57 - 2015-03-04 06:41 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\shimeng.dll
2015-05-13 10:57 - 2015-03-04 06:11 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shimeng.dll
2015-05-13 10:57 - 2015-03-04 06:10 - 00295936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apphelp.dll
2015-05-13 10:57 - 2015-03-04 06:10 - 00020992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sdbinst.exe
2015-05-13 10:57 - 2015-02-18 09:06 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2015-05-13 10:57 - 2015-02-18 09:04 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2015-05-13 10:57 - 2015-01-29 05:19 - 02543104 _____ (Microsoft Corporation) C:\Windows\system32\wpdshext.dll
2015-05-13 10:57 - 2015-01-29 05:02 - 02311168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wpdshext.dll
2015-05-12 17:23 - 2015-05-12 17:23 - 00005710 _____ () C:\Users\Aaron\Downloads\idlesave(1)
2015-05-10 21:09 - 2015-05-10 21:09 - 00003756 _____ () C:\Users\Aaron\Downloads\idlesave
2015-05-08 23:03 - 2015-05-08 23:03 - 00000000 ____D () C:\Users\Aaron\AppData\Local\Steam
2015-05-08 22:57 - 2015-05-08 22:57 - 01142128 _____ () C:\Users\Aaron\Downloads\SteamSetup.exe
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-06-04 18:10 - 2015-04-11 08:57 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-06-04 18:06 - 2009-07-14 06:45 - 00020704 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-06-04 18:06 - 2009-07-14 06:45 - 00020704 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-06-04 17:54 - 2014-11-01 14:00 - 01959760 _____ () C:\Windows\WindowsUpdate.log
2015-06-04 17:50 - 2014-11-01 14:33 - 01370112 _____ () C:\Windows\PFRO.log
2015-06-04 17:50 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-06-04 17:50 - 2009-07-14 06:51 - 00060595 _____ () C:\Windows\setupact.log
2015-06-03 15:59 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Default
2015-06-03 15:54 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini
2015-06-03 15:53 - 2009-07-14 04:34 - 68681728 _____ () C:\Windows\system32\config\software.bak
2015-06-03 15:53 - 2009-07-14 04:34 - 53215232 _____ () C:\Windows\system32\config\components.bak
2015-06-03 15:53 - 2009-07-14 04:34 - 18350080 _____ () C:\Windows\system32\config\system.bak
2015-06-03 15:53 - 2009-07-14 04:34 - 00524288 _____ () C:\Windows\system32\config\default.bak
2015-06-03 15:53 - 2009-07-14 04:34 - 00262144 _____ () C:\Windows\system32\config\security.bak
2015-06-03 15:53 - 2009-07-14 04:34 - 00262144 _____ () C:\Windows\system32\config\sam.bak
2015-06-03 15:38 - 2014-11-01 15:06 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-06-02 19:04 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Public\Libraries
2015-06-02 18:14 - 2014-11-07 23:14 - 00000000 ____D () C:\Users\Aaron\Documents\Anki
2015-06-02 18:01 - 2015-02-05 09:08 - 00000000 ____D () C:\Users\Aaron\Desktop\EA
2015-06-01 18:40 - 2009-07-14 19:58 - 00699092 _____ () C:\Windows\system32\perfh007.dat
2015-06-01 18:40 - 2009-07-14 19:58 - 00149232 _____ () C:\Windows\system32\perfc007.dat
2015-06-01 18:40 - 2009-07-14 07:13 - 01619284 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-05-29 22:26 - 2014-11-01 18:18 - 00000000 ____D () C:\Users\Aaron\AppData\Roaming\Skype
2015-05-29 22:23 - 2014-11-01 14:02 - 00000000 ____D () C:\Users\Aaron
2015-05-29 22:22 - 2015-05-04 19:03 - 00000000 ____D () C:\ProgramData\BlueStacksSetup
2015-05-29 22:22 - 2015-04-04 15:17 - 00000000 ___SD () C:\Windows\system32\GWX
2015-05-29 22:22 - 2015-03-07 14:00 - 00000000 ____D () C:\Program Files\CyberGhost 5
2015-05-29 22:22 - 2014-12-26 22:24 - 00000000 ____D () C:\Users\Aaron\AppData\Local\fabi.me
2015-05-29 22:22 - 2014-11-01 23:20 - 00000000 ____D () C:\Users\Aaron\AppData\Local\Abelssoft
2015-05-29 22:22 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF
2015-05-29 22:22 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2015-05-29 22:22 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\registration
2015-05-29 22:21 - 2014-11-01 18:18 - 00000000 ____D () C:\ProgramData\Skype
2015-05-29 22:04 - 2009-07-14 20:18 - 00000000 ___RD () C:\Users\Public\Recorded TV
2015-05-28 22:56 - 2015-03-07 14:01 - 00000000 ____D () C:\Users\Aaron\AppData\Local\CyberGhost
2015-05-28 22:56 - 2014-11-01 14:02 - 00000000 ____D () C:\Users\Aaron\AppData\Local\VirtualStore
2015-05-26 21:43 - 2015-03-08 17:37 - 00000000 ____D () C:\Users\Aaron\Desktop\Moot
2015-05-26 18:41 - 2014-11-01 14:15 - 00000000 ____D () C:\Users\Aaron\AppData\Local\Adobe
2015-05-26 18:16 - 2015-04-11 08:57 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-05-26 18:16 - 2014-11-01 14:17 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-05-26 18:16 - 2014-11-01 14:17 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-05-26 16:52 - 2009-07-14 07:08 - 00004662 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-05-24 22:17 - 2014-11-27 23:41 - 00006360 _____ () C:\Users\Aaron\Documents\SC.txt
2015-05-20 23:50 - 2015-04-04 15:17 - 00000000 ___SD () C:\Windows\SysWOW64\GWX
2015-05-19 17:21 - 2014-11-01 14:06 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-05-17 19:56 - 2015-04-14 18:27 - 00000000 ____D () C:\Program Files (x86)\G Data
2015-05-17 19:55 - 2015-04-14 18:17 - 00000000 ____D () C:\ProgramData\G Data
2015-05-17 19:55 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\Setup
2015-05-17 19:55 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\oobe
2015-05-17 19:55 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\MUI
2015-05-17 19:55 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\com
2015-05-17 19:42 - 2015-03-13 15:56 - 00000000 ____D () C:\ProgramData\Trend Micro
2015-05-17 19:38 - 2015-03-27 18:33 - 00000000 ____D () C:\Users\Aaron\AppData\Local\Trend Micro
2015-05-14 22:49 - 2015-03-30 19:05 - 00001161 _____ () C:\Users\Aaron\Desktop\VideoCacheView.cfg
2015-05-14 22:40 - 2015-04-26 21:54 - 00000962 _____ () C:\Users\Aaron\Documents\hahah.txt
2015-05-13 17:05 - 2009-07-14 06:45 - 00298248 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-05-13 17:02 - 2009-07-14 20:18 - 00000000 ____D () C:\Program Files\Windows Journal
2015-05-13 17:02 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\AdvancedInstallers
2015-05-13 13:24 - 2014-11-01 14:50 - 00000000 ____D () C:\Windows\system32\MRT
2015-05-13 13:22 - 2009-10-14 07:12 - 140425016 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-05-11 09:58 - 2015-04-14 18:27 - 00006074 _____ () C:\Windows\DPINST.LOG
2015-05-05 20:14 - 2014-11-01 15:07 - 00000000 ____D () C:\Users\Aaron\Desktop\Neuer Ordner
==================== Files in the root of some directories =======
2015-04-14 18:27 - 2015-04-14 18:27 - 0000000 _____ () C:\Users\Aaron\AppData\Roaming\gdfw.log
2015-04-14 18:27 - 2015-04-14 18:27 - 0000779 _____ () C:\Users\Aaron\AppData\Roaming\gdscan.log
2015-03-13 15:56 - 2015-03-13 15:56 - 0000036 _____ () C:\Users\Aaron\AppData\Local\housecall.guid.cache
Some files in TEMP:
====================
C:\Users\Aaron\AppData\Local\Temp\Quarantine.exe
C:\Users\Aaron\AppData\Local\Temp\sqlite3.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-05-29 19:51
==================== End of log ============================
[CODE]Additional FRST Logfile: Code:
ATTFilter scan result of Farbar Recovery Scan Tool (x64) Version: 29-05-2015
Ran by Aaron at 2015-06-04 18:15:53
Running from C:\Users\Aaron\Downloads
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Aaron (S-1-5-21-2455565853-2773199953-1460756191-1000 - Administrator - Enabled) => C:\Users\Aaron
Administrator (S-1-5-21-2455565853-2773199953-1460756191-500 - Administrator - Disabled)
Gast (S-1-5-21-2455565853-2773199953-1460756191-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2455565853-2773199953-1460756191-1002 - Limited - Enabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Kaspersky Internet Security (Enabled - Up to date) {179979E8-273D-D14E-0543-2861940E4886}
AS: Kaspersky Internet Security (Enabled - Up to date) {ACF8980C-0107-DEC0-3FF3-1313EF89023B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security (Enabled) {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Flash Player 17 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.188 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.4.154 - Adobe Systems, Inc.)
AGEIA PhysX v6.12.02 (HKLM-x32\...\{7032E73F-68A0-48F9-8100-E70E79169BAE}) (Version: 6.12.02 - AGEIA Technologies, Inc.)
AMD Catalyst Install Manager (HKLM\...\{F2A7CE36-57BF-5C86-952D-90DBF3746D82}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
Anki (HKLM-x32\...\Anki) (Version: - )
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.7 - Atheros Communications Inc.)
Blobby Volley 2 Version 1.0 (HKLM-x32\...\Blobby Volley 2 Version 1.0_is1) (Version: - )
CHIP Updater (HKLM-x32\...\CHIP Updater_is1) (Version: 2.42 - Abelssoft)
CyberGhost 5 (HKLM\...\CyberGhost 5_is1) (Version: - CyberGhost S.R.L.)
Die Sims™ 3 (HKLM-x32\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}) (Version: 1.67.2 - Electronic Arts)
Die Sims™ 3 Design-Garten-Accessoires (HKLM-x32\...\{117B6BF6-82C3-420C-B284-9247C8568E53}) (Version: 7.3.2 - Electronic Arts)
Die Sims™ 3 Gib Gas-Accessoires (HKLM-x32\...\{ED436EA8-4145-4703-AE5D-4D09DD24AF5A}) (Version: 5.0.44 - Electronic Arts)
Die Sims™ 3 Luxus-Accessoires (HKLM-x32\...\{71828142-5A24-4BD0-97E7-976DA08CE6CF}) (Version: 3.0.38 - Electronic Arts)
Die Sims™ 3 Reiseabenteuer (HKLM-x32\...\{BA26FFA5-6D47-47DB-BE56-34C357B5F8CC}) (Version: 2.0.86 - Electronic Arts)
Die Sims™ 3 Traumkarrieren (HKLM-x32\...\{910F4A29-1134-49E0-AD8B-56E4A3152BD1}) (Version: 4.0.87 - Electronic Arts)
Empire Earth (HKLM-x32\...\{2447500B-22D7-47BD-9B13-1A927F43A267}) (Version: - )
Firefox Developer Edition 38.0a2 (x64 de) (HKLM\...\Firefox Developer Edition 38.0a2 (x64 de)) (Version: 38.0a2 - Mozilla)
Free Audio Converter version 5.0.55.113 (HKLM-x32\...\Free Audio Converter_is1) (Version: 5.0.55.113 - DVDVideoSoft Ltd.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden
Google 日本語入力 (HKLM\...\{6A1E4EFB-3EE0-40A0-9D6D-E865370289DB}) (Version: 1.13.1641.0 - Google Inc.)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.1.0.1006 - Intel Corporation)
iTunes (HKLM\...\{5D239A92-31A4-4FCA-967D-F9EA8E1FDF6A}) (Version: 12.1.2.27 - Apple Inc.)
Kaspersky Internet Security (HKLM-x32\...\InstallWIX_{653C1B5A-3287-47B1-8613-0745D4E771C4}) (Version: 15.0.0.463 - Kaspersky Lab)
Kaspersky Internet Security (x32 Version: 15.0.0.463 - Kaspersky Lab) Hidden
Malwarebytes Anti-Malware Version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
marvell 91xx driver (HKLM-x32\...\MagniDriver) (Version: 1.2.0.1020 - Marvell)
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
MixMeister BPM Analyzer 1.0 (HKLM-x32\...\MixMeister BPM Analyzer_is1) (Version: - MixMeister Technology LLC)
Mozilla Firefox 38.0.5 (x86 de) (HKLM-x32\...\Mozilla Firefox 38.0.5 (x86 de)) (Version: 38.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 38.0a2 - Mozilla)
NETGEAR WNA3100 wireless USB 2.0 adapter (HKLM-x32\...\{C2425F91-1F7B-4037-9A05-9F290184798D}) (Version: 2.2.0.2 - NETGEAR)
ON_OFF Charge B12.1025.1 (HKLM-x32\...\{3DECD372-76A1-4483-BF10-B547790A3261}) (Version: 1.00.0001 - GIGABYTE)
OpenOffice 4.1.1 (HKLM-x32\...\{ACD0FFF9-6B35-43C1-82DB-9FF6990E8602}) (Version: 4.11.9775 - Apache Software Foundation)
Pale Moon 25.3.1 (x86 en-US) (HKLM-x32\...\Pale Moon 25.3.1 (x86 en-US)) (Version: 25.3.1 - Moonchild Productions)
Platform (x32 Version: 1.39 - VIA Technologies, Inc.) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7246 - Realtek Semiconductor Corp.)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Sherlock Holmes jagt Arsene Lupin (HKLM-x32\...\{63686BEF-04CA-461C-B364-53BBC322F7BF}) (Version: 1.00.0777 - Frogwares)
Skype™ 7.5 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.5.101 - Skype Technologies S.A.)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TAP-Windows 9.9.2 (HKLM\...\TAP-Windows) (Version: 9.9.2 - )
Unity Web Player (HKU\S-1-5-21-2455565853-2773199953-1460756191-1000\...\UnityWebPlayer) (Version: 4.6.1f1 - Unity Technologies ApS)
VIA Plattform-Geräte-Manager (HKLM-x32\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.39 - VIA Technologies, Inc.)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
WinRAR 5.20 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.20.0 - win.rar GmbH)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-2455565853-2773199953-1460756191-1000_Classes\CLSID\{087B3AE3-E237-4467-B8DB-5A38AB959AC9}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-2455565853-2773199953-1460756191-1000_Classes\CLSID\{3B092F0C-7696-40E3-A80F-68D74DA84210}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-2455565853-2773199953-1460756191-1000_Classes\CLSID\{63542C48-9552-494A-84F7-73AA6A7C99C1}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-2455565853-2773199953-1460756191-1000_Classes\CLSID\{7BC0E710-5703-45BE-A29D-5D46D8B39262}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\ooofilt_x64.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-2455565853-2773199953-1460756191-1000_Classes\CLSID\{AE424E85-F6DF-4910-A6A9-438797986431}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\propertyhdl_x64.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-2455565853-2773199953-1460756191-1000_Classes\CLSID\{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dll (Apache Software Foundation)
==================== Restore Points =========================
26-05-2015 16:59:35 Windows Update
28-05-2015 20:30:45 Removed Skype™ 7.4
28-05-2015 20:33:46 Removed Skype Click to Call
28-05-2015 20:40:16 Removed BlueStacks Notification Center
29-05-2015 22:00:49 Wiederherstellungsvorgang
02-06-2015 17:01:47 Revo Uninstaller's restore point - YTD Video Downloader 4.8.9
02-06-2015 19:02:41 Removed BlueStacks Notification Center
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 04:34 - 2015-06-03 15:54 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {039F849F-A8B0-4950-9DEA-B2C22EE323CA} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => schtasks
Task: {0E3E308E-ABEF-4846-89B8-278B4B018F87} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-05-07] (Microsoft Corporation)
Task: {0F88D255-2241-4208-8237-E341A4D7A173} - System32\Tasks\{5A57084D-AC5A-4D37-847B-140B7C012D90} => pcalua.exe -a D:\directx\dxsetup.exe -d D:\directx
Task: {1C4CB41F-68B8-4D5A-8A6F-F4C3AE36F657} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-11-23] (Google Inc.)
Task: {37FB0945-E77F-4D35-8BC0-D0235553AB98} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-05-26] (Adobe Systems Incorporated)
Task: {55A4219C-07FF-4C29-9BD8-3C619515A305} - System32\Tasks\Abelssoft\Updater scan => C:\Program Files (x86)\CHIP Updater\CHIPUpdater.exe [2015-03-27] (CHIP)
Task: {57F70703-9A44-4723-AB28-AFC48700A0A1} - \{1DFC94E0-EEB0-4BAF-A5B2-1F07400E5341} No Task File <==== ATTENTION
Task: {7C0BC5CD-DA14-4277-B6C1-E8744715E8FA} - \{EEF77C93-E979-49BA-8AA0-17E886F1EAEB} No Task File <==== ATTENTION
Task: {8820FE82-E598-4326-954A-39452D194616} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-11-23] (Google Inc.)
Task: {9BEE7F76-659C-4C46-8456-C3F4C8407328} - \User_Feed_Synchronization-{600F234B-E5B6-4B2D-9EB7-84B30C9F11A3} No Task File <==== ATTENTION
Task: {B7FD4B15-9BA8-468C-A210-B505DCC89E9B} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-05-07] (Microsoft Corporation)
Task: {C2B10E82-65DC-4C03-B7EB-C26DAEF338BB} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle => C:\Windows\system32\GWX\GWX.exe [2015-05-07] (Microsoft Corporation)
Task: {C713F4D1-F331-4653-B26A-F95CBFCB07D1} - System32\Tasks\Microsoft\Windows\Windows Activation Technologies\ValidationTask => C:\Windows\system32\Wat\WatAdminSvc.exe [2015-05-20] (Microsoft Corporation)
Task: {F3AD173A-D319-4317-A3AF-6ADF3E16210C} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\Logon => C:\Windows\system32\GWX\GWX.exe [2015-05-07] (Microsoft Corporation)
Task: {F99D18BE-4F1D-43A0-BD32-CC74BD35149D} - \CreateChoiceProcessTask No Task File <==== ATTENTION
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (Whitelisted) ==============
2014-04-20 01:42 - 2014-04-20 01:42 - 00468672 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\content_blocker@kaspersky.com\npcontentblocker.dll
2014-04-20 01:42 - 2015-05-17 21:23 - 00642344 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\virtual_keyboard@kaspersky.com\npvkplugin.dll
2014-04-20 01:42 - 2014-04-20 01:42 - 00347328 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\online_banking@kaspersky.com\nponlinebanking.dll
2015-05-26 18:16 - 2015-05-26 18:16 - 16867504 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_188.dll
2014-03-06 15:00 - 2014-03-06 15:00 - 01269952 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\kpcengine.2.3.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
==================== Safe Mode (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-2455565853-2773199953-1460756191-1000\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 95.169.183.219 - 89.41.60.38
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
MSCONFIG\startupreg: HDAudDeck => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r
MSCONFIG\startupreg: IAStorIcon => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe "C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" 60
MSCONFIG\startupreg: USB3MON => "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{F910D0C9-262F-4427-9587-0E6D623BE027}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe
FirewallRules: [{A7CBF020-E154-4520-82A5-F40CD5A5B7F3}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe
FirewallRules: [{652FE1B6-04A6-4AB5-A263-EAA23ED5AF39}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe
FirewallRules: [{302EDD12-0AC8-4F32-8EC4-E7D89E05A27B}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe
FirewallRules: [{48181101-7CA1-47FF-92C4-661EC8D8CC94}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe
FirewallRules: [{CFA596B3-FE44-4054-8514-A491E93A548B}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe
FirewallRules: [TCP Query User{5203D9A2-92C6-4216-A0EA-872EF81D838F}C:\program files (x86)\electronic arts\eadm\core.exe] => (Allow) C:\program files (x86)\electronic arts\eadm\core.exe
FirewallRules: [UDP Query User{2F8E4ABE-8813-41DD-8D11-B5B91F771C53}C:\program files (x86)\electronic arts\eadm\core.exe] => (Allow) C:\program files (x86)\electronic arts\eadm\core.exe
FirewallRules: [{3E0A475E-F79E-4A19-8FC4-E6C041642D44}] => (Block) C:\program files (x86)\electronic arts\eadm\core.exe
FirewallRules: [{9B6DD1C2-563B-40A3-ACEE-ABC35DBF0A16}] => (Block) C:\program files (x86)\electronic arts\eadm\core.exe
FirewallRules: [{A1AC3D49-DA7E-4405-A0A8-0CB37F6567D6}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
FirewallRules: [{0A163EAF-70F4-49F4-AF3A-F3F0E347D685}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
FirewallRules: [{844A7132-5511-45ED-B0D3-A6A2CC5613A1}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgdiagex.exe
FirewallRules: [{6F80F7CA-4A0C-463F-998A-AEA71EFF8C3F}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgdiagex.exe
FirewallRules: [{3BC87F6A-8C1F-4599-B2B0-2061EAB55569}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
FirewallRules: [{C99151BB-774A-443B-A1DB-14A54D9B3201}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
FirewallRules: [{F34A9EC6-DD46-4BE9-91D3-081674BC78CF}] => (Allow) C:\Program Files\Hola\app\hola_updater.exe
FirewallRules: [{243C2F74-B1BD-4240-9D59-722D40F618E9}] => (Allow) C:\Program Files\Hola\app\hola_updater.exe
FirewallRules: [TCP Query User{BCA82D7E-E09E-4282-9713-9D5476F446F4}C:\program files (x86)\mozilla firefox\plugin-container.exe] => (Block) C:\program files (x86)\mozilla firefox\plugin-container.exe
FirewallRules: [UDP Query User{90985EBA-FDA7-4896-BABE-94A5AB81DFB3}C:\program files (x86)\mozilla firefox\plugin-container.exe] => (Block) C:\program files (x86)\mozilla firefox\plugin-container.exe
FirewallRules: [{227CD673-EFE0-4C39-95B8-CDC817BB04C7}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe
FirewallRules: [{7C632050-24B5-4D37-9BB9-0A8281082923}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe
FirewallRules: [{725EF301-0470-4F66-B155-EA5A4BAF23B3}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe
FirewallRules: [{92FDDB1F-16DB-4943-B6A6-A9B59D6C8EE2}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe
FirewallRules: [{77118A62-B07D-473F-8425-8026BDA0D373}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{719D0DC3-7F9C-4DF8-A244-1029DB8C5602}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{E3349BEC-5E4E-4AF9-87A3-EEC5AEA7F02D}] => (Allow) C:\Program Files\Firefox Developer Edition\firefox.exe
FirewallRules: [{CE52468E-665F-4C3F-9DC6-79F6AEF8553A}] => (Allow) C:\Program Files\Firefox Developer Edition\firefox.exe
FirewallRules: [TCP Query User{7D882834-5CE4-4B78-969E-3EE357EEC731}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{940AFD68-2716-4CD4-8E11-505371C53FC0}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{BA9A4195-2E37-460B-8CDD-DAADF45FD634}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{4BDA4317-797A-4D13-91A9-3862BCE7E88C}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{BFBDE6A1-CDF0-4FCC-9785-46D364151161}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{1E7CF97D-0B95-47BE-98C8-F2C5A31996FF}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{F55D7FA2-0F23-40CC-AC52-B93B705654C9}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe
FirewallRules: [{E9098807-5655-4DBD-B013-AB2A0FA29E2D}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (06/02/2015 06:13:00 PM) (Source: Software Protection Platform Service) (EventID: 8208) (User: )
Description: Fehler bei der Erfassung des authentischen Tickets (hr=0xC004C4AB) für die Vorlagen-ID 66c92734-d682-4d71-983e-d6ec3f16059f.
Error: (06/02/2015 06:13:00 PM) (Source: Software Protection Platform Service) (EventID: 8209) (User: )
Description: Der Authentizitätsstatus ist auf nicht-authentisch (0x00000000) gesetzt für die Anwendungs-ID 55c92734-d682-4d71-983e-d6ec3f16059f.
Error: (06/02/2015 06:12:59 PM) (Source: Software Protection Platform Service) (EventID: 8208) (User: )
Description: Fehler bei der Erfassung des authentischen Tickets (hr=0xC004C4AB) für die Vorlagen-ID 66c92734-d682-4d71-983e-d6ec3f16059f.
Error: (06/02/2015 06:12:59 PM) (Source: Software Protection Platform Service) (EventID: 8209) (User: )
Description: Der Authentizitätsstatus ist auf nicht-authentisch (0x00000000) gesetzt für die Anwendungs-ID 55c92734-d682-4d71-983e-d6ec3f16059f.
Error: (06/02/2015 06:12:58 PM) (Source: Software Protection Platform Service) (EventID: 8208) (User: )
Description: Fehler bei der Erfassung des authentischen Tickets (hr=0xC004C4AB) für die Vorlagen-ID 66c92734-d682-4d71-983e-d6ec3f16059f.
Error: (06/02/2015 06:12:58 PM) (Source: Software Protection Platform Service) (EventID: 8209) (User: )
Description: Der Authentizitätsstatus ist auf nicht-authentisch (0x00000000) gesetzt für die Anwendungs-ID 55c92734-d682-4d71-983e-d6ec3f16059f.
Error: (05/29/2015 10:28:04 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm Skype.exe, Version 7.5.0.101 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: d68
Startzeit: 01d09a4d6d5b3213
Endzeit: 5
Anwendungspfad: C:\Program Files (x86)\Skype\Phone\Skype.exe
Berichts-ID: 2867a548-0641-11e5-8dd8-94de80a96248
Error: (05/29/2015 10:06:50 PM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Der Dienst kann nicht gestartet werden. System.ApplicationException: Cannot start service. C:\ProgramData\BlueStacks\Android\kernel.elf.signature doesn't exist
bei BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)
Error: (05/29/2015 09:44:01 PM) (Source: Software Protection Platform Service) (EventID: 8208) (User: )
Description: Fehler bei der Erfassung des authentischen Tickets (hr=0xC004C4AB) für die Vorlagen-ID 66c92734-d682-4d71-983e-d6ec3f16059f.
Error: (05/29/2015 09:44:01 PM) (Source: Software Protection Platform Service) (EventID: 8209) (User: )
Description: Der Authentizitätsstatus ist auf nicht-authentisch (0x00000000) gesetzt für die Anwendungs-ID 55c92734-d682-4d71-983e-d6ec3f16059f.
System errors:
=============
Error: (06/04/2015 06:06:41 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Modules Installer" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 120000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (06/04/2015 06:06:41 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Intel(R) Rapid Storage Technology" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (06/04/2015 06:06:41 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Microsoft .NET Framework NGEN v4.0.30319_X86" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 120000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (06/04/2015 06:06:41 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Media Player-Netzwerkfreigabedienst" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (06/04/2015 06:06:40 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "CyberGhost 5 Client Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (06/04/2015 06:06:40 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Software Protection" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 120000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (06/04/2015 06:06:40 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "VIA Karaoke digital mixer Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (06/04/2015 06:06:40 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Intel(R) Dynamic Application Loader Host Interface Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (06/04/2015 06:06:40 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Intel(R) Capability Licensing Service Interface" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 0 Millisekunden durchgeführt: Neustart des Diensts.
Error: (06/04/2015 06:06:40 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Druckwarteschlange" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt: Neustart des Diensts.
Microsoft Office:
=========================
Error: (06/02/2015 06:13:00 PM) (Source: Software Protection Platform Service) (EventID: 8208) (User: )
Description: hr=0xC004C4AB66c92734-d682-4d71-983e-d6ec3f16059f
Error: (06/02/2015 06:13:00 PM) (Source: Software Protection Platform Service) (EventID: 8209) (User: )
Description: 0x0000000055c92734-d682-4d71-983e-d6ec3f16059f
Error: (06/02/2015 06:12:59 PM) (Source: Software Protection Platform Service) (EventID: 8208) (User: )
Description: hr=0xC004C4AB66c92734-d682-4d71-983e-d6ec3f16059f
Error: (06/02/2015 06:12:59 PM) (Source: Software Protection Platform Service) (EventID: 8209) (User: )
Description: 0x0000000055c92734-d682-4d71-983e-d6ec3f16059f
Error: (06/02/2015 06:12:58 PM) (Source: Software Protection Platform Service) (EventID: 8208) (User: )
Description: hr=0xC004C4AB66c92734-d682-4d71-983e-d6ec3f16059f
Error: (06/02/2015 06:12:58 PM) (Source: Software Protection Platform Service) (EventID: 8209) (User: )
Description: 0x0000000055c92734-d682-4d71-983e-d6ec3f16059f
Error: (05/29/2015 10:28:04 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Skype.exe7.5.0.101d6801d09a4d6d5b32135C:\Program Files (x86)\Skype\Phone\Skype.exe2867a548-0641-11e5-8dd8-94de80a96248
Error: (05/29/2015 10:06:50 PM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Der Dienst kann nicht gestartet werden. System.ApplicationException: Cannot start service. C:\ProgramData\BlueStacks\Android\kernel.elf.signature doesn't exist
bei BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)
Error: (05/29/2015 09:44:01 PM) (Source: Software Protection Platform Service) (EventID: 8208) (User: )
Description: hr=0xC004C4AB66c92734-d682-4d71-983e-d6ec3f16059f
Error: (05/29/2015 09:44:01 PM) (Source: Software Protection Platform Service) (EventID: 8209) (User: )
Description: 0x0000000055c92734-d682-4d71-983e-d6ec3f16059f
CodeIntegrity Errors:
===================================
Date: 2015-06-03 15:52:21.962
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2015-06-03 15:52:21.946
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2014-11-01 13:48:42.936
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files (x86)\AVG\AVG2015\avghooka.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i5-3470 CPU @ 3.20GHz
Percentage of memory in use: 43%
Total physical RAM: 7653.8 MB
Available physical RAM: 4358.48 MB
Total Pagefile: 15305.82 MB
Available Pagefile: 11530.95 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:232.79 GB) (Free:120.52 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (SHERLOCKHOLMES4) (CDROM) (Total:6.84 GB) (Free:0 GB) UDF
Drive e: (INTENSO USB) (Removable) (Total:1.87 GB) (Free:1.85 GB) FAT
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: F22B4E44)
Partition 1: (Active) - (Size=232.8 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 1.9 GB) (Disk ID: C3072E18)
Partition 1: (Active) - (Size=1.9 GB) - (Type=06)
==================== End of log ============================
|
|
05.06.2015, 11:05
| #10 |
| /// the machine /// TB-Ausbilder | Windows-kein-Originalprodukt-MeldungESET Online Scanner
Downloade Dir bitte  SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme? 
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
05.06.2015, 16:09
| #11 |
| | Windows-kein-Originalprodukt-MeldungCode:
ATTFilter Results of screen317's Security Check version 1.002 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 11 ``````````````Antivirus/Firewall Check:`````````````` Kaspersky Internet Security Antivirus up to date! (On Access scanning disabled!) `````````Anti-malware/Other Utilities Check:````````` Adobe Flash Player 17.0.0.188 Mozilla Firefox (38.0.5) ````````Process Check: objlist.exe by Laurent```````` Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbam.exe Malwarebytes Anti-Malware mbamscheduler.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: ````````````````````End of Log`````````````````````` Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=2b095940077086409a45af4af828a363
# end=init
# utc_time=2015-06-05 12:00:52
# local_time=2015-06-05 02:00:52 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# osver=6.1.7601 NT Service Pack 1
Update Init
Update Download
Update Finalize
Updated modules version: 24188
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=2b095940077086409a45af4af828a363
# end=updated
# utc_time=2015-06-05 12:05:31
# local_time=2015-06-05 02:05:31 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# osver=6.1.7601 NT Service Pack 1
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7777
# api_version=3.1.1
# EOSSerial=2b095940077086409a45af4af828a363
# engine=24188
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-06-05 12:59:10
# local_time=2015-06-05 02:59:10 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Kaspersky Internet Security'
# compatibility_mode=1296 16777213 100 100 7393 37585432 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 77641 185139000 0 0
# scanned=195611
# found=14
# cleaned=0
# scan_time=3218
sh=457335C7D7CF3B76BDA5156BDFC9D2E55F5EB26E ft=1 fh=733834ea60493ef0 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Aaron\Desktop\Neuer Ordner\Downloads\Integrated_CT2325506.exe"
sh=0969D23DB7533F849540DD226947B964F5F73F12 ft=1 fh=cea93413e9d3c21c vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Aaron\Downloads\64bit_Win7_Win8_Win81_R275 - CHIP-Installer.exe"
sh=84F5FDC400AAD26FE49BFF71BD7CFE4EE9B60DC7 ft=1 fh=32a8d7bea6733e9c vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Aaron\Downloads\Blobby Volley 2 - CHIP-Installer.exe"
sh=755E559B9CE644B24163B60A4AA40EE4FCBD5001 ft=1 fh=52d82a8d8b77a3c2 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Aaron\Downloads\BPM Analyzer - CHIP-Installer.exe"
sh=55221CC3A66AD51EADBEF6E2C19D2E46702C8727 ft=1 fh=6271892ec16dd2fa vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Aaron\Downloads\Firefox 38 Developer Edition 64 Bit - CHIP-Installer.exe"
sh=614D9529C4AC5698BA44413ED9FF2F2AB7194030 ft=1 fh=fb5c7ba1cde5bf0c vn="Variante von Win32/Toolbar.Visicom.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Aaron\Downloads\FREEAV1504(1).exe"
sh=614D9529C4AC5698BA44413ED9FF2F2AB7194030 ft=1 fh=fb5c7ba1cde5bf0c vn="Variante von Win32/Toolbar.Visicom.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Aaron\Downloads\FREEAV1504.exe"
sh=DFEFEFFFD0A0587308AC1E5F268448EE20F67754 ft=1 fh=84d41bc8117249fc vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Aaron\Downloads\G Data Internet Security 2015 - CHIP-Installer.exe"
sh=777316ECFEC690E17B3890B7C7520E2452D25ED8 ft=1 fh=14ac7b02e5859647 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Aaron\Downloads\Origin EA Download Manager - CHIP-Installer.exe"
sh=EDF53DC693F15F4F49980ED000D42D46B5C75419 ft=1 fh=e9d5b7120831db57 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Aaron\Downloads\Pale Moon - CHIP-Installer(1).exe"
sh=AF3DF60A376F6923FB8B6379F2CE6D9B9F5EBEE7 ft=1 fh=e5245e81b84bc2af vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Aaron\Downloads\Pale Moon - CHIP-Installer.exe"
sh=8AD8D128884DCB0CD4BBA658FD5646C53EB3A852 ft=1 fh=0589a30c4ca7ce0b vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Aaron\Downloads\Titanium Internet Security 2015 - CHIP-Installer.exe"
sh=D4C0724790681F904D75B9D909C81DC72ACD8040 ft=1 fh=5a13d4043353bcbf vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Aaron\Downloads\VideoCacheView - CHIP-Installer.exe"
sh=D7F594C59AFFBA2805AECBCAE8D6A9CEFC6B0FE4 ft=1 fh=42226fa41212edde vn="Variante von Win32/Toolbar.Widgi.N evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Aaron\Downloads\YTDSetup.exe"
FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 29-05-2015 Ran by Aaron (administrator) on HEIM on 05-06-2015 15:15:55 Running from C:\Users\Aaron\Downloads Loaded Profiles: Aaron (Available Profiles: Aaron) Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AMD) C:\Windows\System32\atiesrxx.exe (AMD) C:\Windows\System32\atieclxx.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe (VIA Technologies, Inc.) C:\Windows\System32\ViakaraokeSrv.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.27.5\GoogleCrashHandler.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.27.5\GoogleCrashHandler64.exe (CyberGhost S.R.L) C:\Program Files\CyberGhost 5\Service.exe (CyberGhost S.R.L.) C:\Program Files\CyberGhost 5\CyberGhost.exe () C:\Program Files (x86)\NETGEAR\WNA3100\WNA3100.exe (VIA Technologies, Inc.) C:\VIA_XHCI\usb3Monitor.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\MOM.exe (ATI Technologies Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\CCC.exe (Google Inc.) C:\Program Files (x86)\Google\Google Japanese Input\GoogleIMEJaCacheService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_188.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_188.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [Platinum] => "C:\Program Files\Trend Micro\Titanium\plugin\Pt\PtSessionAgent.exe" -StartUp HKLM\...\Run: [Trend Micro Client Framework] => "C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe" HKLM-x32\...\Run: [Google Japanese Input Prelauncher] => C:\Program Files (x86)\Google\Google Japanese Input\GoogleIMEJaBroker32.exe [1435672 2013-12-18] (Google Inc.) HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2014-11-20] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [VIAxHCUtl] => C:\VIA_XHCI\usb3Monitor.exe [331776 2015-03-12] (VIA Technologies, Inc.) HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2015-04-07] (Apple Inc.) HKU\S-1-5-21-2455565853-2773199953-1460756191-1000\...\Run: [CyberGhost] => C:\Program Files\CyberGhost 5\CyberGhost.exe [430048 2015-05-21] (CyberGhost S.R.L.) HKU\S-1-5-21-2455565853-2773199953-1460756191-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [28917376 2015-05-14] (Skype Technologies S.A.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NETGEAR WNA3100 Genie.lnk [2015-03-12] ShortcutTarget: NETGEAR WNA3100 Genie.lnk -> C:\Program Files (x86)\NETGEAR\WNA3100\WNA3100.exe () ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKU\S-1-5-21-2455565853-2773199953-1460756191-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome HKU\S-1-5-21-2455565853-2773199953-1460756191-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\S-1-5-21-2455565853-2773199953-1460756191-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-2455565853-2773199953-1460756191-1000 -> {FDE77B5B-F923-4C0E-BAD4-29914B67A6C0} URL = https://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=937811&p={searchTerms} BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll [2014-04-20] (Kaspersky Lab ZAO) BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll [2015-05-17] (Kaspersky Lab ZAO) BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\OnlineBanking\online_banking_bho.dll [2014-04-20] (Kaspersky Lab ZAO) BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll [2014-04-20] (Kaspersky Lab ZAO) BHO-x32: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll [2014-04-20] (Kaspersky Lab ZAO) BHO-x32: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll [2015-05-17] (Kaspersky Lab ZAO) BHO-x32: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\OnlineBanking\online_banking_bho.dll [2014-04-20] (Kaspersky Lab ZAO) BHO-x32: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\UrlAdvisor\klwtbbho.dll [2014-04-20] (Kaspersky Lab ZAO) Handler: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - C:\Program Files\Trend Micro\Titanium\UIFramework\ProToolbarIMRatingActiveX.dll No File Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 Tcpip\..\Interfaces\{4857B833-3EF8-4626-880E-BEF4F16D68AD}: [NameServer] 95.169.183.219,89.41.60.38 FireFox: ======== FF ProfilePath: C:\Users\Aaron\AppData\Roaming\Mozilla\Firefox\Profiles\55itt523.default FF DefaultSearchEngine: DuckDuckGo FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_188.dll [2015-05-26] () FF Plugin: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll [2015-05-20] (Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_188.dll [2015-05-26] () FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1214154.dll [2014-11-26] (Adobe Systems, Inc.) FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] () FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation) FF Plugin-x32: @kaspersky.com/content_blocker -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\content_blocker@kaspersky.com [2015-05-17] () FF Plugin-x32: @kaspersky.com/online_banking -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\online_banking@kaspersky.com [2015-05-17] () FF Plugin-x32: @kaspersky.com/virtual_keyboard -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\virtual_keyboard@kaspersky.com [2015-05-17] () FF Plugin-x32: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll [2015-05-20] (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-20] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-20] (Google Inc.) FF Plugin HKU\S-1-5-21-2455565853-2773199953-1460756191-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Aaron\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-12-05] (Unity Technologies ApS) FF SearchPlugin: C:\Users\Aaron\AppData\Roaming\Mozilla\Firefox\Profiles\55itt523.default\searchplugins\google-images.xml [2014-11-01] FF SearchPlugin: C:\Users\Aaron\AppData\Roaming\Mozilla\Firefox\Profiles\55itt523.default\searchplugins\google-maps.xml [2014-11-01] FF Extension: YouTube Unblocker - C:\Users\Aaron\AppData\Roaming\Mozilla\Firefox\Profiles\55itt523.default\Extensions\youtubeunblocker@unblocker.yt [2015-05-29] FF Extension: Ghostery - C:\Users\Aaron\AppData\Roaming\Mozilla\Firefox\Profiles\55itt523.default\Extensions\firefox@ghostery.com.xpi [2015-01-18] FF Extension: Tab for a Cause - C:\Users\Aaron\AppData\Roaming\Mozilla\Firefox\Profiles\55itt523.default\Extensions\tabforacause@tabforacause.org.xpi [2014-12-21] FF Extension: NoScript - C:\Users\Aaron\AppData\Roaming\Mozilla\Firefox\Profiles\55itt523.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2014-11-01] FF Extension: VideoService - C:\Users\Aaron\AppData\Roaming\Mozilla\Firefox\Profiles\55itt523.default\Extensions\{9d58e825-a4eb-4a2c-9736-3b0d51b3c8c5}.xpi [2014-12-20] FF Extension: Adblock Plus - C:\Users\Aaron\AppData\Roaming\Mozilla\Firefox\Profiles\55itt523.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-11-01] FF Extension: BetterPrivacy - C:\Users\Aaron\AppData\Roaming\Mozilla\Firefox\Profiles\55itt523.default\Extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi [2015-02-02] FF Extension: {f9f3dafd-5da0-4d41-a597-c11bf9609e1b} - C:\Users\Aaron\AppData\Roaming\Mozilla\Firefox\Profiles\55itt523.default\Extensions\{f9f3dafd-5da0-4d41-a597-c11bf9609e1b}.xpi [2014-12-09] FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2015-06-02] FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\content_blocker@kaspersky.com FF Extension: Dangerous Websites Blocker - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\content_blocker@kaspersky.com [2015-05-14] FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\virtual_keyboard@kaspersky.com FF Extension: Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\virtual_keyboard@kaspersky.com [2015-05-14] FF HKLM-x32\...\Firefox\Extensions: - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\url_advisor@kaspersky.com FF Extension: Kaspersky URL Advisor - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\url_advisor@kaspersky.com [2015-05-14] FF HKLM-x32\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\anti_banner@kaspersky.com FF Extension: Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\anti_banner@kaspersky.com [2015-05-14] FF HKLM-x32\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\online_banking@kaspersky.com FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\online_banking@kaspersky.com [2015-05-14] FF HKU\S-1-5-21-2455565853-2773199953-1460756191-1000\...\Firefox\Extensions: [cliqz@cliqz.com] - C:\Users\Aaron\AppData\Roaming\Mozilla\Firefox\Profiles\55itt523.default\extensions\cliqz@cliqz.com StartMenuInternet: FIREFOX.EXE - C:\Program Files\Firefox Developer Edition\firefox.exe Chrome: ======= CHR HKLM\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho CHR HKLM-x32\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] () S2 AVP15.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\avp.exe [233552 2014-04-20] (Kaspersky Lab ZAO) R2 CGVPNCliService; C:\Program Files\CyberGhost 5\Service.exe [63968 2015-05-21] (CyberGhost S.R.L) R2 GoogleIMEJaCacheService; C:\Program Files (x86)\Google\Google Japanese Input\GoogleIMEJaCacheService.exe [754712 2013-12-18] (Google Inc.) R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation) R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2015-04-14] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation) R2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27792 2012-08-03] (VIA Technologies, Inc.) R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) S2 WSWNA3100; C:\Program Files (x86)\NETGEAR\WNA3100\WifiSvc.exe [307928 2013-11-11] () ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [22680 2012-10-25] () R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [88480 2015-05-31] () R1 GDKBFlt; C:\Windows\system32\drivers\GDKBFlt64.sys [20992 2015-04-15] (G Data Software AG) R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [457824 2014-02-20] (Kaspersky Lab ZAO) R3 klflt; C:\Windows\System32\DRIVERS\klflt.sys [141320 2015-05-17] (Kaspersky Lab ZAO) R1 klhk; C:\Windows\System32\DRIVERS\klhk.sys [243808 2014-04-10] (Kaspersky Lab ZAO) R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [793800 2015-05-17] (Kaspersky Lab ZAO) R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [30304 2014-02-25] (Kaspersky Lab ZAO) R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [28768 2014-03-28] (Kaspersky Lab ZAO) R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-08-08] (Kaspersky Lab ZAO) R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO) R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [55904 2014-03-25] (Kaspersky Lab ZAO) R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [179296 2014-03-26] (Kaspersky Lab ZAO) R3 L1C; C:\Windows\System32\DRIVERS\L1C62x64.sys [110744 2012-07-19] (Qualcomm Atheros Co., Ltd.) R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [46400 2015-05-31] () R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [136408 2015-06-05] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-04-14] (Malwarebytes Corporation) R3 VUSB3HUB; C:\Windows\System32\DRIVERS\ViaHub3.sys [205312 2012-01-20] (VIA Technologies, Inc.) R3 xhcdrv; C:\Windows\System32\DRIVERS\xhcdrv.sys [254464 2012-01-20] (VIA Technologies, Inc.) S3 catchme; \??\C:\ComboFix\catchme.sys [X] S3 gdrv; \??\C:\Windows\gdrv.sys [X] S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X] S3 tsusbhub; system32\drivers\tsusbhub.sys [X] S3 VGPU; System32\drivers\rdvgkmd.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-06-05 15:10 - 2015-06-05 15:10 - 00852639 _____ () C:\Users\Aaron\Downloads\SecurityCheck.exe 2015-06-05 13:59 - 2015-06-05 14:00 - 02870984 _____ (ESET) C:\Users\Aaron\Downloads\esetsmartinstaller_deu.exe 2015-06-04 18:08 - 2015-06-04 18:08 - 00001090 _____ () C:\Users\Aaron\Desktop\JRT.txt 2015-06-04 18:06 - 2015-06-04 18:06 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-HEIM-Windows-7-Ultimate-(64-bit).dat 2015-06-04 18:06 - 2015-06-04 18:06 - 00000000 ____D () C:\RegBackup 2015-06-04 18:02 - 2015-06-04 18:03 - 02942610 _____ (Thisisu) C:\Users\Aaron\Downloads\JRT.exe 2015-06-04 17:51 - 2015-06-04 17:51 - 00001586 _____ () C:\Users\Aaron\Desktop\AdwCleaner[S0].txt 2015-06-04 17:25 - 2015-06-04 17:47 - 00000000 ____D () C:\AdwCleaner 2015-06-04 17:24 - 2015-06-04 17:24 - 02231296 _____ () C:\Users\Aaron\Downloads\AdwCleaner_4.206.exe 2015-06-04 17:24 - 2015-06-04 17:24 - 00002387 _____ () C:\Users\Aaron\Desktop\MB.txt 2015-06-04 17:07 - 2015-06-04 17:07 - 00001106 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2015-06-04 17:07 - 2015-06-04 17:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2015-06-04 17:07 - 2015-06-04 17:07 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2015-06-04 17:07 - 2015-04-14 09:37 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2015-06-04 17:07 - 2015-04-14 09:37 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2015-06-04 17:06 - 2015-06-04 17:07 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\Aaron\Downloads\mbam-setup-2.1.6.1022.exe 2015-06-03 22:41 - 2015-06-03 22:41 - 00000211 _____ () C:\Users\Aaron\Desktop\Idl.txt 2015-06-03 15:59 - 2015-06-03 15:59 - 00027183 _____ () C:\ComboFix.txt 2015-06-03 15:46 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe 2015-06-03 15:46 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe 2015-06-03 15:46 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe 2015-06-03 15:46 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe 2015-06-03 15:46 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe 2015-06-03 15:46 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe 2015-06-03 15:46 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe 2015-06-03 15:46 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe 2015-06-03 15:45 - 2015-06-03 15:59 - 00000000 ____D () C:\Qoobox 2015-06-03 15:45 - 2015-06-03 15:58 - 00000000 ____D () C:\Windows\erdnt 2015-06-03 15:44 - 2015-06-03 15:44 - 05628238 ____R (Swearware) C:\Users\Aaron\Downloads\ComboFix.exe 2015-06-02 17:50 - 2015-06-02 17:50 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\20C31D9D.sys 2015-06-02 17:50 - 2015-06-02 17:50 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\7EF21D72.sys 2015-06-02 17:24 - 2015-06-03 15:38 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2015-06-02 17:09 - 2015-06-05 13:35 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-06-02 17:09 - 2015-06-04 17:07 - 00000000 ____D () C:\ProgramData\Malwarebytes 2015-06-02 17:09 - 2015-06-02 17:50 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable) 2015-06-02 17:08 - 2015-06-02 17:08 - 04197016 _____ (Kaspersky Lab ZAO) C:\Users\Aaron\Downloads\tdsskiller.exe 2015-06-02 17:07 - 2015-06-02 17:51 - 00000000 ____D () C:\Users\Aaron\Desktop\mbar 2015-06-02 17:07 - 2015-06-02 17:07 - 16502728 _____ (Malwarebytes Corp.) C:\Users\Aaron\Downloads\mbar-1.09.1.1004.exe 2015-06-02 17:07 - 2015-04-14 09:37 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2015-06-02 17:00 - 2015-06-02 17:00 - 00001268 _____ () C:\Users\Aaron\Desktop\Revo Uninstaller.lnk 2015-06-02 17:00 - 2015-06-02 17:00 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group 2015-06-02 16:59 - 2015-06-02 17:00 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Aaron\Downloads\revosetup95.exe 2015-06-01 17:50 - 2015-06-01 17:50 - 00057739 _____ () C:\Users\Aaron\Desktop\FRST.txt 2015-06-01 17:50 - 2015-06-01 17:50 - 00030288 _____ () C:\Users\Aaron\Desktop\Addition.txt 2015-05-31 20:10 - 2015-06-04 18:16 - 00031269 _____ () C:\Users\Aaron\Downloads\Addition.txt 2015-05-31 20:09 - 2015-06-05 15:15 - 00018162 _____ () C:\Users\Aaron\Downloads\FRST.txt 2015-05-31 20:09 - 2015-06-05 15:15 - 00000000 ____D () C:\FRST 2015-05-31 20:08 - 2015-05-31 20:08 - 02108928 _____ (Farbar) C:\Users\Aaron\Downloads\FRST64.exe 2015-05-31 10:47 - 2015-05-31 10:47 - 00235936 _____ (Tagès SA) C:\Users\Aaron\Downloads\TagesSetup_x64.exe 2015-05-29 20:40 - 2015-05-29 20:40 - 00159144 _____ (Microsoft Corporation) C:\Users\Aaron\Downloads\WindowsActivationUpdate.exe 2015-05-28 21:37 - 2015-05-28 21:37 - 00000000 ____D () C:\Users\Aaron\.android 2015-05-28 21:20 - 2015-05-29 22:22 - 00000000 ___RD () C:\Program Files (x86)\Skype 2015-05-28 21:20 - 2015-05-29 22:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype 2015-05-28 21:20 - 2015-05-28 21:20 - 00002699 _____ () C:\Users\Public\Desktop\Skype.lnk 2015-05-28 20:44 - 2015-05-28 20:46 - 14155832 _____ (BlueStack Systems Inc.) C:\Users\Aaron\Downloads\BlueStacks-ThinInstaller(1).exe 2015-05-28 20:36 - 2015-05-28 20:36 - 01384064 _____ (Skype Technologies S.A.) C:\Users\Aaron\Downloads\SkypeSetup.exe 2015-05-26 22:15 - 2015-05-26 23:21 - 00020125 _____ () C:\Users\Aaron\Documents\SEminario.odt 2015-05-25 16:01 - 2015-05-25 16:01 - 00000000 ____D () C:\Users\Aaron\Downloads\Passage 2015-05-25 16:00 - 2015-05-25 16:00 - 00497214 _____ () C:\Users\Aaron\Downloads\Passage_v3_Windows(1).exe 2015-05-24 22:17 - 2015-05-24 22:17 - 00000592 _____ () C:\Users\Aaron\Documents\Taddl.txt 2015-05-20 17:08 - 2015-06-05 15:13 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-05-20 17:08 - 2015-06-05 12:55 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-05-20 17:08 - 2015-05-20 17:08 - 00004106 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2015-05-20 17:08 - 2015-05-20 17:08 - 00003854 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2015-05-19 19:22 - 2015-05-29 22:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes 2015-05-19 19:22 - 2015-05-19 19:22 - 00000000 ____D () C:\Users\Aaron\AppData\Roaming\Apple Computer 2015-05-19 19:22 - 2015-05-19 19:22 - 00000000 ____D () C:\Users\Aaron\AppData\Local\Apple Computer 2015-05-19 19:21 - 2015-05-19 19:21 - 00000000 ____D () C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7 2015-05-19 19:21 - 2015-05-19 19:21 - 00000000 ____D () C:\ProgramData\Apple Computer 2015-05-19 19:21 - 2015-05-19 19:21 - 00000000 ____D () C:\Program Files\iTunes 2015-05-19 19:21 - 2015-05-19 19:21 - 00000000 ____D () C:\Program Files\iPod 2015-05-19 19:21 - 2015-05-19 19:21 - 00000000 ____D () C:\Program Files (x86)\iTunes 2015-05-19 19:21 - 2012-10-03 16:14 - 00033240 _____ (GEAR Software Inc.) C:\Windows\system32\Drivers\GEARAspiWDM.sys 2015-05-19 19:20 - 2015-05-21 22:04 - 00000000 ____D () C:\Program Files\Common Files\Apple 2015-05-19 19:20 - 2015-05-19 19:20 - 00000000 ____D () C:\Users\Aaron\AppData\Local\Apple 2015-05-19 19:19 - 2015-05-21 22:03 - 00000000 ____D () C:\ProgramData\Apple 2015-05-19 19:02 - 2015-05-19 19:15 - 121283888 _____ (Apple Inc.) C:\Users\Aaron\Downloads\itunes64setup.exe 2015-05-19 18:40 - 2015-05-19 18:49 - 108728624 _____ (Apple Inc.) C:\Users\Aaron\Downloads\iTunesSetup.exe 2015-05-19 17:24 - 2015-05-31 10:49 - 00088480 _____ () C:\Windows\system32\Drivers\atksgt.sys 2015-05-19 17:24 - 2015-05-31 10:49 - 00046400 _____ () C:\Windows\system32\Drivers\lirsgt.sys 2015-05-19 17:24 - 2015-05-29 22:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AGEIA 2015-05-19 17:24 - 2015-05-19 17:24 - 00000000 ____D () C:\Windows\SysWOW64\AGEIA 2015-05-19 17:24 - 2015-05-19 17:24 - 00000000 ____D () C:\Windows\system32\AGEIA 2015-05-19 17:24 - 2015-05-19 17:24 - 00000000 ____D () C:\ProgramData\InstallShield 2015-05-19 17:24 - 2015-05-19 17:24 - 00000000 ____D () C:\Program Files (x86)\AGEIA Technologies 2015-05-19 17:23 - 2015-05-19 17:23 - 00002358 _____ () C:\Users\Public\Desktop\Sherlock Holmes jagt Arsene Lupin spielen.lnk 2015-05-19 17:23 - 2015-05-19 17:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Focus 2015-05-19 17:21 - 2015-05-19 17:21 - 00002068 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Program Updates.lnk 2015-05-19 17:21 - 2015-05-19 17:21 - 00000000 ____D () C:\Program Files (x86)\Focus 2015-05-19 17:21 - 2004-08-09 06:04 - 00073728 _____ (InstallShield Software Corporation) C:\Windows\SysWOW64\ISUSPM.cpl 2015-05-14 22:53 - 2015-05-18 15:05 - 00002334 _____ () C:\Users\Aaron\Desktop\Sicherer Zahlungsverkehr.lnk 2015-05-14 22:52 - 2015-05-29 22:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Internet Security 2015-05-14 22:52 - 2015-05-14 22:52 - 00001196 _____ () C:\Users\Public\Desktop\Kaspersky Internet Security.lnk 2015-05-14 22:52 - 2013-05-06 09:13 - 00110176 _____ (Kaspersky Lab ZAO) C:\Windows\system32\klfphc.dll 2015-05-14 22:51 - 2015-06-05 13:11 - 00000000 ____D () C:\ProgramData\Kaspersky Lab 2015-05-14 22:51 - 2015-05-17 21:49 - 00793800 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klif.sys 2015-05-14 22:51 - 2015-05-17 21:49 - 00141320 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klflt.sys 2015-05-14 22:51 - 2015-05-14 22:51 - 00000000 ____D () C:\Windows\ELAMBKUP 2015-05-14 22:51 - 2015-05-14 22:51 - 00000000 ____D () C:\Program Files (x86)\Kaspersky Lab 2015-05-14 22:51 - 2014-04-10 17:25 - 00243808 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klhk.sys 2015-05-14 22:43 - 2015-05-14 22:48 - 176562784 _____ () C:\Users\Aaron\Downloads\kis15.0.0.463de_6508.exe 2015-05-13 13:20 - 2015-05-01 15:17 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll 2015-05-13 13:20 - 2015-05-01 15:16 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll 2015-05-13 10:59 - 2015-05-05 03:29 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2015-05-13 10:59 - 2015-05-05 03:12 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2015-05-13 10:59 - 2015-04-22 04:28 - 00389840 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2015-05-13 10:59 - 2015-04-22 03:48 - 00342736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2015-05-13 10:59 - 2015-04-21 19:14 - 24971776 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2015-05-13 10:59 - 2015-04-21 19:08 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2015-05-13 10:59 - 2015-04-21 19:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2015-05-13 10:59 - 2015-04-21 18:51 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2015-05-13 10:59 - 2015-04-21 18:50 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2015-05-13 10:59 - 2015-04-21 18:50 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec 2015-05-13 10:59 - 2015-04-21 18:50 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2015-05-13 10:59 - 2015-04-21 18:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2015-05-13 10:59 - 2015-04-21 18:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2015-05-13 10:59 - 2015-04-21 18:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2015-05-13 10:59 - 2015-04-21 18:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2015-05-13 10:59 - 2015-04-21 18:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2015-05-13 10:59 - 2015-04-21 18:35 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2015-05-13 10:59 - 2015-04-21 18:35 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2015-05-13 10:59 - 2015-04-21 18:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2015-05-13 10:59 - 2015-04-21 18:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2015-05-13 10:59 - 2015-04-21 18:31 - 06025728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2015-05-13 10:59 - 2015-04-21 18:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2015-05-13 10:59 - 2015-04-21 18:25 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2015-05-13 10:59 - 2015-04-21 18:24 - 19691008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2015-05-13 10:59 - 2015-04-21 18:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2015-05-13 10:59 - 2015-04-21 18:14 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2015-05-13 10:59 - 2015-04-21 18:11 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2015-05-13 10:59 - 2015-04-21 18:11 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2015-05-13 10:59 - 2015-04-21 18:10 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2015-05-13 10:59 - 2015-04-21 18:09 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec 2015-05-13 10:59 - 2015-04-21 18:09 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2015-05-13 10:59 - 2015-04-21 18:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2015-05-13 10:59 - 2015-04-21 18:08 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2015-05-13 10:59 - 2015-04-21 18:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2015-05-13 10:59 - 2015-04-21 18:04 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2015-05-13 10:59 - 2015-04-21 18:03 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2015-05-13 10:59 - 2015-04-21 18:02 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2015-05-13 10:59 - 2015-04-21 18:00 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2015-05-13 10:59 - 2015-04-21 17:58 - 00664576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2015-05-13 10:59 - 2015-04-21 17:58 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2015-05-13 10:59 - 2015-04-21 17:57 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2015-05-13 10:59 - 2015-04-21 17:49 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2015-05-13 10:59 - 2015-04-21 17:49 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2015-05-13 10:59 - 2015-04-21 17:48 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2015-05-13 10:59 - 2015-04-21 17:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2015-05-13 10:59 - 2015-04-21 17:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2015-05-13 10:59 - 2015-04-21 17:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2015-05-13 10:59 - 2015-04-21 17:40 - 14401536 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2015-05-13 10:59 - 2015-04-21 17:39 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2015-05-13 10:59 - 2015-04-21 17:38 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2015-05-13 10:59 - 2015-04-21 17:36 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2015-05-13 10:59 - 2015-04-21 17:31 - 04305920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2015-05-13 10:59 - 2015-04-21 17:27 - 02352128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2015-05-13 10:59 - 2015-04-21 17:26 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2015-05-13 10:59 - 2015-04-21 17:25 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2015-05-13 10:59 - 2015-04-21 17:24 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2015-05-13 10:59 - 2015-04-21 17:17 - 12828672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2015-05-13 10:59 - 2015-04-21 17:15 - 01547264 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2015-05-13 10:59 - 2015-04-21 17:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2015-05-13 10:59 - 2015-04-21 17:02 - 01882112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2015-05-13 10:59 - 2015-04-21 16:58 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2015-05-13 10:59 - 2015-04-21 16:56 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2015-05-13 10:59 - 2015-04-18 05:10 - 00460800 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll 2015-05-13 10:59 - 2015-04-18 04:56 - 00342016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll 2015-05-13 10:58 - 2015-04-27 21:28 - 05569984 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2015-05-13 10:58 - 2015-04-27 21:28 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys 2015-05-13 10:58 - 2015-04-27 21:28 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys 2015-05-13 10:58 - 2015-04-27 21:26 - 01728960 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll 2015-05-13 10:58 - 2015-04-27 21:23 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2015-05-13 10:58 - 2015-04-27 21:23 - 01254400 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll 2015-05-13 10:58 - 2015-04-27 21:23 - 01162752 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll 2015-05-13 10:58 - 2015-04-27 21:23 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll 2015-05-13 10:58 - 2015-04-27 21:23 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll 2015-05-13 10:58 - 2015-04-27 21:23 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2015-05-13 10:58 - 2015-04-27 21:23 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll 2015-05-13 10:58 - 2015-04-27 21:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll 2015-05-13 10:58 - 2015-04-27 21:23 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll 2015-05-13 10:58 - 2015-04-27 21:23 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll 2015-05-13 10:58 - 2015-04-27 21:23 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll 2015-05-13 10:58 - 2015-04-27 21:23 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll 2015-05-13 10:58 - 2015-04-27 21:23 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll 2015-05-13 10:58 - 2015-04-27 21:23 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll 2015-05-13 10:58 - 2015-04-27 21:23 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll 2015-05-13 10:58 - 2015-04-27 21:23 - 00113664 _____ (Microsoft Corporation) C:\Windows\system32\sechost.dll 2015-05-13 10:58 - 2015-04-27 21:23 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll 2015-05-13 10:58 - 2015-04-27 21:23 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll 2015-05-13 10:58 - 2015-04-27 21:23 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll 2015-05-13 10:58 - 2015-04-27 21:23 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll 2015-05-13 10:58 - 2015-04-27 21:23 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll 2015-05-13 10:58 - 2015-04-27 21:23 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll 2015-05-13 10:58 - 2015-04-27 21:23 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll 2015-05-13 10:58 - 2015-04-27 21:23 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll 2015-05-13 10:58 - 2015-04-27 21:22 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\tracerpt.exe 2015-05-13 10:58 - 2015-04-27 21:22 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe 2015-05-13 10:58 - 2015-04-27 21:22 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe 2015-05-13 10:58 - 2015-04-27 21:22 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe 2015-05-13 10:58 - 2015-04-27 21:22 - 00104448 _____ (Microsoft Corporation) C:\Windows\system32\logman.exe 2015-05-13 10:58 - 2015-04-27 21:22 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\typeperf.exe 2015-05-13 10:58 - 2015-04-27 21:22 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\relog.exe 2015-05-13 10:58 - 2015-04-27 21:22 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe 2015-05-13 10:58 - 2015-04-27 21:22 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\diskperf.exe 2015-05-13 10:58 - 2015-04-27 21:21 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe 2015-05-13 10:58 - 2015-04-27 21:18 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll 2015-05-13 10:58 - 2015-04-27 21:18 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll 2015-05-13 10:58 - 2015-04-27 21:16 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll 2015-05-13 10:58 - 2015-04-27 21:16 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll 2015-05-13 10:58 - 2015-04-27 21:16 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll 2015-05-13 10:58 - 2015-04-27 21:16 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll 2015-05-13 10:58 - 2015-04-27 21:16 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll 2015-05-13 10:58 - 2015-04-27 21:16 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll 2015-05-13 10:58 - 2015-04-27 21:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll 2015-05-13 10:58 - 2015-04-27 21:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll 2015-05-13 10:58 - 2015-04-27 21:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll 2015-05-13 10:58 - 2015-04-27 21:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll 2015-05-13 10:58 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll 2015-05-13 10:58 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll 2015-05-13 10:58 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll 2015-05-13 10:58 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll 2015-05-13 10:58 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll 2015-05-13 10:58 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll 2015-05-13 10:58 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll 2015-05-13 10:58 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll 2015-05-13 10:58 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll 2015-05-13 10:58 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll 2015-05-13 10:58 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll 2015-05-13 10:58 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll 2015-05-13 10:58 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll 2015-05-13 10:58 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll 2015-05-13 10:58 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll 2015-05-13 10:58 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll 2015-05-13 10:58 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll 2015-05-13 10:58 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll 2015-05-13 10:58 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll 2015-05-13 10:58 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll 2015-05-13 10:58 - 2015-04-27 21:11 - 03989440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe 2015-05-13 10:58 - 2015-04-27 21:11 - 03934144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe 2015-05-13 10:58 - 2015-04-27 21:08 - 01310744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll 2015-05-13 10:58 - 2015-04-27 21:05 - 00635392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll 2015-05-13 10:58 - 2015-04-27 21:05 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll 2015-05-13 10:58 - 2015-04-27 21:05 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll 2015-05-13 10:58 - 2015-04-27 21:05 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll 2015-05-13 10:58 - 2015-04-27 21:05 - 00092160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sechost.dll 2015-05-13 10:58 - 2015-04-27 21:05 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll 2015-05-13 10:58 - 2015-04-27 21:05 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll 2015-05-13 10:58 - 2015-04-27 21:05 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2015-05-13 10:58 - 2015-04-27 21:05 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll 2015-05-13 10:58 - 2015-04-27 21:04 - 00641536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll 2015-05-13 10:58 - 2015-04-27 21:04 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll 2015-05-13 10:58 - 2015-04-27 21:04 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tracerpt.exe 2015-05-13 10:58 - 2015-04-27 21:04 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\logman.exe 2015-05-13 10:58 - 2015-04-27 21:04 - 00040448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\typeperf.exe 2015-05-13 10:58 - 2015-04-27 21:04 - 00037888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\relog.exe 2015-05-13 10:58 - 2015-04-27 21:04 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe 2015-05-13 10:58 - 2015-04-27 21:04 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll 2015-05-13 10:58 - 2015-04-27 21:03 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll 2015-05-13 10:58 - 2015-04-27 21:03 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll 2015-05-13 10:58 - 2015-04-27 21:03 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll 2015-05-13 10:58 - 2015-04-27 21:03 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe 2015-05-13 10:58 - 2015-04-27 21:03 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\diskperf.exe 2015-05-13 10:58 - 2015-04-27 21:03 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll 2015-05-13 10:58 - 2015-04-27 21:01 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll 2015-05-13 10:58 - 2015-04-27 21:01 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll 2015-05-13 10:58 - 2015-04-27 20:59 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll 2015-05-13 10:58 - 2015-04-27 20:59 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll 2015-05-13 10:58 - 2015-04-27 20:59 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll 2015-05-13 10:58 - 2015-04-27 20:59 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll 2015-05-13 10:58 - 2015-04-27 20:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll 2015-05-13 10:58 - 2015-04-27 20:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll 2015-05-13 10:58 - 2015-04-27 20:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll 2015-05-13 10:58 - 2015-04-27 20:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll 2015-05-13 10:58 - 2015-04-27 20:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll 2015-05-13 10:58 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll 2015-05-13 10:58 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll 2015-05-13 10:58 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll 2015-05-13 10:58 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll 2015-05-13 10:58 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll 2015-05-13 10:58 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll 2015-05-13 10:58 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll 2015-05-13 10:58 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll 2015-05-13 10:58 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll 2015-05-13 10:58 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll 2015-05-13 10:58 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll 2015-05-13 10:58 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll 2015-05-13 10:58 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll 2015-05-13 10:58 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll 2015-05-13 10:58 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll 2015-05-13 10:58 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll 2015-05-13 10:58 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll 2015-05-13 10:58 - 2015-04-27 20:06 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll 2015-05-13 10:58 - 2015-04-27 19:57 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe 2015-05-13 10:58 - 2015-04-27 19:57 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe 2015-05-13 10:58 - 2015-04-27 19:55 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll 2015-05-13 10:58 - 2015-04-27 19:55 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll 2015-05-13 10:58 - 2015-04-27 19:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll 2015-05-13 10:58 - 2015-04-27 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll 2015-05-13 10:58 - 2015-04-20 05:17 - 01647104 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll 2015-05-13 10:58 - 2015-04-20 05:17 - 01179136 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll 2015-05-13 10:58 - 2015-04-20 04:56 - 01250816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll 2015-05-13 10:58 - 2015-04-20 04:11 - 03204608 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2015-05-13 10:58 - 2015-04-13 05:28 - 00328704 _____ (Microsoft Corporation) C:\Windows\system32\services.exe 2015-05-13 10:57 - 2015-04-08 05:29 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll 2015-05-13 10:57 - 2015-04-08 05:29 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll 2015-05-13 10:57 - 2015-04-08 05:14 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll 2015-05-13 10:57 - 2015-03-04 06:41 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\apphelp.dll 2015-05-13 10:57 - 2015-03-04 06:41 - 00072192 _____ (Microsoft Corporation) C:\Windows\system32\aelupsvc.dll 2015-05-13 10:57 - 2015-03-04 06:41 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\sdbinst.exe 2015-05-13 10:57 - 2015-03-04 06:41 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\shimeng.dll 2015-05-13 10:57 - 2015-03-04 06:11 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shimeng.dll 2015-05-13 10:57 - 2015-03-04 06:10 - 00295936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apphelp.dll 2015-05-13 10:57 - 2015-03-04 06:10 - 00020992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sdbinst.exe 2015-05-13 10:57 - 2015-02-18 09:06 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe 2015-05-13 10:57 - 2015-02-18 09:04 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe 2015-05-13 10:57 - 2015-01-29 05:19 - 02543104 _____ (Microsoft Corporation) C:\Windows\system32\wpdshext.dll 2015-05-13 10:57 - 2015-01-29 05:02 - 02311168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wpdshext.dll 2015-05-12 17:23 - 2015-05-12 17:23 - 00005710 _____ () C:\Users\Aaron\Downloads\idlesave(1) 2015-05-10 21:09 - 2015-05-10 21:09 - 00003756 _____ () C:\Users\Aaron\Downloads\idlesave 2015-05-08 23:03 - 2015-05-08 23:03 - 00000000 ____D () C:\Users\Aaron\AppData\Local\Steam 2015-05-08 22:57 - 2015-05-08 22:57 - 01142128 _____ () C:\Users\Aaron\Downloads\SteamSetup.exe ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-06-05 15:10 - 2015-04-11 08:57 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-06-05 14:55 - 2009-07-14 06:45 - 00020704 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-06-05 14:55 - 2009-07-14 06:45 - 00020704 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-06-05 14:28 - 2014-11-01 15:07 - 00000000 ____D () C:\Users\Aaron\Desktop\Neuer Ordner 2015-06-05 14:24 - 2014-11-01 14:00 - 01986732 _____ () C:\Windows\WindowsUpdate.log 2015-06-05 12:55 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2015-06-05 12:55 - 2009-07-14 06:51 - 00060707 _____ () C:\Windows\setupact.log 2015-06-04 17:50 - 2014-11-01 14:33 - 01370112 _____ () C:\Windows\PFRO.log 2015-06-03 15:59 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Default 2015-06-03 15:54 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini 2015-06-03 15:53 - 2009-07-14 04:34 - 68681728 _____ () C:\Windows\system32\config\software.bak 2015-06-03 15:53 - 2009-07-14 04:34 - 53215232 _____ () C:\Windows\system32\config\components.bak 2015-06-03 15:53 - 2009-07-14 04:34 - 18350080 _____ () C:\Windows\system32\config\system.bak 2015-06-03 15:53 - 2009-07-14 04:34 - 00524288 _____ () C:\Windows\system32\config\default.bak 2015-06-03 15:53 - 2009-07-14 04:34 - 00262144 _____ () C:\Windows\system32\config\security.bak 2015-06-03 15:53 - 2009-07-14 04:34 - 00262144 _____ () C:\Windows\system32\config\sam.bak 2015-06-03 15:38 - 2014-11-01 15:06 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2015-06-02 19:04 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Public\Libraries 2015-06-02 18:14 - 2014-11-07 23:14 - 00000000 ____D () C:\Users\Aaron\Documents\Anki 2015-06-01 18:40 - 2009-07-14 19:58 - 00699092 _____ () C:\Windows\system32\perfh007.dat 2015-06-01 18:40 - 2009-07-14 19:58 - 00149232 _____ () C:\Windows\system32\perfc007.dat 2015-06-01 18:40 - 2009-07-14 07:13 - 01619284 _____ () C:\Windows\system32\PerfStringBackup.INI 2015-05-29 22:26 - 2014-11-01 18:18 - 00000000 ____D () C:\Users\Aaron\AppData\Roaming\Skype 2015-05-29 22:23 - 2014-11-01 14:02 - 00000000 ____D () C:\Users\Aaron 2015-05-29 22:22 - 2015-05-04 19:03 - 00000000 ____D () C:\ProgramData\BlueStacksSetup 2015-05-29 22:22 - 2015-04-04 15:17 - 00000000 ___SD () C:\Windows\system32\GWX 2015-05-29 22:22 - 2015-03-07 14:00 - 00000000 ____D () C:\Program Files\CyberGhost 5 2015-05-29 22:22 - 2014-12-26 22:24 - 00000000 ____D () C:\Users\Aaron\AppData\Local\fabi.me 2015-05-29 22:22 - 2014-11-01 23:20 - 00000000 ____D () C:\Users\Aaron\AppData\Local\Abelssoft 2015-05-29 22:22 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF 2015-05-29 22:22 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache 2015-05-29 22:22 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\registration 2015-05-29 22:21 - 2014-11-01 18:18 - 00000000 ____D () C:\ProgramData\Skype 2015-05-29 22:04 - 2009-07-14 20:18 - 00000000 ___RD () C:\Users\Public\Recorded TV 2015-05-28 22:56 - 2015-03-07 14:01 - 00000000 ____D () C:\Users\Aaron\AppData\Local\CyberGhost 2015-05-28 22:56 - 2014-11-01 14:02 - 00000000 ____D () C:\Users\Aaron\AppData\Local\VirtualStore 2015-05-26 21:43 - 2015-03-08 17:37 - 00000000 ____D () C:\Users\Aaron\Desktop\Moot 2015-05-26 18:41 - 2014-11-01 14:15 - 00000000 ____D () C:\Users\Aaron\AppData\Local\Adobe 2015-05-26 18:16 - 2015-04-11 08:57 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2015-05-26 18:16 - 2014-11-01 14:17 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2015-05-26 18:16 - 2014-11-01 14:17 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2015-05-26 16:52 - 2009-07-14 07:08 - 00005166 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2015-05-24 22:17 - 2014-11-27 23:41 - 00006360 _____ () C:\Users\Aaron\Documents\SC.txt 2015-05-20 23:50 - 2015-04-04 15:17 - 00000000 ___SD () C:\Windows\SysWOW64\GWX 2015-05-19 17:21 - 2014-11-01 14:06 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information 2015-05-17 19:56 - 2015-04-14 18:27 - 00000000 ____D () C:\Program Files (x86)\G Data 2015-05-17 19:55 - 2015-04-14 18:17 - 00000000 ____D () C:\ProgramData\G Data 2015-05-17 19:55 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\Setup 2015-05-17 19:55 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\oobe 2015-05-17 19:55 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\MUI 2015-05-17 19:55 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\com 2015-05-17 19:42 - 2015-03-13 15:56 - 00000000 ____D () C:\ProgramData\Trend Micro 2015-05-17 19:38 - 2015-03-27 18:33 - 00000000 ____D () C:\Users\Aaron\AppData\Local\Trend Micro 2015-05-14 22:49 - 2015-03-30 19:05 - 00001161 _____ () C:\Users\Aaron\Desktop\VideoCacheView.cfg 2015-05-14 22:40 - 2015-04-26 21:54 - 00000962 _____ () C:\Users\Aaron\Documents\hahah.txt 2015-05-13 17:05 - 2009-07-14 06:45 - 00298248 _____ () C:\Windows\system32\FNTCACHE.DAT 2015-05-13 17:02 - 2009-07-14 20:18 - 00000000 ____D () C:\Program Files\Windows Journal 2015-05-13 17:02 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\AdvancedInstallers 2015-05-13 13:24 - 2014-11-01 14:50 - 00000000 ____D () C:\Windows\system32\MRT 2015-05-13 13:22 - 2009-10-14 07:12 - 140425016 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2015-05-11 09:58 - 2015-04-14 18:27 - 00006074 _____ () C:\Windows\DPINST.LOG ==================== Files in the root of some directories ======= 2015-04-14 18:27 - 2015-04-14 18:27 - 0000000 _____ () C:\Users\Aaron\AppData\Roaming\gdfw.log 2015-04-14 18:27 - 2015-04-14 18:27 - 0000779 _____ () C:\Users\Aaron\AppData\Roaming\gdscan.log 2015-03-13 15:56 - 2015-03-13 15:56 - 0000036 _____ () C:\Users\Aaron\AppData\Local\housecall.guid.cache Some files in TEMP: ==================== C:\Users\Aaron\AppData\Local\Temp\Quarantine.exe C:\Users\Aaron\AppData\Local\Temp\sqlite3.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-05-29 19:51 ==================== End of log ============================ [CODE]Additional FRST Logfile: Code:
ATTFilter scan result of Farbar Recovery Scan Tool (x64) Version: 29-05-2015
Ran by Aaron at 2015-06-05 15:16:10
Running from C:\Users\Aaron\Downloads
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Aaron (S-1-5-21-2455565853-2773199953-1460756191-1000 - Administrator - Enabled) => C:\Users\Aaron
Administrator (S-1-5-21-2455565853-2773199953-1460756191-500 - Administrator - Disabled)
Gast (S-1-5-21-2455565853-2773199953-1460756191-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2455565853-2773199953-1460756191-1002 - Limited - Enabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Kaspersky Internet Security (Disabled - Up to date) {179979E8-273D-D14E-0543-2861940E4886}
AS: Kaspersky Internet Security (Disabled - Up to date) {ACF8980C-0107-DEC0-3FF3-1313EF89023B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security (Disabled) {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Flash Player 17 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.188 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.4.154 - Adobe Systems, Inc.)
AGEIA PhysX v6.12.02 (HKLM-x32\...\{7032E73F-68A0-48F9-8100-E70E79169BAE}) (Version: 6.12.02 - AGEIA Technologies, Inc.)
AMD Catalyst Install Manager (HKLM\...\{F2A7CE36-57BF-5C86-952D-90DBF3746D82}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
Anki (HKLM-x32\...\Anki) (Version: - )
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.7 - Atheros Communications Inc.)
Blobby Volley 2 Version 1.0 (HKLM-x32\...\Blobby Volley 2 Version 1.0_is1) (Version: - )
CHIP Updater (HKLM-x32\...\CHIP Updater_is1) (Version: 2.42 - Abelssoft)
CyberGhost 5 (HKLM\...\CyberGhost 5_is1) (Version: - CyberGhost S.R.L.)
Die Sims™ 3 (HKLM-x32\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}) (Version: 1.67.2 - Electronic Arts)
Die Sims™ 3 Design-Garten-Accessoires (HKLM-x32\...\{117B6BF6-82C3-420C-B284-9247C8568E53}) (Version: 7.3.2 - Electronic Arts)
Die Sims™ 3 Gib Gas-Accessoires (HKLM-x32\...\{ED436EA8-4145-4703-AE5D-4D09DD24AF5A}) (Version: 5.0.44 - Electronic Arts)
Die Sims™ 3 Luxus-Accessoires (HKLM-x32\...\{71828142-5A24-4BD0-97E7-976DA08CE6CF}) (Version: 3.0.38 - Electronic Arts)
Die Sims™ 3 Reiseabenteuer (HKLM-x32\...\{BA26FFA5-6D47-47DB-BE56-34C357B5F8CC}) (Version: 2.0.86 - Electronic Arts)
Die Sims™ 3 Traumkarrieren (HKLM-x32\...\{910F4A29-1134-49E0-AD8B-56E4A3152BD1}) (Version: 4.0.87 - Electronic Arts)
Empire Earth (HKLM-x32\...\{2447500B-22D7-47BD-9B13-1A927F43A267}) (Version: - )
Firefox Developer Edition 38.0a2 (x64 de) (HKLM\...\Firefox Developer Edition 38.0a2 (x64 de)) (Version: 38.0a2 - Mozilla)
Free Audio Converter version 5.0.55.113 (HKLM-x32\...\Free Audio Converter_is1) (Version: 5.0.55.113 - DVDVideoSoft Ltd.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden
Google 日本語入力 (HKLM\...\{6A1E4EFB-3EE0-40A0-9D6D-E865370289DB}) (Version: 1.13.1641.0 - Google Inc.)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.1.0.1006 - Intel Corporation)
iTunes (HKLM\...\{5D239A92-31A4-4FCA-967D-F9EA8E1FDF6A}) (Version: 12.1.2.27 - Apple Inc.)
Kaspersky Internet Security (HKLM-x32\...\InstallWIX_{653C1B5A-3287-47B1-8613-0745D4E771C4}) (Version: 15.0.0.463 - Kaspersky Lab)
Kaspersky Internet Security (x32 Version: 15.0.0.463 - Kaspersky Lab) Hidden
Malwarebytes Anti-Malware Version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
marvell 91xx driver (HKLM-x32\...\MagniDriver) (Version: 1.2.0.1020 - Marvell)
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
MixMeister BPM Analyzer 1.0 (HKLM-x32\...\MixMeister BPM Analyzer_is1) (Version: - MixMeister Technology LLC)
Mozilla Firefox 38.0.5 (x86 de) (HKLM-x32\...\Mozilla Firefox 38.0.5 (x86 de)) (Version: 38.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 38.0a2 - Mozilla)
NETGEAR WNA3100 wireless USB 2.0 adapter (HKLM-x32\...\{C2425F91-1F7B-4037-9A05-9F290184798D}) (Version: 2.2.0.2 - NETGEAR)
ON_OFF Charge B12.1025.1 (HKLM-x32\...\{3DECD372-76A1-4483-BF10-B547790A3261}) (Version: 1.00.0001 - GIGABYTE)
OpenOffice 4.1.1 (HKLM-x32\...\{ACD0FFF9-6B35-43C1-82DB-9FF6990E8602}) (Version: 4.11.9775 - Apache Software Foundation)
Pale Moon 25.3.1 (x86 en-US) (HKLM-x32\...\Pale Moon 25.3.1 (x86 en-US)) (Version: 25.3.1 - Moonchild Productions)
Platform (x32 Version: 1.39 - VIA Technologies, Inc.) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7246 - Realtek Semiconductor Corp.)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Sherlock Holmes jagt Arsene Lupin (HKLM-x32\...\{63686BEF-04CA-461C-B364-53BBC322F7BF}) (Version: 1.00.0777 - Frogwares)
Skype™ 7.5 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.5.101 - Skype Technologies S.A.)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TAP-Windows 9.9.2 (HKLM\...\TAP-Windows) (Version: 9.9.2 - )
Unity Web Player (HKU\S-1-5-21-2455565853-2773199953-1460756191-1000\...\UnityWebPlayer) (Version: 4.6.1f1 - Unity Technologies ApS)
VIA Plattform-Geräte-Manager (HKLM-x32\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.39 - VIA Technologies, Inc.)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
WinRAR 5.20 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.20.0 - win.rar GmbH)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-2455565853-2773199953-1460756191-1000_Classes\CLSID\{087B3AE3-E237-4467-B8DB-5A38AB959AC9}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-2455565853-2773199953-1460756191-1000_Classes\CLSID\{3B092F0C-7696-40E3-A80F-68D74DA84210}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-2455565853-2773199953-1460756191-1000_Classes\CLSID\{63542C48-9552-494A-84F7-73AA6A7C99C1}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-2455565853-2773199953-1460756191-1000_Classes\CLSID\{7BC0E710-5703-45BE-A29D-5D46D8B39262}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\ooofilt_x64.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-2455565853-2773199953-1460756191-1000_Classes\CLSID\{AE424E85-F6DF-4910-A6A9-438797986431}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\propertyhdl_x64.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-2455565853-2773199953-1460756191-1000_Classes\CLSID\{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dll (Apache Software Foundation)
==================== Restore Points =========================
26-05-2015 16:59:35 Windows Update
28-05-2015 20:30:45 Removed Skype™ 7.4
28-05-2015 20:33:46 Removed Skype Click to Call
28-05-2015 20:40:16 Removed BlueStacks Notification Center
29-05-2015 22:00:49 Wiederherstellungsvorgang
02-06-2015 17:01:47 Revo Uninstaller's restore point - YTD Video Downloader 4.8.9
02-06-2015 19:02:41 Removed BlueStacks Notification Center
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 04:34 - 2015-06-03 15:54 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {0E3E308E-ABEF-4846-89B8-278B4B018F87} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-05-07] (Microsoft Corporation)
Task: {0F88D255-2241-4208-8237-E341A4D7A173} - System32\Tasks\{5A57084D-AC5A-4D37-847B-140B7C012D90} => pcalua.exe -a D:\directx\dxsetup.exe -d D:\directx
Task: {1C4CB41F-68B8-4D5A-8A6F-F4C3AE36F657} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-11-23] (Google Inc.)
Task: {2A8FD334-CDAD-405B-9BA8-C3EF09EAAD56} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\Logon => C:\Windows\system32\GWX\GWX.exe [2015-05-07] (Microsoft Corporation)
Task: {37FB0945-E77F-4D35-8BC0-D0235553AB98} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-05-26] (Adobe Systems Incorporated)
Task: {3A13FA42-EAEA-4644-B7AF-32EB8F334A94} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle => C:\Windows\system32\GWX\GWX.exe [2015-05-07] (Microsoft Corporation)
Task: {55A4219C-07FF-4C29-9BD8-3C619515A305} - System32\Tasks\Abelssoft\Updater scan => C:\Program Files (x86)\CHIP Updater\CHIPUpdater.exe [2015-03-27] (CHIP)
Task: {57F70703-9A44-4723-AB28-AFC48700A0A1} - \{1DFC94E0-EEB0-4BAF-A5B2-1F07400E5341} No Task File <==== ATTENTION
Task: {7C0BC5CD-DA14-4277-B6C1-E8744715E8FA} - \{EEF77C93-E979-49BA-8AA0-17E886F1EAEB} No Task File <==== ATTENTION
Task: {8820FE82-E598-4326-954A-39452D194616} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-11-23] (Google Inc.)
Task: {9BEE7F76-659C-4C46-8456-C3F4C8407328} - \User_Feed_Synchronization-{600F234B-E5B6-4B2D-9EB7-84B30C9F11A3} No Task File <==== ATTENTION
Task: {AB5D7CAF-DA83-41D8-9EE4-F11403BFC8CE} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => schtasks
Task: {B7FD4B15-9BA8-468C-A210-B505DCC89E9B} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-05-07] (Microsoft Corporation)
Task: {C713F4D1-F331-4653-B26A-F95CBFCB07D1} - System32\Tasks\Microsoft\Windows\Windows Activation Technologies\ValidationTask => C:\Windows\system32\Wat\WatAdminSvc.exe [2015-05-20] (Microsoft Corporation)
Task: {F99D18BE-4F1D-43A0-BD32-CC74BD35149D} - \CreateChoiceProcessTask No Task File <==== ATTENTION
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (Whitelisted) ==============
2015-03-12 19:25 - 2015-03-12 19:25 - 08266456 _____ () C:\Program Files (x86)\NETGEAR\WNA3100\WNA3100.exe
2015-03-07 14:00 - 2015-05-21 14:48 - 01427424 _____ () C:\Program Files\CyberGhost 5\Geckofx-Core.dll
2014-12-04 21:34 - 2013-11-01 18:31 - 00278528 _____ () C:\Program Files (x86)\NETGEAR\WNA3100\WifiSvcLib.dll
2014-11-01 14:09 - 2012-02-01 17:25 - 00059904 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
2014-04-20 01:42 - 2014-04-20 01:42 - 00468672 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\content_blocker@kaspersky.com\npcontentblocker.dll
2014-04-20 01:42 - 2015-05-17 21:23 - 00642344 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\virtual_keyboard@kaspersky.com\npvkplugin.dll
2014-04-20 01:42 - 2014-04-20 01:42 - 00347328 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\online_banking@kaspersky.com\nponlinebanking.dll
2015-05-26 18:16 - 2015-05-26 18:16 - 16867504 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_188.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
==================== Safe Mode (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-2455565853-2773199953-1460756191-1000\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 95.169.183.219 - 89.41.60.38
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
MSCONFIG\startupreg: HDAudDeck => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r
MSCONFIG\startupreg: IAStorIcon => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe "C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" 60
MSCONFIG\startupreg: USB3MON => "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{F910D0C9-262F-4427-9587-0E6D623BE027}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe
FirewallRules: [{A7CBF020-E154-4520-82A5-F40CD5A5B7F3}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe
FirewallRules: [{652FE1B6-04A6-4AB5-A263-EAA23ED5AF39}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe
FirewallRules: [{302EDD12-0AC8-4F32-8EC4-E7D89E05A27B}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe
FirewallRules: [{48181101-7CA1-47FF-92C4-661EC8D8CC94}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe
FirewallRules: [{CFA596B3-FE44-4054-8514-A491E93A548B}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe
FirewallRules: [TCP Query User{5203D9A2-92C6-4216-A0EA-872EF81D838F}C:\program files (x86)\electronic arts\eadm\core.exe] => (Allow) C:\program files (x86)\electronic arts\eadm\core.exe
FirewallRules: [UDP Query User{2F8E4ABE-8813-41DD-8D11-B5B91F771C53}C:\program files (x86)\electronic arts\eadm\core.exe] => (Allow) C:\program files (x86)\electronic arts\eadm\core.exe
FirewallRules: [{3E0A475E-F79E-4A19-8FC4-E6C041642D44}] => (Block) C:\program files (x86)\electronic arts\eadm\core.exe
FirewallRules: [{9B6DD1C2-563B-40A3-ACEE-ABC35DBF0A16}] => (Block) C:\program files (x86)\electronic arts\eadm\core.exe
FirewallRules: [{A1AC3D49-DA7E-4405-A0A8-0CB37F6567D6}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
FirewallRules: [{0A163EAF-70F4-49F4-AF3A-F3F0E347D685}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
FirewallRules: [{844A7132-5511-45ED-B0D3-A6A2CC5613A1}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgdiagex.exe
FirewallRules: [{6F80F7CA-4A0C-463F-998A-AEA71EFF8C3F}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgdiagex.exe
FirewallRules: [{3BC87F6A-8C1F-4599-B2B0-2061EAB55569}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
FirewallRules: [{C99151BB-774A-443B-A1DB-14A54D9B3201}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
FirewallRules: [{F34A9EC6-DD46-4BE9-91D3-081674BC78CF}] => (Allow) C:\Program Files\Hola\app\hola_updater.exe
FirewallRules: [{243C2F74-B1BD-4240-9D59-722D40F618E9}] => (Allow) C:\Program Files\Hola\app\hola_updater.exe
FirewallRules: [TCP Query User{BCA82D7E-E09E-4282-9713-9D5476F446F4}C:\program files (x86)\mozilla firefox\plugin-container.exe] => (Block) C:\program files (x86)\mozilla firefox\plugin-container.exe
FirewallRules: [UDP Query User{90985EBA-FDA7-4896-BABE-94A5AB81DFB3}C:\program files (x86)\mozilla firefox\plugin-container.exe] => (Block) C:\program files (x86)\mozilla firefox\plugin-container.exe
FirewallRules: [{227CD673-EFE0-4C39-95B8-CDC817BB04C7}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe
FirewallRules: [{7C632050-24B5-4D37-9BB9-0A8281082923}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe
FirewallRules: [{725EF301-0470-4F66-B155-EA5A4BAF23B3}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe
FirewallRules: [{92FDDB1F-16DB-4943-B6A6-A9B59D6C8EE2}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe
FirewallRules: [{77118A62-B07D-473F-8425-8026BDA0D373}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{719D0DC3-7F9C-4DF8-A244-1029DB8C5602}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{E3349BEC-5E4E-4AF9-87A3-EEC5AEA7F02D}] => (Allow) C:\Program Files\Firefox Developer Edition\firefox.exe
FirewallRules: [{CE52468E-665F-4C3F-9DC6-79F6AEF8553A}] => (Allow) C:\Program Files\Firefox Developer Edition\firefox.exe
FirewallRules: [TCP Query User{7D882834-5CE4-4B78-969E-3EE357EEC731}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{940AFD68-2716-4CD4-8E11-505371C53FC0}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{BA9A4195-2E37-460B-8CDD-DAADF45FD634}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{4BDA4317-797A-4D13-91A9-3862BCE7E88C}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{BFBDE6A1-CDF0-4FCC-9785-46D364151161}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{1E7CF97D-0B95-47BE-98C8-F2C5A31996FF}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{F55D7FA2-0F23-40CC-AC52-B93B705654C9}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe
FirewallRules: [{E9098807-5655-4DBD-B013-AB2A0FA29E2D}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (06/05/2015 03:07:24 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_41e554362bd82458.manifest.
Error: (06/05/2015 02:00:41 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_41e554362bd82458.manifest.
Error: (06/05/2015 02:00:38 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_41e554362bd82458.manifest.
Error: (06/02/2015 06:13:00 PM) (Source: Software Protection Platform Service) (EventID: 8208) (User: )
Description: Fehler bei der Erfassung des authentischen Tickets (hr=0xC004C4AB) für die Vorlagen-ID 66c92734-d682-4d71-983e-d6ec3f16059f.
Error: (06/02/2015 06:13:00 PM) (Source: Software Protection Platform Service) (EventID: 8209) (User: )
Description: Der Authentizitätsstatus ist auf nicht-authentisch (0x00000000) gesetzt für die Anwendungs-ID 55c92734-d682-4d71-983e-d6ec3f16059f.
Error: (06/02/2015 06:12:59 PM) (Source: Software Protection Platform Service) (EventID: 8208) (User: )
Description: Fehler bei der Erfassung des authentischen Tickets (hr=0xC004C4AB) für die Vorlagen-ID 66c92734-d682-4d71-983e-d6ec3f16059f.
Error: (06/02/2015 06:12:59 PM) (Source: Software Protection Platform Service) (EventID: 8209) (User: )
Description: Der Authentizitätsstatus ist auf nicht-authentisch (0x00000000) gesetzt für die Anwendungs-ID 55c92734-d682-4d71-983e-d6ec3f16059f.
Error: (06/02/2015 06:12:58 PM) (Source: Software Protection Platform Service) (EventID: 8208) (User: )
Description: Fehler bei der Erfassung des authentischen Tickets (hr=0xC004C4AB) für die Vorlagen-ID 66c92734-d682-4d71-983e-d6ec3f16059f.
Error: (06/02/2015 06:12:58 PM) (Source: Software Protection Platform Service) (EventID: 8209) (User: )
Description: Der Authentizitätsstatus ist auf nicht-authentisch (0x00000000) gesetzt für die Anwendungs-ID 55c92734-d682-4d71-983e-d6ec3f16059f.
Error: (05/29/2015 10:28:04 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm Skype.exe, Version 7.5.0.101 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: d68
Startzeit: 01d09a4d6d5b3213
Endzeit: 5
Anwendungspfad: C:\Program Files (x86)\Skype\Phone\Skype.exe
Berichts-ID: 2867a548-0641-11e5-8dd8-94de80a96248
System errors:
=============
Error: (06/05/2015 02:05:29 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "eapihdrv" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1275
Error: (06/05/2015 02:05:29 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\Users\Aaron\AppData\Local\Temp\ehdrv.sys nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.
Error: (06/05/2015 02:05:29 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "eapihdrv" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1275
Error: (06/05/2015 02:05:29 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\Users\Aaron\AppData\Local\Temp\ehdrv.sys nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.
Error: (06/05/2015 02:05:29 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "eapihdrv" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1275
Error: (06/05/2015 02:05:29 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\Users\Aaron\AppData\Local\Temp\ehdrv.sys nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.
Error: (06/05/2015 02:02:14 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "eapihdrv" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1275
Error: (06/05/2015 02:02:14 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\Users\Aaron\AppData\Local\Temp\ehdrv.sys nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.
Error: (06/05/2015 02:02:13 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "eapihdrv" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1275
Error: (06/05/2015 02:02:13 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\Users\Aaron\AppData\Local\Temp\ehdrv.sys nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.
Microsoft Office:
=========================
Error: (06/05/2015 03:07:24 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_41e554362bd82458.manifestC:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe
Error: (06/05/2015 02:00:41 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_41e554362bd82458.manifestC:\Users\Aaron\Downloads\esetsmartinstaller_deu.exe
Error: (06/05/2015 02:00:38 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_41e554362bd82458.manifestC:\Users\Aaron\Downloads\esetsmartinstaller_deu.exe
Error: (06/02/2015 06:13:00 PM) (Source: Software Protection Platform Service) (EventID: 8208) (User: )
Description: hr=0xC004C4AB66c92734-d682-4d71-983e-d6ec3f16059f
Error: (06/02/2015 06:13:00 PM) (Source: Software Protection Platform Service) (EventID: 8209) (User: )
Description: 0x0000000055c92734-d682-4d71-983e-d6ec3f16059f
Error: (06/02/2015 06:12:59 PM) (Source: Software Protection Platform Service) (EventID: 8208) (User: )
Description: hr=0xC004C4AB66c92734-d682-4d71-983e-d6ec3f16059f
Error: (06/02/2015 06:12:59 PM) (Source: Software Protection Platform Service) (EventID: 8209) (User: )
Description: 0x0000000055c92734-d682-4d71-983e-d6ec3f16059f
Error: (06/02/2015 06:12:58 PM) (Source: Software Protection Platform Service) (EventID: 8208) (User: )
Description: hr=0xC004C4AB66c92734-d682-4d71-983e-d6ec3f16059f
Error: (06/02/2015 06:12:58 PM) (Source: Software Protection Platform Service) (EventID: 8209) (User: )
Description: 0x0000000055c92734-d682-4d71-983e-d6ec3f16059f
Error: (05/29/2015 10:28:04 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Skype.exe7.5.0.101d6801d09a4d6d5b32135C:\Program Files (x86)\Skype\Phone\Skype.exe2867a548-0641-11e5-8dd8-94de80a96248
CodeIntegrity Errors:
===================================
Date: 2015-06-03 15:52:21.962
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2015-06-03 15:52:21.946
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2014-11-01 13:48:42.936
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files (x86)\AVG\AVG2015\avghooka.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i5-3470 CPU @ 3.20GHz
Percentage of memory in use: 46%
Total physical RAM: 7653.8 MB
Available physical RAM: 4083.63 MB
Total Pagefile: 15305.82 MB
Available Pagefile: 10995.43 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:232.79 GB) (Free:119.67 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (SHERLOCKHOLMES4) (CDROM) (Total:6.84 GB) (Free:0 GB) UDF
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: F22B4E44)
Partition 1: (Active) - (Size=232.8 GB) - (Type=07 NTFS)
==================== End of log ============================
Trotz Neustart leider keine sichtbare Veränderung  |
|
06.06.2015, 15:35
| #12 |
| /// the machine /// TB-Ausbilder | Windows-kein-Originalprodukt-Meldung Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter C:\Users\Aaron\Desktop\Neuer Ordner\Downloads\Integrated_CT2325506.exe
C:\Users\Aaron\Downloads\64bit_Win7_Win8_Win81_R275 - CHIP-Installer.exe
C:\Users\Aaron\Downloads\Blobby Volley 2 - CHIP-Installer.exe
C:\Users\Aaron\Downloads\BPM Analyzer - CHIP-Installer.exe
C:\Users\Aaron\Downloads\Firefox 38 Developer Edition 64 Bit - CHIP-Installer.exe
C:\Users\Aaron\Downloads\FREEAV1504(1).exe
C:\Users\Aaron\Downloads\FREEAV1504.exe
C:\Users\Aaron\Downloads\G Data Internet Security 2015 - CHIP-Installer.exe
C:\Users\Aaron\Downloads\Origin EA Download Manager - CHIP-Installer.exe
C:\Users\Aaron\Downloads\Pale Moon - CHIP-Installer(1).exe
C:\Users\Aaron\Downloads\Pale Moon - CHIP-Installer.exe
C:\Users\Aaron\Downloads\Titanium Internet Security 2015 - CHIP-Installer.exe
C:\Users\Aaron\Downloads\VideoCacheView - CHIP-Installer.exe
C:\Users\Aaron\Downloads\YTDSetup.exe
Task: {57F70703-9A44-4723-AB28-AFC48700A0A1} - \{1DFC94E0-EEB0-4BAF-A5B2-1F07400E5341} No Task File <==== ATTENTION
Task: {7C0BC5CD-DA14-4277-B6C1-E8744715E8FA} - \{EEF77C93-E979-49BA-8AA0-17E886F1EAEB} No Task File <==== ATTENTION
Task: {9BEE7F76-659C-4C46-8456-C3F4C8407328} - \User_Feed_Synchronization-{600F234B-E5B6-4B2D-9EB7-84B30C9F11A3} No Task File <==== ATTENTION
Task: {F99D18BE-4F1D-43A0-BD32-CC74BD35149D} - \CreateChoiceProcessTask No Task File <==== ATTENTION
Emptytemp:
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Downloadverhalten überdenken: CHIP-Installer - was ist das? - Anleitungen Hast Du den Windows Key schon neu eingebeben?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
06.06.2015, 16:21
| #13 |
| | Windows-kein-Originalprodukt-MeldungCode:
ATTFilter Fix result of Farbar Recovery Scan Tool (x64) Version:06-06-2015
Ran by Aaron at 2015-06-06 17:01:28 Run:1
Running from C:\Users\Aaron\Desktop
Loaded Profiles: Aaron (Available Profiles: Aaron)
Boot Mode: Normal
==============================================
fixlist content:
*****************
C:\Users\Aaron\Desktop\Neuer Ordner\Downloads\Integrated_CT2325506.exe
C:\Users\Aaron\Downloads\64bit_Win7_Win8_Win81_R275 - CHIP-Installer.exe
C:\Users\Aaron\Downloads\Blobby Volley 2 - CHIP-Installer.exe
C:\Users\Aaron\Downloads\BPM Analyzer - CHIP-Installer.exe
C:\Users\Aaron\Downloads\Firefox 38 Developer Edition 64 Bit - CHIP-Installer.exe
C:\Users\Aaron\Downloads\FREEAV1504(1).exe
C:\Users\Aaron\Downloads\FREEAV1504.exe
C:\Users\Aaron\Downloads\G Data Internet Security 2015 - CHIP-Installer.exe
C:\Users\Aaron\Downloads\Origin EA Download Manager - CHIP-Installer.exe
C:\Users\Aaron\Downloads\Pale Moon - CHIP-Installer(1).exe
C:\Users\Aaron\Downloads\Pale Moon - CHIP-Installer.exe
C:\Users\Aaron\Downloads\Titanium Internet Security 2015 - CHIP-Installer.exe
C:\Users\Aaron\Downloads\VideoCacheView - CHIP-Installer.exe
C:\Users\Aaron\Downloads\YTDSetup.exe
Task: {57F70703-9A44-4723-AB28-AFC48700A0A1} - \{1DFC94E0-EEB0-4BAF-A5B2-1F07400E5341} No Task File <==== ATTENTION
Task: {7C0BC5CD-DA14-4277-B6C1-E8744715E8FA} - \{EEF77C93-E979-49BA-8AA0-17E886F1EAEB} No Task File <==== ATTENTION
Task: {9BEE7F76-659C-4C46-8456-C3F4C8407328} - \User_Feed_Synchronization-{600F234B-E5B6-4B2D-9EB7-84B30C9F11A3} No Task File <==== ATTENTION
Task: {F99D18BE-4F1D-43A0-BD32-CC74BD35149D} - \CreateChoiceProcessTask No Task File <==== ATTENTION
Emptytemp:
*****************
C:\Users\Aaron\Desktop\Neuer Ordner\Downloads\Integrated_CT2325506.exe => moved successfully.
C:\Users\Aaron\Downloads\64bit_Win7_Win8_Win81_R275 - CHIP-Installer.exe => moved successfully.
C:\Users\Aaron\Downloads\Blobby Volley 2 - CHIP-Installer.exe => moved successfully.
C:\Users\Aaron\Downloads\BPM Analyzer - CHIP-Installer.exe => moved successfully.
C:\Users\Aaron\Downloads\Firefox 38 Developer Edition 64 Bit - CHIP-Installer.exe => moved successfully.
C:\Users\Aaron\Downloads\FREEAV1504(1).exe => moved successfully.
C:\Users\Aaron\Downloads\FREEAV1504.exe => moved successfully.
C:\Users\Aaron\Downloads\G Data Internet Security 2015 - CHIP-Installer.exe => moved successfully.
C:\Users\Aaron\Downloads\Origin EA Download Manager - CHIP-Installer.exe => moved successfully.
C:\Users\Aaron\Downloads\Pale Moon - CHIP-Installer(1).exe => moved successfully.
C:\Users\Aaron\Downloads\Pale Moon - CHIP-Installer.exe => moved successfully.
C:\Users\Aaron\Downloads\Titanium Internet Security 2015 - CHIP-Installer.exe => moved successfully.
C:\Users\Aaron\Downloads\VideoCacheView - CHIP-Installer.exe => moved successfully.
"C:\Users\Aaron\Downloads\YTDSetup.exe" => File/Folder not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{57F70703-9A44-4723-AB28-AFC48700A0A1}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{57F70703-9A44-4723-AB28-AFC48700A0A1}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{1DFC94E0-EEB0-4BAF-A5B2-1F07400E5341}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7C0BC5CD-DA14-4277-B6C1-E8744715E8FA}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7C0BC5CD-DA14-4277-B6C1-E8744715E8FA}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{EEF77C93-E979-49BA-8AA0-17E886F1EAEB}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9BEE7F76-659C-4C46-8456-C3F4C8407328}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9BEE7F76-659C-4C46-8456-C3F4C8407328}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\User_Feed_Synchronization-{600F234B-E5B6-4B2D-9EB7-84B30C9F11A3}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F99D18BE-4F1D-43A0-BD32-CC74BD35149D}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F99D18BE-4F1D-43A0-BD32-CC74BD35149D}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\CreateChoiceProcessTask" => key removed successfully
EmptyTemp: => 562 MB temporary data Removed.
The system needed a reboot..
==== End of Fixlog 17:02:04 ====
|
|
07.06.2015, 15:07
| #14 |
| /// the machine /// TB-Ausbilder | Windows-kein-Originalprodukt-Meldung Mach das mal bitte und berichte
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
| Themen zu Windows-kein-Originalprodukt-Meldung |
| anhang, anleitung, beheben, bli, blink, cmd, fehlfunktion, forums, führte, innerhalb, jegliche, konnte, leitung, logfile, lösung, meldung, recht, scan, skype, stand, tagen, versuche, windows, woche, wochen |
dann auf 
und dann auf 
. 
Hybrid-Darstellung
